diff --git a/.cursor/skills/add-mcp-tools/SKILL.md b/.cursor/skills/add-mcp-tools/SKILL.md
index 3826a4924c..86f428c627 100644
--- a/.cursor/skills/add-mcp-tools/SKILL.md
+++ b/.cursor/skills/add-mcp-tools/SKILL.md
@@ -3,9 +3,9 @@ name: add-mcp-tools
 description: Guide for adding new MCP tools with consistent patterns for schemas, tool definitions, registry updates, and Better Auth integration
 ---
 
-# Adding New MCP Tools to MCP Mesh
+# Adding New MCP Tools to Studio
 
-This guide documents the pattern for adding new MCP tools to the MCP Mesh codebase. Follow this checklist to ensure consistency with existing tools.
+This guide documents the pattern for adding new MCP tools to Studio codebase. Follow this checklist to ensure consistency with existing tools.
 
 ## Overview
 
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000000..1e51ec78aa
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,8 @@
+# Vendored upstream YAML for kubernetes-sigs/agent-sandbox (operator + CRDs).
+# Refreshed via deploy/helm/sandbox-operator/vendor.sh — do not hand-edit.
+# Marking as generated so GitHub collapses the diff in PRs and excludes it
+# from language stats; bumps are still reviewable by reading vendor.sh's
+# version arg. The sandbox-env chart's templates are first-party and stay
+# reviewable.
+deploy/helm/sandbox-operator/crds/** linguist-generated=true
+deploy/helm/sandbox-operator/templates/agent-sandbox-manifest.yaml linguist-generated=true
diff --git a/.github/workflows/helm-test.yml b/.github/workflows/helm-test.yml
new file mode 100644
index 0000000000..57d4dcee40
--- /dev/null
+++ b/.github/workflows/helm-test.yml
@@ -0,0 +1,139 @@
+name: Helm chart checks
+
+# PR-scoped lint + render + vendor-drift checks for the Helm charts. The
+# release workflows (release-sandbox-charts.yaml, publish-chart.yml) are
+# publish-only — without this gate, a helpers typo or a hand-edit to
+# vendored CRDs ships straight to consumers. Runs on every PR that touches
+# deploy/helm/** so reviewers see render failures inline.
+
+on:
+  pull_request:
+    paths:
+      - 'deploy/helm/**'
+      - '.github/workflows/helm-test.yml'
+  workflow_dispatch:
+
+jobs:
+  sandbox-operator:
+    name: sandbox-operator chart
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: v3.16.4
+
+      - name: Lint
+        # The chart's namespace validation (templates/validations.yaml)
+        # requires `agent-sandbox-system`. Pass it here so render-time
+        # checks during lint don't see the wrong namespace.
+        run: helm lint deploy/helm/sandbox-operator --namespace agent-sandbox-system
+
+      - name: Render
+        run: |
+          helm template sandbox-operator deploy/helm/sandbox-operator \
+            --namespace agent-sandbox-system \
+            > /dev/null
+
+      # Catches hand-edits to crds/ or templates/agent-sandbox-manifest.yaml
+      # that bypass vendor.sh. The .gitattributes linguist-generated marker
+      # collapses those files in PR review, so without this gate a manual
+      # tweak would slip through unnoticed.
+      - name: Vendor drift check
+        run: |
+          set -euo pipefail
+          bash deploy/helm/sandbox-operator/vendor.sh
+          if ! git diff --exit-code -- \
+              deploy/helm/sandbox-operator/crds \
+              deploy/helm/sandbox-operator/templates/agent-sandbox-manifest.yaml; then
+            echo "::error::Vendored files differ from vendor.sh output. Re-run deploy/helm/sandbox-operator/vendor.sh and commit the result."
+            exit 1
+          fi
+
+  sandbox-env:
+    name: sandbox-env chart
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: v3.16.4
+
+      - name: Lint
+        # envName is required, so lint must pass it. Use a representative
+        # value rather than `Release.Name` because helm lint doesn't drive
+        # render with a release name.
+        run: |
+          helm lint deploy/helm/sandbox-env \
+            --namespace agent-sandbox-system \
+            --set envName=ci
+
+      - name: Render (default values)
+        run: |
+          helm template sandbox-env deploy/helm/sandbox-env \
+            --namespace agent-sandbox-system \
+            --set envName=ci \
+            > /dev/null
+
+      - name: Render (preview gateway enabled)
+        run: |
+          helm template sandbox-env deploy/helm/sandbox-env \
+            --namespace agent-sandbox-system \
+            --set envName=ci \
+            --set previewGateway.enabled=true \
+            --set previewGateway.domain=preview.example.com \
+            --set previewGateway.clusterIssuer=letsencrypt-prod \
+            --api-versions gateway.networking.k8s.io/v1 \
+            --api-versions cert-manager.io/v1 \
+            > /dev/null
+
+      - name: Render (warm pool enabled)
+        run: |
+          helm template sandbox-env deploy/helm/sandbox-env \
+            --namespace agent-sandbox-system \
+            --set envName=ci \
+            --set warmPool.enabled=true \
+            --set warmPool.size=2 \
+            > /dev/null
+
+      - name: Render (envName missing must fail)
+        run: |
+          set +e
+          helm template sandbox-env deploy/helm/sandbox-env \
+            --namespace agent-sandbox-system \
+            > /tmp/render.out 2>&1
+          rc=$?
+          set -e
+          if [ "${rc}" -eq 0 ]; then
+            echo "::error::sandbox-env rendered without envName — required-value check is missing."
+            cat /tmp/render.out
+            exit 1
+          fi
+          if ! grep -q "envName is required" /tmp/render.out; then
+            echo "::error::sandbox-env failed for the wrong reason — expected envName-required error."
+            cat /tmp/render.out
+            exit 1
+          fi
+
+  studio:
+    name: studio chart
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: v3.16.4
+
+      - name: Lint
+        run: helm lint deploy/helm/studio
+
+      # Subchart .tgz files are vendored under deploy/helm/studio/charts/
+      # (see .gitignore comment) — no `helm dependency build` needed.
+      - name: Render
+        run: helm template deco-studio deploy/helm/studio > /dev/null
diff --git a/.github/workflows/publish-chart.yml b/.github/workflows/publish-chart.yml
index 4d3014c096..94f4bf5c2f 100644
--- a/.github/workflows/publish-chart.yml
+++ b/.github/workflows/publish-chart.yml
@@ -5,7 +5,7 @@ on:
     branches:
       - main
     paths:
-      - 'deploy/helm/Chart.yaml'
+      - 'deploy/helm/studio/Chart.yaml'
 
 jobs:
   publish:
@@ -22,13 +22,13 @@ jobs:
 
       - name: Get chart version
         id: chart
-        run: echo "version=$(grep '^version:' deploy/helm/Chart.yaml | awk '{print $2}')" >> $GITHUB_OUTPUT
+        run: echo "version=$(grep '^version:' deploy/helm/studio/Chart.yaml | awk '{print $2}')" >> $GITHUB_OUTPUT
 
       - name: Login to GHCR
         run: helm registry login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }}
 
       - name: Package chart
-        run: helm package deploy/helm/ --dependency-update
+        run: helm package deploy/helm/studio/ --dependency-update
 
       - name: Push chart to GHCR
         run: helm push chart-deco-studio-${{ steps.chart.outputs.version }}.tgz oci://ghcr.io/decocms
diff --git a/.github/workflows/release-mesh.yaml b/.github/workflows/release-mesh.yaml
index 54a92eb660..b63ad7a9c5 100644
--- a/.github/workflows/release-mesh.yaml
+++ b/.github/workflows/release-mesh.yaml
@@ -8,6 +8,7 @@ on:
       - "packages/runtime/**"
       - "packages/mesh-plugin-*/**"
       - "packages/mesh-sdk/**"
+      - "packages/sandbox/**"
   workflow_dispatch:
     inputs:
       deploy_to_production:
diff --git a/.github/workflows/release-sandbox-charts.yaml b/.github/workflows/release-sandbox-charts.yaml
new file mode 100644
index 0000000000..6ac452c936
--- /dev/null
+++ b/.github/workflows/release-sandbox-charts.yaml
@@ -0,0 +1,165 @@
+name: Release sandbox Helm charts
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "deploy/helm/sandbox-operator/**"
+      - "deploy/helm/sandbox-env/**"
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  # OCI charts in ghcr.io live at <registry>/<owner>/<name>:<tag>. Helm
+  # treats the parent path as the "repo" (here ghcr.io/decocms/studio/charts)
+  # and the chart name+version as ref. Argo CD's helm source supports this
+  # natively via repoURL=<registry>/<owner>/<name> + chart=<chart-name>.
+  OCI_REPO: oci://ghcr.io/${{ github.repository }}/charts
+
+jobs:
+  release:
+    name: Package & push ${{ matrix.chart }}
+    runs-on: ubuntu-latest
+    # Run sandbox-operator and sandbox-env in parallel — independent OCI
+    # tags, no shared mutable state.
+    strategy:
+      fail-fast: false
+      matrix:
+        chart: [sandbox-operator, sandbox-env]
+    # `[release]:` commits come from the auto-bump bot and don't actually
+    # change chart contents — skip them so we don't republish the same
+    # version.
+    if: ${{ !startsWith(github.event.head_commit.message, '[release]:') }}
+    permissions:
+      contents: read
+      packages: write
+      # OIDC token for keyless cosign signing (Sigstore Fulcio).
+      id-token: write
+      # Required to attach SLSA provenance attestations.
+      attestations: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: v3.16.4
+
+      - name: Read chart version
+        id: version
+        env:
+          CHART_PATH: deploy/helm/${{ matrix.chart }}
+        run: |
+          set -euo pipefail
+          VERSION=$(awk '/^version:/{print $2; exit}' "${CHART_PATH}/Chart.yaml")
+          NAME=$(awk '/^name:/{print $2; exit}' "${CHART_PATH}/Chart.yaml")
+          echo "version=${VERSION}" >> "${GITHUB_OUTPUT}"
+          echo "name=${NAME}" >> "${GITHUB_OUTPUT}"
+          echo "path=${CHART_PATH}" >> "${GITHUB_OUTPUT}"
+          echo "::notice::Chart ${NAME} version ${VERSION}"
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Skip republishing if the version tag already exists. Without this
+      # guard, every push to main that touches the chart silently mutates
+      # the chart under a tag consumers may already be pinning.
+      - name: Check if chart version already exists
+        id: tag-check
+        run: |
+          set -euo pipefail
+          # `helm show chart` against an OCI ref hits the registry; success
+          # means the tag is published.
+          if helm show chart "${OCI_REPO}/${{ steps.version.outputs.name }}" \
+              --version "${{ steps.version.outputs.version }}" \
+              >/dev/null 2>&1; then
+            echo "exists=true" >> "${GITHUB_OUTPUT}"
+            echo "::notice::Chart ${{ steps.version.outputs.name }}-${{ steps.version.outputs.version }} already published — skipping. Bump ${{ steps.version.outputs.path }}/Chart.yaml version to publish."
+          else
+            echo "exists=false" >> "${GITHUB_OUTPUT}"
+          fi
+
+      - name: Package chart
+        if: steps.tag-check.outputs.exists != 'true'
+        id: package
+        run: |
+          set -euo pipefail
+          helm package "${{ steps.version.outputs.path }}" --destination dist
+          PACKAGE="dist/${{ steps.version.outputs.name }}-${{ steps.version.outputs.version }}.tgz"
+          echo "package=${PACKAGE}" >> "${GITHUB_OUTPUT}"
+
+      - name: Push chart to OCI registry
+        if: steps.tag-check.outputs.exists != 'true'
+        id: push
+        run: |
+          set -euo pipefail
+          PUSH_OUT=$(helm push "${{ steps.package.outputs.package }}" "${OCI_REPO}" 2>&1)
+          echo "${PUSH_OUT}"
+          DIGEST=$(echo "${PUSH_OUT}" | awk '/Digest:/{print $2}')
+          if [ -z "${DIGEST}" ]; then
+            echo "::error::Could not extract digest from helm push output"
+            exit 1
+          fi
+          echo "digest=${DIGEST}" >> "${GITHUB_OUTPUT}"
+
+      # Keyless cosign signing for parity with the image release workflow.
+      # Verifies provenance via Sigstore's public transparency log without
+      # long-lived keys. Verify downstream with:
+      #   cosign verify ghcr.io/decocms/studio/charts/<chart>:<tag> \
+      #     --certificate-identity-regexp 'https://github.com/decocms/studio/.*' \
+      #     --certificate-oidc-issuer https://token.actions.githubusercontent.com
+      - name: Install cosign
+        if: steps.tag-check.outputs.exists != 'true'
+        uses: sigstore/cosign-installer@v3
+
+      - name: Sign chart with cosign
+        if: steps.tag-check.outputs.exists != 'true'
+        env:
+          DIGEST: ${{ steps.push.outputs.digest }}
+          NAME: ${{ steps.version.outputs.name }}
+          VERSION: ${{ steps.version.outputs.version }}
+        run: |
+          set -euo pipefail
+          REF="${{ env.REGISTRY }}/${{ github.repository }}/charts/${NAME}@${DIGEST}"
+          cosign sign --yes "${REF}"
+
+      - name: Generate SLSA build provenance
+        if: steps.tag-check.outputs.exists != 'true'
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ github.repository }}/charts/${{ steps.version.outputs.name }}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
+
+      - name: Release summary
+        if: steps.tag-check.outputs.exists != 'true'
+        run: |
+          {
+            echo "## Helm chart published"
+            echo ""
+            echo "**${{ steps.version.outputs.name }} ${{ steps.version.outputs.version }}**"
+            echo ""
+            echo "### Install"
+            echo '```bash'
+            if [ "${{ matrix.chart }}" = "sandbox-operator" ]; then
+              echo "helm install sandbox-operator ${OCI_REPO}/${{ steps.version.outputs.name }} \\"
+              echo "  --version ${{ steps.version.outputs.version }} \\"
+              echo "  --namespace agent-sandbox-system --create-namespace"
+            else
+              echo "helm install sandbox-env-<envName> ${OCI_REPO}/${{ steps.version.outputs.name }} \\"
+              echo "  --version ${{ steps.version.outputs.version }} \\"
+              echo "  --namespace agent-sandbox-system \\"
+              echo "  --set envName=<envName> \\"
+              echo "  --set mesh.namespace=<studio-namespace> \\"
+              echo "  --set mesh.serviceAccountName=<studio-release-name> \\"
+              echo "  --set mesh.serviceName=<studio-release-name> \\"
+              echo "  --set mesh.servicePort=80"
+            fi
+            echo '```'
+          } >> "${GITHUB_STEP_SUMMARY}"
diff --git a/.github/workflows/release-studio-sandbox.yaml b/.github/workflows/release-studio-sandbox.yaml
new file mode 100644
index 0000000000..4a98aacbb5
--- /dev/null
+++ b/.github/workflows/release-studio-sandbox.yaml
@@ -0,0 +1,124 @@
+name: Release Studio Sandbox Image
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "packages/sandbox/**"
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}/studio-sandbox
+
+jobs:
+  build-push:
+    name: Build & Push studio-sandbox image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+      attestations: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Read sandbox version
+        id: version
+        run: |
+          VERSION=$(python3 -c "import json; print(json.load(open('packages/sandbox/package.json'))['version'])")
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Fast-fail: skip the entire build if this version is already published.
+      # Keeps docs-only or test-only changes to packages/sandbox from
+      # re-pushing the same image under a tag consumers may already be pinning.
+      - name: Check if version tag already exists
+        id: tag-check
+        run: |
+          STATUS=$(curl -sS -o /dev/null -w "%{http_code}" \
+            -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+            "https://${{ env.REGISTRY }}/v2/${{ env.IMAGE_NAME }}/manifests/${{ steps.version.outputs.version }}")
+          if [ "${STATUS}" = "200" ]; then
+            echo "exists=true" >> $GITHUB_OUTPUT
+            echo "::notice::Image ${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }} already exists — skipping push. Bump packages/sandbox/package.json to publish."
+          else
+            echo "exists=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Setup Bun
+        if: steps.tag-check.outputs.exists != 'true'
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: "1.3.5"
+
+      - name: Install dependencies
+        if: steps.tag-check.outputs.exists != 'true'
+        run: bun install
+
+      # The Dockerfile copies daemon/dist/daemon.js into the image.
+      - name: Build daemon bundle
+        if: steps.tag-check.outputs.exists != 'true'
+        run: bun run --cwd=packages/sandbox build
+
+      # `:latest` is only emitted on manual workflow_dispatch runs so
+      # pinned consumers know it was a deliberate human action.
+      - name: Extract metadata (tags, labels)
+        id: meta
+        if: steps.tag-check.outputs.exists != 'true'
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=${{ steps.version.outputs.version }}
+            type=raw,value=latest,enable=${{ github.event_name == 'workflow_dispatch' }}
+            type=sha,format=short
+
+      - name: Set up Docker Buildx
+        if: steps.tag-check.outputs.exists != 'true'
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push Docker image
+        id: build
+        if: steps.tag-check.outputs.exists != 'true'
+        uses: docker/build-push-action@v5
+        with:
+          context: ./packages/sandbox
+          file: ./packages/sandbox/image/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64
+
+      - name: Install cosign
+        if: steps.tag-check.outputs.exists != 'true'
+        uses: sigstore/cosign-installer@v3
+
+      - name: Sign image with cosign
+        if: steps.tag-check.outputs.exists != 'true'
+        env:
+          DIGEST: ${{ steps.build.outputs.digest }}
+          TAGS: ${{ steps.meta.outputs.tags }}
+        run: |
+          set -euo pipefail
+          for tag in $(echo "${TAGS}" | tr ',' '\n'); do
+            cosign sign --yes "${tag}@${DIGEST}"
+          done
+
+      - name: Generate SLSA build provenance
+        if: steps.tag-check.outputs.exists != 'true'
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          subject-digest: ${{ steps.build.outputs.digest }}
+          push-to-registry: true
diff --git a/.github/workflows/release-tagging.yaml b/.github/workflows/release-tagging.yaml
index 583c313618..0e4e56bc29 100644
--- a/.github/workflows/release-tagging.yaml
+++ b/.github/workflows/release-tagging.yaml
@@ -6,12 +6,14 @@ on:
     paths:
       - "apps/mesh/**"
       - "packages/mesh-plugin-*/**"
+      - "packages/sandbox/**"
   push:
     branches:
       - main
     paths:
       - "apps/mesh/**"
       - "packages/mesh-plugin-*/**"
+      - "packages/sandbox/**"
 
 permissions:
   contents: write
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 020d5e46f1..e978163520 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -78,9 +78,15 @@ jobs:
         with:
           bun-version: "1.3.5"
 
+      - name: Install ripgrep
+        run: sudo apt-get update && sudo apt-get install -y ripgrep
+
       - name: Install dependencies
         run: bun install
 
+      - name: Build daemon bundle
+        run: bun run --cwd=packages/sandbox build
+
       - name: Start NATS with JetStream
         run: |
           docker run -d --name nats -p 4222:4222 nats:2.10 -js
@@ -89,7 +95,18 @@ jobs:
 
       - name: Run tests (shard ${{ matrix.shard }}/${{ matrix.total_shards }})
         run: |
-          files=$(find apps/mesh/src packages -name '*.test.ts' -o -name '*.test.tsx' | sort | awk "NR % ${{ matrix.total_shards }} == ${{ matrix.shard }}")
+          # Hash-based shard assignment: a file's shard is a stable function of
+          # its path, not its position in the sorted list. This prevents
+          # adding/removing test files from reshuffling other tests across
+          # shards (which can move resource-sensitive tests like
+          # pty-spawn.test.ts into a heavier-loaded shard and break them).
+          files=$(find apps/mesh/src packages -name '*.test.ts' -o -name '*.test.tsx' \
+            | while read -r f; do
+                hash=$(printf '%s' "$f" | cksum | awk '{print $1}')
+                if [ $((hash % ${{ matrix.total_shards }})) -eq ${{ matrix.shard }} ]; then
+                  echo "$f"
+                fi
+              done)
           echo "Running $(echo "$files" | wc -l) test files"
           echo "$files"
           # Bun 1.3.5 has a known WASM cleanup bug that causes SIGILL (exit 132)
@@ -98,9 +115,16 @@ jobs:
           bun test $files 2>&1 | tee /tmp/test-output.txt
           exit_code=${PIPESTATUS[0]}
           set -e
+          # Detect failures via per-test markers AND the summary line. The
+          # SIGILL crash can happen before bun prints its "N fail" summary,
+          # so relying on the summary alone hides real failures.
+          if grep -qE '^\(fail\)|[1-9][0-9]* fail' /tmp/test-output.txt; then
+            echo "❌ Test failures detected in output"
+            exit 1
+          fi
           if [ $exit_code -eq 0 ]; then
             exit 0
-          elif [ $exit_code -eq 132 ] && ! grep -q '[1-9][0-9]* fail' /tmp/test-output.txt; then
+          elif [ $exit_code -eq 132 ]; then
             echo "⚠️  Bun exited with SIGILL (known WASM cleanup bug) but all tests passed"
             exit 0
           else
@@ -132,3 +156,51 @@ jobs:
 
       - name: Run knip
         run: bun run knip
+
+  docker-smoke:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: "1.3.5"
+
+      - name: Install dependencies
+        run: bun install
+
+      - name: Build daemon bundle
+        run: bun run --cwd=packages/sandbox build
+
+      - name: Build sandbox image
+        run: |
+          docker build \
+            -t studio-sandbox:ci \
+            -f packages/sandbox/image/Dockerfile \
+            packages/sandbox
+
+      - name: Smoke test
+        run: |
+          docker run -d --name sandbox-smoke -p 19999:9000 \
+            -e DAEMON_TOKEN="$(printf 't%.0s' {1..32})" \
+            -e DAEMON_BOOT_ID="ci-smoke" \
+            -e APP_ROOT=/app \
+            -e PROXY_PORT=9000 \
+            -e DAEMON_NO_AUTOSTART=1 \
+            studio-sandbox:ci
+          for i in $(seq 1 30); do
+            if curl -fsS http://localhost:19999/health | grep -q '"bootId":"ci-smoke"'; then
+              echo "ok"
+              exit 0
+            fi
+            sleep 1
+          done
+          echo "smoke test failed — daemon did not return /health with ci-smoke bootId"
+          docker logs sandbox-smoke
+          exit 1
+
+      - name: Tear down
+        if: always()
+        run: docker rm -f sandbox-smoke || true
diff --git a/.gitignore b/.gitignore
index 72f3086936..9bf21d4f44 100644
--- a/.gitignore
+++ b/.gitignore
@@ -82,3 +82,17 @@ apps/mesh/playwright-report/
 
 # Local dev data directory
 .deco
+
+# `helm package deploy/helm/sandbox-operator` (and …/sandbox-env) produces a
+# .tgz that is published to ghcr.io as an OCI artifact by
+# .github/workflows/release-sandbox-charts.yaml. The unpacked trees under
+# deploy/helm/sandbox-{operator,env}/ are the source of truth; the packaged
+# .tgz is redundant in-repo and would just drift.
+deploy/helm/sandbox-operator-*.tgz
+deploy/helm/sandbox-operator/charts/
+deploy/helm/sandbox-env-*.tgz
+deploy/helm/sandbox-env/charts/
+# `helm dependency update` for the studio chart caches remote subcharts
+# (nats, opentelemetry-collector) as .tgz under charts/. They stay tracked
+# because the chart pins specific versions and offline installs depend on
+# them being present.
diff --git a/.oxlintrc.json b/.oxlintrc.json
index 6bbff45124..aadec3980b 100644
--- a/.oxlintrc.json
+++ b/.oxlintrc.json
@@ -4,7 +4,8 @@
     "./plugins/enforce-query-key-constants.js",
     "./plugins/ban-use-effect.js",
     "./plugins/ban-memoization.js",
-    "./plugins/require-cn-classname.js"
+    "./plugins/require-cn-classname.js",
+    "./plugins/ban-direct-auth-client-organization.js"
   ],
   "ignorePatterns": ["apps/docs/*"],
   "rules": {
@@ -16,7 +17,8 @@
     "enforce-query-key-constants/enforce-query-key-constants": "warn",
     "ban-use-effect/ban-use-effect": "error",
     "ban-memoization/ban-memoization": "error",
-    "require-cn-classname/require-cn-classname": "error"
+    "require-cn-classname/require-cn-classname": "error",
+    "ban-direct-auth-client-organization/ban-direct-auth-client-organization": "error"
   },
   "plugins": ["react"]
 }
diff --git a/.planning/MILESTONES.md b/.planning/MILESTONES.md
index fb6095bea7..f3363ba679 100644
--- a/.planning/MILESTONES.md
+++ b/.planning/MILESTONES.md
@@ -1,6 +1,6 @@
 # Milestones
 
-## v1.0 — Core Mesh (shipped, on main)
+## v1.0 — Core Studio (shipped, on main)
 
 **Shipped:** 2026-02 (pre-planning-system)
 
diff --git a/.planning/PROJECT.md b/.planning/PROJECT.md
index 82a749de80..f9d4d86407 100644
--- a/.planning/PROJECT.md
+++ b/.planning/PROJECT.md
@@ -1,12 +1,12 @@
-# MCP Mesh
+# Studio
 
 ## What This Is
 
-MCP Mesh is an open-source control plane for Model Context Protocol (MCP) traffic. It provides a unified layer for authentication, routing, and observability between MCP clients (Cursor, Claude, VS Code) and MCP servers. The system is a monorepo using Bun workspaces with TypeScript, Hono (API), and React 19 (UI), with a plugin system where each plugin exposes sidebar navigation, server tools, and client UI.
+Studio is an open-source control plane for Model Context Protocol (MCP) traffic. It provides a unified layer for authentication, routing, and observability between MCP clients (Cursor, Claude, VS Code) and MCP servers. The system is a monorepo using Bun workspaces with TypeScript, Hono (API), and React 19 (UI), with a plugin system where each plugin exposes sidebar navigation, server tools, and client UI.
 
 ## Core Value
 
-Developers can connect any MCP server to Mesh and immediately get auth, routing, observability, and a polished admin UI — including a full visual site editor for Deco-compatible sites.
+Developers can connect any MCP server to Studio and immediately get auth, routing, observability, and a polished admin UI — including a full visual site editor for Deco-compatible sites.
 
 ## Current Milestone: v1.3 — Local-First Development
 
@@ -42,7 +42,7 @@ Developers can connect any MCP server to Mesh and immediately get auth, routing,
 
 - Remote hosting / Kubernetes daemon — local-first only for this milestone
 - GitHub integration for projects — deferred to v1.4
-- Tunnel / deco link for remote Mesh — deferred to v1.4
+- Tunnel / deco link for remote Studio — deferred to v1.4
 - Multi-user local setup — single developer workflow only
 
 ## Context
diff --git a/.planning/REQUIREMENTS.md b/.planning/REQUIREMENTS.md
index f39a865ac2..f1ae1ac919 100644
--- a/.planning/REQUIREMENTS.md
+++ b/.planning/REQUIREMENTS.md
@@ -1,8 +1,8 @@
-# Requirements: MCP Mesh
+# Requirements: Studio
 
 **Defined:** 2026-02-20
 **Amended:** 2026-02-20 — lead engineer feedback: bash over git tools, deco-cli as entry point, projects as virtual MCPs
-**Core Value:** Developers can connect any MCP server to Mesh and get auth, routing, observability, and a polished admin UI — including a full visual site editor for Deco-compatible sites.
+**Core Value:** Developers can connect any MCP server to Studio and get auth, routing, observability, and a polished admin UI — including a full visual site editor for Deco-compatible sites.
 
 ## v1.3 Requirements
 
@@ -12,9 +12,9 @@
 - [ ] **LDV-02**: local-dev exposes full filesystem tools (read, write, edit, list, tree, search, delete, copy) scoped to the target folder
 - [ ] **LDV-03**: local-dev exposes OBJECT_STORAGE_BINDING tools (LIST_OBJECTS, GET/PUT_PRESIGNED_URL, DELETE_OBJECT, GET_ROOT) backed by local filesystem with embedded HTTP server for presigned URLs
 - [ ] **LDV-04**: local-dev exposes an unrestricted bash execution tool scoped to the project folder (covers git, dev server, build commands, etc. — like Claude Code's bash)
-- [ ] **LDV-05**: local-dev exposes a readiness endpoint (`/_ready`) that Mesh polls before marking the project online
+- [ ] **LDV-05**: local-dev exposes a readiness endpoint (`/_ready`) that Studio polls before marking the project online
 - [ ] **LDV-06**: local-dev forwards SIGTERM to any spawned processes for clean shutdown
-- [ ] **LDV-07**: local-dev exposes SSE `/watch` stream for filesystem change events (real-time file edits visible in Mesh UI)
+- [ ] **LDV-07**: local-dev exposes SSE `/watch` stream for filesystem change events (real-time file edits visible in Studio UI)
 
 > **Note:** Git-specific tools (GIT_STATUS, GIT_DIFF, etc.) were removed — all git operations go through **LDV-04** (bash). Dev server management is also covered by bash (e.g. `bash("bun dev")`).
 
@@ -40,7 +40,7 @@
 - [ ] **EDT-09**: User can preview the page live in an iframe with edit/interact mode toggle
 - [ ] **EDT-10**: User can undo and redo changes in the composer
 - [ ] **EDT-11**: User sees pending changes (sections added/modified/deleted vs git HEAD) with diff badges — powered by bash git calls via local-dev
-- [ ] **EDT-12**: User can commit pending changes from Mesh UI with a Claude-generated commit message — via bash git commit
+- [ ] **EDT-12**: User can commit pending changes from Studio UI with a Claude-generated commit message — via bash git commit
 - [ ] **EDT-13**: User can view git history for the current page with commit list and diff preview — via bash git log/show
 - [ ] **EDT-14**: User can revert to a previous commit with a confirmation dialog — via bash git checkout
 - [ ] **EDT-15**: Site editor activates automatically when the project connection implements DECO_BLOCKS_BINDING
@@ -49,16 +49,16 @@
 
 ### `deco link` command (`packages/cli/`)
 
-- [ ] **LNK-01**: Developer can run `deco link ./my-folder` to register a local project folder with a running Mesh instance
+- [ ] **LNK-01**: Developer can run `deco link ./my-folder` to register a local project folder with a running Studio instance
 - [ ] **LNK-02**: `deco link` starts a local-dev daemon for the given folder (or connects to an already-running one)
-- [ ] **LNK-03**: `deco link` creates (or reuses) a Connection in Mesh pointing at the local-dev daemon
-- [ ] **LNK-04**: `deco link` creates (or reuses) a Project in Mesh wired to that Connection
+- [ ] **LNK-03**: `deco link` creates (or reuses) a Connection in Studio pointing at the local-dev daemon
+- [ ] **LNK-04**: `deco link` creates (or reuses) a Project in Studio wired to that Connection
 - [ ] **LNK-05**: If the folder is a deco site (`.deco/` present), `deco link` auto-enables the site-editor plugin on the project
-- [ ] **LNK-06**: `deco link` opens the browser to the project URL in Mesh, already logged in
+- [ ] **LNK-06**: `deco link` opens the browser to the project URL in Studio, already logged in
 - [ ] **LNK-07**: `deco link` keeps running as a daemon — when Ctrl+C is pressed, local-dev shuts down cleanly
-- [ ] **LNK-08**: `deco link` is designed for both local Mesh (v1.3) and remote Mesh via tunnel (v1.4) — the Mesh URL is configurable
+- [ ] **LNK-08**: `deco link` is designed for both local Studio (v1.3) and remote Studio via tunnel (v1.4) — Studio URL is configurable
 
-> **Note:** deco-cli (`packages/cli`) already exists with login support. `deco link` is a new command added to it. The CLI is the portable piece; Mesh can be local or remote.
+> **Note:** deco-cli (`packages/cli`) already exists with login support. `deco link` is a new command added to it. The CLI is the portable piece; Studio can be local or remote.
 
 ## v2 Requirements
 
@@ -70,7 +70,7 @@
 
 ### Remote & Collaboration (v1.4)
 
-- **RMT-01**: `deco link` can connect local folder to a remote Mesh instance via tunnel
+- **RMT-01**: `deco link` can connect local folder to a remote Studio instance via tunnel
 - **RMT-02**: Project can be linked to a GitHub repository
 - **RMT-03**: User can switch between "local" and "branch on GitHub" views in a project
 
@@ -80,7 +80,7 @@
 |---------|--------|
 | Kubernetes / remote daemon | Local-first only for this milestone |
 | GitHub integration | Deferred to v1.4 |
-| Tunnel / remote Mesh | Deferred to v1.4 |
+| Tunnel / remote Studio | Deferred to v1.4 |
 | Projects as virtual MCPs (local proxy) | Deferred to v1.4 |
 | Multi-user local setup | Single developer workflow only |
 | Mobile / responsive site editor | Desktop workflow only |
diff --git a/.planning/ROADMAP.md b/.planning/ROADMAP.md
index ea2d52a7f9..45d1f66dca 100644
--- a/.planning/ROADMAP.md
+++ b/.planning/ROADMAP.md
@@ -1,14 +1,14 @@
-# Roadmap: MCP Mesh
+# Roadmap: Studio
 
 ## Milestones
 
-- ✅ **v1.0 — Core Mesh** - Phases 1–5 (shipped, on main)
+- ✅ **v1.0 — Core Studio** - Phases 1–5 (shipped, on main)
 - ✅ **v1.1 — Site Editor Foundation** - Phases 6–9 (shipped, on gui/site-builder)
 - ✅ **v1.2 — Git-Native Editing** - Phases 11–14 (shipped, on gui/site-builder)
 - 🚧 **v1.3 — Local-First Development** - Phases 15–18 (current)
 
 <details>
-<summary>✅ v1.0 — Core Mesh (Phases 1–5) — SHIPPED</summary>
+<summary>✅ v1.0 — Core Studio (Phases 1–5) — SHIPPED</summary>
 
 Core platform: auth (Better Auth), connections, organizations, projects, plugin system, event bus, observability, Kysely storage. No site editor yet. Not tracked in GSD.
 
@@ -39,7 +39,7 @@ Git site binding tools, pending changes UI, commit dialog with Claude-generated
 - [ ] **Phase 15: local-dev daemon** - MCP server for local filesystem, object storage, git, and dev server management
 - [ ] **Phase 16: plugin-deco-blocks** - Standalone deco blocks framework: scanners, DECO_BLOCKS_BINDING, Claude skill
 - [ ] **Phase 17: site-editor plugin** - Full site editor UI with visual composer and git UX
-- [ ] **Phase 18: deco link command** - `deco link ./folder` in packages/cli connects local project to Mesh
+- [ ] **Phase 18: deco link command** - `deco link ./folder` in packages/cli connects local project to Studio
 
 ## Phase Details
 
@@ -49,9 +49,9 @@ Git site binding tools, pending changes UI, commit dialog with Claude-generated
 **Requirements**: LDV-01, LDV-02, LDV-03, LDV-04, LDV-05, LDV-06, LDV-07
 **Success Criteria** (what must be TRUE):
   1. Developer runs a single command pointing at a folder and gets a running MCP daemon — no config files required
-  2. Mesh (or any MCP client) can call filesystem tools: read, write, edit, list, tree, search, delete, copy — all scoped to the target folder
-  3. Mesh can call OBJECT_STORAGE_BINDING tools (LIST_OBJECTS, GET/PUT_PRESIGNED_URL, DELETE_OBJECT, GET_ROOT) and they resolve to local files with an embedded HTTP server for presigned URLs
-  4. Mesh can run any bash command scoped to the project folder (git, bun, deno, arbitrary scripts) — unrestricted, like Claude Code's bash tool
+  2. Studio (or any MCP client) can call filesystem tools: read, write, edit, list, tree, search, delete, copy — all scoped to the target folder
+  3. Studio can call OBJECT_STORAGE_BINDING tools (LIST_OBJECTS, GET/PUT_PRESIGNED_URL, DELETE_OBJECT, GET_ROOT) and they resolve to local files with an embedded HTTP server for presigned URLs
+  4. Studio can run any bash command scoped to the project folder (git, bun, deno, arbitrary scripts) — unrestricted, like Claude Code's bash tool
   5. Daemon responds to `/_ready`, forwards SIGTERM cleanly, and streams filesystem change events via SSE `/watch`
 **Plans**: TBD
 
@@ -69,7 +69,7 @@ Git site binding tools, pending changes UI, commit dialog with Claude-generated
 **Plans**: TBD
 
 ### Phase 17: site-editor plugin
-**Goal**: Users with a deco site project can navigate pages, compose sections visually, edit props, preview live, and manage git history — all from the Mesh UI; the plugin activates automatically when DECO_BLOCKS_BINDING is detected
+**Goal**: Users with a deco site project can navigate pages, compose sections visually, edit props, preview live, and manage git history — all from Studio UI; the plugin activates automatically when DECO_BLOCKS_BINDING is detected
 **Depends on**: Phase 16 (plugin-deco-blocks)
 **Requirements**: EDT-01, EDT-02, EDT-03, EDT-04, EDT-05, EDT-06, EDT-07, EDT-08, EDT-09, EDT-10, EDT-11, EDT-12, EDT-13, EDT-14, EDT-15
 **Success Criteria** (what must be TRUE):
@@ -81,18 +81,18 @@ Git site binding tools, pending changes UI, commit dialog with Claude-generated
 **Plans**: TBD
 
 ### Phase 18: deco link command
-**Goal**: A developer can run `deco link ./my-folder` (from the existing deco-cli) and immediately see their local project in a running Mesh instance — browser opens, project ready, no manual wiring
+**Goal**: A developer can run `deco link ./my-folder` (from the existing deco-cli) and immediately see their local project in a running Studio instance — browser opens, project ready, no manual wiring
 **Depends on**: Phase 15 (local-dev daemon), Phase 17 (site-editor plugin for auto-enable detection)
 **Requirements**: LNK-01, LNK-02, LNK-03, LNK-04, LNK-05, LNK-06, LNK-07, LNK-08
 **Success Criteria** (what must be TRUE):
-  1. Running `deco link ./my-folder` starts local-dev, registers it as a Connection in Mesh, creates a Project, and opens the browser to the project — already logged in
+  1. Running `deco link ./my-folder` starts local-dev, registers it as a Connection in Studio, creates a Project, and opens the browser to the project — already logged in
   2. If the folder is a deco site (`.deco/` present), the site-editor plugin is automatically enabled and the user lands on the site editor
   3. Running the same command again on an existing setup reuses the existing Connection and Project — nothing is duplicated
-  4. Pressing Ctrl+C shuts down local-dev cleanly — the project goes offline in Mesh
-  5. The Mesh URL is configurable so the same `deco link` command can target a remote Mesh instance (tunnel wiring deferred to v1.4, but the config surface is ready)
+  4. Pressing Ctrl+C shuts down local-dev cleanly — the project goes offline in Studio
+  5. Studio URL is configurable so the same `deco link` command can target a remote Studio instance (tunnel wiring deferred to v1.4, but the config surface is ready)
 **Plans**: TBD
 
-> **Amended 2026-02-20:** Replaced `npx @decocms/mesh ./folder` with `deco link` in packages/cli (deco-cli). CLI is the portable piece — Mesh can be local or remote. Auto-setup (admin/admin) remains needed for local Mesh but lives in Mesh startup, not in the CLI.
+> **Amended 2026-02-20:** Replaced `npx @decocms/mesh ./folder` with `deco link` in packages/cli (deco-cli). CLI is the portable piece — Studio can be local or remote. Auto-setup (admin/admin) remains needed for local Studio but lives in Studio startup, not in the CLI.
 
 ## Progress
 
diff --git a/.planning/STATE.md b/.planning/STATE.md
index 89c4ff1193..0fe5b3207f 100644
--- a/.planning/STATE.md
+++ b/.planning/STATE.md
@@ -4,7 +4,7 @@
 
 See: .planning/PROJECT.md (updated 2026-02-20)
 
-**Core value:** Developers can connect any MCP server to Mesh and get auth, routing, observability, and a visual site editor for Deco sites.
+**Core value:** Developers can connect any MCP server to Studio and get auth, routing, observability, and a visual site editor for Deco sites.
 **Current focus:** Milestone v1.3 — Phase 15: local-dev daemon (ready to plan)
 
 ## Current Position
@@ -45,7 +45,7 @@ Recent decisions affecting current work:
 - site-editor checks connection capabilities at runtime — does not directly depend on local-dev package
 - **AMENDED**: Git tools removed from local-dev — bash tool (unrestricted) covers git + dev server + everything
 - **AMENDED**: Entry point is `deco link` in packages/cli (deco-cli), not `npx @decocms/mesh`
-- **AMENDED**: CLI is portable/separate from Mesh — Mesh can be local or remote (tunnel = v1.4)
+- **AMENDED**: CLI is portable/separate from Studio — Studio can be local or remote (tunnel = v1.4)
 - **AMENDED**: Projects as virtual MCPs with local proxy deferred to v1.4
 - Bash tool is unrestricted, scoped to project folder — like Claude Code's bash
 - deco-cli (packages/cli) already exists with login; `deco link` is a new command added to it
diff --git a/AGENTS.md b/AGENTS.md
index 9524f9dbf2..259f564644 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -8,7 +8,7 @@ This file provides guidance when working with code in this repository, including
 
 ## Overview
 
-MCP Mesh is an open-source control plane for Model Context Protocol (MCP) traffic. It provides a unified layer for authentication, routing, and observability between MCP clients (Cursor, Claude, VS Code) and MCP servers. The system is built as a monorepo using Bun workspaces with TypeScript, Hono (API), and React 19 (UI).
+Studio is an open-source control plane for Model Context Protocol (MCP) traffic. It provides a unified layer for authentication, routing, and observability between MCP clients (Cursor, Claude, VS Code) and MCP servers. The system is built as a monorepo using Bun workspaces with TypeScript, Hono (API), and React 19 (UI).
 
 ## Commands
 
@@ -150,7 +150,7 @@ export const EXAMPLE_TOOL = defineTool({
 
 ### Project Structure & Module Organization
 
-The workspace is managed via Bun workspaces. The main application lives in `apps/mesh/` and contains the full-stack MCP Mesh implementation (Hono API server + Vite/React client). Documentation site lives in `apps/docs/` (Astro-based).
+The workspace is managed via Bun workspaces. The main application lives in `apps/mesh/` and contains the full-stack Studio implementation (Hono API server + Vite/React client). Documentation site lives in `apps/docs/` (Astro-based).
 
 **apps/mesh/** - Main full-stack application
 - `src/api/` - Hono HTTP routes + MCP proxy routes
@@ -378,6 +378,26 @@ PRs should include:
 6. **Never modify knip configuration** (`knip.json`, `knip.config.ts`, etc.) to silence warnings. Knip warnings indicate dead code, unused exports, or unused dependencies—these are code smells that should be fixed by removing the unused code/export/dependency, not by adding exclusions to the knip config.
 7. **CI errors are always on your branch**. The `main` branch CI always passes. When CI fails, the problem is in the code you changed—do not assume it's a pre-existing issue or a flaky test. Investigate and fix your code.
 
+## API Path Convention
+
+All org-scoped API routes use the canonical shape `/api/:org/...` where `:org` is the
+organization slug. The `resolveOrgFromPath` middleware (`apps/mesh/src/api/middleware/resolve-org-from-path.ts`)
+looks up the org by slug, verifies the authenticated principal is a member, and sets
+`ctx.organization`. Returns 404 for unknown slugs, 403 for non-members.
+
+The legacy unscoped routes (e.g., `/api/connections/:id/oauth-token`, `/mcp/:connectionId`,
+`/oauth-proxy/:connectionId/*`) are still mounted with a `logDeprecatedRoute` middleware
+that emits `console.log("deprecated route", { route, method, org, user, ua })`. They will
+be removed in a follow-up PR after the deprecation window. **New code MUST use the
+org-scoped paths**; new frontend code MUST NOT send `x-org-id` or `x-org-slug` headers
+for migrated routes (the org slug is in the URL path).
+
+The aggregator that mounts every org-scoped sub-router lives at
+`apps/mesh/src/api/routes/org-scoped.ts`. Add new org-scoped routes there.
+
+Org slugs are **immutable** — `ORGANIZATION_UPDATE` rejects slug changes — so URLs remain
+stable.
+
 ## License
 
 Sustainable Use License (SUL):
diff --git a/apps/docs/client/src/components/ui/ProductSwitcher.tsx b/apps/docs/client/src/components/ui/ProductSwitcher.tsx
new file mode 100644
index 0000000000..f2f856094b
--- /dev/null
+++ b/apps/docs/client/src/components/ui/ProductSwitcher.tsx
@@ -0,0 +1,162 @@
+import { useEffect, useRef, useState } from "react";
+import { Logo } from "../atoms/Logo";
+import { Icon } from "../atoms/Icon";
+import {
+  products,
+  CURRENT_PRODUCT_ID,
+  type Product,
+} from "../../config/products";
+
+interface ProductSwitcherProps {
+  /** Which product is "this site". Defaults to decocms. */
+  current?: string;
+  className?: string;
+}
+
+export function ProductSwitcher({
+  current = CURRENT_PRODUCT_ID,
+  className = "",
+}: ProductSwitcherProps) {
+  const [open, setOpen] = useState(false);
+  const containerRef = useRef<HTMLDivElement>(null);
+  const triggerRef = useRef<HTMLButtonElement>(null);
+
+  useEffect(() => {
+    if (!open) return;
+
+    const handleClickOutside = (event: MouseEvent) => {
+      if (
+        containerRef.current &&
+        !containerRef.current.contains(event.target as Node)
+      ) {
+        setOpen(false);
+      }
+    };
+
+    const handleKeyDown = (event: KeyboardEvent) => {
+      if (event.key === "Escape") {
+        setOpen(false);
+        triggerRef.current?.focus();
+      }
+    };
+
+    document.addEventListener("mousedown", handleClickOutside);
+    document.addEventListener("keydown", handleKeyDown);
+    return () => {
+      document.removeEventListener("mousedown", handleClickOutside);
+      document.removeEventListener("keydown", handleKeyDown);
+    };
+  }, [open]);
+
+  return (
+    <div ref={containerRef} className={`relative ${className}`}>
+      <button
+        ref={triggerRef}
+        type="button"
+        onClick={() => setOpen((value) => !value)}
+        aria-expanded={open}
+        aria-haspopup="menu"
+        aria-label="Switch product docs"
+        className="flex items-center gap-1.5 px-1.5 py-1 -mx-1.5 -my-1 rounded-md hover:bg-muted transition-colors cursor-pointer focus:outline-none focus:ring-2 focus:ring-ring"
+      >
+        <Logo width={67} height={28} />
+        <Icon
+          name="ChevronDown"
+          size={14}
+          className={`text-muted-foreground transition-transform ${open ? "rotate-180" : ""}`}
+        />
+      </button>
+
+      {open && (
+        <div
+          role="menu"
+          aria-label="Product docs"
+          className="absolute left-0 top-[calc(100%+8px)] z-50 w-64 rounded-lg border border-border bg-app-background shadow-lg overflow-hidden"
+        >
+          <div className="px-3 py-2 border-b border-border/60">
+            <span className="text-xs font-medium text-muted-foreground uppercase tracking-wide">
+              Docs
+            </span>
+          </div>
+          <div className="py-1">
+            {products.map((product) => (
+              <ProductMenuItem
+                key={product.id}
+                product={product}
+                isCurrent={product.id === current}
+                onSelect={() => setOpen(false)}
+              />
+            ))}
+          </div>
+        </div>
+      )}
+    </div>
+  );
+}
+
+interface ProductMenuItemProps {
+  product: Product;
+  isCurrent: boolean;
+  onSelect: () => void;
+}
+
+function ProductMenuItem({
+  product,
+  isCurrent,
+  onSelect,
+}: ProductMenuItemProps) {
+  const sharedClasses = `flex items-center gap-3 px-3 py-2.5 text-left transition-colors ${
+    isCurrent ? "bg-primary/5" : "hover:bg-muted"
+  }`;
+
+  const body = (
+    <>
+      <div className="flex flex-col gap-0.5 flex-1 min-w-0">
+        <span
+          className={`text-sm font-medium truncate ${
+            isCurrent ? "text-primary" : "text-foreground"
+          }`}
+        >
+          {product.label}
+        </span>
+        <span className="text-xs text-muted-foreground truncate">
+          {product.description}
+        </span>
+      </div>
+      {isCurrent ? (
+        <Icon name="Check" size={16} className="text-primary shrink-0" />
+      ) : product.external ? (
+        <Icon
+          name="ArrowUpRight"
+          size={16}
+          className="text-muted-foreground shrink-0"
+        />
+      ) : null}
+    </>
+  );
+
+  if (isCurrent || !product.href) {
+    return (
+      <div
+        role="menuitem"
+        aria-current={isCurrent ? "true" : undefined}
+        className={sharedClasses}
+      >
+        {body}
+      </div>
+    );
+  }
+
+  return (
+    <a
+      href={product.href}
+      target={product.external ? "_blank" : undefined}
+      rel={product.external ? "noopener noreferrer" : undefined}
+      role="menuitem"
+      className={sharedClasses}
+      onClick={onSelect}
+    >
+      {body}
+    </a>
+  );
+}
diff --git a/apps/docs/client/src/components/ui/Sidebar.tsx b/apps/docs/client/src/components/ui/Sidebar.tsx
index eccdbb4e80..3fb2e1b5f3 100644
--- a/apps/docs/client/src/components/ui/Sidebar.tsx
+++ b/apps/docs/client/src/components/ui/Sidebar.tsx
@@ -1,9 +1,9 @@
 import React, { useEffect, useState } from "react";
 import { navigate } from "astro:transitions/client";
-import { Logo } from "../../components/atoms/Logo";
 import { Icon } from "../../components/atoms/Icon";
 import { Select } from "../../components/atoms/Select";
 import { LanguageSelector } from "./LanguageSelector";
+import { ProductSwitcher } from "./ProductSwitcher";
 import { ThemeToggle } from "./ThemeToggle";
 import { versions, VERSION_IDS, LATEST_VERSION } from "../../config/versions";
 
@@ -553,7 +553,7 @@ export default function Sidebar({
     <div className="flex flex-col h-screen bg-app-background border-r border-border w-[19rem] lg:w-[19rem] w-full max-w-[19rem]">
       {/* Header - hidden on mobile */}
       <div className="hidden lg:flex items-center justify-between px-4 lg:px-6 py-3 shrink-0 border-b border-border">
-        <Logo width={67} height={28} />
+        <ProductSwitcher />
         <div className="flex items-center gap-1.5">
           <LanguageSelector locale={locale} compact />
           <ThemeToggle />
diff --git a/apps/docs/client/src/config/products.ts b/apps/docs/client/src/config/products.ts
new file mode 100644
index 0000000000..0c857395b5
--- /dev/null
+++ b/apps/docs/client/src/config/products.ts
@@ -0,0 +1,27 @@
+export interface Product {
+  id: string;
+  label: string;
+  description: string;
+  /** Absolute URL. `null` for the current product. */
+  href: string | null;
+  external: boolean;
+}
+
+export const products: readonly Product[] = [
+  {
+    id: "decocms",
+    label: "decocms",
+    description: "AI agents & MCP control plane",
+    href: null,
+    external: false,
+  },
+  {
+    id: "deco-cx",
+    label: "deco.cx",
+    description: "Storefront platform",
+    href: "https://docs.deco.cx",
+    external: true,
+  },
+];
+
+export const CURRENT_PRODUCT_ID = "decocms";
diff --git a/apps/docs/client/src/content/deco-chat/en/introduction.mdx b/apps/docs/client/src/content/deco-chat/en/introduction.mdx
index 8cf86077df..2c985e5285 100644
--- a/apps/docs/client/src/content/deco-chat/en/introduction.mdx
+++ b/apps/docs/client/src/content/deco-chat/en/introduction.mdx
@@ -17,12 +17,12 @@ If MCP is the standard interface for tool access, deco CMS is the **production l
 **Official links:**
 
 - **deco CMS**: [decocms.com](https://www.decocms.com/)
-- **The MCP Mesh**: [decocms.com/mesh](https://www.decocms.com/mesh)
+- **Studio**: [decocms.com/studio](https://www.decocms.com/studio)
 - **MCP Studio**: [decocms.com/mcp-studio](https://www.decocms.com/mcp-studio)
 
 If you know us from before (as **deco.cx**) and you’re looking for **headless CMS + storefront** capabilities, visit [deco.cx](https://www.decocms.com/use-case/deco-cx). See the deco.cx docs at [docs.deco.cx](https://docs.deco.cx/en/getting-started/overview).
 
-## Start with the MCP Mesh
+## Start with Studio
 
 Choose one:
 
@@ -87,9 +87,9 @@ The application will be available at `http://localhost:8080`.
 
 **More details:** [Kubernetes: Helm Chart](/latest/en/mcp-mesh/deploy/kubernetes-helm-chart)
 
-## Learn the Mesh (concepts + product surfaces)
+## Learn Studio (concepts + product surfaces)
 
-- **[MCP Mesh Overview](/latest/en/mcp-mesh/overview)**
+- **[Studio Overview](/latest/en/mcp-mesh/overview)**
 - **[Quickstart](/latest/en/mcp-mesh/quickstart)**
 - **[Concepts](/latest/en/mcp-mesh/concepts)**
 - **[MCP Servers (Connections)](/latest/en/mcp-mesh/mcp-servers)**
@@ -100,10 +100,10 @@ The application will be available at `http://localhost:8080`.
 <Callout type="warning">
   **Docs split (quick guide):**
 
-  - **The MCP Mesh** → Self-hosting, deploying, and operating the Mesh (recommended).
+  - **Studio** → Self-hosting, deploying, and operating Studio (recommended).
   - **Legacy Admin** → If you’re using `admin.decocms.com` (still supported, **deprecated soon**).
 
-  We’re launching **MCP Studio** (on top of the Mesh), which will bring the current SaaS admin capabilities to the Mesh (including a hosted option by us) and replace the legacy SaaS over time.
+  We’re launching **MCP Studio** (on top of Studio), which will bring the current SaaS admin capabilities to Studio (including a hosted option by us) and replace the legacy SaaS over time.
 </Callout>
 
 ## Problem: the production gap
@@ -118,16 +118,16 @@ As tool surfaces and teams grow, most orgs run into the same production constrai
 
 For more context on our platform-level thesis, read [The architecture of an AI-native company](https://www.decocms.com/blog/post/ai-native-company).
 
-## Platform structure: Mesh → Studio → Apps & Store
+## Platform structure: Studio → Studio → Apps & Store
 
-### The MCP Mesh (foundation)
+### Studio (foundation)
 An open-source **control plane for MCP traffic**. It sits between your MCP clients (Cursor, Claude, VS Code, custom agents) and your MCP servers, providing a unified layer for auth, policy, and observability.
 
 ### MCP Studio (development)
 A no-code admin + SDK to package MCP capabilities as reusable building blocks.
 
 <Callout type="info">
-  **Coming soon:** This is the successor to the current SaaS admin, built on top of the MCP Mesh.
+  **Coming soon:** This is the successor to the current SaaS admin, built on top of Studio.
 </Callout>
 
 ### MCP Apps & Store (distribution)
diff --git a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/api-keys.mdx b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/api-keys.mdx
index 4623e4dd68..385b8a2342 100644
--- a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/api-keys.mdx
+++ b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/api-keys.mdx
@@ -8,7 +8,7 @@ import Callout from "../../../../components/ui/Callout.astro";
 
 ## What are API keys for?
 
-API keys are the simplest way to give an agent/app access to the Mesh without an interactive login flow. Keys are:
+API keys are the simplest way to give an agent/app access to Studio without an interactive login flow. Keys are:
 
 - **scoped** (explicit permissions)
 - **revocable**
diff --git a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/api-reference.mdx b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/api-reference.mdx
index b2f4a49833..33efdc01ba 100644
--- a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/api-reference.mdx
+++ b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/api-reference.mdx
@@ -1,6 +1,6 @@
 ---
 title: API Reference
-description: The core HTTP endpoints exposed by the Mesh for MCP, agents, OAuth, and ops
+description: The core HTTP endpoints exposed by Studio for MCP, agents, OAuth, and ops
 icon: Code
 ---
 
diff --git a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/authentication.mdx b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/authentication.mdx
index 08045d695d..c6c51f131b 100644
--- a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/authentication.mdx
+++ b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/authentication.mdx
@@ -8,7 +8,7 @@ import Callout from "../../../../components/ui/Callout.astro";
 
 ## What’s supported
 
-The Mesh uses Better Auth and supports:
+Studio uses Better Auth and supports:
 
 - **Email/password**
 - **Magic link**
diff --git a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/authorization-and-roles.mdx b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/authorization-and-roles.mdx
index 9e2e10151b..3c789f5bee 100644
--- a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/authorization-and-roles.mdx
+++ b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/authorization-and-roles.mdx
@@ -8,7 +8,7 @@ import Callout from "../../../../components/ui/Callout.astro";
 
 ## The model
 
-The Mesh enforces access control at two layers:
+Studio enforces access control at two layers:
 
 - **Organization roles** (member permissions inside an org)
 - **Tool permissions** (what an API key or user session is allowed to call)
diff --git a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/concepts.mdx b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/concepts.mdx
index 4f54fa7627..5f8e8fc70b 100644
--- a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/concepts.mdx
+++ b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/concepts.mdx
@@ -11,13 +11,13 @@ icon: BookOpen
 - **Roles**: role assignments for members, used by access control checks.
 - **Connection**: a configured upstream MCP endpoint (usually HTTP), optionally with stored credentials.
 - **Agent**: a virtual MCP server that aggregates multiple connections into a single MCP surface.
-- **Tool call**: a `tools/call` request routed through the Mesh to a downstream MCP server (or via an agent).
+- **Tool call**: a `tools/call` request routed through Studio to a downstream MCP server (or via an agent).
 - **Monitoring log**: a record of a tool call (inputs, outputs, duration, error), used for debugging and ops.
 
 ## Data and security boundaries
 
 - **Credential Vault**: sensitive connection credentials are encrypted at rest (vaulted) and only decrypted at request time.
-- **Permissions**: API keys are scoped to tool permissions; the Mesh enforces authorization before proxying.
+- **Permissions**: API keys are scoped to tool permissions; Studio enforces authorization before proxying.
 
 ## How requests flow
 
@@ -26,6 +26,6 @@ icon: BookOpen
    - the **Management MCP** (admin tools), or
    - a **Proxy endpoint** (one connection), or
    - an **Agent endpoint** (aggregated tools/resources/prompts).
-3. The Mesh authorizes, loads credentials, proxies to the downstream Connection(s), and logs monitoring events.
+3. Studio authorizes, loads credentials, proxies to the downstream Connection(s), and logs monitoring events.
 
 
diff --git a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/connect-clients.mdx b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/connect-clients.mdx
index 300e1dc45c..05f93d740a 100644
--- a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/connect-clients.mdx
+++ b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/connect-clients.mdx
@@ -1,6 +1,6 @@
 ---
 title: Connect MCP Clients
-description: How Cursor/Claude/custom clients authenticate to the Mesh and consume tools via MCP
+description: How Cursor/Claude/custom clients authenticate to Studio and consume tools via MCP
 icon: PlugZap
 ---
 
@@ -8,7 +8,7 @@ import Callout from "../../../../components/ui/Callout.astro";
 
 ## Client options
 
-There are two common ways to connect clients to the Mesh:
+There are two common ways to connect clients to Studio:
 
 - **OAuth (recommended for interactive clients)**: supports standard OAuth flows, consent, and organization-aware access.
 - **API Keys (recommended for servers/agents)**: scoped keys with explicit tool permissions.
diff --git a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/deploy/kubernetes-helm-chart.mdx b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/deploy/kubernetes-helm-chart.mdx
index 435be9d23a..9a343794a7 100644
--- a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/deploy/kubernetes-helm-chart.mdx
+++ b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/deploy/kubernetes-helm-chart.mdx
@@ -1,14 +1,14 @@
 ---
 title: "Kubernetes: Helm Chart"
-description: Deploy MCP Mesh on Kubernetes using the Helm chart
+description: Deploy Studio on Kubernetes using the Helm chart
 icon: Rocket
 ---
 
 import Callout from "../../../../../components/ui/Callout.astro";
 
-This guide explains how to deploy the MCP Mesh on Kubernetes using the Helm chart.
+This guide explains how to deploy Studio on Kubernetes using the Helm chart.
 
-Learn more: [the MCP Mesh product page](https://www.decocms.com/mesh)
+Learn more: [Studio product page](https://www.decocms.com/studio)
 
 Helm chart source: [decocms/helm-chart-deco-mcp-mesh](https://github.com/decocms/helm-chart-deco-mcp-mesh)
 
@@ -213,7 +213,7 @@ service:
 
 database:
   engine: postgresql
-  url: "postgresql://mesh_user:mesh_password@mesh.example.com:5432/mesh_db"  
+  url: "postgresql://mesh_user:mesh_password@postgres.example.com:5432/mesh_db"  
   caCert: |
     -----BEGIN CERTIFICATE-----
     aaaaaaaabbbbbbcccccccccddddddd
diff --git a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/deploy/local-docker-compose.mdx b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/deploy/local-docker-compose.mdx
index a4cff4d074..88ec0cd753 100644
--- a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/deploy/local-docker-compose.mdx
+++ b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/deploy/local-docker-compose.mdx
@@ -6,9 +6,9 @@ icon: Container
 
 import Callout from "../../../../../components/ui/Callout.astro";
 
-This guide covers deploying the MCP Mesh locally using Docker Compose for quick testing and development.
+This guide covers deploying Studio locally using Docker Compose for quick testing and development.
 
-Learn more: [the MCP Mesh product page](https://www.decocms.com/mesh)
+Learn more: [Studio product page](https://www.decocms.com/studio)
 
 Source (Docker Compose + README): [decocms/mesh/deploy](https://github.com/decocms/mesh/tree/main/deploy)
 
@@ -47,7 +47,7 @@ open http://localhost:3000
 ```
 
 <Callout type="tip">
-  These configurations are all you need to start testing with MCP-MESH. If you need other options, check the sections below.
+  These configurations are all you need to start testing with Studio. If you need other options, check the sections below.
 </Callout>
 
 ### Minimum Configuration
@@ -187,7 +187,7 @@ volumes:
 
 #### When it's Loaded
 
-The Mesh application loads this file on startup to configure:
+Studio application loads this file on startup to configure:
 
 - Email/Password authentication
 - Social providers (Google, GitHub)
diff --git a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/mcp-gateways.mdx b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/mcp-gateways.mdx
index 1ed859a789..b4fcd9c8d7 100644
--- a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/mcp-gateways.mdx
+++ b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/mcp-gateways.mdx
@@ -54,7 +54,7 @@ Every new organization gets a **Default Agent**:
 
 - **Strategy**: `passthrough`
 - **Mode**: `exclusion`
-- **Default exclusions**: the built-in **Mesh MCP** connection (management tools) and the **Store/Registry** connection are excluded by default
+- **Default exclusions**: the built-in **Studio MCP** connection (management tools) and the **Store/Registry** connection are excluded by default
 - **Default behavior**: everything else in the org is included — so as you connect Integrations, this endpoint becomes the "all tools in the org" Agent
 
 This is the endpoint most teams use as the single aggregated MCP surface for an org.
diff --git a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/mcp-servers.mdx b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/mcp-servers.mdx
index 8b8cef6543..87f908c74c 100644
--- a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/mcp-servers.mdx
+++ b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/mcp-servers.mdx
@@ -8,7 +8,7 @@ import Callout from "../../../../components/ui/Callout.astro";
 
 ## What is a connection?
 
-A **Connection** in the Mesh is a configured upstream MCP endpoint (typically HTTP). The Mesh stores its configuration and (optionally) credentials, and can then proxy MCP requests to it.
+A **Connection** in Studio is a configured upstream MCP endpoint (typically HTTP). Studio stores its configuration and (optionally) credentials, and can then proxy MCP requests to it.
 
 ## In the UI
 
@@ -24,7 +24,7 @@ Once you have a connection ID, clients can call tools via:
 
 - `POST /mcp/:connectionId`
 
-The Mesh will:
+Studio will:
 
 1. authenticate the caller
 2. authorize the tool call
diff --git a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/monitoring.mdx b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/monitoring.mdx
index 842f6961f6..533e9b691d 100644
--- a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/monitoring.mdx
+++ b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/monitoring.mdx
@@ -6,7 +6,7 @@ icon: Activity
 
 ## What gets recorded
 
-The Mesh records monitoring logs for proxied tool calls, including:
+Studio records monitoring logs for proxied tool calls, including:
 
 - tool name
 - connection / agent attribution
diff --git a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/overview.mdx b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/overview.mdx
index be91793345..f7b656ab44 100644
--- a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/overview.mdx
+++ b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/overview.mdx
@@ -6,9 +6,9 @@ icon: Network
 
 import Callout from "../../../../components/ui/Callout.astro";
 
-## What is the MCP Mesh?
+## What is Studio?
 
-The **MCP Mesh** is a **control plane for MCP traffic**. It sits between MCP clients (Cursor, Claude Desktop, custom agents) and MCP servers, providing a centralized layer for **authentication, authorization, credential management, and observability**.
+The **Studio** is a **control plane for MCP traffic**. It sits between MCP clients (Cursor, Claude Desktop, custom agents) and MCP servers, providing a centralized layer for **authentication, authorization, credential management, and observability**.
 
 ## The problem
 
@@ -19,7 +19,7 @@ When MCP moves from a few PoCs to production usage, teams start paying an “int
 - **Operational blind spots**: no unified logs/traces to debug failures end-to-end
 - **Tool surface explosion**: too many tools increases context size, latency, and tool-selection errors
 
-The Mesh centralizes these concerns once, so you can operate MCP traffic like any other production surface.
+Studio centralizes these concerns once, so you can operate MCP traffic like any other production surface.
 
 ## High-level architecture
 
@@ -33,7 +33,7 @@ The Mesh centralizes these concerns once, so you can operate MCP traffic like an
                         └──────────────────┘
 ```
 
-## What the Mesh centralizes
+## What Studio centralizes
 
 - **Routing + execution**: which MCP to call and how to authenticate it
 - **Policy enforcement**: who can access which tools (and through which agents)
@@ -51,7 +51,7 @@ The Mesh centralizes these concerns once, so you can operate MCP traffic like an
 - **Deploy**: self-host locally (npx / Docker Compose) or on Kubernetes (Helm).
 
 <Callout type="info">
-  We’re releasing the MCP Mesh to the open-source community in **December 2025**.
+  We’re releasing Studio to the open-source community in **December 2025**.
   It’s new, so these docs reflect what exists **in production today** — but we ship new features every week and will keep updating this documentation as those features land. 
 </Callout>
 
diff --git a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/quickstart.mdx b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/quickstart.mdx
index 9100b155e3..200285104c 100644
--- a/apps/docs/client/src/content/deco-chat/en/mcp-mesh/quickstart.mdx
+++ b/apps/docs/client/src/content/deco-chat/en/mcp-mesh/quickstart.mdx
@@ -1,12 +1,12 @@
 ---
 title: Quickstart
-description: Run Mesh locally, connect an Integration, create an Agent, and verify monitoring
+description: Run Studio locally, connect an Integration, create an Agent, and verify monitoring
 icon: Rocket
 ---
 
 import Callout from "../../../../components/ui/Callout.astro";
 
-## 1) Run the Mesh
+## 1) Run Studio
 
 Pick one:
 
@@ -73,7 +73,7 @@ The application will be available at `http://localhost:8080`.
 
 ## 2) Create a Connection
 
-When you open a new organization, the Mesh will prompt you to:
+When you open a new organization, Studio will prompt you to:
 
 - **Browse Store** or
 - **Create Connection** directly - provide the MCP URL (HTTP endpoint) and any required credentials
diff --git a/apps/docs/client/src/content/deco-chat/en/mcp-studio/overview.mdx b/apps/docs/client/src/content/deco-chat/en/mcp-studio/overview.mdx
index c0d2422367..3550dfcb96 100644
--- a/apps/docs/client/src/content/deco-chat/en/mcp-studio/overview.mdx
+++ b/apps/docs/client/src/content/deco-chat/en/mcp-studio/overview.mdx
@@ -20,12 +20,12 @@ Use it to turn **tools + schemas + workflows** into apps with:
 - A safe path for other teams to adopt what works
 
 <Callout type="info">
-  **Coming soon:** MCP Studio is being built on top of **the MCP Mesh** and will replace the legacy SaaS admin (`admin.decocms.com`) over time (including a hosted option by us).
+  **Coming soon:** MCP Studio is being built on top of **Studio** and will replace the legacy SaaS admin (`admin.decocms.com`) over time (including a hosted option by us).
 </Callout>
 
 ## Where does it fit?
 
-- **The MCP Mesh (foundation):** connect, govern, and observe MCP traffic
+- **Studio (foundation):** connect, govern, and observe MCP traffic
 - **MCP Studio (development):** package and curate reusable capabilities
 - **MCP Apps & Store (distribution):** distribute what works across teams
 
diff --git a/apps/docs/client/src/content/deco-chat/pt-br/introduction.mdx b/apps/docs/client/src/content/deco-chat/pt-br/introduction.mdx
index a84f1bc368..9f4470e1db 100644
--- a/apps/docs/client/src/content/deco-chat/pt-br/introduction.mdx
+++ b/apps/docs/client/src/content/deco-chat/pt-br/introduction.mdx
@@ -17,12 +17,12 @@ Se MCP é a interface padrão para acesso a tools, o deco CMS é a **camada de p
 **Links oficiais:**
 
 - **deco CMS**: [decocms.com](https://www.decocms.com/)
-- **O MCP Mesh**: [decocms.com/mesh](https://www.decocms.com/mesh)
+- **O Studio**: [decocms.com/studio](https://www.decocms.com/studio)
 - **MCP Studio**: [decocms.com/mcp-studio](https://www.decocms.com/mcp-studio)
 
 Se você conheceu a gente antes, como **deco.cx**, e está buscando **headless CMS + storefront**, visite [deco.cx](https://www.decocms.com/use-case/deco-cx). Veja a documentação do deco.cx em [docs.deco.cx](https://docs.deco.cx/en/getting-started/overview).
 
-## Comece pelo MCP Mesh
+## Comece pelo Studio
 
 Escolha uma opção:
 
@@ -87,7 +87,7 @@ A aplicação ficará disponível em `http://localhost:8080`.
 
 **Mais detalhes:** [Kubernetes: Helm Chart](/pt-br/mcp-mesh/deploy/kubernetes-helm-chart)
 
-## Aprenda o Mesh (conceitos + superfícies do produto)
+## Aprenda o Studio (conceitos + superfícies do produto)
 
 - **[Visão geral](/pt-br/mcp-mesh/overview)**
 - **[Quickstart](/pt-br/mcp-mesh/quickstart)**
@@ -101,10 +101,10 @@ A aplicação ficará disponível em `http://localhost:8080`.
 <Callout type="warning">
   **Divisão da documentação (guia rápido):**
 
-  - **O MCP Mesh** → Auto-hospedagem, deploy e operação do Mesh (recomendado).
+  - **O Studio** → Auto-hospedagem, deploy e operação do Studio (recomendado).
   - **Admin Legado** → Se você usa `admin.decocms.com` (ainda suportado, **em breve descontinuado**).
 
-  Estamos lançando o **MCP Studio** (em cima do Mesh), que vai trazer as capacidades do admin SaaS atual para o Mesh (incluindo uma versão hospedada por nós) e substituir o SaaS legado ao longo do tempo.
+  Estamos lançando o **MCP Studio** (em cima do Studio), que vai trazer as capacidades do admin SaaS atual para o Studio (incluindo uma versão hospedada por nós) e substituir o SaaS legado ao longo do tempo.
 </Callout>
 
 ## Problema: a lacuna entre demo e produção
@@ -119,16 +119,16 @@ IA é fácil de demonstrar e difícil de **operar**.
 
 Para contexto sobre a visão da plataforma, leia [The architecture of an AI-native company](https://www.decocms.com/blog/post/ai-native-company).
 
-## Estrutura da plataforma: Mesh → Studio → Apps & Store
+## Estrutura da plataforma: Studio → Studio → Apps & Store
 
-### O MCP Mesh (fundação)
+### O Studio (fundação)
 Um **control plane** open-source para tráfego MCP. Ele fica entre seus clientes MCP (Cursor, Claude, VS Code, agentes customizados) e seus servidores MCP, oferecendo uma camada unificada de auth, policy e observabilidade.
 
 ### MCP Studio (desenvolvimento)
 Um admin no-code + SDK para empacotar capacidades MCP como blocos reutilizáveis.
 
 <Callout type="info">
-  **Em breve:** este é o sucessor do admin SaaS atual, construído em cima do MCP Mesh.
+  **Em breve:** este é o sucessor do admin SaaS atual, construído em cima do Studio.
 </Callout>
 
 ### MCP Apps & Store (distribuição)
diff --git a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/api-keys.mdx b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/api-keys.mdx
index b3e00d3eed..d9dc2e6efe 100644
--- a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/api-keys.mdx
+++ b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/api-keys.mdx
@@ -8,7 +8,7 @@ import Callout from "../../../../components/ui/Callout.astro";
 
 ## Para que servem as API keys?
 
-API keys são a forma mais simples de dar acesso ao Mesh para um agente/app sem um fluxo de login interativo. As chaves são:
+API keys são a forma mais simples de dar acesso ao Studio para um agente/app sem um fluxo de login interativo. As chaves são:
 
 - **com escopo** (permissões explícitas)
 - **revogáveis**
diff --git a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/api-reference.mdx b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/api-reference.mdx
index fc4fd6ef69..f365edfa28 100644
--- a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/api-reference.mdx
+++ b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/api-reference.mdx
@@ -1,6 +1,6 @@
 ---
 title: Referência da API
-description: Os endpoints HTTP principais expostos pelo Mesh para MCP, agents, OAuth e operação
+description: Os endpoints HTTP principais expostos pelo Studio para MCP, agents, OAuth e operação
 icon: Code
 ---
 
diff --git a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/authentication.mdx b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/authentication.mdx
index cf6c7138b9..c850741d34 100644
--- a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/authentication.mdx
+++ b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/authentication.mdx
@@ -8,7 +8,7 @@ import Callout from "../../../../components/ui/Callout.astro";
 
 ## O que é suportado
 
-O Mesh usa Better Auth e suporta:
+O Studio usa Better Auth e suporta:
 
 - **Email/senha**
 - **Magic link**
diff --git a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/authorization-and-roles.mdx b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/authorization-and-roles.mdx
index 9aee490483..91df064a79 100644
--- a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/authorization-and-roles.mdx
+++ b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/authorization-and-roles.mdx
@@ -8,7 +8,7 @@ import Callout from "../../../../components/ui/Callout.astro";
 
 ## O modelo
 
-O Mesh aplica controle de acesso em duas camadas:
+O Studio aplica controle de acesso em duas camadas:
 
 - **Roles de organização** (permissões de membros dentro da org)
 - **Permissões de tool** (o que uma API key ou sessão de usuário pode chamar)
diff --git a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/concepts.mdx b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/concepts.mdx
index 0a6e153a79..458f951de1 100644
--- a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/concepts.mdx
+++ b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/concepts.mdx
@@ -11,13 +11,13 @@ icon: BookOpen
 - **Roles**: papéis dentro da org (usados para permissões).
 - **Conexão**: um endpoint MCP upstream configurado (normalmente HTTP), com credenciais no vault quando necessário.
 - **Agent**: um "MCP virtual" que agrega múltiplas connections em um único endpoint.
-- **Tool call**: uma requisição `tools/call` roteada pelo Mesh para uma connection (ou via agent).
+- **Tool call**: uma requisição `tools/call` roteada pelo Studio para uma connection (ou via agent).
 - **Monitoring log**: registro de tool call (inputs/outputs, duração, erro) para debug e operação.
 
 ## Limites de segurança
 
 - **Credential Vault**: credenciais sensíveis ficam criptografadas em repouso e só são descriptografadas quando necessário.
-- **Permissões**: a Mesh valida permissões antes de fazer proxy da chamada.
+- **Permissões**: a Studio valida permissões antes de fazer proxy da chamada.
 
 ## Como uma chamada flui
 
@@ -26,6 +26,6 @@ icon: BookOpen
    - **Management MCP** (admin tools), ou
    - **Proxy** (uma connection), ou
    - **Agent** (agregação).
-3. O Mesh autoriza, carrega credenciais, faz proxy para a Conexão upstream e registra monitoring.
+3. O Studio autoriza, carrega credenciais, faz proxy para a Conexão upstream e registra monitoring.
 
 
diff --git a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/connect-clients.mdx b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/connect-clients.mdx
index ca4e3e82d2..3e7b0e8389 100644
--- a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/connect-clients.mdx
+++ b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/connect-clients.mdx
@@ -1,6 +1,6 @@
 ---
 title: Conectar Clientes MCP
-description: Como Cursor/Claude/clientes customizados autenticam no Mesh e consomem tools via MCP
+description: Como Cursor/Claude/clientes customizados autenticam no Studio e consomem tools via MCP
 icon: PlugZap
 ---
 
@@ -8,7 +8,7 @@ import Callout from "../../../../components/ui/Callout.astro";
 
 ## Opções de cliente
 
-Existem duas formas comuns de conectar clientes ao Mesh:
+Existem duas formas comuns de conectar clientes ao Studio:
 
 - **OAuth (recomendado para clientes interativos)**: suporta fluxos OAuth padrão, consentimento e acesso por organização.
 - **API Keys (recomendado para servidores/agentes)**: chaves com escopo e permissões explícitas de tools.
diff --git a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/deploy/kubernetes-helm-chart.mdx b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/deploy/kubernetes-helm-chart.mdx
index 796f2b2aa8..11ad710f44 100644
--- a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/deploy/kubernetes-helm-chart.mdx
+++ b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/deploy/kubernetes-helm-chart.mdx
@@ -6,9 +6,9 @@ icon: Rocket
 
 import Callout from "../../../../../components/ui/Callout.astro";
 
-Este guia explica como fazer deploy do MCP Mesh no Kubernetes usando o Helm chart.
+Este guia explica como fazer deploy do Studio no Kubernetes usando o Helm chart.
 
-Saiba mais: [página do MCP Mesh](https://www.decocms.com/mesh)
+Saiba mais: [página do Studio](https://www.decocms.com/studio)
 
 Código-fonte do Helm chart: [decocms/helm-chart-deco-mcp-mesh](https://github.com/decocms/helm-chart-deco-mcp-mesh)
 
@@ -213,7 +213,7 @@ service:
 
 database:
   engine: postgresql
-  url: "postgresql://mesh_user:mesh_password@mesh.example.com:5432/mesh_db"  
+  url: "postgresql://mesh_user:mesh_password@postgres.example.com:5432/mesh_db"  
   caCert: |
     -----BEGIN CERTIFICATE-----
     aaaaaaaabbbbbbcccccccccddddddd
diff --git a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/deploy/local-docker-compose.mdx b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/deploy/local-docker-compose.mdx
index d36af3e129..50a24f18b1 100644
--- a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/deploy/local-docker-compose.mdx
+++ b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/deploy/local-docker-compose.mdx
@@ -1,14 +1,14 @@
 ---
 title: "Local: Docker Compose"
-description: Deploy do MCP Mesh localmente usando Docker Compose para testes e desenvolvimento
+description: Deploy do Studio localmente usando Docker Compose para testes e desenvolvimento
 icon: Container
 ---
 
 import Callout from "../../../../../components/ui/Callout.astro";
 
-Este guia cobre o deploy do MCP Mesh localmente usando Docker Compose para testes rápidos e desenvolvimento.
+Este guia cobre o deploy do Studio localmente usando Docker Compose para testes rápidos e desenvolvimento.
 
-Saiba mais: [página do MCP Mesh](https://www.decocms.com/mesh)
+Saiba mais: [página do Studio](https://www.decocms.com/studio)
 
 Código-fonte (Docker Compose + README): [decocms/mesh/deploy](https://github.com/decocms/mesh/tree/main/deploy)
 
@@ -47,7 +47,7 @@ open http://localhost:3000
 ```
 
 <Callout type="tip">
-  Essas configurações são tudo que você precisa para começar a testar com o MCP-MESH. Se precisar de outras opções, confira as seções abaixo.
+  Essas configurações são tudo que você precisa para começar a testar com o Studio. Se precisar de outras opções, confira as seções abaixo.
 </Callout>
 
 ### Configuração Mínima
@@ -187,7 +187,7 @@ volumes:
 
 #### Quando é Carregado
 
-A aplicação Mesh carrega este arquivo na inicialização para configurar:
+A aplicação Studio carrega este arquivo na inicialização para configurar:
 
 - Autenticação por Email/Senha
 - Provedores sociais (Google, GitHub)
diff --git a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/mcp-gateways.mdx b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/mcp-gateways.mdx
index 010221dbda..bb82a7fb00 100644
--- a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/mcp-gateways.mdx
+++ b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/mcp-gateways.mdx
@@ -54,7 +54,7 @@ Toda organização nova recebe um **Default Agent**:
 
 - **Strategy**: `passthrough`
 - **Mode**: `exclusion`
-- **Exclusões padrão**: a connection interna **Mesh MCP** (tools de administração) e a connection da **Store/Registry** são excluídas por padrão
+- **Exclusões padrão**: a connection interna **Studio MCP** (tools de administração) e a connection da **Store/Registry** são excluídas por padrão
 - **Comportamento padrão**: todo o resto na org é incluído -- então, conforme você conecta Integrações, esse endpoint se torna o Agent "com todas as tools da org"
 
 Esse é o endpoint que a maioria dos times usa como a superfície MCP agregada única da organização.
diff --git a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/mcp-servers.mdx b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/mcp-servers.mdx
index 08a060eb2a..bac93bf758 100644
--- a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/mcp-servers.mdx
+++ b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/mcp-servers.mdx
@@ -8,7 +8,7 @@ import Callout from "../../../../components/ui/Callout.astro";
 
 ## O que é uma conexão?
 
-Uma **Conexão** no Mesh é um endpoint MCP upstream configurado (tipicamente HTTP). O Mesh armazena sua configuração e (opcionalmente) credenciais, e pode então fazer proxy de requisições MCP para ele.
+Uma **Conexão** no Studio é um endpoint MCP upstream configurado (tipicamente HTTP). O Studio armazena sua configuração e (opcionalmente) credenciais, e pode então fazer proxy de requisições MCP para ele.
 
 ## Na interface
 
@@ -24,7 +24,7 @@ Uma vez que você tenha o ID da conexão, clientes podem chamar tools via:
 
 - `POST /mcp/:connectionId`
 
-O Mesh vai:
+O Studio vai:
 
 1. autenticar o chamador
 2. autorizar a tool call
diff --git a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/monitoring.mdx b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/monitoring.mdx
index 934f7109da..fa82cb4608 100644
--- a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/monitoring.mdx
+++ b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/monitoring.mdx
@@ -6,7 +6,7 @@ icon: Activity
 
 ## O que é registrado
 
-O Mesh registra logs de monitoring para tool calls proxied, incluindo:
+O Studio registra logs de monitoring para tool calls proxied, incluindo:
 
 - nome da tool
 - atribuição de connection / agent
diff --git a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/overview.mdx b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/overview.mdx
index 3a08fc38bb..3585ae7818 100644
--- a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/overview.mdx
+++ b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/overview.mdx
@@ -6,9 +6,9 @@ icon: Network
 
 import Callout from "../../../../components/ui/Callout.astro";
 
-## O que é o MCP Mesh?
+## O que é o Studio?
 
-O **MCP Mesh** é um **control plane para tráfego MCP**. Ele fica entre clientes MCP (Cursor, Claude Desktop, agentes) e servidores MCP, oferecendo uma camada centralizada de **autenticação, autorização, vault de credenciais e observabilidade**.
+O **Studio** é um **control plane para tráfego MCP**. Ele fica entre clientes MCP (Cursor, Claude Desktop, agentes) e servidores MCP, oferecendo uma camada centralizada de **autenticação, autorização, vault de credenciais e observabilidade**.
 
 ## O problema
 
@@ -19,7 +19,7 @@ Quando MCP sai de alguns PoCs e vai para produção, os times começam a pagar u
 - **Pontos cegos operacionais**: falta um lugar único para ver logs/traces e depurar ponta a ponta
 - **Explosão de tools**: muitas tools aumentam contexto, latência e pioram a seleção de tool
 
-O Mesh centraliza isso uma vez, para você operar MCP como qualquer outra superfície de produção.
+O Studio centraliza isso uma vez, para você operar MCP como qualquer outra superfície de produção.
 
 ## Arquitetura (alto nível)
 
@@ -33,7 +33,7 @@ O Mesh centraliza isso uma vez, para você operar MCP como qualquer outra superf
                         └──────────────────┘
 ```
 
-## O que o Mesh centraliza
+## O que o Studio centraliza
 
 - **Roteamento + execução**: qual MCP chamar e como autenticar
 - **Policy enforcement**: quem pode acessar quais tools (e via quais agents)
@@ -51,7 +51,7 @@ O Mesh centraliza isso uma vez, para você operar MCP como qualquer outra superf
 - **Deploy**: auto-hospedar localmente (npx / Docker Compose) ou em Kubernetes (Helm).
 
 <Callout type="info">
-  Estamos lançando o MCP Mesh para a comunidade open-source em **dezembro de 2025**.
+  Estamos lançando o Studio para a comunidade open-source em **dezembro de 2025**.
   Ele ainda é novo: esta documentação reflete o que existe **em produção hoje**, mas estamos lançando features toda semana e vamos atualizar os docs conforme elas forem chegando.
 </Callout>
 
diff --git a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/quickstart.mdx b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/quickstart.mdx
index cf8b791a50..f4f4f0422b 100644
--- a/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/quickstart.mdx
+++ b/apps/docs/client/src/content/deco-chat/pt-br/mcp-mesh/quickstart.mdx
@@ -1,12 +1,12 @@
 ---
 title: Quickstart
-description: Rode o Mesh, conecte uma Integração, crie um Agent e valide o monitoring
+description: Rode o Studio, conecte uma Integração, crie um Agent e valide o monitoring
 icon: Rocket
 ---
 
 import Callout from "../../../../components/ui/Callout.astro";
 
-## 1) Rodar o Mesh
+## 1) Rodar o Studio
 
 Escolha uma opção:
 
@@ -73,7 +73,7 @@ A aplicação ficará disponível em `http://localhost:8080`.
 
 ## 2) Criar uma Conexão
 
-Ao abrir uma organização nova, o Mesh normalmente te leva para:
+Ao abrir uma organização nova, o Studio normalmente te leva para:
 
 - **Browse Store** (recomendado), ou
 - **Create Connection** direto (URL MCP via HTTP + credenciais, se necessário)
diff --git a/apps/docs/client/src/content/deco-chat/pt-br/mcp-studio/overview.mdx b/apps/docs/client/src/content/deco-chat/pt-br/mcp-studio/overview.mdx
index b4310409ca..4ed73b496d 100644
--- a/apps/docs/client/src/content/deco-chat/pt-br/mcp-studio/overview.mdx
+++ b/apps/docs/client/src/content/deco-chat/pt-br/mcp-studio/overview.mdx
@@ -20,12 +20,12 @@ Ele transforma **tools + schemas + workflows** em apps com:
 - Um caminho seguro para outros times adotarem o que funciona
 
 <Callout type="info">
-  **Em breve:** o MCP Studio está sendo construído em cima do **MCP Mesh** e vai substituir o admin SaaS legado (`admin.decocms.com`) ao longo do tempo (incluindo uma versão hospedada por nós).
+  **Em breve:** o MCP Studio está sendo construído em cima do **Studio** e vai substituir o admin SaaS legado (`admin.decocms.com`) ao longo do tempo (incluindo uma versão hospedada por nós).
 </Callout>
 
 ## Onde isso se encaixa?
 
-- **O MCP Mesh (fundação):** conectar, governar e observar tráfego MCP
+- **O Studio (fundação):** conectar, governar e observar tráfego MCP
 - **MCP Studio (desenvolvimento):** empacotar e curar capacidades reutilizáveis
 - **MCP Apps & Store (distribuição):** distribuir o que funciona entre times
 
diff --git a/apps/docs/client/src/content/deco-studio/en/full-code-guides/deployment.mdx b/apps/docs/client/src/content/deco-studio/en/full-code-guides/deployment.mdx
index 25c48ffed4..5df7b0b2f4 100644
--- a/apps/docs/client/src/content/deco-studio/en/full-code-guides/deployment.mdx
+++ b/apps/docs/client/src/content/deco-studio/en/full-code-guides/deployment.mdx
@@ -42,7 +42,7 @@ Update `app.json` with your app's details before publishing:
 - **`connection.url`** — your deployed MCP endpoint (must end with `/api/mcp`)
 - **`configSchema`** — JSON Schema for configuration options shown to users who install your app
 
-## Publishing to Deco Mesh
+## Publishing to Deco Studio
 
 1. Update `app.json` with your app's name, description, and deployed connection URL
 2. Push to your repository
diff --git a/apps/docs/client/src/content/deco-studio/en/studio/agent-bindings.mdx b/apps/docs/client/src/content/deco-studio/en/studio/agent-bindings.mdx
index a18da1799a..2031a236e9 100644
--- a/apps/docs/client/src/content/deco-studio/en/studio/agent-bindings.mdx
+++ b/apps/docs/client/src/content/deco-studio/en/studio/agent-bindings.mdx
@@ -163,7 +163,7 @@ If you need to call a decopilot agent outside the binding system (e.g. from a sc
 import { createDecopilotClient } from "@decocms/runtime/decopilot";
 
 const client = createDecopilotClient({
-  baseUrl: "https://mesh.decocms.com/api",
+  baseUrl: "https://studio.decocms.com/api",
   orgSlug: "my-org",
   token: "your-api-key",
 });
diff --git a/apps/docs/client/src/content/deco-studio/en/studio/api-keys.mdx b/apps/docs/client/src/content/deco-studio/en/studio/api-keys.mdx
index d30fd47e85..edb11f95b9 100644
--- a/apps/docs/client/src/content/deco-studio/en/studio/api-keys.mdx
+++ b/apps/docs/client/src/content/deco-studio/en/studio/api-keys.mdx
@@ -46,7 +46,7 @@ Add the API key to your MCP client configuration:
 {
   "mcpServers": {
     "deco": {
-      "url": "https://mesh.decocms.com/mcp/agent/your-agent-id",
+      "url": "https://studio.decocms.com/mcp/agent/your-agent-id",
       "transport": "http",
       "headers": {
         "Authorization": "Bearer mcp_key_abc123..."
diff --git a/apps/docs/client/src/content/deco-studio/en/studio/api-reference/connection-proxy.mdx b/apps/docs/client/src/content/deco-studio/en/studio/api-reference/connection-proxy.mdx
index 5fd8a30540..774c0a1d10 100644
--- a/apps/docs/client/src/content/deco-studio/en/studio/api-reference/connection-proxy.mdx
+++ b/apps/docs/client/src/content/deco-studio/en/studio/api-reference/connection-proxy.mdx
@@ -237,7 +237,7 @@ Connect Cursor or Claude Desktop directly to a specific upstream MCP:
 {
   "mcpServers": {
     "github-production": {
-      "url": "https://mesh.example.com/mcp/conn_abc123",
+      "url": "https://studio.example.com/mcp/conn_abc123",
       "headers": {
         "Authorization": "Bearer YOUR_API_KEY"
       }
@@ -251,7 +251,7 @@ Connect Cursor or Claude Desktop directly to a specific upstream MCP:
 Build custom clients that need access to a specific MCP server's tools without Virtual MCP composition:
 
 ```typescript
-const response = await fetch('https://mesh.example.com/mcp/conn_abc123', {
+const response = await fetch('https://studio.example.com/mcp/conn_abc123', {
   method: 'POST',
   headers: {
     'Content-Type': 'application/json',
diff --git a/apps/docs/client/src/content/deco-studio/en/studio/self-hosting/authentication.mdx b/apps/docs/client/src/content/deco-studio/en/studio/self-hosting/authentication.mdx
index 6b185cd01d..5387f08749 100644
--- a/apps/docs/client/src/content/deco-studio/en/studio/self-hosting/authentication.mdx
+++ b/apps/docs/client/src/content/deco-studio/en/studio/self-hosting/authentication.mdx
@@ -28,4 +28,70 @@ Self-hosted deployments load an `auth-config.json` file at startup (see your dep
 - `BETTER_AUTH_SECRET` (required)
 - `BETTER_AUTH_URL` / `BASE_URL` (recommended to set explicitly in production)
 
+## Deployment-wide SSO (OIDC)
+
+For self-hosted deployments where every user should authenticate through a
+single corporate Identity Provider, you can wire up SSO via environment
+variables. This is **a deployment-wide SSO**: the configured provider becomes
+the default for all logins matching the configured email domain — there's no
+per-org setup, no admin UI step. It's the right fit when you're running deco
+Studio for a single company and want SSO enforced from day one.
+
+If instead you want per-organization SSO (each org bringing its own IdP from
+the admin UI), don't set these env vars — use the in-app **Settings → SSO**
+flow.
+
+<Callout type="info">
+  Only one deployment-wide SSO provider can be active at a time. If both
+  Microsoft and Google envs are set, **Microsoft takes precedence**.
+</Callout>
+
+### Common variables
+
+| Variable | Description |
+| --- | --- |
+| `AUTH_SSO_DOMAIN` | Email domain that triggers SSO (e.g. `acme.com`). Required. |
+| `AUTH_SSO_SCOPES` | Comma-separated scopes. Default: `openid,email,profile`. |
+
+### Microsoft (Entra ID / Azure AD)
+
+```bash
+AUTH_SSO_DOMAIN=acme.com
+AUTH_SSO_MS_TENANT_ID=<azure-tenant-id>
+AUTH_SSO_MS_CLIENT_ID=<azure-app-client-id>
+AUTH_SSO_MS_CLIENT_SECRET=<azure-app-client-secret>
+```
+
+In the Azure portal, register an application and add the **Redirect URI**:
+
+```
+https://<your-domain>/api/auth/sso/callback/microsoft
+```
+
+### Google (Workspace)
+
+```bash
+AUTH_SSO_DOMAIN=acme.com
+AUTH_SSO_GOOGLE_CLIENT_ID=<google-oauth-client-id>
+AUTH_SSO_GOOGLE_CLIENT_SECRET=<google-oauth-client-secret>
+```
+
+In the Google Cloud Console, create an **OAuth 2.0 Client ID** of type *Web
+application* and add the **Authorized redirect URI**:
+
+```
+https://<your-domain>/api/auth/sso/callback/google
+```
+
+For Workspace tenants, restrict the OAuth consent screen to your organization
+so only users from your domain can sign in.
+
+### Social login vs. SSO
+
+These env vars wire up **OIDC SSO** (the `@better-auth/sso` plugin). They are
+separate from the **social login** buttons configured via `auth-config.json`
+(`socialProviders.google`, `socialProviders.github`) or via
+`AUTH_GOOGLE_CLIENT_ID` / `AUTH_GITHUB_CLIENT_ID`. Social login lets users
+authenticate with their personal account; deployment-wide SSO routes everyone
+matching `AUTH_SSO_DOMAIN` through the corporate IdP.
 
diff --git a/apps/docs/client/src/content/deco-studio/en/studio/self-hosting/deploy/kubernetes.mdx b/apps/docs/client/src/content/deco-studio/en/studio/self-hosting/deploy/kubernetes.mdx
index e98b8f58c4..6638b18d70 100644
--- a/apps/docs/client/src/content/deco-studio/en/studio/self-hosting/deploy/kubernetes.mdx
+++ b/apps/docs/client/src/content/deco-studio/en/studio/self-hosting/deploy/kubernetes.mdx
@@ -123,7 +123,19 @@ kubectl apply -f examples/secrets-example.yaml -n deco-mcp-mesh
 
 The Secrets file contains:
 - **Main Secret** (`deco-mcp-mesh-secrets`): Contains `BETTER_AUTH_SECRET` and `DATABASE_URL`
-- **Auth Config Secret** (`deco-mcp-mesh-auth-secrets`): Contains OAuth client IDs/secrets and API keys
+- **Auth Config Secret** (`deco-mcp-mesh-auth-secrets`): Contains OAuth client IDs/secrets, API keys, and deployment-wide SSO env vars (`AUTH_SSO_DOMAIN`, `AUTH_SSO_MS_*`, `AUTH_SSO_GOOGLE_*`)
+
+For deployment-wide enforced SSO (single IdP for the whole instance), pass the
+SSO envs through the auth-config Secret. See
+[Authentication → Deployment-wide SSO](/deco-studio/self-hosting/authentication)
+for the full env reference.
+
+```bash
+helm install deco-mcp-mesh . -n deco-mcp-mesh --create-namespace \
+  --set secret.AUTH_SSO_DOMAIN="acme.com" \
+  --set secret.AUTH_SSO_GOOGLE_CLIENT_ID="<client-id>" \
+  --set secret.AUTH_SSO_GOOGLE_CLIENT_SECRET="<client-secret>"
+```
 
 #### Step 2: Configure values.yaml to Use Secrets
 
@@ -213,7 +225,7 @@ service:
 
 database:
   engine: postgresql
-  url: "postgresql://mesh_user:mesh_password@mesh.example.com:5432/mesh_db"  
+  url: "postgresql://mesh_user:mesh_password@postgres.example.com:5432/mesh_db"  
   caCert: |
     -----BEGIN CERTIFICATE-----
     aaaaaaaabbbbbbcccccccccddddddd
diff --git a/apps/docs/client/src/content/deco-studio/pt-br/studio/agent-bindings.mdx b/apps/docs/client/src/content/deco-studio/pt-br/studio/agent-bindings.mdx
index dd126ec642..3e77a2ff71 100644
--- a/apps/docs/client/src/content/deco-studio/pt-br/studio/agent-bindings.mdx
+++ b/apps/docs/client/src/content/deco-studio/pt-br/studio/agent-bindings.mdx
@@ -142,7 +142,7 @@ Se voce precisa chamar um agente do decopilot fora do sistema de bindings (ex: d
 import { createDecopilotClient } from "@decocms/runtime/decopilot";
 
 const client = createDecopilotClient({
-  baseUrl: "https://mesh.decocms.com/api",
+  baseUrl: "https://studio.decocms.com/api",
   orgSlug: "minha-org",
   token: "sua-api-key",
 });
diff --git a/apps/docs/client/src/content/deco-studio/pt-br/studio/api-keys.mdx b/apps/docs/client/src/content/deco-studio/pt-br/studio/api-keys.mdx
index 871542a3bf..fc5473d993 100644
--- a/apps/docs/client/src/content/deco-studio/pt-br/studio/api-keys.mdx
+++ b/apps/docs/client/src/content/deco-studio/pt-br/studio/api-keys.mdx
@@ -46,7 +46,7 @@ Adicione a API key na configuração do seu cliente MCP:
 {
   "mcpServers": {
     "deco": {
-      "url": "https://mesh.decocms.com/mcp/agent/your-agent-id",
+      "url": "https://studio.decocms.com/mcp/agent/your-agent-id",
       "transport": "http",
       "headers": {
         "Authorization": "Bearer mcp_key_abc123..."
diff --git a/apps/docs/client/src/content/deco-studio/pt-br/studio/api-reference/connection-proxy.mdx b/apps/docs/client/src/content/deco-studio/pt-br/studio/api-reference/connection-proxy.mdx
index c84be36802..cb78b6b4f2 100644
--- a/apps/docs/client/src/content/deco-studio/pt-br/studio/api-reference/connection-proxy.mdx
+++ b/apps/docs/client/src/content/deco-studio/pt-br/studio/api-reference/connection-proxy.mdx
@@ -237,7 +237,7 @@ Conectar Cursor ou Claude Desktop diretamente a um MCP upstream específico:
 {
   "mcpServers": {
     "github-production": {
-      "url": "https://mesh.example.com/mcp/conn_abc123",
+      "url": "https://studio.example.com/mcp/conn_abc123",
       "headers": {
         "Authorization": "Bearer YOUR_API_KEY"
       }
@@ -251,7 +251,7 @@ Conectar Cursor ou Claude Desktop diretamente a um MCP upstream específico:
 Construir clientes customizados que precisam de acesso às ferramentas de um servidor MCP específico sem composição de MCP Virtual:
 
 ```typescript
-const response = await fetch('https://mesh.example.com/mcp/conn_abc123', {
+const response = await fetch('https://studio.example.com/mcp/conn_abc123', {
   method: 'POST',
   headers: {
     'Content-Type': 'application/json',
diff --git a/apps/docs/client/src/content/deco-studio/pt-br/studio/self-hosting/authentication.mdx b/apps/docs/client/src/content/deco-studio/pt-br/studio/self-hosting/authentication.mdx
index fd684f86f0..3ec9e32632 100644
--- a/apps/docs/client/src/content/deco-studio/pt-br/studio/self-hosting/authentication.mdx
+++ b/apps/docs/client/src/content/deco-studio/pt-br/studio/self-hosting/authentication.mdx
@@ -27,3 +27,72 @@ Implantações self-hosted carregam um arquivo `auth-config.json` na inicializa
 
 - `BETTER_AUTH_SECRET` (obrigatório)
 - `BETTER_AUTH_URL` / `BASE_URL` (recomendado definir explicitamente em produção)
+
+## SSO no deployment inteiro (OIDC)
+
+Para deployments self-hosted onde todos os usuários devem autenticar através
+de um único Identity Provider corporativo, dá pra configurar SSO via
+variáveis de ambiente. Esse é **um SSO de deployment inteiro**: o provedor
+configurado vira o padrão para todos os logins que casarem com o domínio de
+e-mail configurado — sem setup por organização, sem etapa na UI de admin.
+É o caminho ideal quando você está rodando o deco Studio para uma única
+empresa e quer SSO obrigatório desde o primeiro login.
+
+Se você quer SSO por organização (cada org trazendo o próprio IdP via UI de
+admin), **não** defina essas envs — use o fluxo **Configurações → SSO** dentro
+do app.
+
+<Callout type="info">
+  Apenas um provedor de SSO de deployment inteiro pode estar ativo por vez.
+  Se as envs de Microsoft e Google estiverem definidas ao mesmo tempo,
+  **Microsoft tem prioridade**.
+</Callout>
+
+### Variáveis comuns
+
+| Variável | Descrição |
+| --- | --- |
+| `AUTH_SSO_DOMAIN` | Domínio de e-mail que aciona o SSO (ex.: `acme.com`). Obrigatório. |
+| `AUTH_SSO_SCOPES` | Escopos separados por vírgula. Padrão: `openid,email,profile`. |
+
+### Microsoft (Entra ID / Azure AD)
+
+```bash
+AUTH_SSO_DOMAIN=acme.com
+AUTH_SSO_MS_TENANT_ID=<tenant-id-do-azure>
+AUTH_SSO_MS_CLIENT_ID=<client-id-do-app-azure>
+AUTH_SSO_MS_CLIENT_SECRET=<client-secret-do-app-azure>
+```
+
+No portal do Azure, registre uma aplicação e adicione a **Redirect URI**:
+
+```
+https://<seu-dominio>/api/auth/sso/callback/microsoft
+```
+
+### Google (Workspace)
+
+```bash
+AUTH_SSO_DOMAIN=acme.com
+AUTH_SSO_GOOGLE_CLIENT_ID=<client-id-oauth-do-google>
+AUTH_SSO_GOOGLE_CLIENT_SECRET=<client-secret-oauth-do-google>
+```
+
+No Google Cloud Console, crie um **OAuth 2.0 Client ID** do tipo *Web
+application* e adicione a **Authorized redirect URI**:
+
+```
+https://<seu-dominio>/api/auth/sso/callback/google
+```
+
+Para tenants do Workspace, restrinja a tela de consentimento OAuth à sua
+organização para que apenas usuários do seu domínio consigam logar.
+
+### Login social vs. SSO
+
+Essas envs configuram **SSO via OIDC** (plugin `@better-auth/sso`). São
+diferentes dos botões de **login social** configurados via `auth-config.json`
+(`socialProviders.google`, `socialProviders.github`) ou via
+`AUTH_GOOGLE_CLIENT_ID` / `AUTH_GITHUB_CLIENT_ID`. Login social deixa os
+usuários autenticarem com suas contas pessoais; o SSO de deployment inteiro
+roteia todo mundo que casar com `AUTH_SSO_DOMAIN` para o IdP corporativo.
diff --git a/apps/docs/client/src/content/deco-studio/pt-br/studio/self-hosting/deploy/kubernetes.mdx b/apps/docs/client/src/content/deco-studio/pt-br/studio/self-hosting/deploy/kubernetes.mdx
index 2bf3fa49f1..2648849c43 100644
--- a/apps/docs/client/src/content/deco-studio/pt-br/studio/self-hosting/deploy/kubernetes.mdx
+++ b/apps/docs/client/src/content/deco-studio/pt-br/studio/self-hosting/deploy/kubernetes.mdx
@@ -123,7 +123,19 @@ kubectl apply -f examples/secrets-example.yaml -n deco-mcp-mesh
 
 O arquivo de Secrets contém:
 - **Secret Principal** (`deco-mcp-mesh-secrets`): Contém `BETTER_AUTH_SECRET` e `DATABASE_URL`
-- **Secret de Auth Config** (`deco-mcp-mesh-auth-secrets`): Contém client IDs/secrets OAuth e chaves de API
+- **Secret de Auth Config** (`deco-mcp-mesh-auth-secrets`): Contém client IDs/secrets OAuth, chaves de API e envs de SSO de deployment inteiro (`AUTH_SSO_DOMAIN`, `AUTH_SSO_MS_*`, `AUTH_SSO_GOOGLE_*`)
+
+Para SSO obrigatório no deployment inteiro (um único IdP para toda a
+instância), passe as envs de SSO pelo Secret de auth-config. Veja
+[Autenticação → SSO no deployment inteiro](/deco-studio/self-hosting/authentication)
+para a referência completa das variáveis.
+
+```bash
+helm install deco-mcp-mesh . -n deco-mcp-mesh --create-namespace \
+  --set secret.AUTH_SSO_DOMAIN="acme.com" \
+  --set secret.AUTH_SSO_GOOGLE_CLIENT_ID="<client-id>" \
+  --set secret.AUTH_SSO_GOOGLE_CLIENT_SECRET="<client-secret>"
+```
 
 #### Passo 2: Configurar values.yaml para Usar Secrets
 
@@ -213,7 +225,7 @@ service:
 
 database:
   engine: postgresql
-  url: "postgresql://mesh_user:mesh_password@mesh.example.com:5432/mesh_db"
+  url: "postgresql://mesh_user:mesh_password@postgres.example.com:5432/mesh_db"
   caCert: |
     -----BEGIN CERTIFICATE-----
     aaaaaaaabbbbbbcccccccccddddddd
diff --git a/apps/docs/client/src/layouts/DocsLayout.astro b/apps/docs/client/src/layouts/DocsLayout.astro
index 851c37a35c..8a31602105 100644
--- a/apps/docs/client/src/layouts/DocsLayout.astro
+++ b/apps/docs/client/src/layouts/DocsLayout.astro
@@ -3,9 +3,9 @@ import BaseHead from "../components/ui/BaseHead.astro";
 import Footer from "../components/ui/Footer.astro";
 import Sidebar from "../components/ui/Sidebar.astro";
 import TableOfContents from "../components/ui/TableOfContents.astro";
-import { Logo } from "../components/atoms/Logo";
 import { Icon } from "../components/atoms/Icon";
 import { LanguageSelector } from "../components/ui/LanguageSelector";
+import { ProductSwitcher } from "../components/ui/ProductSwitcher";
 import { ThemeToggle } from "../components/ui/ThemeToggle";
 import { getCollection } from "astro:content";
 import { siteConfig } from "../config/site";
@@ -286,7 +286,7 @@ const editUrl = doc
               >
                 <Icon name="Menu" size={24} />
               </button>
-              <Logo width={67} height={28} client:load />
+              <ProductSwitcher client:load />
             </div>
             <div class="flex items-center gap-2">
               <LanguageSelector client:load locale={locale} className="w-32" />
diff --git a/apps/mesh/Dockerfile b/apps/mesh/Dockerfile
index 7d80787096..fb936b1562 100644
--- a/apps/mesh/Dockerfile
+++ b/apps/mesh/Dockerfile
@@ -5,8 +5,13 @@ FROM oven/bun:1-slim
 # Version to install (override with --build-arg MESH_VERSION=1.0.0)
 ARG MESH_VERSION=latest
 
-# Install runtime dependencies (unzip needed by embedded-postgres)
-RUN apt-get update && apt-get install -y --no-install-recommends unzip && \
+# Install runtime dependencies (unzip needed by embedded-postgres) plus the
+# toolchain needed to compile node-pty from source. node-pty ships prebuilt
+# binaries only for darwin/win32, so on Linux `bun add` always falls back to
+# `node-gyp rebuild` — which needs python3 + build-essential. We purge the
+# build toolchain after install to keep the layer lean.
+RUN apt-get update && apt-get install -y --no-install-recommends \
+      unzip python3 build-essential && \
     rm -rf /var/lib/apt/lists/*
 
 # Create non-root user and app directories
@@ -22,6 +27,12 @@ WORKDIR /app/apps/mesh
 # Install the package locally during build (cached in image layer)
 RUN bun add decocms@${MESH_VERSION}
 
+# Drop the build toolchain now that native modules have been compiled.
+USER root
+RUN apt-get purge -y --auto-remove python3 build-essential && \
+    rm -rf /var/lib/apt/lists/*
+USER bunuser
+
 # Expose the default port
 EXPOSE 3000
 
diff --git a/apps/mesh/README.md b/apps/mesh/README.md
index ba411f53f5..897d452f2c 100644
--- a/apps/mesh/README.md
+++ b/apps/mesh/README.md
@@ -1,10 +1,10 @@
-# MCP Mesh
+# Studio
 
 > **Context Management System for AI Applications**
 
-MCP Mesh is an open-source platform that centralizes **Model Context Protocol (MCP)** connection management for teams and organizations. It provides secure credential storage, fine-grained access control, and unified observability for AI tool orchestration.
+Studio is an open-source platform that centralizes **Model Context Protocol (MCP)** connection management for teams and organizations. It provides secure credential storage, fine-grained access control, and unified observability for AI tool orchestration.
 
-## What is MCP Mesh?
+## What is Studio?
 
 When AI assistants use tools via the Model Context Protocol, managing connections across a team becomes challenging:
 
@@ -13,7 +13,7 @@ When AI assistants use tools via the Model Context Protocol, managing connection
 - **No audit trail**: Who called which tool, when, and with what result?
 - **Tool isolation**: MCP services can't compose or share dependencies 
 
-MCP Mesh solves these problems by acting as a **secure proxy** between AI clients and MCP services:
+Studio solves these problems by acting as a **secure proxy** between AI clients and MCP services:
 
 ```
 ┌─────────────────┐     ┌──────────────┐     ┌─────────────────┐
@@ -112,7 +112,7 @@ The server starts at `http://localhost:3000` with:
 - 🔧 MCP endpoint: `http://localhost:3000/mcp`
 - 📊 Metrics: `http://localhost:3000/metrics`
 
-A SQLite database is automatically created at `./data/mesh.db`.
+A SQLite database is automatically created at `./data/mesh.db`. 
 
 ## Architecture
 
@@ -236,7 +236,7 @@ The proxy:
 
 ### OAuth Discovery
 
-MCP Mesh implements the full MCP OAuth specification:
+Studio implements the full MCP OAuth specification:
 
 ```bash
 # Protected Resource Metadata
diff --git a/apps/mesh/index.css b/apps/mesh/index.css
index 90726673c0..a861b7a86e 100644
--- a/apps/mesh/index.css
+++ b/apps/mesh/index.css
@@ -7,6 +7,7 @@
   }
   body {
     @apply bg-background text-foreground;
+    padding-top: env(titlebar-area-height, 0);
   }
   svg {
     stroke-width: 1.75;
diff --git a/apps/mesh/index.html b/apps/mesh/index.html
index e732bf809c..fb114fc512 100644
--- a/apps/mesh/index.html
+++ b/apps/mesh/index.html
@@ -14,17 +14,19 @@
       })();
     </script>
     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
-    <title>deco Studio</title>
+    <title>deco CMS</title>
     <meta name="description" content="Hire specialized agents, give them access to your tools, and let them deliver real projects — with planning, verification, and observability built in." />
-    <meta property="og:title" content="deco Studio" />
+    <meta property="og:title" content="deco CMS" />
     <meta property="og:description" content="Hire specialized agents, give them access to your tools, and let them deliver real projects — with planning, verification, and observability built in." />
     <meta property="og:image" content="/og-image.png" />
-    <meta property="og:site_name" content="deco Studio" />
+    <meta property="og:site_name" content="deco CMS" />
     <meta name="twitter:card" content="summary_large_image" />
-    <meta name="twitter:title" content="deco Studio" />
+    <meta name="twitter:title" content="deco CMS" />
     <meta name="twitter:description" content="Hire specialized agents, give them access to your tools, and let them deliver real projects — with planning, verification, and observability built in." />
     <meta name="twitter:image" content="/og-image.png" />
     <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
+    <link rel="manifest" href="/manifest.webmanifest" />
+    <meta name="theme-color" content="#D0EC1A" />
   </head>
   <body>
     <div id="root"></div>
diff --git a/apps/mesh/migrations/068-model-categories.ts b/apps/mesh/migrations/068-model-categories.ts
new file mode 100644
index 0000000000..3cb080ad64
--- /dev/null
+++ b/apps/mesh/migrations/068-model-categories.ts
@@ -0,0 +1,15 @@
+import { Kysely } from "kysely";
+
+export async function up(db: Kysely<unknown>): Promise<void> {
+  await db.schema
+    .alterTable("organization_settings")
+    .addColumn("simple_mode", "text")
+    .execute();
+}
+
+export async function down(db: Kysely<unknown>): Promise<void> {
+  await db.schema
+    .alterTable("organization_settings")
+    .dropColumn("simple_mode")
+    .execute();
+}
diff --git a/apps/mesh/migrations/068-threads-branch.ts b/apps/mesh/migrations/068-threads-branch.ts
new file mode 100644
index 0000000000..d584b4e617
--- /dev/null
+++ b/apps/mesh/migrations/068-threads-branch.ts
@@ -0,0 +1,17 @@
+/**
+ * Migration 068: Add branch column to threads
+ *
+ * Adds a nullable `branch` text column used to pin a thread to a git branch
+ * for GitHub-linked virtualmcps. Nullable because non-github threads don't
+ * need a branch.
+ */
+
+import type { Kysely } from "kysely";
+
+export async function up(db: Kysely<unknown>): Promise<void> {
+  await db.schema.alterTable("threads").addColumn("branch", "text").execute();
+}
+
+export async function down(db: Kysely<unknown>): Promise<void> {
+  await db.schema.alterTable("threads").dropColumn("branch").execute();
+}
diff --git a/apps/mesh/migrations/069-sandbox-runner-state.ts b/apps/mesh/migrations/069-sandbox-runner-state.ts
new file mode 100644
index 0000000000..80859e15fe
--- /dev/null
+++ b/apps/mesh/migrations/069-sandbox-runner-state.ts
@@ -0,0 +1,38 @@
+/**
+ * Persistent sandbox runner state — survives mesh restarts so we can
+ * recover or terminate live sandboxes. `state` jsonb is opaque: each
+ * runner serialises its own shape (docker: {token, hostPort, ...};
+ * freestyle: {token, domain, ...}).
+ */
+
+import type { Kysely } from "kysely";
+
+export async function up(db: Kysely<unknown>): Promise<void> {
+  await db.schema
+    .createTable("sandbox_runner_state")
+    .addColumn("user_id", "text", (col) => col.notNull())
+    .addColumn("project_ref", "text", (col) => col.notNull())
+    .addColumn("runner_kind", "text", (col) => col.notNull())
+    .addColumn("handle", "text", (col) => col.notNull())
+    .addColumn("state", "jsonb", (col) => col.notNull())
+    .addColumn("updated_at", "timestamptz", (col) =>
+      col.notNull().defaultTo("now()"),
+    )
+    .addPrimaryKeyConstraint("sandbox_runner_state_pkey", [
+      "user_id",
+      "project_ref",
+      "runner_kind",
+    ])
+    .execute();
+
+  await db.schema
+    .createIndex("sandbox_runner_state_handle_idx")
+    .on("sandbox_runner_state")
+    .column("handle")
+    .unique()
+    .execute();
+}
+
+export async function down(db: Kysely<unknown>): Promise<void> {
+  await db.schema.dropTable("sandbox_runner_state").execute();
+}
diff --git a/apps/mesh/migrations/070-model-categories.ts b/apps/mesh/migrations/070-model-categories.ts
new file mode 100644
index 0000000000..3cb080ad64
--- /dev/null
+++ b/apps/mesh/migrations/070-model-categories.ts
@@ -0,0 +1,15 @@
+import { Kysely } from "kysely";
+
+export async function up(db: Kysely<unknown>): Promise<void> {
+  await db.schema
+    .alterTable("organization_settings")
+    .addColumn("simple_mode", "text")
+    .execute();
+}
+
+export async function down(db: Kysely<unknown>): Promise<void> {
+  await db.schema
+    .alterTable("organization_settings")
+    .dropColumn("simple_mode")
+    .execute();
+}
diff --git a/apps/mesh/migrations/071-default-home-agents.ts b/apps/mesh/migrations/071-default-home-agents.ts
new file mode 100644
index 0000000000..0e5a90cc8d
--- /dev/null
+++ b/apps/mesh/migrations/071-default-home-agents.ts
@@ -0,0 +1,15 @@
+import { Kysely } from "kysely";
+
+export async function up(db: Kysely<unknown>): Promise<void> {
+  await db.schema
+    .alterTable("organization_settings")
+    .addColumn("default_home_agents", "text")
+    .execute();
+}
+
+export async function down(db: Kysely<unknown>): Promise<void> {
+  await db.schema
+    .alterTable("organization_settings")
+    .dropColumn("default_home_agents")
+    .execute();
+}
diff --git a/apps/mesh/migrations/072-ai-provider-key-preset-id.ts b/apps/mesh/migrations/072-ai-provider-key-preset-id.ts
new file mode 100644
index 0000000000..9f1a63a741
--- /dev/null
+++ b/apps/mesh/migrations/072-ai-provider-key-preset-id.ts
@@ -0,0 +1,15 @@
+import { type Kysely } from "kysely";
+
+export async function up(db: Kysely<unknown>): Promise<void> {
+  await db.schema
+    .alterTable("ai_provider_keys")
+    .addColumn("preset_id", "text")
+    .execute();
+}
+
+export async function down(db: Kysely<unknown>): Promise<void> {
+  await db.schema
+    .alterTable("ai_provider_keys")
+    .dropColumn("preset_id")
+    .execute();
+}
diff --git a/apps/mesh/migrations/073-backfill-basic-usage-roles.ts b/apps/mesh/migrations/073-backfill-basic-usage-roles.ts
new file mode 100644
index 0000000000..98e827cc29
--- /dev/null
+++ b/apps/mesh/migrations/073-backfill-basic-usage-roles.ts
@@ -0,0 +1,78 @@
+/**
+ * Backfill basic-usage tools into existing custom roles.
+ *
+ * The role editor now bakes BASIC_USAGE_TOOLS (defined in registry-metadata)
+ * into the saved `permission.self` array of every custom role at submit time.
+ * Roles created before this change are missing those tools and would lose
+ * access until someone re-saves them via the UI.
+ *
+ * This migration adds the snapshot of tools below to every custom role's
+ * `permission.self` array. Roles with `permission.self === ["*"]` already
+ * grant everything and are left untouched.
+ *
+ * NOTE: The list below is a SNAPSHOT — it must not import the live
+ * BASIC_USAGE_TOOLS constant. Migrations are immutable history. If
+ * BASIC_USAGE_TOOLS changes in the future, write a new migration with the
+ * tools added since this one.
+ */
+
+import { type Kysely, sql } from "kysely";
+
+const TOOLS_TO_BACKFILL = [
+  "COLLECTION_CONNECTIONS_LIST",
+  "COLLECTION_CONNECTIONS_GET",
+  "CONNECTION_TEST",
+  "COLLECTION_VIRTUAL_MCP_LIST",
+  "COLLECTION_VIRTUAL_MCP_GET",
+  "VIRTUAL_MCP_PLUGIN_CONFIG_GET",
+  "AUTOMATION_GET",
+  "AUTOMATION_LIST",
+  "AI_PROVIDERS_LIST",
+  "AI_PROVIDERS_LIST_MODELS",
+  "AI_PROVIDERS_ACTIVE",
+  "LIST_OBJECTS",
+  "GET_OBJECT_METADATA",
+  "GET_PRESIGNED_URL",
+  "PUT_PRESIGNED_URL",
+  "VM_START",
+  "VM_DELETE",
+];
+
+export async function up(db: Kysely<unknown>): Promise<void> {
+  const result = await sql<{ id: string; permission: string | null }>`
+    SELECT id, permission FROM "organizationRole"
+  `.execute(db);
+
+  for (const row of result.rows) {
+    if (!row.permission) continue;
+
+    let perm: Record<string, unknown>;
+    try {
+      perm = JSON.parse(row.permission);
+    } catch {
+      continue;
+    }
+
+    const self = perm.self;
+    if (!Array.isArray(self)) continue;
+    if (self.length === 1 && self[0] === "*") continue;
+
+    const existing = self as string[];
+    const merged = Array.from(new Set([...existing, ...TOOLS_TO_BACKFILL]));
+    if (merged.length === existing.length) continue;
+
+    perm.self = merged;
+    const updated = JSON.stringify(perm);
+
+    await sql`
+      UPDATE "organizationRole"
+      SET permission = ${updated}
+      WHERE id = ${row.id}
+    `.execute(db);
+  }
+}
+
+export async function down(_db: Kysely<unknown>): Promise<void> {
+  // No-op: removing basic-usage tools from existing roles would break
+  // access for users currently relying on them.
+}
diff --git a/apps/mesh/migrations/074-sandbox-runner-state-handle-nonunique.ts b/apps/mesh/migrations/074-sandbox-runner-state-handle-nonunique.ts
new file mode 100644
index 0000000000..e9f36291ba
--- /dev/null
+++ b/apps/mesh/migrations/074-sandbox-runner-state-handle-nonunique.ts
@@ -0,0 +1,32 @@
+/**
+ * The original `sandbox_runner_state_handle_idx` was UNIQUE across all rows,
+ * but `handle` is only guaranteed unique within a runner's namespace (e.g.
+ * a K8s claim namespace for agent-sandbox, or a Docker host for the docker
+ * runner). With 5 hex chars of hash entropy on no-branch sandboxes (~20 bits),
+ * two different users can legitimately collide — triggering a constraint
+ * violation on insert. Drop and recreate as a non-unique index.
+ *
+ * `getByHandle` uses executeTakeFirst() and handles are still random enough
+ * that collisions are rare; the DB uniqueness was never load-bearing for
+ * correctness.
+ */
+import type { Kysely } from "kysely";
+
+export async function up(db: Kysely<unknown>): Promise<void> {
+  await db.schema.dropIndex("sandbox_runner_state_handle_idx").execute();
+  await db.schema
+    .createIndex("sandbox_runner_state_handle_idx")
+    .on("sandbox_runner_state")
+    .column("handle")
+    .execute();
+}
+
+export async function down(db: Kysely<unknown>): Promise<void> {
+  await db.schema.dropIndex("sandbox_runner_state_handle_idx").execute();
+  await db.schema
+    .createIndex("sandbox_runner_state_handle_idx")
+    .on("sandbox_runner_state")
+    .column("handle")
+    .unique()
+    .execute();
+}
diff --git a/apps/mesh/migrations/075-thread-inflight-async-jobs.ts b/apps/mesh/migrations/075-thread-inflight-async-jobs.ts
new file mode 100644
index 0000000000..98fa190153
--- /dev/null
+++ b/apps/mesh/migrations/075-thread-inflight-async-jobs.ts
@@ -0,0 +1,15 @@
+import type { Kysely } from "kysely";
+
+export async function up(db: Kysely<unknown>): Promise<void> {
+  await db.schema
+    .alterTable("threads")
+    .addColumn("inflight_async_jobs", "jsonb")
+    .execute();
+}
+
+export async function down(db: Kysely<unknown>): Promise<void> {
+  await db.schema
+    .alterTable("threads")
+    .dropColumn("inflight_async_jobs")
+    .execute();
+}
diff --git a/apps/mesh/migrations/076-automations-drop-agent-json.ts b/apps/mesh/migrations/076-automations-drop-agent-json.ts
new file mode 100644
index 0000000000..f1d2930e2c
--- /dev/null
+++ b/apps/mesh/migrations/076-automations-drop-agent-json.ts
@@ -0,0 +1,55 @@
+/**
+ * Drop the redundant `automations.agent` JSON column.
+ *
+ * Historically the table stored the owning agent in two places:
+ *   - `agent` text NOT NULL — JSON `{ id }` (added in 039)
+ *   - `virtual_mcp_id` text NULL — added later in 056 to scope automations to
+ *     a project/agent for the agent-detail Automations tab.
+ *
+ * The two fields drifted: AI-created automations sometimes set `agent.id`
+ * without `virtual_mcp_id`, so they appeared in the org-level Automations
+ * list but disappeared from the agent's tab (which filters strictly by
+ * `virtual_mcp_id`).
+ *
+ * Backfill `virtual_mcp_id` from the JSON, make it NOT NULL, and drop the
+ * JSON column. `virtual_mcp_id` is the single source of truth going forward.
+ */
+
+import { type Kysely, sql } from "kysely";
+
+export async function up(db: Kysely<unknown>): Promise<void> {
+  await sql`
+    UPDATE automations
+    SET virtual_mcp_id = (agent::json ->> 'id')
+    WHERE virtual_mcp_id IS NULL
+  `.execute(db);
+
+  await sql`
+    ALTER TABLE automations
+    ALTER COLUMN virtual_mcp_id SET NOT NULL
+  `.execute(db);
+
+  await db.schema.alterTable("automations").dropColumn("agent").execute();
+}
+
+export async function down(db: Kysely<unknown>): Promise<void> {
+  await db.schema
+    .alterTable("automations")
+    .addColumn("agent", "text")
+    .execute();
+
+  await sql`
+    UPDATE automations
+    SET agent = json_build_object('id', virtual_mcp_id)::text
+  `.execute(db);
+
+  await sql`
+    ALTER TABLE automations
+    ALTER COLUMN agent SET NOT NULL
+  `.execute(db);
+
+  await sql`
+    ALTER TABLE automations
+    ALTER COLUMN virtual_mcp_id DROP NOT NULL
+  `.execute(db);
+}
diff --git a/apps/mesh/migrations/index.ts b/apps/mesh/migrations/index.ts
index fe107d90cc..23f3bf7b97 100644
--- a/apps/mesh/migrations/index.ts
+++ b/apps/mesh/migrations/index.ts
@@ -66,6 +66,15 @@ import * as migration064brandcontext from "./064-brand-context.ts";
 import * as migration065organizationdomains from "./065-organization-domains.ts";
 import * as migration066brandcontextstructured from "./066-brand-context-structured.ts";
 import * as migration067threadsmetadata from "./067-threads-metadata.ts";
+import * as migration068threadsbranch from "./068-threads-branch.ts";
+import * as migration069sandboxrunnerstate from "./069-sandbox-runner-state.ts";
+import * as migration070modelcategories from "./070-model-categories.ts";
+import * as migration071defaulthomeagents from "./071-default-home-agents.ts";
+import * as migration072aiproviderkeypresetid from "./072-ai-provider-key-preset-id.ts";
+import * as migration073backfillbasicusageroles from "./073-backfill-basic-usage-roles.ts";
+import * as migration074sandboxrunnerstatehandlenonunique from "./074-sandbox-runner-state-handle-nonunique.ts";
+import * as migration075threadinflightasyncjobs from "./075-thread-inflight-async-jobs.ts";
+import * as migration076automationsdropagentjson from "./076-automations-drop-agent-json.ts";
 
 /**
  * Core migrations for the Mesh application.
@@ -146,6 +155,16 @@ const migrations: Record<string, Migration> = {
   "065-organization-domains": migration065organizationdomains,
   "066-brand-context-structured": migration066brandcontextstructured,
   "067-threads-metadata": migration067threadsmetadata,
+  "068-threads-branch": migration068threadsbranch,
+  "069-sandbox-runner-state": migration069sandboxrunnerstate,
+  "070-model-categories": migration070modelcategories,
+  "071-default-home-agents": migration071defaulthomeagents,
+  "072-ai-provider-key-preset-id": migration072aiproviderkeypresetid,
+  "073-backfill-basic-usage-roles": migration073backfillbasicusageroles,
+  "074-sandbox-runner-state-handle-nonunique":
+    migration074sandboxrunnerstatehandlenonunique,
+  "075-thread-inflight-async-jobs": migration075threadinflightasyncjobs,
+  "076-automations-drop-agent-json": migration076automationsdropagentjson,
 };
 
 export default migrations;
diff --git a/apps/mesh/package.json b/apps/mesh/package.json
index 142e2953be..952f93435d 100644
--- a/apps/mesh/package.json
+++ b/apps/mesh/package.json
@@ -1,6 +1,6 @@
 {
   "name": "decocms",
-  "version": "2.270.1",
+  "version": "2.310.11",
   "description": "Deco CMS — Self-hostable MCP Gateway for managing AI connections and tools",
   "author": "Deco team",
   "repository": {
@@ -22,7 +22,7 @@
     "dev": "bun run migrate && concurrently \"bun run dev:client\" \"bun run dev:server\"",
     "dev:servers": "concurrently \"bun run dev:client\" \"bun run dev:server\"",
     "dev:client": "bun --bun vite dev",
-    "dev:server": "NODE_ENV=development bun --env-file=.env --hot run src/index.ts",
+    "dev:server": "bun run --cwd=../../packages/sandbox build && NODE_ENV=development bun --env-file=.env --hot run src/index.ts",
     "build:client": "bun --bun vite build",
     "build:server": "bun run scripts/bundle-server-script.ts --dist ./dist/server",
     "db:migrate": "bun run ./dist/server/migrate.js",
@@ -36,7 +36,11 @@
     "prepublishOnly": "bun run build:client && bun run build:server"
   },
   "optionalDependencies": {
-    "@duckdb/node-api": "^1.5.0-r.1"
+    "@duckdb/node-api": "^1.5.0-r.1",
+    "@freestyle-sh/with-bun": "^0.2.12",
+    "@freestyle-sh/with-deno": "^0.0.4",
+    "@freestyle-sh/with-nodejs": "^0.2.9",
+    "freestyle-sandboxes": "^0.1.46"
   },
   "dependencies": {
     "@ai-sdk/anthropic": "^3.0.58",
@@ -46,12 +50,10 @@
     "@aws-sdk/client-s3": "^3.1013.0",
     "@aws-sdk/s3-request-presigner": "^3.1013.0",
     "@clickhouse/client": "^1.8.1",
+    "@deco-cx/warp-node": "^0.3.20",
     "@dnd-kit/core": "^6.3.1",
     "@dnd-kit/sortable": "^10.0.0",
     "@dnd-kit/utilities": "^3.2.2",
-    "@freestyle-sh/with-bun": "^0.2.12",
-    "@freestyle-sh/with-deno": "^0.0.4",
-    "@freestyle-sh/with-nodejs": "^0.2.9",
     "@inkjs/ui": "^2.0.0",
     "@modelcontextprotocol/ext-apps": "^1.2.2",
     "@openrouter/ai-sdk-provider": "^2.2.5",
@@ -62,10 +64,12 @@
     "ai-sdk-provider-claude-code": "^3.4.4",
     "ai-sdk-provider-codex-cli": "^1.1.0",
     "embedded-postgres": "^18.3.0-beta.16",
-    "freestyle-sandboxes": "^0.1.46",
     "ink": "^6.8.0",
     "kysely": "^0.28.12",
     "nats": "^2.29.3",
+    "node-pty": "^1.0.0",
+    "posthog-js": "^1.371.1",
+    "posthog-node": "^5.0.0",
     "react": "^19.2.0",
     "react-dom": "^19.2.0"
   },
@@ -143,6 +147,7 @@
     "kysely-pglite": "^0.6.1",
     "lucide-react": "^0.468.0",
     "marked": "^15.0.6",
+    "@decocms/sandbox": "workspace:*",
     "mesh-plugin-workflows": "workspace:*",
     "nanoid": "^5.1.6",
     "pg": "^8.16.3",
diff --git a/apps/mesh/public/manifest.webmanifest b/apps/mesh/public/manifest.webmanifest
new file mode 100644
index 0000000000..aa5488b07a
--- /dev/null
+++ b/apps/mesh/public/manifest.webmanifest
@@ -0,0 +1,19 @@
+{
+  "name": "deco CMS",
+  "short_name": "deco CMS",
+  "description": "Hire specialized agents, give them access to your tools, and let them deliver real projects — with planning, verification, and observability built in.",
+  "start_url": "/",
+  "scope": "/",
+  "display": "standalone",
+  "display_override": ["window-controls-overlay"],
+  "background_color": "#ffffff",
+  "theme_color": "#D0EC1A",
+  "icons": [
+    {
+      "src": "/favicon.svg",
+      "sizes": "any",
+      "type": "image/svg+xml",
+      "purpose": "any"
+    }
+  ]
+}
diff --git a/apps/mesh/scripts/bundle-server-script.ts b/apps/mesh/scripts/bundle-server-script.ts
index d901fee73f..d878f8102b 100644
--- a/apps/mesh/scripts/bundle-server-script.ts
+++ b/apps/mesh/scripts/bundle-server-script.ts
@@ -382,7 +382,50 @@ async function copyRootReadme() {
   }
 }
 
+// QuickJS's emscripten loader resolves `new URL("emscripten-module.wasm",
+// import.meta.url)` — on Linux bun in production this can resolve relative
+// to the bundle output (dist/server/) rather than the externalized package,
+// causing ENOENT. Copy the WASM alongside the bundles as a safety net so the
+// file exists at whichever location bun looks.
+async function copyQuickjsWasm() {
+  console.log("📄 Copying QuickJS WASM...");
+
+  const wasmSource = join(
+    OUTPUT_DIR,
+    "node_modules/@jitl/quickjs-wasmfile-release-sync/dist/emscripten-module.wasm",
+  );
+  const wasmDest = join(OUTPUT_DIR, "emscripten-module.wasm");
+
+  if (!existsSync(wasmSource)) {
+    console.warn(`⚠️  QuickJS WASM not found at ${wasmSource}, skipping...`);
+    return;
+  }
+
+  await cp(wasmSource, wasmDest);
+  console.log(`✅ QuickJS WASM copied to ${wasmDest}`);
+}
+
+// freestyle/runner.ts and host/runner.ts both inline
+// packages/sandbox/daemon/dist/daemon.js via a text-import attribute.
+// `bun build` needs that file present on disk to embed it into the server
+// bundle, so produce it before bundling. Idempotent — `bun run build` just
+// rewrites the same outfile.
+async function buildSandboxDaemon() {
+  console.log("🔨 Building sandbox daemon bundle...");
+  const sandboxRoot = join(WORKSPACE_ROOT, "packages/sandbox");
+  await $`bun run build`.cwd(sandboxRoot).quiet();
+  const daemonBundle = join(sandboxRoot, "daemon/dist/daemon.js");
+  if (!existsSync(daemonBundle)) {
+    console.error(`❌ Sandbox daemon bundle missing at ${daemonBundle}`);
+    process.exit(1);
+  }
+  console.log(`✅ Sandbox daemon bundle ready at ${daemonBundle}`);
+}
+
 async function main() {
+  // Build sandbox daemon bundle so runner.ts's text-import has a file to embed.
+  await buildSandboxDaemon();
+
   // Prune node_modules to only include required dependencies for both scripts
   const packagesToExternalize = await pruneNodeModules();
 
@@ -394,11 +437,15 @@ async function main() {
   // Copy root README.md to dist folder
   await copyRootReadme();
 
+  // Copy QuickJS WASM alongside bundles as a safety net for path resolution
+  await copyQuickjsWasm();
+
   console.log("\n🎉 Build completed successfully!");
   console.log(`📦 Output directory: ${OUTPUT_DIR}`);
   console.log(`   - migrate.js`);
   console.log(`   - server.js`);
   console.log(`   - cli.js`);
+  console.log(`   - emscripten-module.wasm`);
   console.log(`   - node_modules/`);
   console.log(`   - ../README.md`);
 }
diff --git a/apps/mesh/spec/001.md b/apps/mesh/spec/001.md
index 519efe51df..bad0dde2c1 100644
--- a/apps/mesh/spec/001.md
+++ b/apps/mesh/spec/001.md
@@ -32,9 +32,9 @@ This new paradigm introduces significant challenges for teams and organizations:
 
 **Tool Orchestration**: MCP services operate in isolation, with no standard way to compose tools from multiple services or manage dependencies between them.
 
-### Our Solution: MCP Mesh
+### Our Solution: Studio
 
-We're building the first open-source MCP Mesh — a unified platform that solves these challenges by:
+We're building the first open-source Studio — a unified platform that solves these challenges by:
 
 1. **Centralizing MCP connections**: Connect all your MCP services in one place with unified authentication
 
@@ -46,15 +46,15 @@ We're building the first open-source MCP Mesh — a unified platform that solves
 
 3. **Enabling tool composition**: Allow MCP services to depend on each other, eliminating redundant account connections
 
-4. **Providing zero-config deployment**: Run the MCP Mesh locally without complex setup
+4. **Providing zero-config deployment**: Run Studio locally without complex setup
 
-5. **Being MCP-native**: The Mesh itself exposes an MCP interface, allowing it to be used by any MCP-compatible client
+5. **Being MCP-native**: Studio itself exposes an MCP interface, allowing it to be used by any MCP-compatible client
 
 ### Apps: Extending MCP
 
-In MCP Mesh, we use "App" and "MCP service" interchangeably. Apps are a superset of MCP — we extend the protocol to support additional features such as:
+In Studio, we use "App" and "MCP service" interchangeably. Apps are a superset of MCP — we extend the protocol to support additional features such as:
 
-- **Native multi-tenancy**: Apps can expose configuration schemas via tool calls, which the Mesh renders as user-friendly forms
+- **Native multi-tenancy**: Apps can expose configuration schemas via tool calls, which Studio renders as user-friendly forms
 - **Tool dependencies**: Apps can declare dependencies on other apps' tools
 - **Unified discovery**: Browse and install apps from a centralized marketplace
 - **Team-based ACLs**: Built-in support for team hierarchies, roles, and fine-grained permissions
@@ -72,7 +72,7 @@ The result is a composable, secure, open-source infrastructure layer for the AI-
    - The database connection itself represents the system boundary
    - Organizations provide isolation for resources, teams, and audit logs
 
-2. **MCP-Native API**: Instead of REST, the Mesh uses MCP tools for all management operations. This makes the Mesh itself an MCP service that can be accessed programmatically or via AI agents.
+2. **MCP-Native API**: Instead of REST, Studio uses MCP tools for all management operations. This makes Studio itself an MCP service that can be accessed programmatically or via AI agents.
 
 3. **Minimal Configuration**: Only one environment variable (`DATABASE_URL`). All authentication configuration is file-based (`auth-config.json`).
 
@@ -82,7 +82,7 @@ The result is a composable, secure, open-source infrastructure layer for the AI-
 
 6. **Zero-Config SQLite**: Uses Bun's native SQLite by default. No database setup required. Upgrade to PostgreSQL when needed.
 
-7. **Credential Isolation**: Original service tokens never leave the Mesh. The proxy replaces Mesh tokens with actual credentials at request time.
+7. **Credential Isolation**: Original service tokens never leave Studio. The proxy replaces Studio tokens with actual credentials at request time.
 
 8. **Simple URL Structure**:
    - `/mcp` - Management API (CONNECTION_* tools, organization management via Better Auth)
@@ -232,7 +232,7 @@ interface MeshContext {
   meter: Meter;             // For metrics collection
   
   // Base URL (derived from request, used for OAuth callbacks, metadata URLs, etc.)
-  baseUrl: string;          // e.g., "https://mesh.example.com" or "http://localhost:3000"
+  baseUrl: string;          // e.g., "https://studio.example.com" or "http://localhost:3000"
   
   // Request metadata (non-HTTP specific)
   metadata: {
@@ -801,7 +801,7 @@ export class ConnectionStorage implements ConnectionStoragePort {
 
 #### 5. Authentication via Better Auth
 
-The Mesh uses [Better Auth's MCP plugin](https://www.better-auth.com/docs/plugins/mcp) for OAuth-based MCP client authentication, along with the [API Key plugin](https://www.better-auth.com/docs/plugins/api-key) for direct tool access:
+Studio uses [Better Auth's MCP plugin](https://www.better-auth.com/docs/plugins/mcp) for OAuth-based MCP client authentication, along with the [API Key plugin](https://www.better-auth.com/docs/plugins/api-key) for direct tool access:
 
 **Configuration:**
 
@@ -1035,14 +1035,14 @@ The permission model uses two types of resources:
 
 **Understanding Permission Resources:**
 
-The Mesh uses a resource-based permission model with two main resource types:
+Studio uses a resource-based permission model with two main resource types:
 
 1. **`"self"`** - Management API resource
    - **Special resource name** that grants access to management tools
    - Exposed at the `/mcp` endpoint (not `/mcp/:connectionId`)
-   - Contains tools for managing the Mesh itself: connections, etc.
+   - Contains tools for managing Studio itself: connections, etc.
    - Example tools: `CONNECTION_CREATE`, `CONNECTION_LIST`, `CONNECTION_GET`, `CONNECTION_DELETE`, `CONNECTION_TEST`
-   - These tools don't proxy to downstream connections - they operate on the Mesh database
+   - These tools don't proxy to downstream connections - they operate on Studio database
    - Example: `{ "self": ["CONNECTION_CREATE", "CONNECTION_LIST", "CONNECTION_GET"] }`
    - **Authorization flow:** When calling tools at `/mcp`, AccessControl checks permissions on resource `"self"`
 
@@ -1072,12 +1072,12 @@ The Mesh uses a resource-based permission model with two main resource types:
 
 **When to use each resource:**
 
-- Use `"self"` when granting permissions to **manage the Mesh** (manage connections, organizations, etc.)
+- Use `"self"` when granting permissions to **manage Studio** (manage connections, organizations, etc.)
 - Use `"conn_<UUID>"` when granting permissions to **use specific downstream connections** (call tools on those connections)
 
 #### 5.1 Organization Management
 
-The Mesh uses [Better Auth's Organization plugin](https://www.better-auth.com/docs/plugins/organization) for multi-tenant organization management. This provides:
+Studio uses [Better Auth's Organization plugin](https://www.better-auth.com/docs/plugins/organization) for multi-tenant organization management. This provides:
 
 - Organization creation and management
 - Member management (add, remove, update roles)
@@ -1354,7 +1354,7 @@ export default app;
 
 #### 6. Observability with OpenTelemetry
 
-The Mesh includes comprehensive observability using [OpenTelemetry](https://opentelemetry.io/) for distributed tracing and metrics:
+Studio includes comprehensive observability using [OpenTelemetry](https://opentelemetry.io/) for distributed tracing and metrics:
 
 **Configuration:**
 
@@ -1528,7 +1528,7 @@ export function defineTool<TInput extends z.ZodType, TOutput extends z.ZodType>(
 
 **Standard Metrics:**
 
-The Mesh automatically tracks:
+Studio automatically tracks:
 
 1. **Tool Execution Metrics:**
    - `tool.execution.duration` - Histogram of execution times
@@ -1549,7 +1549,7 @@ The Mesh automatically tracks:
 
 **Tracing Context Propagation:**
 
-When proxying MCP calls, the Mesh propagates trace context:
+When proxying MCP calls, Studio propagates trace context:
 
 ```typescript
 // Proxy with trace propagation
@@ -1564,7 +1564,7 @@ const response = await fetch(connection.url, { headers });
 
 #### 7. Downstream MCP OAuth Client
 
-The Mesh acts as an **OAuth client** to connect to downstream MCPs that require OAuth authentication. This allows the Mesh to proxy requests to third-party OAuth-protected MCPs while keeping credentials secure.
+Studio acts as an **OAuth client** to connect to downstream MCPs that require OAuth authentication. This allows Studio to proxy requests to third-party OAuth-protected MCPs while keeping credentials secure.
 
 **Three OAuth Roles:**
 
@@ -1591,7 +1591,7 @@ The Mesh acts as an **OAuth client** to connect to downstream MCPs that require
 
 **Connecting to Downstream OAuth-Protected MCPs:**
 
-When creating a connection to a downstream MCP that supports OAuth, the Mesh can act as an OAuth client to obtain tokens. See the "Discovering and Connecting to Downstream OAuth MCPs" section below for implementation details.
+When creating a connection to a downstream MCP that supports OAuth, Studio can act as an OAuth client to obtain tokens. See the "Discovering and Connecting to Downstream OAuth MCPs" section below for implementation details.
 
 **Database Schema for OAuth (Kysely TypeScript Interfaces):**
 
@@ -1670,7 +1670,7 @@ export function requireMcpAuth(requiredScopes: string[] = []) {
 
 **MCP Proxy with OAuth:**
 
-When proxying to downstream MCPs, the Mesh obtains and uses proper tokens:
+When proxying to downstream MCPs, Studio obtains and uses proper tokens:
 
 ```typescript
 // Proxy MCP request with OAuth token
@@ -1835,7 +1835,7 @@ export interface Database {
 
 **Important**: OAuth discovery and client registration only happen **once** when creating or configuring a connection. The proxy itself doesn't perform OAuth discovery on every request - it uses the stored OAuth configuration from the connection.
 
-When creating a connection to a downstream MCP that supports OAuth, the Mesh follows the [MCP Authorization Discovery flow](https://modelcontextprotocol.io/specification/draft/basic/authorization):
+When creating a connection to a downstream MCP that supports OAuth, Studio follows the [MCP Authorization Discovery flow](https://modelcontextprotocol.io/specification/draft/basic/authorization):
 
 ```typescript
 // tools/connection/discover-oauth.ts
@@ -1888,7 +1888,7 @@ export async function discoverDownstreamOAuth(url: string): Promise<OAuthConfig
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({
           client_name: 'MCP Mesh',
-          redirect_uris: [`https://mesh.example.com/oauth/callback`], // Use configured base URL
+          redirect_uris: [`https://studio.example.com/oauth/callback`], // Use configured base URL
           grant_types: ['authorization_code', 'refresh_token', 'client_credentials'],
           token_endpoint_auth_method: 'client_secret_basic',
           scope: resourceMetadata.scopes_supported?.join(' '),
@@ -2174,7 +2174,7 @@ oauthCallbackRouter.get('/oauth/callback', async (c) => {
 });
 ```
 
-**Complete Example: MCP Client Using the Mesh:**
+**Complete Example: MCP Client Using Studio:**
 
 ```typescript
 // Example: Claude Desktop or any MCP client connecting to the Mesh
@@ -2183,7 +2183,7 @@ import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
 import { createRemoteJWKSet, jwtVerify } from 'jose';
 
-const MESH_URL = 'https://mesh.example.com/mcp';
+const MESH_URL = 'https://studio.example.com/mcp';
 
 async function connectToMesh() {
   // Step 1: Discover OAuth metadata
@@ -2494,7 +2494,7 @@ export const STORAGE_BINDING = {
 
 **Binding Detection:**
 
-The Mesh automatically detects which bindings a connection implements:
+Studio automatically detects which bindings a connection implements:
 
 ```typescript
 // core/binding-detector.ts
@@ -3146,18 +3146,18 @@ export class ConnectionStorage {
 
 **Two Distinct MCP Servers:**
 
-The Mesh implements two separate MCP servers:
+Studio implements two separate MCP servers:
 
 1. **Management MCP Server** (`/mcp`) - Exposes management tools
 2. **Proxy MCP Server** (`/mcp/:connectionId`) - Proxies to downstream connections
 
 **HttpServerTransport:**
 
-The Mesh uses a custom `WebStandardHttpTransport`
+Studio uses a custom `WebStandardHttpTransport`
 
 **MCP Server Builder Pattern:**
 
-The Mesh uses a builder pattern (`api/utils/mcp.ts`) to create MCP servers with middleware support:
+Studio uses a builder pattern (`api/utils/mcp.ts`) to create MCP servers with middleware support:
 
 ```typescript
 // api/utils/mcp.ts - Simplified version
@@ -3299,7 +3299,7 @@ app.post('/:connectionId', async (c) => {
 
 | Aspect | Management API (`/mcp`) | Proxy API (`/mcp/:connectionId`) |
 |--------|------------------------|----------------------------------|
-| **Purpose** | Expose Mesh management tools | Proxy to downstream connections |
+| **Purpose** | Expose Studio management tools | Proxy to downstream connections |
 | **Tools Source** | `tools/` directory (PROJECT_*, CONNECTION_*) | Downstream MCP (via `client.listTools()`) |
 | **Authorization Resource** | `"self"` | `"conn_<UUID>"` |
 | **Handler** | Directly executes tool from registry | Proxies to downstream client |
@@ -3595,7 +3595,7 @@ bun run better-auth:migrate
 bun run start
 ```
 
-That's it! The Mesh will automatically:
+That's it! Studio will automatically:
 
 - Create a local SQLite database at `./data/mesh.db`
 - Run all necessary migrations (application tables)
@@ -3799,7 +3799,7 @@ interface ApiKey {
 
 **Better Auth Integration:**
 
-MCP Mesh uses Better Auth for flexible authentication with multiple providers. All authentication configuration is done via an optional `auth-config.json` file—no environment variables needed!
+Studio uses Better Auth for flexible authentication with multiple providers. All authentication configuration is done via an optional `auth-config.json` file—no environment variables needed!
 
 **Supported Auth Methods:**
 
@@ -3919,9 +3919,9 @@ export function createDatabase(databaseUrl: string): Kysely<DatabaseSchema> {
 
 **MCP-Native API Architecture:**
 
-The Mesh exposes two main endpoints following the MCP protocol:
+Studio exposes two main endpoints following the MCP protocol:
 
-**Management API** (`/mcp`) - MCP Server for Mesh Management:
+**Management API** (`/mcp`) - MCP Server for Studio Management:
 
 ```
 POST /mcp
@@ -3969,7 +3969,7 @@ Better Auth API keys include permissions that determine which connections and to
 interface MeshTokenPayload {
   // Standard JWT claims (RFC 7519)
   sub: string;           // Subject: Token ID or User ID
-  iss: string;           // Issuer: Mesh instance base URL (e.g., "https://mesh.example.com")
+  iss: string;           // Issuer: Mesh instance base URL (e.g., "https://studio.example.com")
   iat: number;           // Issued at: Unix timestamp
   exp: number;           // Expiration: Unix timestamp
   nbf: number;           // Not before: Unix timestamp (prevents premature use)
@@ -3989,7 +3989,7 @@ interface MeshTokenPayload {
 
 #### Organization Management (via Better Auth Plugin + MCP Tools)
 
-MCP Mesh wraps Better Auth's organization plugin APIs as MCP tools for programmatic access.
+Studio wraps Better Auth's organization plugin APIs as MCP tools for programmatic access.
 For direct API access, see [Better Auth Organization Plugin](https://www.better-auth.com/docs/plugins/organization).
 
 **ORGANIZATION_CREATE**
@@ -4274,7 +4274,7 @@ const connections = await CONNECTION_LIST({});
 
 #### API Key Management
 
-MCP Mesh exposes Better Auth's API Key plugin functionality through MCP tools. Users can create, list, update, and delete their own API keys.
+Studio exposes Better Auth's API Key plugin functionality through MCP tools. Users can create, list, update, and delete their own API keys.
 
 **Important Security Note:** API key values are only returned once at creation time. After creation, only metadata (name, permissions, etc.) can be retrieved - the key value cannot be shown again.
 
@@ -4388,7 +4388,7 @@ When creating new API keys via Better Auth, the following tools are available by
 
 #### Organization Roles & Teams (via Better Auth Organization Plugin)
 
-Better Auth's organization plugin handles all organization-level access control. The Mesh does NOT provide separate POLICY_*, ROLE_*, TOKEN_*, or TEAM_* tools because Better Auth already provides comprehensive APIs for these.
+Better Auth's organization plugin handles all organization-level access control. Studio does NOT provide separate POLICY_*, ROLE_*, TOKEN_*, or TEAM_* tools because Better Auth already provides comprehensive APIs for these.
 
 **Organization Management Features (via Better Auth):**
 
@@ -4440,15 +4440,15 @@ For complete organization management documentation, see [Better Auth Organizatio
 
 ---
 
-### The MCP Mesh Proxy API
+### Studio Proxy API
 
 **Core Concept:**
 
-The MCP Mesh Proxy is the heart of the system. It acts as a secure intermediary that:
+Studio Proxy is the heart of the system. It acts as a secure intermediary that:
 
 1. Accepts requests with organization-scoped OAuth tokens or API keys
 2. Validates tokens and checks permissions (via Better Auth)
-3. Replaces Mesh tokens with actual service credentials
+3. Replaces Studio tokens with actual service credentials
 4. Proxies requests to target MCP services
 5. Logs all activity for auditing
 
@@ -4500,7 +4500,7 @@ Content-Type: application/json
 }
 ```
 
-The Mesh encrypts and stores `gmail-secret-token-XPTO` securely within the organization.
+Studio encrypts and stores `gmail-secret-token-XPTO` securely within the organization.
 
 #### Step 3: Create an API Key with Permissions
 
@@ -4546,7 +4546,7 @@ Content-Type: application/json
 
 **Behind the Scenes:**
 
-1. Mesh validates the API key `mcp_abc123...`
+1. Studio validates the API key `mcp_abc123...`
 2. Checks if key has permission for `SEND_EMAIL` on `conn_abc123`
 3. Retrieves connection config and decrypts the Gmail token: `gmail-secret-token-XPTO`
 4. Proxies the request to `https://mcp.gmail.com/mcp`:
@@ -4687,7 +4687,7 @@ docker-compose up -d
 
 **Option 4: Docker with PostgreSQL (Optional - for scale)**
 
-Only needed if you expect high concurrent usage or want to run multiple Mesh instances.
+Only needed if you expect high concurrent usage or want to run multiple Studio instances.
 
 ```yaml
 # docker-compose.yml
@@ -4720,7 +4720,7 @@ volumes:
 
 **Environment Variables:**
 
-MCP Mesh is designed with minimal configuration. Only **one** environment variable is supported:
+Studio is designed with minimal configuration. Only **one** environment variable is supported:
 
 ```bash
 # Database (optional - defaults to SQLite at ./data/mesh.db)
@@ -4831,4 +4831,4 @@ We welcome contributions! Please see our [CONTRIBUTING.md](./CONTRIBUTING.md) fo
 
 ## License
 
-MCP Mesh is open-source software licensed under the [MIT License](./LICENSE).
+Studio is open-source software licensed under the [MIT License](./LICENSE).
diff --git a/apps/mesh/spec/monitoring-share-plugin.md b/apps/mesh/spec/monitoring-share-plugin.md
index 786e1e6afa..b05a9430af 100644
--- a/apps/mesh/spec/monitoring-share-plugin.md
+++ b/apps/mesh/spec/monitoring-share-plugin.md
@@ -5,7 +5,7 @@
 
 ## Overview
 
-Extend the plugin system to support root-level public routes, then create a Mesh plugin (`mesh-plugin-monitoring-share`) that enables sharing read-only, data-scoped monitoring dashboards with external clients via presigned URLs.
+Extend the plugin system to support root-level public routes, then create a Studio plugin (`mesh-plugin-monitoring-share`) that enables sharing read-only, data-scoped monitoring dashboards with external clients via presigned URLs.
 
 ### Key Features
 - Presigned URLs with embedded tokens (no login required, time-limited)
@@ -269,7 +269,7 @@ setup: (ctx) => {
 |------|--------|
 | `packages/bindings/src/core/plugins.ts` | Add `rootRoute` and `registerPublicRoutes` to context |
 | `apps/mesh/src/web/index.tsx` | Pass new context props, collect and mount public routes |
-| `packages/mesh-plugin-user-sandbox/client/index.ts` | Migrate connect route registration |
+| `packages/@decocms/sandbox/client/index.ts` | Migrate connect route registration |
 | `apps/mesh/src/web/routes/connect.tsx` | Remove (or keep as fallback) |
 
 ### Phase 2 & 3 (Plugin)
diff --git a/apps/mesh/src/ai-providers/adapters/gemini-interactions.test.ts b/apps/mesh/src/ai-providers/adapters/gemini-interactions.test.ts
new file mode 100644
index 0000000000..1589959a2c
--- /dev/null
+++ b/apps/mesh/src/ai-providers/adapters/gemini-interactions.test.ts
@@ -0,0 +1,319 @@
+import { afterEach, describe, expect, test } from "bun:test";
+import { AsyncResearchTerminalError } from "../types";
+import {
+  isInteractionsOnlyModel,
+  pollInteraction,
+  submitInteraction,
+} from "./gemini-interactions";
+
+const realFetch = globalThis.fetch;
+
+afterEach(() => {
+  globalThis.fetch = realFetch;
+});
+
+function jsonResponse(body: unknown, status = 200): Response {
+  return new Response(JSON.stringify(body), {
+    status,
+    headers: { "Content-Type": "application/json" },
+  });
+}
+
+/**
+ * Mock fetch with a queue of canned responses. Each call dequeues one.
+ * Returns the captured request URLs/methods so tests can assert call sequence.
+ */
+function queueFetch(responses: Array<() => Response>) {
+  const calls: Array<{ url: string; method: string }> = [];
+  const queue = [...responses];
+  globalThis.fetch = (async (url: unknown, init?: RequestInit) => {
+    calls.push({
+      url: String(url),
+      method: init?.method ?? "GET",
+    });
+    const next = queue.shift();
+    if (!next) throw new Error("queueFetch: out of responses");
+    return next();
+  }) as unknown as typeof fetch;
+  return calls;
+}
+
+describe("isInteractionsOnlyModel", () => {
+  test("matches every deep-research variant", () => {
+    expect(isInteractionsOnlyModel("deep-research-preview-04-2026")).toBe(true);
+    expect(isInteractionsOnlyModel("deep-research-max-preview-04-2026")).toBe(
+      true,
+    );
+    expect(isInteractionsOnlyModel("deep-research-pro-preview-12-2025")).toBe(
+      true,
+    );
+  });
+  test("rejects regular models", () => {
+    expect(isInteractionsOnlyModel("gemini-2.5-flash")).toBe(false);
+    expect(isInteractionsOnlyModel("gemini-3-flash-preview")).toBe(false);
+    expect(isInteractionsOnlyModel("imagen-4")).toBe(false);
+  });
+});
+
+describe("submitInteraction", () => {
+  test("POSTs and returns the interaction id", async () => {
+    const calls = queueFetch([() => jsonResponse({ id: "i_abc" })]);
+
+    const result = await submitInteraction({
+      apiKey: "k",
+      agent: "deep-research-preview-04-2026",
+      query: "hello",
+    });
+
+    expect(result.interactionId).toBe("i_abc");
+    expect(calls).toHaveLength(1);
+    expect(calls[0]?.method).toBe("POST");
+    expect(calls[0]?.url).toMatch(/\/v1beta\/interactions$/);
+  });
+
+  test("throws on non-2xx with response body", async () => {
+    queueFetch([() => new Response("forbidden: bad key", { status: 403 })]);
+    await expect(
+      submitInteraction({ apiKey: "k", agent: "a", query: "q" }),
+    ).rejects.toThrow(/403.*forbidden/);
+  });
+
+  test("throws when response is missing id", async () => {
+    queueFetch([() => jsonResponse({})]);
+    await expect(
+      submitInteraction({ apiKey: "k", agent: "a", query: "q" }),
+    ).rejects.toThrow(/missing id/);
+  });
+});
+
+describe("pollInteraction", () => {
+  test("polls until completed and returns final text + citations + usage", async () => {
+    const progress: string[] = [];
+    queueFetch([
+      () =>
+        jsonResponse({
+          status: "in_progress",
+          outputs: [{ type: "thought_summary", text: "Researching…" }],
+        }),
+      () =>
+        jsonResponse({
+          status: "completed",
+          outputs: [
+            { type: "thought_summary", text: "Researching…" },
+            {
+              type: "text",
+              text: "The answer is 42.",
+              annotations: [
+                {
+                  type: "url_citation",
+                  url: "https://example.com",
+                  title: "Example",
+                },
+              ],
+            },
+          ],
+          usage: { input_tokens: 100, output_tokens: 50 },
+        }),
+    ]);
+
+    const result = await pollInteraction({
+      apiKey: "k",
+      interactionId: "i_1",
+      pollIntervalMs: 0,
+      onProgress: (t) => progress.push(t),
+    });
+
+    expect(result.text).toBe("The answer is 42.");
+    expect(result.citations).toEqual([
+      { url: "https://example.com", title: "Example" },
+    ]);
+    expect(result.usage).toEqual({ inputTokens: 100, outputTokens: 50 });
+    expect(progress.at(-1)).toContain("The answer is 42.");
+    expect(progress.at(-1)).toContain("Researching");
+  });
+
+  test("throws AsyncResearchTerminalError on failed status", async () => {
+    queueFetch([
+      () => jsonResponse({ status: "failed", error: "model overloaded" }),
+    ]);
+
+    await expect(
+      pollInteraction({
+        apiKey: "k",
+        interactionId: "i_2",
+        pollIntervalMs: 0,
+      }),
+    ).rejects.toBeInstanceOf(AsyncResearchTerminalError);
+  });
+
+  test("throws AsyncResearchTerminalError on cancelled status", async () => {
+    queueFetch([() => jsonResponse({ status: "cancelled" })]);
+    await expect(
+      pollInteraction({
+        apiKey: "k",
+        interactionId: "i_3",
+        pollIntervalMs: 0,
+      }),
+    ).rejects.toBeInstanceOf(AsyncResearchTerminalError);
+  });
+
+  test("transient HTTP errors throw plain Error (not terminal)", async () => {
+    queueFetch([() => new Response("upstream timeout", { status: 502 })]);
+    let caught: unknown;
+    try {
+      await pollInteraction({
+        apiKey: "k",
+        interactionId: "i_2b",
+        pollIntervalMs: 0,
+      });
+    } catch (e) {
+      caught = e;
+    }
+    expect(caught).toBeInstanceOf(Error);
+    expect(caught).not.toBeInstanceOf(AsyncResearchTerminalError);
+  });
+
+  test("dedupes citations across outputs by url", async () => {
+    queueFetch([
+      () =>
+        jsonResponse({
+          status: "completed",
+          outputs: [
+            {
+              type: "text",
+              text: "a",
+              annotations: [
+                { type: "url_citation", url: "https://x", title: "X" },
+              ],
+            },
+            {
+              type: "text",
+              text: "b",
+              annotations: [
+                { type: "url_citation", url: "https://x", title: "X dup" },
+                { type: "url_citation", url: "https://y", title: "Y" },
+              ],
+            },
+          ],
+          usage: { input_tokens: 1, output_tokens: 1 },
+        }),
+    ]);
+
+    const result = await pollInteraction({
+      apiKey: "k",
+      interactionId: "i_4",
+      pollIntervalMs: 0,
+    });
+
+    expect(result.citations.map((c) => c.url)).toEqual([
+      "https://x",
+      "https://y",
+    ]);
+  });
+
+  test("aborts before issuing a poll when signal is already aborted", async () => {
+    const calls = queueFetch([]);
+    const ac = new AbortController();
+    ac.abort();
+    await expect(
+      pollInteraction({
+        apiKey: "k",
+        interactionId: "i_5",
+        abortSignal: ac.signal,
+        pollIntervalMs: 0,
+      }),
+    ).rejects.toMatchObject({ name: "AbortError" });
+    expect(calls).toHaveLength(0);
+  });
+
+  test("rewrites vertexaisearch redirect URLs to the underlying source", async () => {
+    queueFetch([
+      // poll → completed
+      () =>
+        jsonResponse({
+          status: "completed",
+          outputs: [
+            {
+              type: "text",
+              text: "report",
+              annotations: [
+                {
+                  type: "url_citation",
+                  url: "https://vertexaisearch.cloud.google.com/grounding-api-redirect/AAA",
+                  title: "vertexaisearch.cloud.go…",
+                },
+                {
+                  type: "url_citation",
+                  url: "https://example.com/already-direct",
+                  title: "Direct",
+                },
+              ],
+            },
+          ],
+          usage: { input_tokens: 1, output_tokens: 1 },
+        }),
+      // HEAD on the redirect URL → 302 with Location
+      () =>
+        new Response(null, {
+          status: 302,
+          headers: { location: "https://nytimes.com/article" },
+        }),
+    ]);
+
+    const result = await pollInteraction({
+      apiKey: "k",
+      interactionId: "i_redir",
+      pollIntervalMs: 0,
+    });
+
+    expect(result.citations).toEqual([
+      { url: "https://nytimes.com/article", title: "vertexaisearch.cloud.go…" },
+      { url: "https://example.com/already-direct", title: "Direct" },
+    ]);
+  });
+
+  test("keeps original URL when redirect resolution fails", async () => {
+    queueFetch([
+      () =>
+        jsonResponse({
+          status: "completed",
+          outputs: [
+            {
+              type: "text",
+              text: "x",
+              annotations: [
+                {
+                  type: "url_citation",
+                  url: "https://vertexaisearch.cloud.google.com/grounding-api-redirect/BBB",
+                  title: "T",
+                },
+              ],
+            },
+          ],
+          usage: { input_tokens: 0, output_tokens: 0 },
+        }),
+      // HEAD returns 200 without a Location header — keep original.
+      () => new Response(null, { status: 200 }),
+    ]);
+    const result = await pollInteraction({
+      apiKey: "k",
+      interactionId: "i_keep",
+      pollIntervalMs: 0,
+    });
+    expect(result.citations[0]?.url).toMatch(/grounding-api-redirect\/BBB/);
+  });
+
+  test("URL-encodes the interaction id", async () => {
+    const calls = queueFetch([
+      () => jsonResponse({ status: "completed", outputs: [] }),
+    ]);
+    await pollInteraction({
+      apiKey: "k",
+      interactionId: "interactions/i_with/slash",
+      pollIntervalMs: 0,
+    });
+    expect(calls[0]?.url).toContain(
+      encodeURIComponent("interactions/i_with/slash"),
+    );
+  });
+});
diff --git a/apps/mesh/src/ai-providers/adapters/gemini-interactions.ts b/apps/mesh/src/ai-providers/adapters/gemini-interactions.ts
new file mode 100644
index 0000000000..4b0f371472
--- /dev/null
+++ b/apps/mesh/src/ai-providers/adapters/gemini-interactions.ts
@@ -0,0 +1,295 @@
+/**
+ * Gemini Interactions API client for Deep Research models.
+ *
+ * Deep Research models (deep-research-preview-04-2026, etc.) cannot be reached
+ * through `generateContent` / `streamText`. They live behind the Interactions
+ * API at /v1beta/interactions and are async — research jobs run for minutes.
+ *
+ * This module exposes the protocol as `submit` (POST a new job) and `poll`
+ * (GET status until terminal). The tool layer interleaves persistence between
+ * them so a fresh pod can reconnect to an in-flight job after a crash.
+ *
+ * `pollInteraction` throws `AsyncResearchTerminalError` when Google reports
+ * `failed`/`cancelled` (the job is dead, drop the handle), and a regular
+ * `Error` for transient HTTP/network problems (the job may still be running,
+ * keep the handle for a future reconnect).
+ */
+import { AsyncResearchTerminalError } from "../types";
+
+const INTERACTIONS_URL =
+  "https://generativelanguage.googleapis.com/v1beta/interactions";
+
+const DEFAULT_POLL_INTERVAL_MS = 5_000;
+
+export function isInteractionsOnlyModel(modelId: string): boolean {
+  // All Gemini Deep Research variants share the `deep-research-` prefix
+  // (deep-research-preview-*, deep-research-max-preview-*,
+  //  deep-research-pro-preview-*, etc.) and all run via the Interactions
+  // API. Match the whole family rather than enumerate suffixes — every
+  // model in this line so far has been Interactions-only.
+  return /^deep-research-/.test(modelId);
+}
+
+export interface SubmitInteractionOptions {
+  apiKey: string;
+  agent: string;
+  query: string;
+  abortSignal?: AbortSignal;
+}
+
+export interface PollInteractionOptions {
+  apiKey: string;
+  interactionId: string;
+  abortSignal?: AbortSignal;
+  /** Called with the accumulated transcript (thinking + text) after each poll. */
+  onProgress?: (transcript: string) => void;
+  pollIntervalMs?: number;
+}
+
+export interface InteractionsCitation {
+  url: string;
+  title?: string;
+}
+
+export interface InteractionsResearchResponse {
+  text: string;
+  citations: InteractionsCitation[];
+  usage: { inputTokens: number; outputTokens: number };
+}
+
+interface OutputBlock {
+  type: string;
+  text: string;
+  annotations: Array<{ type?: string; url?: string; title?: string }>;
+}
+
+export async function submitInteraction(
+  opts: SubmitInteractionOptions,
+): Promise<{ interactionId: string }> {
+  const res = await fetch(INTERACTIONS_URL, {
+    method: "POST",
+    headers: {
+      "x-goog-api-key": opts.apiKey,
+      "Content-Type": "application/json",
+    },
+    body: JSON.stringify({
+      agent: opts.agent,
+      input: opts.query,
+      background: true,
+      agent_config: {
+        type: "deep-research",
+        thinking_summaries: "auto",
+      },
+    }),
+    signal: opts.abortSignal,
+  });
+
+  if (!res.ok) {
+    const detail = await res.text().catch(() => "");
+    throw new Error(
+      `Gemini Interactions submit failed (${res.status}): ${detail}`,
+    );
+  }
+
+  const body = (await res.json()) as Record<string, unknown>;
+  const id = stringField(body, "id");
+  if (!id) {
+    throw new Error("Gemini Interactions submit: response missing id");
+  }
+  return { interactionId: id };
+}
+
+export async function pollInteraction(
+  opts: PollInteractionOptions,
+): Promise<InteractionsResearchResponse> {
+  const url = `${INTERACTIONS_URL}/${encodeURIComponent(opts.interactionId)}`;
+  const interval = opts.pollIntervalMs ?? DEFAULT_POLL_INTERVAL_MS;
+
+  while (true) {
+    if (opts.abortSignal?.aborted) {
+      throw makeAbortError(opts.abortSignal);
+    }
+
+    const res = await fetch(url, {
+      headers: { "x-goog-api-key": opts.apiKey },
+      signal: opts.abortSignal,
+    });
+
+    if (!res.ok) {
+      const detail = await res.text().catch(() => "");
+      throw new Error(
+        `Gemini Interactions poll failed (${res.status}): ${detail}`,
+      );
+    }
+
+    const payload = (await res.json()) as Record<string, unknown>;
+    const status = stringField(payload, "status") ?? "in_progress";
+    const outputs = parseOutputs(arrayField(payload, "outputs") ?? []);
+    if (opts.onProgress) opts.onProgress(buildTranscript(outputs));
+
+    switch (status) {
+      case "completed": {
+        const result = finalize(outputs, parseUsage(payload));
+        // Gemini surfaces citation URLs as `vertexaisearch.cloud.google.com/...`
+        // redirects rather than the underlying source. Resolve them so the
+        // UI shows the real domain instead of an opaque Google URL.
+        result.citations = await resolveCitationRedirects(result.citations);
+        return result;
+      }
+      case "failed":
+      case "cancelled": {
+        const errMsg =
+          stringField(payload, "error") ??
+          stringField(payload, "message") ??
+          status;
+        // Terminal Google-side state — the interaction id no longer
+        // resumable; surface a typed error so callers drop the handle.
+        throw new AsyncResearchTerminalError(`Gemini Interactions: ${errMsg}`);
+      }
+      // "in_progress" / unknown → keep polling
+    }
+
+    await sleep(interval, opts.abortSignal);
+  }
+}
+
+/**
+ * Citation URLs from Gemini come as Vertex AI Search redirect URLs, e.g.
+ * `https://vertexaisearch.cloud.google.com/grounding-api-redirect/<token>`.
+ * Resolve each in parallel via a HEAD request that doesn't follow redirects;
+ * if the response carries a Location header, swap in that URL. On any
+ * failure (network, no Location, non-redirect response) we keep the
+ * original — the UI still works, it just shows the redirect URL.
+ */
+async function resolveCitationRedirects(
+  citations: InteractionsCitation[],
+): Promise<InteractionsCitation[]> {
+  const REDIRECT_HOST = "vertexaisearch.cloud.google.com";
+  const TIMEOUT_MS = 5_000;
+  return Promise.all(
+    citations.map(async (c) => {
+      let host: string;
+      try {
+        host = new URL(c.url).hostname;
+      } catch {
+        return c;
+      }
+      if (host !== REDIRECT_HOST) return c;
+      try {
+        const ctrl = new AbortController();
+        const timer = setTimeout(() => ctrl.abort(), TIMEOUT_MS);
+        const res = await fetch(c.url, {
+          method: "HEAD",
+          redirect: "manual",
+          signal: ctrl.signal,
+        });
+        clearTimeout(timer);
+        const location = res.headers.get("location");
+        if (location) return { ...c, url: location };
+        return c;
+      } catch {
+        return c;
+      }
+    }),
+  );
+}
+
+function buildTranscript(outputs: OutputBlock[]): string {
+  const parts: string[] = [];
+  for (const o of outputs) {
+    if (!o.text) continue;
+    if (o.type === "thought_summary") parts.push(`*${o.text}*`);
+    else if (o.type === "text") parts.push(o.text);
+  }
+  return parts.join("\n\n");
+}
+
+function finalize(
+  outputs: OutputBlock[],
+  usage: { inputTokens: number; outputTokens: number },
+): InteractionsResearchResponse {
+  const textParts: string[] = [];
+  const citations: InteractionsCitation[] = [];
+  const seenUrls = new Set<string>();
+
+  for (const o of outputs) {
+    if (o.type === "text" && o.text) textParts.push(o.text);
+    for (const a of o.annotations) {
+      if (a?.type === "url_citation" && a.url && !seenUrls.has(a.url)) {
+        seenUrls.add(a.url);
+        citations.push({ url: a.url, title: a.title });
+      }
+    }
+  }
+
+  return { text: textParts.join("\n\n"), citations, usage };
+}
+
+function parseOutputs(raw: unknown[]): OutputBlock[] {
+  const out: OutputBlock[] = [];
+  for (const r of raw) {
+    if (!r || typeof r !== "object") continue;
+    const o = r as Record<string, unknown>;
+    const annotations = arrayField(o, "annotations");
+    out.push({
+      type: stringField(o, "type") ?? "text",
+      text: stringField(o, "text") ?? "",
+      annotations: (annotations as OutputBlock["annotations"]) ?? [],
+    });
+  }
+  return out;
+}
+
+function parseUsage(payload: Record<string, unknown>): {
+  inputTokens: number;
+  outputTokens: number;
+} {
+  const usage = payload.usage as Record<string, unknown> | undefined;
+  if (!usage) return { inputTokens: 0, outputTokens: 0 };
+  const inputTokens = numberField(usage, "input_tokens") ?? 0;
+  const outputTokens =
+    numberField(usage, "output_tokens") ??
+    Math.max(0, (numberField(usage, "total_tokens") ?? 0) - inputTokens);
+  return { inputTokens, outputTokens };
+}
+
+function sleep(ms: number, signal?: AbortSignal): Promise<void> {
+  return new Promise((resolve, reject) => {
+    if (signal?.aborted) return reject(makeAbortError(signal));
+    const t = setTimeout(() => {
+      signal?.removeEventListener("abort", onAbort);
+      resolve();
+    }, ms);
+    const onAbort = () => {
+      clearTimeout(t);
+      reject(makeAbortError(signal));
+    };
+    signal?.addEventListener("abort", onAbort, { once: true });
+  });
+}
+
+function makeAbortError(signal?: AbortSignal): Error {
+  const reason = signal?.reason;
+  if (reason instanceof Error) return reason;
+  const err = new Error("Aborted");
+  err.name = "AbortError";
+  return err;
+}
+
+function stringField(obj: Record<string, unknown>, key: string): string | null {
+  const v = obj[key];
+  return typeof v === "string" ? v : null;
+}
+
+function numberField(obj: Record<string, unknown>, key: string): number | null {
+  const v = obj[key];
+  return typeof v === "number" ? v : null;
+}
+
+function arrayField(
+  obj: Record<string, unknown>,
+  key: string,
+): unknown[] | null {
+  const v = obj[key];
+  return Array.isArray(v) ? v : null;
+}
diff --git a/apps/mesh/src/ai-providers/adapters/google.ts b/apps/mesh/src/ai-providers/adapters/google.ts
index 9ac229f47a..13130b3ac4 100644
--- a/apps/mesh/src/ai-providers/adapters/google.ts
+++ b/apps/mesh/src/ai-providers/adapters/google.ts
@@ -1,5 +1,10 @@
 import { createGoogleGenerativeAI } from "@ai-sdk/google";
 import type { ModelCapability } from "@decocms/mesh-sdk";
+import {
+  isInteractionsOnlyModel,
+  pollInteraction,
+  submitInteraction,
+} from "./gemini-interactions";
 import type { MeshProvider, ProviderAdapter, ModelInfo } from "../types";
 
 interface GoogleModel {
@@ -62,6 +67,27 @@ export const googleAdapter: ProviderAdapter = {
       info: this.info,
       aiSdk,
 
+      asyncResearch: {
+        canHandle: (modelId) => isInteractionsOnlyModel(modelId),
+        start: async ({ modelId, query, abortSignal }) => {
+          const { interactionId } = await submitInteraction({
+            apiKey,
+            agent: modelId,
+            query,
+            abortSignal,
+          });
+          return { jobId: interactionId };
+        },
+        resume: ({ jobId, abortSignal, onProgress, pollIntervalMs }) =>
+          pollInteraction({
+            apiKey,
+            interactionId: jobId,
+            abortSignal,
+            onProgress,
+            pollIntervalMs,
+          }),
+      },
+
       async listModels(): Promise<ModelInfo[]> {
         const res = await fetch(
           `https://generativelanguage.googleapis.com/v1beta/models?key=${apiKey}`,
@@ -72,19 +98,23 @@ export const googleAdapter: ProviderAdapter = {
         const data: { models: GoogleModel[] } = await res.json();
         return data.models
           .filter((m: GoogleModel) => m.lifecycleState !== "DEPRECATED")
-          .map((m: GoogleModel) => ({
-            modelId: m.name.replace("models/", ""),
-            providerId: "google",
-            title: m.displayName,
-            description: m.description,
-            logo: null,
-            capabilities: deriveCapabilities(m),
-            limits: {
-              contextWindow: m.inputTokenLimit,
-              maxOutputTokens: m.outputTokenLimit,
-            },
-            costs: null,
-          }));
+          .map((m: GoogleModel) => {
+            const id = m.name.replace("models/", "");
+            return {
+              modelId: id,
+              providerId: "google" as const,
+              title: m.displayName,
+              description: m.description,
+              logo: null,
+              capabilities: deriveCapabilities(m),
+              limits: {
+                contextWindow: m.inputTokenLimit,
+                maxOutputTokens: m.outputTokenLimit,
+              },
+              costs: null,
+              ...(isInteractionsOnlyModel(id) && { asyncResearch: true }),
+            };
+          });
       },
     };
   },
diff --git a/apps/mesh/src/ai-providers/coding-agents/claude-code/index.ts b/apps/mesh/src/ai-providers/coding-agents/claude-code/index.ts
index 74dd19592e..8f6f6d6715 100644
--- a/apps/mesh/src/ai-providers/coding-agents/claude-code/index.ts
+++ b/apps/mesh/src/ai-providers/coding-agents/claude-code/index.ts
@@ -21,6 +21,8 @@ export function createClaudeCodeModel(
     /** Chat mode plan — same tool restrictions as readonly for headless CLI */
     isPlanMode?: boolean;
     resume?: string;
+    /** Working directory for Claude Code's subprocess. Defaults to mesh's cwd. */
+    cwd?: string;
   },
 ) {
   // Tools that require a TTY, manage local state, or are not useful in headless mode
@@ -36,7 +38,7 @@ export function createClaudeCodeModel(
     NonNullable<Parameters<typeof createClaudeCode>[0]>["defaultSettings"]
   > = {
     mcpServers: options?.mcpServers,
-    cwd: process.cwd(),
+    cwd: options?.cwd ?? process.cwd(),
   };
 
   const restrictWrites =
diff --git a/apps/mesh/src/ai-providers/factory.ts b/apps/mesh/src/ai-providers/factory.ts
index fac79f4657..c36a85d52e 100644
--- a/apps/mesh/src/ai-providers/factory.ts
+++ b/apps/mesh/src/ai-providers/factory.ts
@@ -1,7 +1,12 @@
 import type { ModelCapability } from "@decocms/mesh-sdk";
 import type { AIProviderKeyStorage } from "../storage/ai-provider-keys";
 import type { ModelListCache } from "./model-list-cache";
-import type { MeshProvider, ModelInfo, OpenRouterAPIModel } from "./types";
+import type {
+  MeshProvider,
+  ModelInfo,
+  OpenRouterAPIModel,
+  ProviderAdapter,
+} from "./types";
 import { getProviders } from "./registry";
 
 // Sentinel org ID for the shared OpenRouter metadata cache (not org-specific)
@@ -91,6 +96,27 @@ function candidateIds(modelId: string): string[] {
   return [...new Set([modelId, dashed, withoutDate, dashedWithoutDate])];
 }
 
+// Anthropic's document blocks support PDFs on all vision-capable Claude models.
+// This covers both direct Anthropic keys (providerId="anthropic") and models
+// routed through OpenRouter/deco (modelId starts with "anthropic/").
+function isAnthropicModel(m: ModelInfo): boolean {
+  return m.providerId === "anthropic" || m.modelId.startsWith("anthropic/");
+}
+
+function applyAnthropicPdfCapability(
+  caps: ModelCapability[],
+  m: ModelInfo,
+): ModelCapability[] {
+  if (
+    isAnthropicModel(m) &&
+    caps.includes("vision") &&
+    !caps.includes("file")
+  ) {
+    return [...caps, "file"] as ModelCapability[];
+  }
+  return caps;
+}
+
 function enrich(
   models: ModelInfo[],
   index: Map<string, Partial<ModelInfo>>,
@@ -98,15 +124,17 @@ function enrich(
   return models.map((m) => {
     const candidates = candidateIds(m.modelId);
     const meta = candidates.map((id) => index.get(id)).find(Boolean);
+    const rawCaps: ModelCapability[] = m.capabilities.length
+      ? m.capabilities
+      : (meta?.capabilities ?? []);
+    const caps = applyAnthropicPdfCapability(rawCaps, m);
     if (!meta) {
-      return m;
+      return caps === rawCaps ? m : { ...m, capabilities: caps };
     }
     return {
       ...m,
       description: m.description ?? meta.description ?? null,
-      capabilities: m.capabilities.length
-        ? m.capabilities
-        : (meta.capabilities ?? []),
+      capabilities: caps,
       limits: m.limits ?? meta.limits ?? null,
       costs: m.costs ?? meta.costs ?? null,
     };
@@ -138,14 +166,19 @@ export class AIProviderFactory {
       organizationId,
     );
     const providerId = keyInfo.providerId;
+    const adapter = getProviders()[providerId];
+    if (!adapter) throw new Error(`Unknown provider: ${providerId}`);
 
     if (this.cache) {
       const cached = await this.cache.get(organizationId, providerId);
-      if (cached) return cached;
+      if (cached) {
+        // Re-apply per-request flags (e.g. asyncResearch) on the cached
+        // payload — entries cached before the flag existed otherwise leak
+        // through stale.
+        return applyProviderFlags(cached, adapter, apiKey);
+      }
     }
 
-    const adapter = getProviders()[providerId];
-    if (!adapter) throw new Error(`Unknown provider: ${providerId}`);
     const provider = adapter.create(apiKey);
     const rawModels = await provider.listModels();
 
@@ -161,6 +194,12 @@ export class AIProviderFactory {
     if (providerId !== "openrouter") {
       const index = await getOpenRouterIndex(this.cache);
       models = enrich(models, index);
+    } else {
+      // OpenRouter path skips enrich() — still apply provider-specific fixes.
+      models = models.map((m) => ({
+        ...m,
+        capabilities: applyAnthropicPdfCapability(m.capabilities, m),
+      }));
     }
 
     const result = models.map((m) => ({ ...m, providerId }));
@@ -169,6 +208,26 @@ export class AIProviderFactory {
       await this.cache.set(organizationId, providerId, result);
     }
 
-    return result;
+    return applyProviderFlags(result, adapter, apiKey);
   }
 }
+
+/**
+ * Stamp request-time flags onto a model list. Lets us ship new flags
+ * (currently `asyncResearch`) without forcing a cache invalidation.
+ *
+ * Creates a provider once and reuses it across all models — `adapter.create`
+ * is cheap (just closure construction) but worth not repeating per model.
+ */
+function applyProviderFlags(
+  models: ModelInfo[],
+  adapter: ProviderAdapter,
+  apiKey: string,
+): ModelInfo[] {
+  const provider = adapter.create(apiKey);
+  const asyncResearch = provider.asyncResearch;
+  if (!asyncResearch) return models;
+  return models.map((m) =>
+    asyncResearch.canHandle(m.modelId) ? { ...m, asyncResearch: true } : m,
+  );
+}
diff --git a/apps/mesh/src/ai-providers/types.ts b/apps/mesh/src/ai-providers/types.ts
index eb405cd1d3..9c09f1923f 100644
--- a/apps/mesh/src/ai-providers/types.ts
+++ b/apps/mesh/src/ai-providers/types.ts
@@ -21,6 +21,9 @@ export interface ModelInfo {
   costs: { input: number; output: number } | null;
   /** When true the upstream provider has flagged this model as deprecated. */
   deprecated?: boolean;
+  /** Mirrors `AiProviderModel.asyncResearch` — restricts this model to the
+   *  deep-research slot. */
+  asyncResearch?: boolean;
 }
 
 export interface TokenCounter {
@@ -30,9 +33,62 @@ export interface TokenCounter {
   }): Promise<{ count: number }>;
 }
 
+export interface AsyncResearchResult {
+  text: string;
+  citations: Array<{ url: string; title?: string }>;
+  usage: { inputTokens: number; outputTokens: number };
+}
+
+/**
+ * Thrown by `AsyncResearchProvider.resume` when the underlying job reaches a
+ * terminal failure state on the provider's side (e.g. Gemini's interaction
+ * status transitioned to `failed`/`cancelled`). The job no longer exists to
+ * resume, so callers should drop any persisted handle.
+ *
+ * Plain `Error` from `resume` means our own poll/HTTP failed transiently —
+ * the provider-side job may still be running; the handle should be kept for
+ * a future reconnect.
+ */
+export class AsyncResearchTerminalError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = "AsyncResearchTerminalError";
+  }
+}
+
+/**
+ * Generic capability for "research" jobs that don't fit streamText — they're
+ * submit-then-poll, take minutes, and need to survive pod death. Each adapter
+ * decides which of its models route through this path; the caller doesn't
+ * know whether the underlying protocol is Gemini's Interactions API,
+ * something OpenAI ships later, etc.
+ */
+export interface AsyncResearchProvider {
+  /** Whether the given model id should be driven through this capability. */
+  canHandle(modelId: string): boolean;
+  /** Submit a new job. Returns an adapter-opaque handle that survives restarts. */
+  start(req: {
+    modelId: string;
+    query: string;
+    abortSignal?: AbortSignal;
+  }): Promise<{ jobId: string }>;
+  /**
+   * Drive an already-submitted job to terminal state. Same call works for the
+   * pod that submitted it AND for a fresh pod resuming after a crash.
+   */
+  resume(req: {
+    jobId: string;
+    abortSignal?: AbortSignal;
+    onProgress?: (transcript: string) => void;
+    pollIntervalMs?: number;
+  }): Promise<AsyncResearchResult>;
+}
+
 export interface MeshProvider {
   readonly info: ProviderInfo;
   readonly aiSdk: ProviderV3;
+  /** Set by providers that expose async/long-running research jobs. */
+  readonly asyncResearch?: AsyncResearchProvider;
   listModels(): Promise<ModelInfo[]>;
 }
 
diff --git a/apps/mesh/src/api/app.ts b/apps/mesh/src/api/app.ts
index b374c64967..6dd9789bb5 100644
--- a/apps/mesh/src/api/app.ts
+++ b/apps/mesh/src/api/app.ts
@@ -9,6 +9,7 @@
  */
 
 import { getSettings } from "../settings";
+import { usesLocalObjectStorage } from "../tools/connection/dev-assets";
 import { DECO_STORE_URL, isDecoHostedMcp } from "@/core/deco-constants";
 import { WellKnownOrgMCPId } from "@decocms/mesh-sdk";
 import { PrometheusSerializer } from "@opentelemetry/exporter-prometheus";
@@ -24,6 +25,7 @@ import {
 } from "../core/context-factory";
 import type { MeshContext } from "../core/mesh-context";
 import { closeDatabase, getDb, type MeshDatabase } from "../database";
+import { asDockerRunner, getSharedRunnerIfInit } from "../sandbox/lifecycle";
 import { createEventBus, type EventBus } from "../event-bus";
 import {
   flushMonitoringData,
@@ -33,22 +35,33 @@ import {
   tracingMiddleware,
 } from "../observability";
 import authRoutes from "./routes/auth";
-import orgSsoRoutes from "./routes/org-sso";
+import { createSsoRoutes } from "./routes/org-sso";
 import { createDecopilotRoutes } from "./routes/decopilot";
-import downstreamTokenRoutes from "./routes/downstream-token";
-import decoSitesRoutes from "./routes/deco-sites";
-import virtualMcpRoutes from "./routes/virtual-mcp";
-import oauthProxyRoutes, {
+import { createDownstreamTokenRoutes } from "./routes/downstream-token";
+import { logDeprecatedRoute } from "./middleware/log-deprecated-route";
+import { resolveOrgFromPath } from "./middleware/resolve-org-from-path";
+import { createOrgScopedApi } from "./routes/org-scoped";
+import { createVmEventsRoutes } from "./routes/vm-events";
+import {
+  createDecoSitesOrgRoutes,
+  createDecoSitesUserRoutes,
+} from "./routes/deco-sites";
+import { createVirtualMcpRoutes } from "./routes/virtual-mcp";
+import {
+  createLegacyWellKnownProtectedResourceRoutes,
+  createWellKnownAuthServerRoutes,
   fetchAuthorizationServerMetadata,
   fetchProtectedResourceMetadata,
+  protectedResourceMetadataHandler,
 } from "./routes/oauth-proxy";
 import openaiCompatRoutes from "./routes/openai-compat";
-import proxyRoutes from "./routes/proxy";
+import { createProxyRoutes } from "./routes/proxy";
 import { createKVRoutes } from "./routes/kv";
 import { createTriggerCallbackRoutes } from "./routes/trigger-callback";
 import publicConfigRoutes from "./routes/public-config";
 import filesRoutes from "./routes/files";
-import selfRoutes from "./routes/self";
+import { createThreadOutputsRoutes } from "./routes/thread-outputs";
+import { createSelfRoutes } from "./routes/self";
 import { shouldSkipMeshContext, SYSTEM_PATHS } from "./utils/paths";
 import {
   mountPluginRoutes,
@@ -208,6 +221,423 @@ function buildDecoOAuthParams(projectLocator: string | null): URLSearchParams {
   return params;
 }
 
+// ============================================================================
+// Inline route handlers (extracted to named functions so they can be
+// dual-mounted at both the legacy paths and the new `/api/:org/...` paths.)
+// ============================================================================
+
+/**
+ * Handle OAuth-proxy requests for an MCP connection.
+ *
+ * On the org-scoped mount (`/api/:org/oauth-proxy/...`) `resolveOrgFromPath`
+ * has populated `ctx.organization`; we scope the connection lookup to it so
+ * slug-spoofing (asking under org A for a connection that belongs to org B)
+ * returns null. The legacy `/oauth-proxy/...` mount has no org in the URL and
+ * does an unscoped lookup — using the session's `activeOrganizationId` there
+ * would silently 404 multi-org users whose active session org differs from
+ * the connection's owner.
+ */
+const oauthProxyHandler: MiddlewareHandler<Env> = async (c) => {
+  const connectionId = c.req.param("connectionId");
+  if (!connectionId) {
+    return c.json({ error: "Missing connectionId" }, 400);
+  }
+  // Extract endpoint from path: /oauth-proxy/conn_xxx/register -> register
+  // Filter empty parts to handle trailing slashes
+  const pathParts = c.req.path.split("/").filter(Boolean);
+  const endpoint = pathParts[pathParts.length - 1];
+
+  // Get or create context
+  let ctx = c.get("meshContext");
+  if (!ctx) {
+    ctx = await ContextFactory.create(c.req.raw);
+    c.set("meshContext", ctx);
+  }
+
+  const orgScope = c.req.param("org") ? ctx.organization?.id : undefined;
+  const connection = await ctx.storage.connections.findById(
+    connectionId,
+    orgScope,
+  );
+  if (!connection?.connection_url) {
+    return c.json({ error: "Connection not found" }, 404);
+  }
+
+  // Get origin auth server - tries Protected Resource Metadata first, then falls back to origin root
+  const resourceRes = await fetchProtectedResourceMetadata(
+    connection.connection_url,
+  );
+
+  let originAuthServer: string | undefined;
+  const connUrl = new URL(connection.connection_url);
+
+  if (resourceRes.ok) {
+    // Origin has Protected Resource Metadata - use authorization_servers from it
+    const resourceData = (await resourceRes.json()) as {
+      authorization_servers?: string[];
+    };
+    originAuthServer = resourceData.authorization_servers?.[0];
+  }
+
+  // Fall back to origin root if:
+  // - Origin doesn't have Protected Resource Metadata (like Apify)
+  // - Or metadata exists but has empty/missing authorization_servers
+  // Many servers expose /.well-known/oauth-authorization-server at the root even without RFC 9728
+  if (!originAuthServer) {
+    originAuthServer = connUrl.origin;
+  }
+
+  // Get OAuth endpoints from auth server metadata - uses shared function that tries all formats
+  const authServerRes =
+    await fetchAuthorizationServerMetadata(originAuthServer);
+  if (!authServerRes.ok) {
+    return c.json({ error: "Failed to get auth server metadata" }, 502);
+  }
+  const endpoints = (await authServerRes.json()) as {
+    authorization_endpoint?: string;
+    token_endpoint?: string;
+    registration_endpoint?: string;
+  };
+
+  // Map endpoint name to URL
+  let originEndpointUrl: string | undefined;
+  if (endpoint === "authorize") {
+    originEndpointUrl = endpoints.authorization_endpoint;
+  } else if (endpoint === "token") {
+    originEndpointUrl = endpoints.token_endpoint;
+  } else if (endpoint === "register") {
+    originEndpointUrl = endpoints.registration_endpoint;
+  }
+
+  if (!originEndpointUrl) {
+    return c.json({ error: `Unknown OAuth endpoint: ${endpoint}` }, 404);
+  }
+
+  // Build URL with query string
+  const targetUrl = new URL(originEndpointUrl);
+  const reqUrl = new URL(c.req.url);
+  targetUrl.search = reqUrl.search;
+
+  // For authorize endpoint, REDIRECT instead of proxying
+  // The browser needs to navigate directly to the auth server so that:
+  // 1. CSS/JS loads correctly from the origin
+  // 2. Cookies are set on the correct domain
+  // 3. The user can interact with the consent screen
+  if (endpoint === "authorize") {
+    // Validate redirect_uri to prevent OAuth hijacking — only allow our own origin.
+    // Use .get() to grab the first value, then .set() to canonicalize to exactly
+    // one redirect_uri param, preventing parser-differential bypasses via duplicates.
+    const redirectUri = targetUrl.searchParams.get("redirect_uri");
+    if (redirectUri) {
+      const allowedOrigin = getSettings().baseUrl ?? reqUrl.origin;
+      try {
+        const redirectUrl = new URL(redirectUri);
+        const allowedOriginObj = new URL(allowedOrigin);
+
+        // Check if redirect_uri origin matches the allowed origin
+        const isAllowed =
+          redirectUrl.origin === allowedOriginObj.origin ||
+          // Allow localhost for development
+          redirectUrl.hostname === "localhost";
+
+        if (!isAllowed) {
+          return c.json(
+            {
+              error: "invalid_request",
+              error_description: "redirect_uri is not allowed",
+            },
+            400,
+          );
+        }
+      } catch {
+        return c.json(
+          {
+            error: "invalid_request",
+            error_description: "redirect_uri is malformed",
+          },
+          400,
+        );
+      }
+      // Collapse any duplicate redirect_uri params to the single validated value
+      targetUrl.searchParams.set("redirect_uri", redirectUri);
+    }
+
+    // IMPORTANT: Rewrite the 'resource' parameter to point to the origin MCP endpoint
+    // Some auth servers (like Supabase) validate that the resource is their actual endpoint,
+    // not our proxy. We keep the proxy URL for redirect_uri since that's where we handle the callback.
+    if (targetUrl.searchParams.has("resource")) {
+      targetUrl.searchParams.set("resource", connection.connection_url);
+    }
+
+    // Add smart OAuth params for deco-hosted MCPs to skip org/project selection
+    // Wrapped in try-catch to ensure OAuth redirect proceeds even if smart params fail
+    if (isDecoHostedMcp(connection.connection_url)) {
+      try {
+        const projectLocator = await getDecoStoreProjectLocator(
+          ctx,
+          connection.organization_id,
+        );
+        const smartParams = buildDecoOAuthParams(projectLocator);
+        for (const [key, value] of smartParams) {
+          targetUrl.searchParams.set(key, value);
+        }
+      } catch (error) {
+        console.warn(
+          "[oauth-proxy] Failed to get smart OAuth params, proceeding without:",
+          error,
+        );
+      }
+    }
+
+    return c.redirect(targetUrl.toString(), 302);
+  }
+
+  // Forward headers for token/register endpoints
+  const headers: Record<string, string> = {
+    Accept: c.req.header("Accept") || "application/json",
+  };
+  const contentType = c.req.header("Content-Type");
+  if (contentType) headers["Content-Type"] = contentType;
+  const authorization = c.req.header("Authorization");
+  if (authorization) headers["Authorization"] = authorization;
+
+  // For token endpoint, we may need to rewrite the 'resource' parameter in the body
+  // (same reason as authorize: auth servers validate it's their actual endpoint)
+  let requestBody: BodyInit | undefined;
+  if (c.req.method !== "GET" && c.req.method !== "HEAD") {
+    if (
+      endpoint === "token" &&
+      contentType?.includes("application/x-www-form-urlencoded")
+    ) {
+      // Parse form body and rewrite resource if present
+      const formData = await c.req.formData();
+      if (formData.has("resource")) {
+        formData.set("resource", connection.connection_url);
+      }
+      // Convert back to URLSearchParams for form-urlencoded
+      const params = new URLSearchParams();
+      for (const [key, value] of formData.entries()) {
+        params.append(key, value.toString());
+      }
+      requestBody = params.toString();
+    } else if (
+      endpoint === "register" &&
+      // Media types are case-insensitive (RFC 7231 §3.1.1.1) — normalize so
+      // `Application/JSON` etc. don't bypass the injection.
+      contentType
+        ?.toLowerCase()
+        .includes("application/json")
+    ) {
+      // Inject the connection's owning org into the DCR `metadata` field so the
+      // downstream MCP App can scope the registered OAuth client to a tenant
+      // without depending on user session state. RFC 7591 §2 reserves
+      // `metadata` for arbitrary client metadata extensions; downstream servers
+      // that don't recognize the field MUST ignore it.
+      // Gated on JSON content type so non-JSON DCR bodies (spec-violating but
+      // possible) get byte-perfect passthrough via the raw-body branch below
+      // instead of a lossy UTF-8 decode/re-encode round trip.
+      const org = await ctx.db
+        .selectFrom("organization")
+        .select(["id", "slug", "name"])
+        .where("id", "=", connection.organization_id)
+        .executeTakeFirst();
+      const rawText = await c.req.text();
+      let parsed: unknown = {};
+      try {
+        parsed = rawText ? JSON.parse(rawText) : {};
+      } catch {
+        // Body isn't JSON — pass through unchanged so origin returns its own
+        // 400, rather than us masking the client error.
+        requestBody = rawText;
+      }
+      // Only mutate plain objects. Arrays, null, and primitives are non-spec
+      // for DCR and would either throw on property assignment (null/primitive)
+      // or be silently dropped by `JSON.stringify` (array). Pass them through
+      // and let origin return the appropriate 4xx.
+      const isPlainObject =
+        typeof parsed === "object" && parsed !== null && !Array.isArray(parsed);
+      if (requestBody === undefined && !isPlainObject) {
+        requestBody = rawText;
+      }
+      if (requestBody === undefined) {
+        const obj = parsed as Record<string, unknown>;
+        const existingMetadata =
+          obj.metadata && typeof obj.metadata === "object"
+            ? (obj.metadata as Record<string, unknown>)
+            : {};
+        obj.metadata = {
+          ...existingMetadata,
+          organization_id: connection.organization_id,
+          ...(org?.slug ? { organization_slug: org.slug } : {}),
+          ...(org?.name ? { organization_name: org.name } : {}),
+        };
+        requestBody = JSON.stringify(obj);
+        headers["Content-Type"] = "application/json";
+      }
+    } else {
+      // For other content types, pass through as-is
+      requestBody = c.req.raw.body ?? undefined;
+    }
+  }
+
+  // Proxy the request (token and register endpoints only)
+  const response = await fetch(targetUrl.toString(), {
+    method: c.req.method,
+    headers,
+    body: requestBody,
+    // @ts-expect-error - duplex needed for streaming
+    duplex: "half",
+    redirect: "manual",
+  });
+
+  // Copy response headers, excluding hop-by-hop and encoding headers
+  // Note: Node.js fetch auto-decompresses, so content-encoding/content-length would be wrong
+  const responseHeaders = new Headers();
+  const excludedHeaders = [
+    "connection",
+    "keep-alive",
+    "transfer-encoding",
+    "content-encoding",
+    "content-length",
+  ];
+  for (const [key, value] of response.headers.entries()) {
+    if (!excludedHeaders.includes(key.toLowerCase())) {
+      responseHeaders.set(key, value);
+    }
+  }
+
+  return new Response(response.body, {
+    status: response.status,
+    statusText: response.statusText,
+    headers: responseHeaders,
+  });
+};
+
+/**
+ * Publish a public event for an org.
+ * Resolves the org from `ctx.organization.id` (set by `resolveOrgFromPath`
+ * on the `/api/:org/...` mount) or, when missing, from the legacy
+ * `:organizationId` path param.
+ */
+const eventsHandler: MiddlewareHandler<Env> = async (c) => {
+  const ctx = c.var.meshContext;
+  const orgId = ctx.organization?.id ?? c.req.param("organizationId");
+  if (!orgId) {
+    return c.json({ error: "organization id missing" }, 400);
+  }
+  await ctx.eventBus.publish(orgId, WellKnownOrgMCPId.SELF(orgId), {
+    data: await c.req.json(),
+    type: `public:${c.req.param("type")}`,
+    subject: c.req.query("subject"),
+    deliverAt: c.req.query("deliverAt"),
+    cron: c.req.query("cron"),
+  });
+  return c.json({ success: true });
+};
+
+/**
+ * SSE watch endpoint — streams events for an organization in real time.
+ * Resolves the org from `ctx.organization.id` (set by `resolveOrgFromPath`
+ * on the `/api/:org/watch` mount) or from the legacy `:organizationId`
+ * path param. Auth is required either way.
+ */
+const watchHandler: MiddlewareHandler<Env> = async (c) => {
+  const meshContext = c.var.meshContext;
+
+  // Require authentication (user session or API key)
+  const userId = meshContext.auth.user?.id ?? meshContext.auth.apiKey?.userId;
+  if (!userId) {
+    return c.json({ error: "Unauthorized" }, 401);
+  }
+
+  // Prefer org resolved from path (new mount); fall back to legacy param.
+  const orgId =
+    meshContext.organization?.id ?? c.req.param("organizationId") ?? null;
+  if (!orgId) {
+    return c.json({ error: "organization id missing" }, 400);
+  }
+
+  // On the legacy path the middleware doesn't enforce membership; check that
+  // the authenticated user has access to the requested organization. (On the
+  // new path `resolveOrgFromPath` already enforced this and `orgId` came from
+  // `ctx.organization.id`, so the comparison is trivially true.)
+  if (orgId !== meshContext.organization?.id) {
+    return c.json({ error: "Forbidden access to organization" }, 403);
+  }
+
+  // Optional type filter: ?types=workflow.*,public.* (comma-separated patterns)
+  const typesParam = c.req.query("types");
+  const typePatterns = typesParam
+    ? typesParam
+        .split(",")
+        .map((t) => t.trim())
+        .filter(Boolean)
+    : null;
+
+  const listenerId = crypto.randomUUID();
+
+  return streamSSE(c, async (stream) => {
+    // Send initial connection event
+    await stream.writeSSE({
+      event: "connected",
+      data: JSON.stringify({
+        listenerId,
+        organizationId: orgId,
+        typePatterns,
+        connectedAt: new Date().toISOString(),
+      }),
+    });
+
+    // Register listener with the SSE hub
+    const registered = sseHub.add({
+      id: listenerId,
+      organizationId: orgId,
+      typePatterns: typePatterns?.length ? typePatterns : null,
+      push: (event: SSEEvent) => {
+        // Write to the SSE stream — fire-and-forget
+        stream
+          .writeSSE({
+            id: event.id,
+            event: event.type,
+            data: JSON.stringify(event),
+          })
+          .catch(() => {
+            // Stream broken — remove immediately so no further events are
+            // attempted. onAbort handles interval cleanup.
+            sseHub.remove(orgId, listenerId);
+          });
+      },
+    });
+
+    if (!registered) {
+      await stream.writeSSE({
+        event: "error",
+        data: JSON.stringify({
+          error: "Too many connections",
+          message: "SSE connection limit reached. Try again later.",
+        }),
+      });
+      return;
+    }
+
+    // Send periodic keepalive comments to detect dead connections
+    const keepaliveInterval = setInterval(() => {
+      stream.writeSSE({ event: "keepalive", data: "" }).catch(() => {
+        clearInterval(keepaliveInterval);
+      });
+    }, 30_000);
+
+    // Cleanup when the client disconnects and keep the stream open
+    await new Promise<void>((resolve) => {
+      stream.onAbort(() => {
+        clearInterval(keepaliveInterval);
+        sseHub.remove(orgId, listenerId);
+        resolve();
+      });
+    });
+  });
+};
+
 // Create serializer for Prometheus text format (shared across instances)
 const prometheusSerializer = new PrometheusSerializer();
 
@@ -447,12 +877,11 @@ export async function createApp(options: CreateAppOptions = {}) {
   // Middleware
   // ============================================================================
 
-  // Server-Timing middleware
+  // Server-Timing middleware — opt in per-request via `cookie debug=1`
   app.use(
     "*",
     timing({
-      enabled: (c) =>
-        getSettings().nodeEnv !== "production" || getCookie(c, "debug") === "1",
+      enabled: (c) => getCookie(c, "debug") === "1",
     }),
   );
 
@@ -479,7 +908,6 @@ export async function createApp(options: CreateAppOptions = {}) {
     }),
   );
 
-  // Security headers middleware - prevents UI redressing / clickjacking
   app.use("*", async (c, next) => {
     await next();
     c.header("X-Frame-Options", "DENY");
@@ -583,237 +1011,61 @@ export async function createApp(options: CreateAppOptions = {}) {
   // OAuth Proxy Routes (for proxying OAuth to origin MCP servers)
   // MUST be defined BEFORE the wildcard OAuth routes below
   // ============================================================================
-  app.route("/", oauthProxyRoutes);
-
-  // OAuth endpoint proxy - defined directly here because app.route() doesn't work reliably
-  // for this route pattern. Using wildcard pattern to capture endpoint.
-  app.all("/oauth-proxy/:connectionId/*", async (c) => {
-    const connectionId = c.req.param("connectionId");
-    // Extract endpoint from path: /oauth-proxy/conn_xxx/register -> register
-    // Filter empty parts to handle trailing slashes
-    const pathParts = c.req.path.split("/").filter(Boolean);
-    const endpoint = pathParts[pathParts.length - 1];
-
-    // Get or create context
-    let ctx = c.get("meshContext");
-    if (!ctx) {
-      ctx = await ContextFactory.create(c.req.raw);
-      c.set("meshContext", ctx);
-    }
-
-    // Get connection URL
-    const connection = await ctx.storage.connections.findById(connectionId);
-    if (!connection?.connection_url) {
-      return c.json({ error: "Connection not found" }, 404);
-    }
-
-    // Get origin auth server - tries Protected Resource Metadata first, then falls back to origin root
-    const resourceRes = await fetchProtectedResourceMetadata(
-      connection.connection_url,
-    );
-
-    let originAuthServer: string | undefined;
-    const connUrl = new URL(connection.connection_url);
 
-    if (resourceRes.ok) {
-      // Origin has Protected Resource Metadata - use authorization_servers from it
-      const resourceData = (await resourceRes.json()) as {
-        authorization_servers?: string[];
-      };
-      originAuthServer = resourceData.authorization_servers?.[0];
-    }
-
-    // Fall back to origin root if:
-    // - Origin doesn't have Protected Resource Metadata (like Apify)
-    // - Or metadata exists but has empty/missing authorization_servers
-    // Many servers expose /.well-known/oauth-authorization-server at the root even without RFC 9728
-    if (!originAuthServer) {
-      originAuthServer = connUrl.origin;
-    }
-
-    // Get OAuth endpoints from auth server metadata - uses shared function that tries all formats
-    const authServerRes =
-      await fetchAuthorizationServerMetadata(originAuthServer);
-    if (!authServerRes.ok) {
-      return c.json({ error: "Failed to get auth server metadata" }, 502);
-    }
-    const endpoints = (await authServerRes.json()) as {
-      authorization_endpoint?: string;
-      token_endpoint?: string;
-      registration_endpoint?: string;
-    };
-
-    // Map endpoint name to URL
-    let originEndpointUrl: string | undefined;
-    if (endpoint === "authorize") {
-      originEndpointUrl = endpoints.authorization_endpoint;
-    } else if (endpoint === "token") {
-      originEndpointUrl = endpoints.token_endpoint;
-    } else if (endpoint === "register") {
-      originEndpointUrl = endpoints.registration_endpoint;
-    }
-
-    if (!originEndpointUrl) {
-      return c.json({ error: `Unknown OAuth endpoint: ${endpoint}` }, 404);
-    }
-
-    // Build URL with query string
-    const targetUrl = new URL(originEndpointUrl);
-    const reqUrl = new URL(c.req.url);
-    targetUrl.search = reqUrl.search;
-
-    // For authorize endpoint, REDIRECT instead of proxying
-    // The browser needs to navigate directly to the auth server so that:
-    // 1. CSS/JS loads correctly from the origin
-    // 2. Cookies are set on the correct domain
-    // 3. The user can interact with the consent screen
-    if (endpoint === "authorize") {
-      // Validate redirect_uri to prevent OAuth hijacking — only allow our own origin.
-      // Use .get() to grab the first value, then .set() to canonicalize to exactly
-      // one redirect_uri param, preventing parser-differential bypasses via duplicates.
-      const redirectUri = targetUrl.searchParams.get("redirect_uri");
-      if (redirectUri) {
-        const allowedOrigin = getSettings().baseUrl ?? reqUrl.origin;
-        try {
-          const redirectUrl = new URL(redirectUri);
-          const allowedOriginObj = new URL(allowedOrigin);
-
-          // Check if redirect_uri origin matches the allowed origin
-          const isAllowed =
-            redirectUrl.origin === allowedOriginObj.origin ||
-            // Allow localhost for development
-            redirectUrl.hostname === "localhost";
-
-          if (!isAllowed) {
-            return c.json(
-              {
-                error: "invalid_request",
-                error_description: "redirect_uri is not allowed",
-              },
-              400,
-            );
-          }
-        } catch {
-          return c.json(
-            {
-              error: "invalid_request",
-              error_description: "redirect_uri is malformed",
-            },
-            400,
-          );
-        }
-        // Collapse any duplicate redirect_uri params to the single validated value
-        targetUrl.searchParams.set("redirect_uri", redirectUri);
-      }
-
-      // IMPORTANT: Rewrite the 'resource' parameter to point to the origin MCP endpoint
-      // Some auth servers (like Supabase) validate that the resource is their actual endpoint,
-      // not our proxy. We keep the proxy URL for redirect_uri since that's where we handle the callback.
-      if (targetUrl.searchParams.has("resource")) {
-        targetUrl.searchParams.set("resource", connection.connection_url);
-      }
-
-      // Add smart OAuth params for deco-hosted MCPs to skip org/project selection
-      // Wrapped in try-catch to ensure OAuth redirect proceeds even if smart params fail
-      if (isDecoHostedMcp(connection.connection_url)) {
-        try {
-          const projectLocator = await getDecoStoreProjectLocator(
-            ctx,
-            connection.organization_id,
-          );
-          const smartParams = buildDecoOAuthParams(projectLocator);
-          for (const [key, value] of smartParams) {
-            targetUrl.searchParams.set(key, value);
-          }
-        } catch (error) {
-          console.warn(
-            "[oauth-proxy] Failed to get smart OAuth params, proceeding without:",
-            error,
-          );
-        }
-      }
-
-      return c.redirect(targetUrl.toString(), 302);
-    }
-
-    // Forward headers for token/register endpoints
-    const headers: Record<string, string> = {
-      Accept: c.req.header("Accept") || "application/json",
-    };
-    const contentType = c.req.header("Content-Type");
-    if (contentType) headers["Content-Type"] = contentType;
-    const authorization = c.req.header("Authorization");
-    if (authorization) headers["Authorization"] = authorization;
-
-    // For token endpoint, we may need to rewrite the 'resource' parameter in the body
-    // (same reason as authorize: auth servers validate it's their actual endpoint)
-    let requestBody: BodyInit | undefined;
-    if (c.req.method !== "GET" && c.req.method !== "HEAD") {
-      if (
-        endpoint === "token" &&
-        contentType?.includes("application/x-www-form-urlencoded")
-      ) {
-        // Parse form body and rewrite resource if present
-        const formData = await c.req.formData();
-        if (formData.has("resource")) {
-          formData.set("resource", connection.connection_url);
-        }
-        // Convert back to URLSearchParams for form-urlencoded
-        const params = new URLSearchParams();
-        for (const [key, value] of formData.entries()) {
-          params.append(key, value.toString());
-        }
-        requestBody = params.toString();
-      } else {
-        // For other content types, pass through as-is
-        requestBody = c.req.raw.body ?? undefined;
-      }
-    }
-
-    // Proxy the request (token and register endpoints only)
-    const response = await fetch(targetUrl.toString(), {
-      method: c.req.method,
-      headers,
-      body: requestBody,
-      // @ts-expect-error - duplex needed for streaming
-      duplex: "half",
-      redirect: "manual",
-    });
-
-    // Copy response headers, excluding hop-by-hop and encoding headers
-    // Note: Node.js fetch auto-decompresses, so content-encoding/content-length would be wrong
-    const responseHeaders = new Headers();
-    const excludedHeaders = [
-      "connection",
-      "keep-alive",
-      "transfer-encoding",
-      "content-encoding",
-      "content-length",
-    ];
-    for (const [key, value] of response.headers.entries()) {
-      if (!excludedHeaders.includes(key.toLowerCase())) {
-        responseHeaders.set(key, value);
-      }
-    }
-
-    return new Response(response.body, {
-      status: response.status,
-      statusText: response.statusText,
-      headers: responseHeaders,
-    });
-  });
+  // OAuth Protected-Resource discovery metadata — proxied from the origin MCP
+  // server. The legacy server-URL shape (`/mcp/:id`) gets a deprecation log;
+  // the resource-relative shape for the new `/api/:org/mcp/:id` family is
+  // mounted via `createOrgScopedApi` below.
+  const legacyWellKnownProtectedResource =
+    createLegacyWellKnownProtectedResourceRoutes();
+  legacyWellKnownProtectedResource.use("*", logDeprecatedRoute);
+  app.route("/", legacyWellKnownProtectedResource);
+
+  // Well-known *prefix* discovery for the new org-scoped server URL shape.
+  // RFC 9728 Format 2 anchors `/.well-known/oauth-protected-resource` at the
+  // origin and appends the resource path, so the SDK probes
+  // `/.well-known/oauth-protected-resource/api/:org/mcp/:connectionId` — that
+  // path lives at the URL root, NOT under the `/api/:org` sub-app, and must
+  // not be tagged as a deprecated route. The handler reads the org slug from
+  // the path via `detectOrgSlugFromPath`.
+  app.get(
+    "/.well-known/oauth-protected-resource/api/:org/mcp/:connectionId",
+    protectedResourceMetadataHandler,
+  );
 
-  // Mount OAuth discovery metadata endpoints
+  // Auth-server metadata stays at the legacy global path indefinitely —
+  // third-party OAuth providers may have this URL registered as a
+  // redirect_uri base, so we don't migrate or log deprecation here.
+  app.route("/", createWellKnownAuthServerRoutes());
+
+  // OAuth endpoint proxy — legacy mount with deprecation log. The new
+  // canonical mount lives under `/api/:org/oauth-proxy/...` (registered via
+  // `createOrgScopedApi` below) and gets cross-org enforcement for free.
+  app.use("/oauth-proxy/:connectionId/*", logDeprecatedRoute);
+  app.all("/oauth-proxy/:connectionId/*", oauthProxyHandler);
+
+  // Better-Auth-served Protected Resource Metadata for the gateway-style MCP
+  // URL family. The handler is the same regardless of which path it's mounted
+  // at (Better Auth derives the resource from `baseURL`), so the legacy and
+  // new mounts share the same closure. Legacy mount gets the deprecation log.
+  const betterAuthProtectedResourceHandler: MiddlewareHandler<Env> = async (
+    c,
+  ) => {
+    const handleOAuthProtectedResourceMetadata =
+      getHandleOAuthProtectedResourceMetadata();
+    const res = await handleOAuthProtectedResourceMetadata(c.req.raw);
+    const data = (await res.json()) as ResourceServerMetadata;
+    return Response.json(data, res);
+  };
+  app.use(
+    "/mcp/:gateway?/:connectionId/.well-known/oauth-protected-resource/*",
+    logDeprecatedRoute,
+  );
   app.get(
     "/mcp/:gateway?/:connectionId/.well-known/oauth-protected-resource/*",
-    async (c) => {
-      const handleOAuthProtectedResourceMetadata =
-        getHandleOAuthProtectedResourceMetadata();
-      const res = await handleOAuthProtectedResourceMetadata(c.req.raw);
-      const data = (await res.json()) as ResourceServerMetadata;
-      return Response.json(data, res);
-    },
+    betterAuthProtectedResourceHandler,
   );
+
   const authorizationServerHandler: MiddlewareHandler<Env> = async (c) => {
     const handleOAuthDiscoveryMetadata = getHandleOAuthDiscoveryMetadata();
     const res = await handleOAuthDiscoveryMetadata(c.req.raw);
@@ -821,6 +1073,8 @@ export async function createApp(options: CreateAppOptions = {}) {
     return Response.json(data, res);
   };
 
+  // RFC 8414 mandates this exact path location, so it stays global per the
+  // org-scoped-API plan (no `/api/:org/...` mount, no deprecation log).
   app.get(
     "/.well-known/oauth-authorization-server/*/:gateway?/:connectionId?",
     authorizationServerHandler,
@@ -1234,6 +1488,17 @@ export async function createApp(options: CreateAppOptions = {}) {
     }
   });
 
+  // Apply path-based org resolution to the pre-existing org-scoped routes
+  // that aren't under createOrgScopedApi: decopilot, OpenAI compat, files.
+  // These use ensureOrganization() to read ctx.organization, which would
+  // otherwise be undefined now that the frontend no longer sends x-org-id
+  // headers. We can't apply this globally to /api/:org/* because legacy
+  // unscoped routes like /api/connections/:id/... also match that pattern
+  // (where :org matches "connections" etc).
+  app.use("/api/:org/decopilot/*", resolveOrgFromPath);
+  app.use("/api/:org/v1/*", resolveOrgFromPath);
+  app.use("/api/:org/files/*", resolveOrgFromPath);
+
   // ============================================================================
   // Server-side SSO Enforcement Middleware
   // ============================================================================
@@ -1278,8 +1543,15 @@ export async function createApp(options: CreateAppOptions = {}) {
     return next();
   });
 
-  // Organization-level SSO routes (must be after context middleware)
-  app.route("/api/org-sso", orgSsoRoutes);
+  // Organization-level SSO routes (must be after context middleware).
+  // Legacy mount at /api/org-sso with deprecation log; the new
+  // /api/:org/org-sso mount is wired in a later task.
+  const legacyOrgSso = new Hono<{
+    Variables: { meshContext: MeshContext };
+  }>();
+  legacyOrgSso.use("*", logDeprecatedRoute);
+  legacyOrgSso.route("/", createSsoRoutes());
+  app.route("/api/org-sso", legacyOrgSso);
 
   // Get all management tools (for OAuth consent UI)
   app.get("/api/tools/management", (c) => {
@@ -1322,8 +1594,10 @@ export async function createApp(options: CreateAppOptions = {}) {
   app.use("/mcp/virtual-mcp/:virtualMcpId?", mcpAuth);
   app.use("/mcp/self", mcpAuth);
 
-  // Dev-only routes (local file storage MCP for testing object-storage plugin)
-  if (getSettings().nodeEnv !== "production") {
+  // Local file storage MCP routes — mounted whenever DevObjectStorage is the
+  // active object-storage backend (i.e. no S3 configured). Required so the
+  // dev-assets pseudo-connection can satisfy the OBJECT_STORAGE binding.
+  if (usesLocalObjectStorage()) {
     // Using require() for synchronous loading to ensure routes are registered
     // before any requests come in. Static imports in dev-only.ts allow knip tracking.
     // eslint-disable-next-line @typescript-eslint/no-require-imports
@@ -1333,14 +1607,23 @@ export async function createApp(options: CreateAppOptions = {}) {
 
   // Virtual MCP / Agent routes (must be before proxy to match /mcp/gateway and /mcp/virtual-mcp before /mcp/:connectionId)
   // /mcp/gateway/:virtualMcpId (backward compat) or /mcp/virtual-mcp/:virtualMcpId
-  app.route("/mcp", virtualMcpRoutes);
+  const legacyVirtualMcp = new Hono<Env>();
+  legacyVirtualMcp.use("*", logDeprecatedRoute);
+  legacyVirtualMcp.route("/", createVirtualMcpRoutes());
+  app.route("/mcp", legacyVirtualMcp);
 
   // Self MCP routes (at /mcp/self) - exposes all management tools
-  app.route("/mcp/self", selfRoutes);
+  const legacySelf = new Hono<Env>();
+  legacySelf.use("*", logDeprecatedRoute);
+  legacySelf.route("/", createSelfRoutes());
+  app.route("/mcp/self", legacySelf);
 
   // MCP Proxy routes (connection-specific)
   // Note: SELF MCP ({org}_self) is handled by proxy.ts with special case detection
-  app.route("/mcp", proxyRoutes);
+  const legacyProxy = new Hono<Env>();
+  legacyProxy.use("*", logDeprecatedRoute);
+  legacyProxy.route("/", createProxyRoutes());
+  app.route("/mcp", legacyProxy);
 
   // Measure LLM models route latency
   app.use("/api/:org/models/*", async (c, next) => {
@@ -1363,153 +1646,107 @@ export async function createApp(options: CreateAppOptions = {}) {
   // Stable file redirect endpoint (resolves mesh-storage: URIs to presigned URLs)
   app.route("/api", filesRoutes);
 
+  // Thread outputs (model-shared files surfaced as download chips in the chat)
+  // Legacy mount at /api/* with deprecation log; the new /api/:org/* mount
+  // is wired in a later task.
+  const legacyThreadOutputsRoutes = new Hono<{
+    Variables: { meshContext: MeshContext };
+  }>();
+  legacyThreadOutputsRoutes.use("*", logDeprecatedRoute);
+  legacyThreadOutputsRoutes.route("/", createThreadOutputsRoutes());
+  app.route("/api", legacyThreadOutputsRoutes);
+
   // OpenAI-compatible LLM API routes
   app.route("/api", openaiCompatRoutes);
 
-  // Trigger callback endpoint (external MCPs → Mesh automations)
-  app.route(
-    "/api",
+  // Trigger callback endpoint (external MCPs → Mesh automations).
+  // Legacy mount at /api/trigger-callback with deprecation log; the new
+  // /api/:org/trigger-callback mount is wired in a later task.
+  const legacyTriggerCallback = new Hono<{
+    Variables: { meshContext: MeshContext };
+  }>();
+  legacyTriggerCallback.use("*", logDeprecatedRoute);
+  legacyTriggerCallback.route(
+    "/",
     createTriggerCallbackRoutes({
       tokenStorage: triggerCallbackTokenStorage,
       eventTriggerEngine,
     }),
   );
+  app.route("/api", legacyTriggerCallback);
 
   // KV store (org-scoped, for external MCPs to persist state)
+  // Legacy mount at /api/* with deprecation log; the new /api/:org/* mount
+  // is wired in a later task.
   const kvStorage = new KyselyKVStorage(database.db);
-  app.route("/api", createKVRoutes({ kvStorage }));
-
-  // Public Events endpoint
-  app.post("/org/:organizationId/events/:type", async (c) => {
-    const orgId = c.req.param("organizationId");
-    await c.var.meshContext.eventBus.publish(
-      orgId,
-      WellKnownOrgMCPId.SELF(orgId),
-      {
-        data: await c.req.json(),
-        type: `public:${c.req.param("type")}`,
-        subject: c.req.query("subject"),
-        deliverAt: c.req.query("deliverAt"),
-        cron: c.req.query("cron"),
-      },
-    );
-    return c.json({ success: true });
-  });
+  const legacyKVRoutes = new Hono<{
+    Variables: { meshContext: MeshContext };
+  }>();
+  legacyKVRoutes.use("*", logDeprecatedRoute);
+  legacyKVRoutes.route("/", createKVRoutes({ kvStorage }));
+  app.route("/api", legacyKVRoutes);
+
+  // Public Events endpoint — legacy mount with deprecation log. New mount
+  // lives at `POST /api/:org/events/:type` (registered via createOrgScopedApi).
+  app.use("/org/:organizationId/events/:type", logDeprecatedRoute);
+  app.post("/org/:organizationId/events/:type", eventsHandler);
 
   // ============================================================================
   // SSE Watch Endpoint — stream events for an organization in real time
+  // (Legacy mount with deprecation log. New mount lives at
+  // `GET /api/:org/watch` via createOrgScopedApi.)
   // ============================================================================
 
-  app.get("/org/:organizationId/watch", async (c) => {
-    const meshContext = c.var.meshContext;
-
-    // Require authentication (user session or API key)
-    const userId = meshContext.auth.user?.id ?? meshContext.auth.apiKey?.userId;
-    if (!userId) {
-      return c.json({ error: "Unauthorized" }, 401);
-    }
-
-    const orgId = c.req.param("organizationId");
-
-    // check that the authenticated user has access to the requested organization
-    if (orgId !== meshContext.organization?.id) {
-      return c.json({ error: "Forbidden access to organization" }, 403);
-    }
-
-    // Optional type filter: ?types=workflow.*,public.* (comma-separated patterns)
-    const typesParam = c.req.query("types");
-    const typePatterns = typesParam
-      ? typesParam
-          .split(",")
-          .map((t) => t.trim())
-          .filter(Boolean)
-      : null;
-
-    const listenerId = crypto.randomUUID();
-
-    return streamSSE(c, async (stream) => {
-      // Send initial connection event
-      await stream.writeSSE({
-        event: "connected",
-        data: JSON.stringify({
-          listenerId,
-          organizationId: orgId,
-          typePatterns,
-          connectedAt: new Date().toISOString(),
-        }),
-      });
-
-      // Register listener with the SSE hub
-      const registered = sseHub.add({
-        id: listenerId,
-        organizationId: orgId,
-        typePatterns: typePatterns?.length ? typePatterns : null,
-        push: (event: SSEEvent) => {
-          // Write to the SSE stream — fire-and-forget
-          stream
-            .writeSSE({
-              id: event.id,
-              event: event.type,
-              data: JSON.stringify(event),
-            })
-            .catch(() => {
-              // Stream broken — remove immediately so no further events are
-              // attempted. onAbort handles interval cleanup.
-              sseHub.remove(orgId, listenerId);
-            });
-        },
-      });
-
-      if (!registered) {
-        await stream.writeSSE({
-          event: "error",
-          data: JSON.stringify({
-            error: "Too many connections",
-            message: "SSE connection limit reached. Try again later.",
-          }),
-        });
-        return;
-      }
-
-      // Send periodic keepalive comments to detect dead connections
-      const keepaliveInterval = setInterval(() => {
-        stream.writeSSE({ event: "keepalive", data: "" }).catch(() => {
-          clearInterval(keepaliveInterval);
-        });
-      }, 30_000);
-
-      // Cleanup when the client disconnects and keep the stream open
-      await new Promise<void>((resolve) => {
-        stream.onAbort(() => {
-          clearInterval(keepaliveInterval);
-          sseHub.remove(orgId, listenerId);
-          resolve();
-        });
-      });
-    });
-  });
+  app.use("/org/:organizationId/watch", logDeprecatedRoute);
+  app.get("/org/:organizationId/watch", watchHandler);
 
   // Downstream token management routes
-  app.route("/api", downstreamTokenRoutes);
+  // Legacy mount at /api/* with deprecation log; the new /api/:org/* mount
+  // is wired in a later task.
+  const legacyDownstreamTokenRoutes = new Hono<{
+    Variables: { meshContext: MeshContext };
+  }>();
+  legacyDownstreamTokenRoutes.use("*", logDeprecatedRoute);
+  legacyDownstreamTokenRoutes.route("/", createDownstreamTokenRoutes());
+  app.route("/api", legacyDownstreamTokenRoutes);
 
   // Deco.cx sites list (requires meshContext / auth)
-  app.route("/api/deco-sites", decoSitesRoutes);
+  // /profile is user-scoped (no org), stays mounted permanently — no
+  // deprecation log.
+  app.route("/api/deco-sites", createDecoSitesUserRoutes());
+
+  // Org-scoped deco-sites routes (GET /, POST /connection). Currently mounted
+  // at /api/deco-sites with a deprecation log; the new /api/:org/deco-sites
+  // mount is wired in a later task.
+  const legacyDecoSitesOrg = new Hono<{
+    Variables: { meshContext: MeshContext };
+  }>();
+  legacyDecoSitesOrg.use("*", logDeprecatedRoute);
+  legacyDecoSitesOrg.route("/", createDecoSitesOrgRoutes());
+  app.route("/api/deco-sites", legacyDecoSitesOrg);
+
+  // Unified VM events SSE — single auth-gated stream that emits pre-Ready
+  // lifecycle phases, then proxies the daemon's `/_decopilot_vm/events` once
+  // the sandbox is up. Replaces the prior split between `/api/vm-lifecycle`
+  // and the browser's direct daemon EventSource.
+  // Legacy mount at /api/vm-events with deprecation log; the new
+  // /api/:org/vm-events mount is wired in a later task.
+  const legacyVmEvents = new Hono<{
+    Variables: { meshContext: MeshContext };
+  }>();
+  legacyVmEvents.use("*", logDeprecatedRoute);
+  legacyVmEvents.route("/", createVmEventsRoutes());
+  app.route("/api/vm-events", legacyVmEvents);
 
   // ============================================================================
-  // Server Plugin Routes
+  // Private Registry public routes (first-class feature)
+  // Registered BEFORE the org-scoped sub-app so the more specific
+  // `/api/:org/registry/*` mounts win over the catch-all org sub-app.
+  // These are PUBLIC endpoints — they do their own org lookup and must NOT
+  // go through `resolveOrgFromPath` (which would enforce membership).
   // ============================================================================
 
-  // Mount routes from registered server plugins
-  // - Public routes are mounted at root level (e.g., /connect/:sessionId)
-  // - Authenticated routes are mounted at /api/plugins/:pluginId/*
-  // Note: vault and initializePluginStorage are called earlier (before eventBus.start)
-  // to avoid race conditions with plugin onStartup hooks.
-
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  mountPluginRoutes(app, { db: database.db as any, vault });
-
-  // Private Registry public routes (first-class feature)
-  const { publicPublishRequestRoutes, publicMCPServerRoutes } = await import(
+  const { createPublishRequestHandler, createPublicMCPHandler } = await import(
     "@/api/routes/registry"
   );
   const registryRouteCtx = {
@@ -1519,10 +1756,48 @@ export async function createApp(options: CreateAppOptions = {}) {
       decrypt: (value: string) => vault.decrypt(value),
     },
   };
+  const publishRequestHandler = createPublishRequestHandler(registryRouteCtx);
+  const publicMCPHandler = createPublicMCPHandler(registryRouteCtx);
+
+  // Legacy mounts (with deprecation log)
+  app.use("/org/:orgRef/registry/publish-request", logDeprecatedRoute);
+  app.post("/org/:orgRef/registry/publish-request", publishRequestHandler);
+  app.use("/org/:orgSlug/registry/*", logDeprecatedRoute);
+  app.all("/org/:orgSlug/registry/*", publicMCPHandler);
+
+  // New canonical mounts (no deprecation log; mounted at the top level so they
+  // resolve their own org and bypass `resolveOrgFromPath`).
+  app.post("/api/:org/registry/publish-request", publishRequestHandler);
+  app.all("/api/:org/registry/*", publicMCPHandler);
+
+  // New canonical org-scoped API surface — all routes that depend on org context
+  // live here. Old routes still work (with deprecation logs) until the cleanup
+  // PR removes them after the deprecation window.
+  const orgScopedApi = createOrgScopedApi({
+    kvStorage,
+    tokenStorage: triggerCallbackTokenStorage,
+    eventTriggerEngine,
+    mountDevAssets: usesLocalObjectStorage(),
+    mcpAuth,
+    oauthProxyHandler,
+    eventsHandler,
+    watchHandler,
+    betterAuthProtectedResourceHandler,
+  });
+  app.route("/api/:org", orgScopedApi);
+
+  // ============================================================================
+  // Server Plugin Routes
+  // ============================================================================
+
+  // Mount routes from registered server plugins
+  // - Public routes are mounted at root level (e.g., /connect/:sessionId)
+  // - Authenticated routes are mounted at /api/plugins/:pluginId/*
+  // Note: vault and initializePluginStorage are called earlier (before eventBus.start)
+  // to avoid race conditions with plugin onStartup hooks.
+
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  publicPublishRequestRoutes(app as any, registryRouteCtx);
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  publicMCPServerRoutes(app as any, registryRouteCtx);
+  mountPluginRoutes(app, { db: database.db as any, vault });
 
   // ============================================================================
   // 404 Handler
@@ -1580,6 +1855,17 @@ export async function createApp(options: CreateAppOptions = {}) {
       currentRetentionTimer = null;
     }
 
+    // Sweep sandbox containers — Docker only. Other runners' sandboxes
+    // outlive mesh by design, so a generic sweep would nuke active user VMs.
+    // Must run before NATS/DB close (sweep writes state).
+    const dockerRunner = asDockerRunner(getSharedRunnerIfInit());
+    if (dockerRunner) {
+      const { sweepDockerOrphansOnShutdown } = await import(
+        "@decocms/sandbox/runner"
+      );
+      await sweepDockerOrphansOnShutdown(dockerRunner);
+    }
+
     // Phase 3: Drain NATS (after all consumers stopped)
     if (natsProvider) {
       await natsProvider
diff --git a/apps/mesh/src/api/integration-org-scoped.test.ts b/apps/mesh/src/api/integration-org-scoped.test.ts
new file mode 100644
index 0000000000..aa554b2083
--- /dev/null
+++ b/apps/mesh/src/api/integration-org-scoped.test.ts
@@ -0,0 +1,758 @@
+/**
+ * Cross-route integration test for the org-scoped API.
+ *
+ * Exercises the dual-mounted routes end-to-end against a real (PGlite)
+ * test database. Proves that legacy + new paths coexist correctly:
+ *   - new path serves AND does NOT log deprecation
+ *   - legacy path serves AND DOES log deprecation
+ *   - unknown slug → 404 (from resolveOrgFromPath)
+ *   - non-member → 403 (from resolveOrgFromPath)
+ */
+
+import {
+  afterEach,
+  beforeEach,
+  describe,
+  expect,
+  it,
+  spyOn,
+  vi,
+} from "bun:test";
+import { sql } from "kysely";
+import { auth } from "../auth";
+import {
+  closeTestDatabase,
+  createTestDatabase,
+  type TestDatabase,
+} from "../database/test-db";
+import type { EventBus } from "../event-bus";
+import {
+  createTestSchema,
+  seedCommonTestFixtures,
+} from "../storage/test-helpers";
+import { createApp } from "./app";
+
+/**
+ * Create a no-op mock event bus for testing (mirrors integration.test.ts).
+ */
+function createMockEventBus(): EventBus {
+  return {
+    start: async () => {},
+    stop: () => {},
+    isRunning: () => false,
+    publish: async () => ({}) as never,
+    subscribe: async () => ({}) as never,
+    unsubscribe: async () => ({ success: true }),
+    listSubscriptions: async () => [],
+    getSubscription: async () => null,
+    getEvent: async () => null,
+    cancelEvent: async () => ({ success: true }),
+    ackEvent: async () => ({ success: true }),
+    syncSubscriptions: async () => ({
+      created: 0,
+      updated: 0,
+      deleted: 0,
+      unchanged: 0,
+      subscriptions: [],
+    }),
+  };
+}
+
+/**
+ * Build a verifyApiKey mock that returns a valid key bound to the given
+ * userId + org. Lets us swap principals between tests (member vs non-member).
+ */
+function mockApiKey(userId: string, orgId: string, orgSlug: string) {
+  vi.spyOn(auth.api, "verifyApiKey").mockResolvedValue({
+    valid: true,
+    error: null,
+    key: {
+      id: "test-key-id",
+      name: "Test API Key",
+      userId,
+      // No permissions field — we don't need RBAC for the routes under test.
+      // The handlers only check that ctx.organization.id is set + a real
+      // connection exists.
+      permissions: undefined,
+      metadata: {
+        organization: { id: orgId, slug: orgSlug, name: orgSlug },
+      },
+    },
+    // oxlint-disable-next-line no-explicit-any
+  } as never);
+}
+
+describe("org-scoped API coexistence", () => {
+  let database: TestDatabase;
+  let app: Awaited<ReturnType<typeof createApp>>;
+  let logSpy: ReturnType<typeof spyOn>;
+
+  beforeEach(async () => {
+    database = await createTestDatabase();
+    await createTestSchema(database.db);
+    await seedCommonTestFixtures(database.db);
+
+    // Seed a second user (NOT a member of org_1) — used by the 403 test.
+    const now = new Date().toISOString();
+    await sql`
+      INSERT INTO "user" (id, email, "emailVerified", name, "createdAt", "updatedAt")
+      VALUES ('user_outsider', 'outsider@test.com', 0, 'Outsider', ${now}, ${now})
+      ON CONFLICT (id) DO NOTHING
+    `.execute(database.db);
+
+    // Seed a membership for user_1 in org_1 so resolveOrgFromPath admits us.
+    await sql`
+      INSERT INTO "member" (id, "userId", "organizationId", role, "createdAt")
+      VALUES ('mem_1', 'user_1', 'org_1', 'member', ${now})
+      ON CONFLICT (id) DO NOTHING
+    `.execute(database.db);
+
+    // Seed a connection owned by org_1 — the route under test does
+    // findById(connectionId, organizationId), so this row must exist for both
+    // the legacy path (200) and the new path (200) to succeed.
+    await database.db
+      .insertInto("connections")
+      .values({
+        id: "conn_1",
+        organization_id: "org_1",
+        created_by: "user_1",
+        title: "Test Connection",
+        connection_type: "HTTP",
+        connection_url: "https://example.test",
+        status: "active",
+        pinned: false,
+        created_at: now,
+        updated_at: now,
+      })
+      .execute();
+
+    // Build the app against the seeded DB. Production deps that aren't relevant
+    // here (NATS, automations, decopilot streams) are stubbed by createApp when
+    // an explicit eventBus is passed.
+    app = await createApp({ database, eventBus: createMockEventBus() });
+
+    // Default principal: user_1 (member of org_1). Tests can override.
+    vi.spyOn(auth.api, "getMcpSession").mockResolvedValue(null);
+    mockApiKey("user_1", "org_1", "org_1");
+
+    // Spy on console.log AFTER createApp ran (createApp emits its own startup
+    // logs that we don't want to assert on).
+    logSpy = spyOn(console, "log").mockImplementation(() => {});
+  });
+
+  afterEach(async () => {
+    logSpy.mockRestore();
+    vi.restoreAllMocks();
+    await closeTestDatabase(database);
+  });
+
+  it("new path serves the route AND does NOT log deprecation", async () => {
+    const res = await app.fetch(
+      new Request(
+        "http://test/api/org_1/connections/conn_1/oauth-token/status",
+        { headers: { Authorization: "Bearer test-key" } },
+      ),
+    );
+
+    expect(res.status).toBe(200);
+
+    const deprecationCalls = logSpy.mock.calls.filter(
+      (args: unknown[]) => args[0] === "deprecated route",
+    );
+    expect(deprecationCalls).toHaveLength(0);
+  });
+
+  it("legacy path still serves AND DOES log deprecation", async () => {
+    const res = await app.fetch(
+      new Request("http://test/api/connections/conn_1/oauth-token/status", {
+        headers: {
+          Authorization: "Bearer test-key",
+          // x-org-id is redundant when the API key carries org metadata, but
+          // we send it to mirror the documented legacy contract.
+          "x-org-id": "org_1",
+        },
+      }),
+    );
+
+    expect(res.status).toBe(200);
+
+    const deprecationCalls = logSpy.mock.calls.filter(
+      (args: unknown[]) => args[0] === "deprecated route",
+    );
+    expect(deprecationCalls.length).toBeGreaterThan(0);
+  });
+
+  it("new path returns 404 for unknown slug", async () => {
+    const res = await app.fetch(
+      new Request(
+        "http://test/api/non-existent-slug/connections/conn_1/oauth-token/status",
+        { headers: { Authorization: "Bearer test-key" } },
+      ),
+    );
+
+    expect(res.status).toBe(404);
+  });
+
+  it("new path returns 403 for non-member principal", async () => {
+    // Swap the API key mock so the request is authenticated as user_outsider,
+    // who has no membership row in org_1.
+    mockApiKey("user_outsider", "org_1", "org_1");
+
+    const res = await app.fetch(
+      new Request(
+        "http://test/api/org_1/connections/conn_1/oauth-token/status",
+        { headers: { Authorization: "Bearer test-key" } },
+      ),
+    );
+
+    expect(res.status).toBe(403);
+  });
+
+  it("well-known prefix discovery for org-scoped MCP resolves the right org", async () => {
+    // The MCP SDK probes /.well-known/oauth-protected-resource{resource-path}
+    // (RFC 9728 Format 2 / Smithery-style) to discover OAuth metadata. With
+    // org-scoped server URLs the probe path is
+    // /.well-known/oauth-protected-resource/api/:org/mcp/:connectionId — this
+    // path lives at the *root* (the well-known prefix is anchored there), not
+    // under the /api/:org sub-app. Without a top-level mount the SDK gets a
+    // 404 here and falls back to treating the mesh root as the auth server,
+    // breaking every OAuth-gated MCP (GitHub import-from-repo, Cursor, etc.).
+
+    // Mock the origin: well-known endpoints 404, but the initialize probe
+    // returns a Bearer challenge with resource_metadata so checkOriginSupports
+    // OAuth resolves true. The handler then synthesizes metadata pointing at
+    // our proxy — and crucially MUST use the org-scoped /api/:org/... path
+    // (not the legacy /mcp/:id shape) for both `resource` and
+    // `authorization_servers`, otherwise the SDK's resource-allowed check
+    // fails.
+    const fetchSpy = vi.spyOn(globalThis, "fetch").mockImplementation((async (
+      _input,
+      init,
+    ) => {
+      const method = (init?.method ?? "GET").toUpperCase();
+      if (method === "POST") {
+        // Origin's MCP `initialize` probe — return an OAuth 401.
+        return new Response(null, {
+          status: 401,
+          headers: {
+            "WWW-Authenticate":
+              'Bearer realm="origin", resource_metadata="https://example.test/.well-known/oauth-protected-resource"',
+          },
+        });
+      }
+      return new Response("not found", { status: 404 });
+    }) as typeof fetch);
+
+    // Use a localhost-shaped host so the handler's `fixProtocol` keeps the
+    // http scheme (it forces https for non-localhost hosts).
+    const reqHost = "http://mesh.localhost";
+    try {
+      const res = await app.fetch(
+        new Request(
+          `${reqHost}/.well-known/oauth-protected-resource/api/org_1/mcp/conn_1`,
+        ),
+      );
+
+      // Route must exist (was 404 before the fix — no route was mounted for
+      // this URL shape outside the /api/:org sub-app).
+      expect(res.status).toBe(200);
+
+      const body = (await res.json()) as {
+        resource: string;
+        authorization_servers: string[];
+      };
+      // Synthetic metadata MUST use the org-scoped /api/:org/... path for
+      // `resource` so resourceUrlFromServerUrl(serverUrl) matches
+      // resourceMetadata.resource (the SDK's checkResourceAllowed check);
+      // otherwise OAuth fails with "Protected resource ... does not match
+      // expected ...".
+      expect(body.resource).toBe(`${reqHost}/api/org_1/mcp/conn_1`);
+      // The auth-server URL stays on the legacy `/oauth-proxy/:id` path so
+      // the SDK's RFC 8414 discovery hits the dedicated auth-server metadata
+      // handler (which proxies the origin's metadata) instead of falling
+      // through to Better Auth's catch-all — that path returns Better Auth's
+      // MCP gateway endpoints and DCR ends with `invalid_client`.
+      expect(body.authorization_servers[0]).toBe(
+        `${reqHost}/oauth-proxy/conn_1`,
+      );
+    } finally {
+      fetchSpy.mockRestore();
+    }
+  });
+
+  it("well-known prefix discovery uses the path slug, not the session's active org", async () => {
+    // Regression for #3272 fallout: multi-org users hitting another org's
+    // URL would 404 here because the handler resolved `orgSlug` as
+    // `ctx.organization?.slug ?? c.req.param("org")`. The well-known prefix
+    // route is mounted at the URL root (outside `/api/:org`), so
+    // `resolveOrgFromPath` doesn't run — `ctx.organization` falls through to
+    // the session's `activeOrganizationId`, which silently overrode the path
+    // slug. For a user whose active org is `org_456`, a discovery probe at
+    // `/api/org_1/mcp/conn_1` would scope the lookup to `org_456` and 404
+    // even though the path AND the connection both belong to `org_1`. Fix:
+    // path param takes priority — `c.req.param("org") ?? ctx.organization?.slug`.
+    mockApiKey("user_1", "org_456", "org_456");
+
+    const fetchSpy = vi.spyOn(globalThis, "fetch").mockImplementation((async (
+      _input,
+      init,
+    ) => {
+      const method = (init?.method ?? "GET").toUpperCase();
+      if (method === "POST") {
+        return new Response(null, {
+          status: 401,
+          headers: {
+            "WWW-Authenticate":
+              'Bearer realm="origin", resource_metadata="https://example.test/.well-known/oauth-protected-resource"',
+          },
+        });
+      }
+      return new Response("not found", { status: 404 });
+    }) as typeof fetch);
+
+    try {
+      const res = await app.fetch(
+        new Request(
+          "http://mesh.localhost/.well-known/oauth-protected-resource/api/org_1/mcp/conn_1",
+          { headers: { Authorization: "Bearer test-key" } },
+        ),
+      );
+
+      expect(res.status).toBe(200);
+      const body = (await res.json()) as { resource: string };
+      expect(body.resource).toBe("http://mesh.localhost/api/org_1/mcp/conn_1");
+    } finally {
+      fetchSpy.mockRestore();
+    }
+  });
+
+  it("well-known prefix discovery 404s when :org doesn't match the connection's org", async () => {
+    // The synthesized PRM URL embeds :org as part of the resource path, so
+    // the handler MUST refuse to vouch for (org, connection) tuples that
+    // don't match — otherwise an attacker could probe a victim's connection
+    // ID under their own org slug and get a credible-looking metadata
+    // document. We don't distinguish "unknown org" from "cross-org" in the
+    // response so we don't leak which slugs exist.
+    const fetchSpy = vi
+      .spyOn(globalThis, "fetch")
+      .mockResolvedValue(new Response(null, { status: 200 }) as never);
+
+    try {
+      // Cross-org: org_456 exists (seeded by seedCommonTestFixtures) but
+      // conn_1 belongs to org_1.
+      const crossOrg = await app.fetch(
+        new Request(
+          "http://mesh.localhost/.well-known/oauth-protected-resource/api/org_456/mcp/conn_1",
+        ),
+      );
+      expect(crossOrg.status).toBe(404);
+
+      // Unknown slug: same response shape as cross-org.
+      const unknownSlug = await app.fetch(
+        new Request(
+          "http://mesh.localhost/.well-known/oauth-protected-resource/api/does-not-exist/mcp/conn_1",
+        ),
+      );
+      expect(unknownSlug.status).toBe(404);
+    } finally {
+      fetchSpy.mockRestore();
+    }
+  });
+
+  it("auth-server metadata advertises org-scoped OAuth endpoint URLs", async () => {
+    // Regression for the popup-not-opening bug: the AS metadata route lives at
+    // the legacy global path (kept stable for SDK cache + Better Auth catch-all
+    // reasons), but the OAuth endpoint URLs *inside* must point at the
+    // canonical `/api/:org/oauth-proxy/...` mount. Otherwise DCR
+    // (POST /register) lands on the legacy mount, where `ctx.organization`
+    // falls back to the session's `activeOrganizationId` and silently 404s
+    // multi-org users whose active session org doesn't match the connection's.
+    const fetchSpy = vi.spyOn(globalThis, "fetch").mockImplementation((async (
+      input: string | URL | Request,
+    ) => {
+      const url =
+        typeof input === "string"
+          ? input
+          : input instanceof URL
+            ? input.toString()
+            : input.url;
+      if (url.includes("oauth-protected-resource")) {
+        return new Response(
+          JSON.stringify({
+            resource: "https://example.test",
+            authorization_servers: ["https://example.test"],
+          }),
+          { status: 200 },
+        );
+      }
+      if (url.includes("oauth-authorization-server")) {
+        return new Response(
+          JSON.stringify({
+            issuer: "https://example.test",
+            authorization_endpoint: "https://example.test/authorize",
+            token_endpoint: "https://example.test/token",
+            registration_endpoint: "https://example.test/register",
+          }),
+          { status: 200 },
+        );
+      }
+      return new Response("not found", { status: 404 });
+    }) as typeof fetch);
+
+    try {
+      const res = await app.fetch(
+        new Request(
+          "http://mesh.localhost/.well-known/oauth-authorization-server/oauth-proxy/conn_1",
+        ),
+      );
+
+      expect(res.status).toBe(200);
+      const body = (await res.json()) as {
+        authorization_endpoint: string;
+        token_endpoint: string;
+        registration_endpoint: string;
+      };
+      expect(body.authorization_endpoint).toBe(
+        "http://mesh.localhost/api/org_1/oauth-proxy/conn_1/authorize",
+      );
+      expect(body.token_endpoint).toBe(
+        "http://mesh.localhost/api/org_1/oauth-proxy/conn_1/token",
+      );
+      expect(body.registration_endpoint).toBe(
+        "http://mesh.localhost/api/org_1/oauth-proxy/conn_1/register",
+      );
+    } finally {
+      fetchSpy.mockRestore();
+    }
+  });
+
+  it("DCR survives a multi-org user whose session active org differs from the path", async () => {
+    // The popup-not-opening bug surfaced because DCR (the SDK's
+    // POST /register call right before opening the authorize popup) hit the
+    // legacy `/oauth-proxy/:connectionId/*` mount and 404'd against the
+    // session's `activeOrganizationId`. With the AS metadata now pointing at
+    // `/api/:org/oauth-proxy/...`, `resolveOrgFromPath` resolves the org from
+    // the URL and verifies membership instead — independent of session state.
+
+    // Seed user_1 into a second org and switch the active session there. The
+    // path under test still names org_1 (where conn_1 lives).
+    await sql`
+      INSERT INTO "member" (id, "userId", "organizationId", role, "createdAt")
+      VALUES ('mem_1_456', 'user_1', 'org_456', 'member', ${new Date().toISOString()})
+      ON CONFLICT (id) DO NOTHING
+    `.execute(database.db);
+    mockApiKey("user_1", "org_456", "org_456");
+
+    const fetchSpy = vi.spyOn(globalThis, "fetch").mockImplementation((async (
+      input: string | URL | Request,
+      init?: RequestInit,
+    ) => {
+      const url =
+        typeof input === "string"
+          ? input
+          : input instanceof URL
+            ? input.toString()
+            : input.url;
+      const method = (init?.method ?? "GET").toUpperCase();
+      // Origin's AS metadata exposes a registration endpoint.
+      if (url.includes("oauth-authorization-server")) {
+        return new Response(
+          JSON.stringify({
+            issuer: "https://example.test",
+            authorization_endpoint: "https://example.test/authorize",
+            token_endpoint: "https://example.test/token",
+            registration_endpoint: "https://example.test/register",
+          }),
+          { status: 200 },
+        );
+      }
+      // Origin accepts our DCR proxy.
+      if (url.endsWith("/register") && method === "POST") {
+        return new Response(
+          JSON.stringify({ client_id: "client_xyz", client_secret: "secret" }),
+          { status: 201, headers: { "Content-Type": "application/json" } },
+        );
+      }
+      return new Response("not found", { status: 404 });
+    }) as typeof fetch);
+
+    try {
+      const res = await app.fetch(
+        new Request(
+          "http://mesh.localhost/api/org_1/oauth-proxy/conn_1/register",
+          {
+            method: "POST",
+            headers: {
+              Authorization: "Bearer test-key",
+              "Content-Type": "application/json",
+            },
+            body: JSON.stringify({
+              client_name: "test",
+              redirect_uris: ["http://mesh.localhost/oauth/callback"],
+            }),
+          },
+        ),
+      );
+
+      // Pre-fix: 404 ("Connection not found") because the legacy mount's
+      // cross-org check fired against the session's active org (org_456) and
+      // mismatched conn_1's owning org (org_1).
+      expect(res.status).not.toBe(404);
+      expect(res.status).toBeGreaterThanOrEqual(200);
+      expect(res.status).toBeLessThan(400);
+    } finally {
+      fetchSpy.mockRestore();
+    }
+  });
+
+  it("oauth-proxy refuses slug-spoofing on the org-scoped mount", async () => {
+    // Member of both org_1 and org_456 asks for an org_1 connection under
+    // org_456's slug. The path-resolved org scopes the connection lookup, so
+    // findById returns null and the handler 404s — preventing OAuth proxying
+    // for connections that don't belong to the URL's org.
+    const now = new Date().toISOString();
+    await sql`
+      INSERT INTO "member" (id, "userId", "organizationId", role, "createdAt")
+      VALUES ('mem_1_456_spoof', 'user_1', 'org_456', 'member', ${now})
+      ON CONFLICT (id) DO NOTHING
+    `.execute(database.db);
+
+    const res = await app.fetch(
+      new Request(
+        "http://mesh.localhost/api/org_456/oauth-proxy/conn_1/register",
+        {
+          method: "POST",
+          headers: {
+            Authorization: "Bearer test-key",
+            "Content-Type": "application/json",
+          },
+          body: JSON.stringify({ client_name: "test" }),
+        },
+      ),
+    );
+
+    expect(res.status).toBe(404);
+  });
+
+  it("DCR injects the connection's owning org into the registration metadata", async () => {
+    // The downstream MCP App needs to know which studio org an OAuth client
+    // belongs to *at registration time* — there is no per-user "active org"
+    // concept on the server, and querying it back from a bearer token has no
+    // standard. The proxy threads `connection.organization_id` (plus slug/name
+    // for human-readable references) into the RFC 7591 `metadata` field, which
+    // downstream servers can read off the persisted oauthApplication row on
+    // every subsequent request.
+    let capturedBody: string | null = null;
+    const fetchSpy = vi.spyOn(globalThis, "fetch").mockImplementation((async (
+      input: string | URL | Request,
+      init?: RequestInit,
+    ) => {
+      const url =
+        typeof input === "string"
+          ? input
+          : input instanceof URL
+            ? input.toString()
+            : input.url;
+      const method = (init?.method ?? "GET").toUpperCase();
+      if (url.includes("oauth-authorization-server")) {
+        return new Response(
+          JSON.stringify({
+            issuer: "https://example.test",
+            authorization_endpoint: "https://example.test/authorize",
+            token_endpoint: "https://example.test/token",
+            registration_endpoint: "https://example.test/register",
+          }),
+          { status: 200 },
+        );
+      }
+      if (url.endsWith("/register") && method === "POST") {
+        capturedBody =
+          typeof init?.body === "string"
+            ? init.body
+            : await new Response(init?.body).text();
+        return new Response(
+          JSON.stringify({ client_id: "client_xyz", client_secret: "secret" }),
+          { status: 201, headers: { "Content-Type": "application/json" } },
+        );
+      }
+      return new Response("not found", { status: 404 });
+    }) as typeof fetch);
+
+    try {
+      const res = await app.fetch(
+        new Request(
+          "http://mesh.localhost/api/org_1/oauth-proxy/conn_1/register",
+          {
+            method: "POST",
+            headers: {
+              Authorization: "Bearer test-key",
+              // Mixed-case media type — case-insensitive per RFC 7231 §3.1.1.1.
+              // Locks in that the injection branch normalizes before matching.
+              "Content-Type": "Application/JSON",
+            },
+            body: JSON.stringify({
+              client_name: "test",
+              redirect_uris: ["http://mesh.localhost/oauth/callback"],
+              metadata: { existing_key: "preserved" },
+            }),
+          },
+        ),
+      );
+
+      expect(res.status).toBeGreaterThanOrEqual(200);
+      expect(res.status).toBeLessThan(400);
+      expect(capturedBody).not.toBeNull();
+      const forwarded = JSON.parse(capturedBody!);
+      // Original fields untouched.
+      expect(forwarded.client_name).toBe("test");
+      expect(forwarded.redirect_uris).toEqual([
+        "http://mesh.localhost/oauth/callback",
+      ]);
+      // Org metadata injected; pre-existing metadata keys preserved.
+      expect(forwarded.metadata).toEqual({
+        existing_key: "preserved",
+        organization_id: "org_1",
+        organization_slug: "org_1",
+        organization_name: "org_1",
+      });
+    } finally {
+      fetchSpy.mockRestore();
+    }
+  });
+
+  it("DCR passes through non-object JSON bodies unchanged", async () => {
+    // null/array/primitive bodies are non-spec for DCR (RFC 7591 requires a
+    // JSON object). The proxy must not try to attach `metadata` to them —
+    // null/primitive would throw on property assignment, and arrays would
+    // silently lose the property at JSON.stringify time. We forward unchanged
+    // and let origin return its own 4xx.
+    const captured: string[] = [];
+    const fetchSpy = vi.spyOn(globalThis, "fetch").mockImplementation((async (
+      input: string | URL | Request,
+      init?: RequestInit,
+    ) => {
+      const url =
+        typeof input === "string"
+          ? input
+          : input instanceof URL
+            ? input.toString()
+            : input.url;
+      const method = (init?.method ?? "GET").toUpperCase();
+      if (url.includes("oauth-authorization-server")) {
+        return new Response(
+          JSON.stringify({
+            issuer: "https://example.test",
+            authorization_endpoint: "https://example.test/authorize",
+            token_endpoint: "https://example.test/token",
+            registration_endpoint: "https://example.test/register",
+          }),
+          { status: 200 },
+        );
+      }
+      if (url.endsWith("/register") && method === "POST") {
+        const body =
+          typeof init?.body === "string"
+            ? init.body
+            : await new Response(init?.body).text();
+        captured.push(body);
+        return new Response(
+          JSON.stringify({ error: "invalid_client_metadata" }),
+          { status: 400, headers: { "Content-Type": "application/json" } },
+        );
+      }
+      return new Response("not found", { status: 404 });
+    }) as typeof fetch);
+
+    try {
+      for (const body of ["null", "[1,2,3]", "42"]) {
+        const res = await app.fetch(
+          new Request(
+            "http://mesh.localhost/api/org_1/oauth-proxy/conn_1/register",
+            {
+              method: "POST",
+              headers: {
+                Authorization: "Bearer test-key",
+                "Content-Type": "application/json",
+              },
+              body,
+            },
+          ),
+        );
+        // Proxy didn't crash (would have been a 500); origin's 400 is what
+        // surfaces to the client.
+        expect(res.status).toBe(400);
+      }
+      expect(captured).toEqual(["null", "[1,2,3]", "42"]);
+    } finally {
+      fetchSpy.mockRestore();
+    }
+  });
+
+  it("DCR with non-JSON content type passes through byte-for-byte", async () => {
+    // RFC 7591 mandates JSON, but a misbehaving client could POST /register
+    // with a different content type. The metadata-injection branch is gated on
+    // `application/json` so non-JSON bodies hit the raw-body passthrough and
+    // reach origin unchanged (no UTF-8 decode/re-encode, no Content-Type
+    // override).
+    const captured: { body: string | null; contentType: string | null } = {
+      body: null,
+      contentType: null,
+    };
+    const fetchSpy = vi.spyOn(globalThis, "fetch").mockImplementation((async (
+      input: string | URL | Request,
+      init?: RequestInit,
+    ) => {
+      const url =
+        typeof input === "string"
+          ? input
+          : input instanceof URL
+            ? input.toString()
+            : input.url;
+      const method = (init?.method ?? "GET").toUpperCase();
+      if (url.includes("oauth-authorization-server")) {
+        return new Response(
+          JSON.stringify({
+            issuer: "https://example.test",
+            authorization_endpoint: "https://example.test/authorize",
+            token_endpoint: "https://example.test/token",
+            registration_endpoint: "https://example.test/register",
+          }),
+          { status: 200 },
+        );
+      }
+      if (url.endsWith("/register") && method === "POST") {
+        captured.body =
+          typeof init?.body === "string"
+            ? init.body
+            : await new Response(init?.body).text();
+        const headers = new Headers(init?.headers as HeadersInit | undefined);
+        captured.contentType = headers.get("Content-Type");
+        return new Response("ok", { status: 200 });
+      }
+      return new Response("not found", { status: 404 });
+    }) as typeof fetch);
+
+    try {
+      const rawBody = "client_name=test&redirect_uris=http://x";
+      const res = await app.fetch(
+        new Request(
+          "http://mesh.localhost/api/org_1/oauth-proxy/conn_1/register",
+          {
+            method: "POST",
+            headers: {
+              Authorization: "Bearer test-key",
+              "Content-Type": "application/x-www-form-urlencoded",
+            },
+            body: rawBody,
+          },
+        ),
+      );
+
+      expect(res.status).toBe(200);
+      expect(captured.body).toBe(rawBody);
+      expect(captured.contentType).toBe("application/x-www-form-urlencoded");
+    } finally {
+      fetchSpy.mockRestore();
+    }
+  });
+});
diff --git a/apps/mesh/src/api/middleware/log-deprecated-route.test.ts b/apps/mesh/src/api/middleware/log-deprecated-route.test.ts
new file mode 100644
index 0000000000..331c638ab2
--- /dev/null
+++ b/apps/mesh/src/api/middleware/log-deprecated-route.test.ts
@@ -0,0 +1,46 @@
+import { afterEach, beforeEach, describe, expect, it, spyOn } from "bun:test";
+import { Hono } from "hono";
+import type { MeshContext } from "../../core/mesh-context";
+import { logDeprecatedRoute } from "./log-deprecated-route";
+
+type Variables = { meshContext: MeshContext };
+
+describe("logDeprecatedRoute", () => {
+  let logSpy: ReturnType<typeof spyOn>;
+  let app: Hono<{ Variables: Variables }>;
+
+  beforeEach(() => {
+    logSpy = spyOn(console, "log").mockImplementation(() => {});
+    app = new Hono<{ Variables: Variables }>();
+    app.use("*", async (c, next) => {
+      c.set("meshContext", {
+        organization: { slug: "acme" },
+        auth: { user: { id: "user-1" } },
+      } as unknown as MeshContext);
+      await next();
+    });
+    app.use("/api/legacy/:id", logDeprecatedRoute);
+    app.get("/api/legacy/:id", (c) => c.json({ ok: true }));
+  });
+
+  afterEach(() => {
+    logSpy.mockRestore();
+  });
+
+  it("logs the call and continues", async () => {
+    const res = await app.request("/api/legacy/abc", {
+      headers: { "user-agent": "test-agent" },
+    });
+    expect(res.status).toBe(200);
+    expect(logSpy).toHaveBeenCalledWith(
+      "deprecated route",
+      expect.objectContaining({
+        route: "/api/legacy/:id",
+        method: "GET",
+        org: "acme",
+        user: "user-1",
+        ua: "test-agent",
+      }),
+    );
+  });
+});
diff --git a/apps/mesh/src/api/middleware/log-deprecated-route.ts b/apps/mesh/src/api/middleware/log-deprecated-route.ts
new file mode 100644
index 0000000000..725f3b2839
--- /dev/null
+++ b/apps/mesh/src/api/middleware/log-deprecated-route.ts
@@ -0,0 +1,42 @@
+import type { MiddlewareHandler } from "hono";
+import type { MeshContext } from "../../core/mesh-context";
+
+/**
+ * Logs a `"deprecated route"` line for legacy route hits during the
+ * org-scoped-API deprecation window.
+ *
+ * The middleware is attached via `app.use("*", logDeprecatedRoute)` on each
+ * legacy sub-app, which Hono treats as a path-prefix middleware. That
+ * wildcard fires on every request whose URL prefix-matches the parent mount —
+ * including hits to the new `/api/:org/*` mount that shares the `/api`
+ * prefix. Without a guard, every new-path call would emit a spurious
+ * deprecation log.
+ *
+ * Detection: walk `c.req.matchedRoutes` (populated by Hono after routing) for
+ * a non-wildcard handler. If no real handler matched, the sub-app fell
+ * through and we suppress. If the matched handler lives under
+ * `/api/:org/...`, the new sub-app handled the request and we suppress.
+ * Otherwise the legacy path served the request — log it.
+ */
+export const logDeprecatedRoute: MiddlewareHandler<{
+  Variables: { meshContext: MeshContext };
+}> = async (c, next) => {
+  await next();
+
+  const matched = c.req.matchedRoutes ?? [];
+  const realHandler = matched.find(
+    (r) => r.method !== "ALL" && !r.path.endsWith("*"),
+  );
+  if (!realHandler || realHandler.path.startsWith("/api/:org/")) {
+    return;
+  }
+
+  const ctx = c.get("meshContext");
+  console.log("deprecated route", {
+    route: c.req.routePath,
+    method: c.req.method,
+    org: ctx?.organization?.slug,
+    user: ctx?.auth?.user?.id,
+    ua: c.req.header("user-agent"),
+  });
+};
diff --git a/apps/mesh/src/api/middleware/resolve-org-from-path.test.ts b/apps/mesh/src/api/middleware/resolve-org-from-path.test.ts
new file mode 100644
index 0000000000..a4a45168ab
--- /dev/null
+++ b/apps/mesh/src/api/middleware/resolve-org-from-path.test.ts
@@ -0,0 +1,214 @@
+import { afterEach, beforeEach, describe, expect, it } from "bun:test";
+import { Hono } from "hono";
+import type { MeshContext } from "../../core/mesh-context";
+import {
+  closeTestDatabase,
+  createTestDatabase,
+  type TestDatabase,
+} from "../../database/test-db";
+import { createTestSchema } from "../../storage/test-helpers";
+import { resolveOrgFromPath } from "./resolve-org-from-path";
+
+type Variables = { meshContext: MeshContext };
+
+interface FakeAuth {
+  user?: { id: string };
+  apiKey?: { id: string; name: string; userId: string };
+}
+
+const buildApp = (db: TestDatabase, auth: FakeAuth) => {
+  const app = new Hono<{ Variables: Variables }>();
+  app.use("*", async (c, next) => {
+    // Track the organization id forwarded into AccessControl so tests can
+    // assert that path-resolved org propagates through to permission checks.
+    const accessOrgIds: (string | undefined)[] = [];
+    // Track threads.setOrganizationId calls so tests can assert that the
+    // path-resolved org also rebinds OrgScopedThreadStorage. Without this
+    // rebind, any thread-touching route on the new path family throws
+    // "OrgScopedThreadStorage: thread operations require an authenticated organization".
+    const threadOrgIds: (string | undefined)[] = [];
+    c.set("meshContext", {
+      auth,
+      db: db.db,
+      baseUrl: "http://test",
+      access: {
+        setOrganizationId: (id: string | undefined) => {
+          accessOrgIds.push(id);
+        },
+        setRole: (_role: string | undefined) => {
+          /* no-op for tests; covered by dedicated AccessControl tests */
+        },
+        // Expose the captured ids for tests via a non-standard field
+        _orgIds: accessOrgIds,
+      },
+      storage: {
+        threads: {
+          setOrganizationId: (id: string | undefined) => {
+            threadOrgIds.push(id);
+          },
+          _orgIds: threadOrgIds,
+        },
+      },
+      objectStorage: null,
+    } as unknown as MeshContext);
+    await next();
+  });
+  app.use("/api/:org/*", resolveOrgFromPath);
+  app.get("/api/:org/probe", (c) => {
+    const ctx = c.get("meshContext");
+    return c.json({
+      orgId: ctx.organization?.id,
+      orgSlug: ctx.organization?.slug,
+      // Surface the rebound storage org ids so tests can assert middleware
+      // propagated the org into MeshStorage.
+      threadOrgIds: (
+        ctx.storage.threads as unknown as { _orgIds: (string | undefined)[] }
+      )._orgIds,
+      objectStorageBound: ctx.objectStorage !== null,
+    });
+  });
+  return app;
+};
+
+describe("resolveOrgFromPath", () => {
+  let db: TestDatabase;
+
+  beforeEach(async () => {
+    db = await createTestDatabase();
+    await createTestSchema(db.db);
+
+    // Seed an org "acme" with id "org-1" and a member "user-1".
+    await db.db
+      .insertInto("organization")
+      .values({
+        id: "org-1",
+        slug: "acme",
+        name: "Acme",
+        createdAt: new Date().toISOString(),
+      })
+      .execute();
+    await db.db
+      .insertInto("user")
+      .values({
+        id: "user-1",
+        email: "u@acme.test",
+        name: "U",
+        emailVerified: 0,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+      })
+      .execute();
+    await db.db
+      .insertInto("member")
+      .values({
+        id: "mem-1",
+        userId: "user-1",
+        organizationId: "org-1",
+        role: "member",
+        createdAt: new Date().toISOString(),
+      })
+      .execute();
+  });
+
+  afterEach(async () => {
+    await closeTestDatabase(db);
+  });
+
+  it("returns 404 when slug does not exist", async () => {
+    const app = buildApp(db, { user: { id: "user-1" } });
+    const res = await app.request("/api/nope/probe");
+    expect(res.status).toBe(404);
+  });
+
+  it("returns 403 when user is not a member", async () => {
+    await db.db
+      .insertInto("organization")
+      .values({
+        id: "org-2",
+        slug: "other",
+        name: "Other",
+        createdAt: new Date().toISOString(),
+      })
+      .execute();
+    const app = buildApp(db, { user: { id: "user-1" } });
+    const res = await app.request("/api/other/probe");
+    expect(res.status).toBe(403);
+  });
+
+  it("sets ctx.organization on success", async () => {
+    const app = buildApp(db, { user: { id: "user-1" } });
+    const res = await app.request("/api/acme/probe");
+    expect(res.status).toBe(200);
+    const body = await res.json();
+    expect(body.orgId).toBe("org-1");
+    expect(body.orgSlug).toBe("acme");
+  });
+
+  it("exposes the caller's path-resolved role on ctx.organization", async () => {
+    // AuthTransport constructs a fresh AccessControl per proxied tool call
+    // and reads the role from ctx.organization?.role to decide the
+    // admin/owner bypass — without this, owners 403 on every proxied tool
+    // when the session's active org differs from the URL org.
+    const app = new Hono<{ Variables: Variables }>();
+    app.use("*", async (c, next) => {
+      c.set("meshContext", {
+        auth: { user: { id: "user-1" } },
+        db: db.db,
+        baseUrl: "http://test",
+        access: {
+          setOrganizationId: () => {},
+          setRole: () => {},
+        },
+        storage: { threads: { setOrganizationId: () => {} } },
+        objectStorage: null,
+      } as unknown as MeshContext);
+      await next();
+    });
+    app.use("/api/:org/*", resolveOrgFromPath);
+    app.get("/api/:org/role", (c) => {
+      const ctx = c.get("meshContext");
+      return c.json({ role: ctx.organization?.role });
+    });
+    const res = await app.request("/api/acme/role");
+    expect(res.status).toBe(200);
+    expect(await res.json()).toEqual({ role: "member" });
+  });
+
+  it("passes unauthenticated requests through with org set (so MCP OAuth discovery works)", async () => {
+    // Cursor/Claude rely on mcpAuth returning 401 with a WWW-Authenticate header
+    // pointing at the protected-resource metadata URL. If this middleware blocks
+    // unauthenticated callers with 403, OAuth discovery never starts.
+    const app = buildApp(db, { user: undefined });
+    const res = await app.request("/api/acme/probe");
+    expect(res.status).toBe(200); // probe handler doesn't enforce auth
+    const body = await res.json();
+    expect(body.orgId).toBe("org-1"); // org is set so downstream handlers can use it
+  });
+
+  it("rebinds storage.threads + objectStorage to the path-resolved org", async () => {
+    // Regression: when the new /api/:org path is hit without an x-org-id
+    // header, meshContext is created with org=undefined, so OrgScopedThreadStorage
+    // and objectStorage start out unbound. resolveOrgFromPath must rebind both
+    // after looking up the org from the slug, otherwise thread routes throw
+    // "thread operations require an authenticated organization".
+    const app = buildApp(db, { user: { id: "user-1" } });
+    const res = await app.request("/api/acme/probe");
+    expect(res.status).toBe(200);
+    const body = await res.json();
+    expect(body.threadOrgIds).toEqual(["org-1"]);
+    expect(body.objectStorageBound).toBe(true);
+  });
+
+  it("authorizes api-key principals via the same membership check", async () => {
+    // For api-key auth, the context-factory populates ctx.auth.user.id from
+    // the api key's userId, so a single membership check covers both flows.
+    const app = buildApp(db, {
+      user: { id: "user-1" },
+      apiKey: { id: "key-1", name: "test-key", userId: "" },
+    });
+    const res = await app.request("/api/acme/probe");
+    expect(res.status).toBe(200);
+    const body = await res.json();
+    expect(body.orgId).toBe("org-1");
+  });
+});
diff --git a/apps/mesh/src/api/middleware/resolve-org-from-path.ts b/apps/mesh/src/api/middleware/resolve-org-from-path.ts
new file mode 100644
index 0000000000..0d69e9631e
--- /dev/null
+++ b/apps/mesh/src/api/middleware/resolve-org-from-path.ts
@@ -0,0 +1,92 @@
+import type { MiddlewareHandler } from "hono";
+import type { MeshContext } from "../../core/mesh-context";
+import { createBoundObjectStorage } from "../../object-storage/bound-object-storage";
+import { DevObjectStorage } from "../../object-storage/dev-object-storage";
+import { getObjectStorageS3Service } from "../../object-storage/factory";
+
+export const resolveOrgFromPath: MiddlewareHandler<{
+  Variables: { meshContext: MeshContext };
+}> = async (c, next) => {
+  const slug = c.req.param("org");
+  if (!slug) {
+    return c.json({ error: "org slug missing in path" }, 400);
+  }
+
+  const ctx = c.get("meshContext");
+  if (!ctx?.db) {
+    return c.json({ error: "meshContext not initialized" }, 500);
+  }
+  const db = ctx.db;
+
+  const org = await db
+    .selectFrom("organization")
+    .select(["id", "slug", "name"])
+    .where("slug", "=", slug)
+    .executeTakeFirst();
+
+  if (!org) {
+    return c.json({ error: `organization "${slug}" not found` }, 404);
+  }
+
+  const userId = ctx.auth?.user?.id;
+  // For unauthenticated requests, set the org context but don't enforce
+  // membership here. The downstream auth middleware (mcpAuth) needs to be the
+  // one that returns 401 with WWW-Authenticate so OAuth-capable clients
+  // (Cursor, Claude) can discover the protected-resource metadata URL and
+  // start their OAuth flow. Blocking unauthenticated callers at THIS layer
+  // with 403 short-circuits OAuth discovery entirely.
+  //
+  // The .well-known/oauth-protected-resource discovery endpoint also has to
+  // be reachable without auth — same reason.
+  //
+  // Routes that need an authenticated principal still reject via their own
+  // ctx.access.check() (UnauthorizedError → 401).
+  let pathRole: string | undefined;
+  if (userId) {
+    const membership = await db
+      .selectFrom("member")
+      .select(["role"])
+      .where("userId", "=", userId)
+      .where("organizationId", "=", org.id)
+      .executeTakeFirst();
+
+    if (!membership) {
+      return c.json({ error: "forbidden: not a member of organization" }, 403);
+    }
+    pathRole = membership.role;
+  }
+
+  ctx.organization = {
+    id: org.id,
+    slug: org.slug,
+    name: org.name,
+    role: pathRole,
+  };
+  // Tell AccessControl to use the path-resolved org for permission checks.
+  // Without this, boundAuth.hasPermission falls back to the session's
+  // activeOrganizationId — which races with signup in CI and can be stale or
+  // pointing at a different org than the URL.
+  ctx.access.setOrganizationId(org.id);
+  // Also propagate the user's role in the path-resolved org. AccessControl's
+  // built-in admin/owner bypass reads `this.role`, which was set at
+  // construction time from the session's active org. When the path targets a
+  // different org — or when there's no active org and the role was undefined
+  // — the bypass silently fails and owners get spurious 403s on tool calls.
+  ctx.access.setRole(pathRole);
+  // Rebind org-scoped storage that was constructed eagerly with `undefined`
+  // when meshContext was created (no `x-org-id` header on the new path
+  // means `organization` was not yet resolved). Without this, any thread
+  // operation throws "thread operations require an authenticated organization".
+  ctx.storage.threads.setOrganizationId(org.id);
+  // objectStorage is also constructed eagerly (null when no org). Rebuild it
+  // here using the same logic as context-factory so OBJECT_STORAGE binding
+  // resolves on the new path family.
+  if (!ctx.objectStorage) {
+    const s3Service = getObjectStorageS3Service();
+    ctx.objectStorage = s3Service
+      ? createBoundObjectStorage(s3Service, org.id)
+      : new DevObjectStorage(org.id, ctx.baseUrl);
+  }
+
+  return await next();
+};
diff --git a/apps/mesh/src/api/routes/auth.ts b/apps/mesh/src/api/routes/auth.ts
index 03b3a157ef..00e350612b 100644
--- a/apps/mesh/src/api/routes/auth.ts
+++ b/apps/mesh/src/api/routes/auth.ts
@@ -7,6 +7,7 @@
 
 import { Hono } from "hono";
 import { getConnInfo } from "hono/bun";
+import { posthog } from "../../posthog";
 import { getSettings } from "../../settings";
 import {
   auth,
@@ -56,8 +57,8 @@ export type AuthConfig = {
         enabled: false;
       };
   /**
-   * Whether STDIO connections are allowed.
-   * Disabled by default in production unless UNSAFE_ALLOW_STDIO_TRANSPORT=true
+   * Whether STDIO connections are allowed. Only true in local mode, since
+   * STDIO transports spawn arbitrary local commands.
    */
   stdioEnabled: boolean;
   /**
@@ -67,73 +68,46 @@ export type AuthConfig = {
   localMode: boolean;
 };
 
-/**
- * Auth Configuration Endpoint
- *
- * Returns information about available authentication methods
- *
- * Route: GET /api/auth/custom/config
- */
-app.get("/config", async (c) => {
-  try {
-    const socialProviders = Object.keys(authConfig.socialProviders ?? {});
-    const hasSocialProviders = socialProviders.length > 0;
-    const providers = socialProviders.map((name) => ({
-      name,
-      icon: KNOWN_OAUTH_PROVIDERS[name as OAuthProvider].icon,
-    }));
-
-    // STDIO is enabled in local mode, in non-production environments,
-    // or when explicitly allowed via UNSAFE_ALLOW_STDIO_TRANSPORT
-    const settings = getSettings();
-    const stdioEnabled =
-      settings.localMode ||
-      settings.nodeEnv !== "production" ||
-      settings.unsafeAllowStdioTransport;
-
-    const config: AuthConfig = {
-      emailAndPassword: {
-        enabled: authConfig.emailAndPassword?.enabled ?? false,
-      },
-      magicLink: {
-        enabled: authConfig.magicLinkConfig?.enabled ?? false,
-      },
-      emailOtp: {
-        enabled: authConfig.emailOtpConfig?.enabled ?? false,
-      },
-      resetPassword: {
-        enabled: resetPasswordEnabled,
-      },
-      socialProviders: {
-        enabled: hasSocialProviders,
-        providers: providers,
-      },
-      sso: authConfig.ssoConfig
-        ? {
-            enabled: true,
-            providerId: authConfig.ssoConfig.providerId,
-          }
-        : {
-            enabled: false,
-          },
-      stdioEnabled,
-      localMode: isLocalMode(),
-    };
-
-    return c.json({ success: true, config });
-  } catch (error) {
-    const errorMessage =
-      error instanceof Error ? error.message : "Failed to load auth config";
-
-    return c.json(
-      {
-        success: false,
-        error: errorMessage,
-      },
-      500,
-    );
-  }
-});
+export function buildAuthConfig(): AuthConfig {
+  const socialProviders = Object.keys(authConfig.socialProviders ?? {});
+  const hasSocialProviders = socialProviders.length > 0;
+  const providers = socialProviders.map((name) => ({
+    name,
+    icon: KNOWN_OAUTH_PROVIDERS[name as OAuthProvider].icon,
+  }));
+
+  // STDIO is only available in local mode — see outbound/index.ts STDIO case.
+  const stdioEnabled = getSettings().localMode;
+
+  return {
+    emailAndPassword: {
+      enabled: authConfig.emailAndPassword?.enabled ?? false,
+    },
+    magicLink: {
+      enabled: authConfig.magicLinkConfig?.enabled ?? false,
+    },
+    emailOtp: {
+      enabled: authConfig.emailOtpConfig?.enabled ?? false,
+    },
+    resetPassword: {
+      enabled: resetPasswordEnabled,
+    },
+    socialProviders: {
+      enabled: hasSocialProviders,
+      providers: providers,
+    },
+    sso: authConfig.ssoConfig
+      ? {
+          enabled: true,
+          providerId: authConfig.ssoConfig.providerId,
+        }
+      : {
+          enabled: false,
+        },
+    stdioEnabled,
+    localMode: isLocalMode(),
+  };
+}
 
 /**
  * Local Mode Auto-Session Endpoint
@@ -335,8 +309,20 @@ app.post("/domain-join", async (c) => {
       }
     }
 
+    posthog.capture({
+      distinctId: session.user.id,
+      event: "organization_domain_joined",
+      groups: { organization: org.id },
+      properties: {
+        organization_id: org.id,
+        organization_slug: org.slug,
+        email_domain: emailDomain,
+      },
+    });
+
     return c.json({ success: true, slug: org.slug });
   } catch (error) {
+    posthog.captureException(error, session.user.id);
     console.error("[Auth] Domain join failed:", error);
     return c.json(
       { success: false, error: "Failed to join organization" },
@@ -524,12 +510,46 @@ app.post("/domain-setup", async (c) => {
       console.error("[Auth] Brand extraction failed (non-fatal):", brandError);
     }
 
+    posthog.identify({
+      distinctId: session.user.id,
+      properties: {
+        email: session.user.email,
+        $set: { email: session.user.email },
+        $set_once: { first_organization_created_at: new Date().toISOString() },
+      },
+    });
+
+    posthog.groupIdentify({
+      groupType: "organization",
+      groupKey: orgId,
+      properties: {
+        name: orgResult.slug ?? baseSlug,
+        slug: orgResult.slug ?? baseSlug,
+        email_domain: emailDomain,
+        brand_extracted: brandExtracted,
+        created_at: new Date().toISOString(),
+      },
+    });
+
+    posthog.capture({
+      distinctId: session.user.id,
+      event: "organization_created",
+      groups: { organization: orgId },
+      properties: {
+        organization_id: orgId,
+        organization_slug: orgResult.slug ?? baseSlug,
+        email_domain: emailDomain,
+        brand_extracted: brandExtracted,
+      },
+    });
+
     return c.json({
       success: true,
       slug: orgResult.slug ?? baseSlug,
       brandExtracted,
     });
   } catch (error) {
+    posthog.captureException(error, session.user?.id);
     console.error("[Auth] Domain setup failed:", error);
     return c.json(
       { success: false, error: "Failed to set up organization" },
diff --git a/apps/mesh/src/api/routes/deco-sites.ts b/apps/mesh/src/api/routes/deco-sites.ts
index af7b9d8931..dd84ba58ef 100644
--- a/apps/mesh/src/api/routes/deco-sites.ts
+++ b/apps/mesh/src/api/routes/deco-sites.ts
@@ -18,8 +18,6 @@ import { fetchToolsFromMCP } from "../../tools/connection/fetch-tools";
 
 type Variables = { meshContext: MeshContext };
 
-const app = new Hono<{ Variables: Variables }>();
-
 interface SupabaseSite {
   name: string;
   domains: { domain: string; production: boolean }[] | null;
@@ -236,12 +234,19 @@ async function getOrCreateTeamServiceAccount(
     email,
   );
 
-  // 2. Create profile
-  await supabasePost<{ id: number }>(supabaseUrl, serviceKey, "profiles", {
-    user_id: authUserId,
-    email,
-    name: `Mesh Service Account (team ${teamId})`,
-  });
+  // 2. Create profile (skip if a DB trigger already created one)
+  const autoProfile = await supabaseGet<{ user_id: string }>(
+    supabaseUrl,
+    serviceKey,
+    `profiles?user_id=eq.${encodeURIComponent(authUserId)}&select=user_id&limit=1`,
+  );
+  if (!autoProfile[0]) {
+    await supabasePost<{ id: number }>(supabaseUrl, serviceKey, "profiles", {
+      user_id: authUserId,
+      email,
+      name: `Mesh Service Account (team ${teamId})`,
+    });
+  }
 
   // 3. Create team membership (admin: true)
   const member = await supabasePost<{ id: number }>(
@@ -265,94 +270,17 @@ async function getOrCreateTeamServiceAccount(
   return getOrCreateDecoApiKey(supabaseUrl, serviceKey, authUserId);
 }
 
-// Require an authenticated user on every handler in this router.
-app.use("*", async (c, next) => {
+// Auth middleware shared by both factories: require an authenticated user.
+const requireAuth = async (
+  c: import("hono").Context<{ Variables: Variables }>,
+  next: () => Promise<void>,
+) => {
   const ctx = c.get("meshContext");
   if (!ctx.auth.user?.id) {
     return c.json({ error: "Unauthorized" }, 401);
   }
   return next();
-});
-
-/**
- * GET /api/deco-sites/profile
- *
- * Lightweight check: returns whether the authenticated user has a deco.cx profile.
- * Used to conditionally show deco.cx onboarding UI without fetching all sites.
- */
-app.get("/profile", async (c) => {
-  const ctx = c.get("meshContext");
-  const email = ctx.auth.user?.email;
-  if (!email) return c.json({ error: "Unauthorized" }, 401);
-
-  const config = getSupabaseConfig();
-  if (!config) return c.json({ isDecoUser: false });
-
-  try {
-    const profileId = await resolveProfileId(
-      config.supabaseUrl,
-      config.serviceKey,
-      email,
-    );
-    return c.json({ isDecoUser: profileId !== null });
-  } catch {
-    return c.json({ isDecoUser: false });
-  }
-});
-
-/**
- * GET /api/deco-sites
- *
- * Returns deco.cx sites belonging to the authenticated user.
- * The deco.cx API key is intentionally NOT returned — it remains server-side.
- */
-app.get("/", async (c) => {
-  const ctx = c.get("meshContext");
-
-  const email = ctx.auth.user?.email;
-  if (!email) {
-    return c.json({ error: "Unauthorized" }, 401);
-  }
-
-  const config = getSupabaseConfig();
-  if (!config) {
-    return c.json({ sites: [] });
-  }
-  const { supabaseUrl, serviceKey } = config;
-
-  try {
-    const profileId = await resolveProfileId(supabaseUrl, serviceKey, email);
-    if (!profileId) {
-      return c.json({ sites: [] });
-    }
-
-    const members = await supabaseGet<{ team_id: number }>(
-      supabaseUrl,
-      serviceKey,
-      `members?user_id=eq.${encodeURIComponent(profileId)}&deleted_at=is.null&select=team_id`,
-    );
-
-    // Guard: only allow integer team IDs to prevent query injection.
-    const teamIds = members
-      .map((m) => m.team_id)
-      .filter((id): id is number => Number.isInteger(id));
-
-    if (teamIds.length === 0) {
-      return c.json({ sites: [] });
-    }
-
-    const sites = await supabaseGet<SupabaseSite>(
-      supabaseUrl,
-      serviceKey,
-      `sites?team=in.(${teamIds.join(",")})&select=name,domains,thumb_url&order=id`,
-    );
-
-    return c.json({ sites });
-  } catch (err) {
-    console.error("[deco-sites] GET error:", err);
-    return c.json({ error: "Failed to fetch sites" }, 502);
-  }
-});
+};
 
 const ADMIN_MCP = "https://sites-admin-mcp.decocache.com/api/mcp";
 
@@ -373,137 +301,242 @@ async function fetchFaviconAsDataUrl(domain: string): Promise<string | null> {
 }
 
 /**
- * POST /api/deco-sites/connection
- *
- * Creates the deco.cx MCP connection server-side so the API key never reaches
- * the browser. The caller supplies a pre-generated connId so subsequent
- * project-linking tool calls can reference it without an extra round-trip.
+ * User-scoped routes (NOT org-scoped). Stays mounted at /api/deco-sites
+ * permanently — no deprecation log.
  */
-app.post("/connection", async (c) => {
-  const ctx = c.get("meshContext");
+export const createDecoSitesUserRoutes = () => {
+  const app = new Hono<{ Variables: Variables }>();
+
+  app.use("*", requireAuth);
+
+  /**
+   * GET /api/deco-sites/profile
+   *
+   * Lightweight check: returns whether the authenticated user has a deco.cx profile.
+   * Used to conditionally show deco.cx onboarding UI without fetching all sites.
+   */
+  app.get("/profile", async (c) => {
+    const ctx = c.get("meshContext");
+    const email = ctx.auth.user?.email;
+    if (!email) return c.json({ error: "Unauthorized" }, 401);
+
+    const config = getSupabaseConfig();
+    if (!config) return c.json({ isDecoUser: false });
+
+    try {
+      const profileId = await resolveProfileId(
+        config.supabaseUrl,
+        config.serviceKey,
+        email,
+      );
+      return c.json({ isDecoUser: profileId !== null });
+    } catch {
+      return c.json({ isDecoUser: false });
+    }
+  });
 
-  const email = ctx.auth.user?.email;
-  const userId = getUserId(ctx);
-  if (!email || !userId) {
-    return c.json({ error: "Unauthorized" }, 401);
-  }
+  return app;
+};
 
-  let body: { siteName: string; orgId: string };
-  try {
-    body = await c.req.json();
-  } catch {
-    return c.json({ error: "Invalid request body" }, 400);
-  }
+/**
+ * Org-scoped routes. Currently mounted at /api/deco-sites with a
+ * deprecation log; will move to /api/:org/deco-sites in Task 14.
+ */
+export const createDecoSitesOrgRoutes = () => {
+  const app = new Hono<{ Variables: Variables }>();
+
+  app.use("*", requireAuth);
+
+  /**
+   * GET /api/deco-sites
+   *
+   * Returns deco.cx sites belonging to the authenticated user.
+   * The deco.cx API key is intentionally NOT returned — it remains server-side.
+   */
+  app.get("/", async (c) => {
+    const ctx = c.get("meshContext");
+
+    const email = ctx.auth.user?.email;
+    if (!email) {
+      return c.json({ error: "Unauthorized" }, 401);
+    }
 
-  const { siteName, orgId } = body;
-  if (!siteName || !orgId) {
-    return c.json({ error: "siteName and orgId are required" }, 400);
-  }
+    const config = getSupabaseConfig();
+    if (!config) {
+      return c.json({ sites: [] });
+    }
+    const { supabaseUrl, serviceKey } = config;
 
-  const connId = generatePrefixedId("conn");
+    try {
+      const profileId = await resolveProfileId(supabaseUrl, serviceKey, email);
+      if (!profileId) {
+        return c.json({ sites: [] });
+      }
 
-  // Validate siteName is a safe DNS subdomain label to prevent SSRF.
-  if (!/^[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?$/.test(siteName)) {
-    return c.json({ error: "Invalid siteName" }, 400);
-  }
+      const members = await supabaseGet<{ team_id: number }>(
+        supabaseUrl,
+        serviceKey,
+        `members?user_id=eq.${encodeURIComponent(profileId)}&deleted_at=is.null&select=team_id`,
+      );
 
-  const membership = await ctx.db
-    .selectFrom("member")
-    .select("member.id")
-    .where("member.userId", "=", userId)
-    .where("member.organizationId", "=", orgId)
-    .executeTakeFirst();
+      // Guard: only allow integer team IDs to prevent query injection.
+      const teamIds = members
+        .map((m) => m.team_id)
+        .filter((id): id is number => Number.isInteger(id));
 
-  if (!membership) {
-    return c.json({ error: "Forbidden" }, 403);
-  }
+      if (teamIds.length === 0) {
+        return c.json({ sites: [] });
+      }
 
-  const config = getSupabaseConfig();
-  if (!config) {
-    return c.json({ error: "Deco integration is not configured" }, 503);
-  }
-  const { supabaseUrl, serviceKey } = config;
+      const sites = await supabaseGet<SupabaseSite>(
+        supabaseUrl,
+        serviceKey,
+        `sites?team=in.(${teamIds.join(",")})&select=name,domains,thumb_url&order=id`,
+      );
 
-  try {
-    // Verify the user has a deco.cx account.
-    const profileId = await resolveProfileId(supabaseUrl, serviceKey, email);
-    if (!profileId) {
-      return c.json({ error: "No deco.cx account found for this user" }, 404);
+      return c.json({ sites });
+    } catch (err) {
+      console.error("[deco-sites] GET error:", err);
+      return c.json({ error: "Failed to fetch sites" }, 502);
     }
+  });
 
-    // Resolve which team owns this site.
-    const teamId = await resolveTeamIdForSite(
-      supabaseUrl,
-      serviceKey,
-      siteName,
-    );
-    if (!teamId) {
-      return c.json({ error: "Site not found or has no team" }, 404);
+  /**
+   * POST /api/deco-sites/connection
+   *
+   * Creates the deco.cx MCP connection server-side so the API key never reaches
+   * the browser. The caller supplies a pre-generated connId so subsequent
+   * project-linking tool calls can reference it without an extra round-trip.
+   */
+  app.post("/connection", async (c) => {
+    const ctx = c.get("meshContext");
+
+    const email = ctx.auth.user?.email;
+    const userId = getUserId(ctx);
+    if (!email || !userId) {
+      return c.json({ error: "Unauthorized" }, 401);
     }
 
-    // Verify the user is a member of the site's team.
-    const decoMembership = await supabaseGet<{ id: number }>(
-      supabaseUrl,
-      serviceKey,
-      `members?user_id=eq.${encodeURIComponent(profileId)}&team_id=eq.${teamId}&deleted_at=is.null&select=id&limit=1`,
-    );
-    if (!decoMembership[0]) {
-      return c.json({ error: "You are not a member of this site's team" }, 403);
+    let body: { siteName: string; orgId: string };
+    try {
+      body = await c.req.json();
+    } catch {
+      return c.json({ error: "Invalid request body" }, 400);
     }
 
-    const apiKey = await getOrCreateTeamServiceAccount(
-      supabaseUrl,
-      serviceKey,
-      teamId,
-    );
+    const { siteName, orgId } = body;
+    if (!siteName || !orgId) {
+      return c.json({ error: "siteName and orgId are required" }, 400);
+    }
 
-    // Fetch tools and scopes from the MCP server before storing, mirroring
-    // what COLLECTION_CONNECTIONS_CREATE does so the tools list isn't empty.
-    const fetchResult = await fetchToolsFromMCP({
-      id: `pending-${connId}`,
-      title: `deco.cx — ${siteName}`,
-      connection_type: "HTTP",
-      connection_url: ADMIN_MCP,
-      connection_token: apiKey,
-    }).catch(() => null);
-    const tools = fetchResult?.tools?.length ? fetchResult.tools : null;
-    const configuration_scopes = fetchResult?.scopes?.length
-      ? fetchResult.scopes
-      : null;
-
-    // Fetch the favicon server-side to avoid CORS issues.
-    // Returned to the caller so it can be set as the project icon.
-    const faviconIcon = await fetchFaviconAsDataUrl(`${siteName}.deco.site`);
-
-    // Store the connection with the API key encrypted by the vault.
-    // The key is never serialised into any response body.
-    const connection = await ctx.storage.connections.create({
-      id: connId,
-      organization_id: orgId,
-      created_by: userId,
-      title: `deco.cx — ${siteName}`,
-      description: `Admin MCP for deco.cx site: ${siteName}`,
-      connection_type: "HTTP",
-      connection_url: ADMIN_MCP,
-      connection_token: apiKey,
-      connection_headers: null,
-      oauth_config: null,
-      configuration_state: {
-        SITE_NAME: siteName,
-      },
-      metadata: { source: "deco.cx-import" },
-      icon: null,
-      app_name: "deco.cx",
-      app_id: null,
-      tools,
-      configuration_scopes,
-    });
+    const connId = generatePrefixedId("conn");
 
-    return c.json({ connId: connection.id, icon: faviconIcon });
-  } catch (err) {
-    console.error("[deco-sites] POST /connection error:", err);
-    return c.json({ error: "Failed to create connection" }, 500);
-  }
-});
+    // Validate siteName is a safe DNS subdomain label to prevent SSRF.
+    if (!/^[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?$/.test(siteName)) {
+      return c.json({ error: "Invalid siteName" }, 400);
+    }
+
+    const membership = await ctx.db
+      .selectFrom("member")
+      .select("member.id")
+      .where("member.userId", "=", userId)
+      .where("member.organizationId", "=", orgId)
+      .executeTakeFirst();
+
+    if (!membership) {
+      return c.json({ error: "Forbidden" }, 403);
+    }
+
+    const config = getSupabaseConfig();
+    if (!config) {
+      return c.json({ error: "Deco integration is not configured" }, 503);
+    }
+    const { supabaseUrl, serviceKey } = config;
+
+    try {
+      // Verify the user has a deco.cx account.
+      const profileId = await resolveProfileId(supabaseUrl, serviceKey, email);
+      if (!profileId) {
+        return c.json({ error: "No deco.cx account found for this user" }, 404);
+      }
+
+      // Resolve which team owns this site.
+      const teamId = await resolveTeamIdForSite(
+        supabaseUrl,
+        serviceKey,
+        siteName,
+      );
+      if (!teamId) {
+        return c.json({ error: "Site not found or has no team" }, 404);
+      }
+
+      // Verify the user is a member of the site's team.
+      const decoMembership = await supabaseGet<{ id: number }>(
+        supabaseUrl,
+        serviceKey,
+        `members?user_id=eq.${encodeURIComponent(profileId)}&team_id=eq.${teamId}&deleted_at=is.null&select=id&limit=1`,
+      );
+      if (!decoMembership[0]) {
+        return c.json(
+          { error: "You are not a member of this site's team" },
+          403,
+        );
+      }
+
+      const apiKey = await getOrCreateTeamServiceAccount(
+        supabaseUrl,
+        serviceKey,
+        teamId,
+      );
+
+      // Fetch tools and scopes from the MCP server before storing, mirroring
+      // what COLLECTION_CONNECTIONS_CREATE does so the tools list isn't empty.
+      const fetchResult = await fetchToolsFromMCP({
+        id: `pending-${connId}`,
+        title: `deco.cx — ${siteName}`,
+        connection_type: "HTTP",
+        connection_url: ADMIN_MCP,
+        connection_token: apiKey,
+      }).catch(() => null);
+      const tools = fetchResult?.tools?.length ? fetchResult.tools : null;
+      const configuration_scopes = fetchResult?.scopes?.length
+        ? fetchResult.scopes
+        : null;
+
+      // Fetch the favicon server-side to avoid CORS issues.
+      // Returned to the caller so it can be set as the project icon.
+      const faviconIcon = await fetchFaviconAsDataUrl(`${siteName}.deco.site`);
+
+      // Store the connection with the API key encrypted by the vault.
+      // The key is never serialised into any response body.
+      const connection = await ctx.storage.connections.create({
+        id: connId,
+        organization_id: orgId,
+        created_by: userId,
+        title: `deco.cx — ${siteName}`,
+        description: `Admin MCP for deco.cx site: ${siteName}`,
+        connection_type: "HTTP",
+        connection_url: ADMIN_MCP,
+        connection_token: apiKey,
+        connection_headers: null,
+        oauth_config: null,
+        configuration_state: {
+          SITE_NAME: siteName,
+        },
+        metadata: { source: "deco.cx-import" },
+        icon: null,
+        app_name: "deco.cx",
+        app_id: null,
+        tools,
+        configuration_scopes,
+      });
+
+      return c.json({ connId: connection.id, icon: faviconIcon });
+    } catch (err) {
+      console.error("[deco-sites] POST /connection error:", err);
+      return c.json({ error: "Failed to create connection" }, 500);
+    }
+  });
 
-export default app;
+  return app;
+};
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/constants.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/constants.ts
new file mode 100644
index 0000000000..9ac54ebeea
--- /dev/null
+++ b/apps/mesh/src/api/routes/decopilot/built-in-tools/constants.ts
@@ -0,0 +1,4 @@
+export const BROWSERLESS_BASE_URL = "https://chrome.browserless.io";
+
+/** Results above this threshold are offloaded to blob storage. */
+export const LARGE_RESULT_TOKEN_THRESHOLD = 8_000;
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/enable-tools.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/enable-tools.ts
index ec7e746432..16f29516d7 100644
--- a/apps/mesh/src/api/routes/decopilot/built-in-tools/enable-tools.ts
+++ b/apps/mesh/src/api/routes/decopilot/built-in-tools/enable-tools.ts
@@ -11,7 +11,14 @@ import { z } from "zod";
 const enableToolsInputSchema = z.object({
   tools: z
     .array(z.string())
-    .describe("List of tool names to enable from the available tools catalog"),
+    .optional()
+    .describe("Specific tool names to enable"),
+  connections: z
+    .array(z.string())
+    .optional()
+    .describe(
+      "Connection IDs from <available-connections> — enables all tools in those connections",
+    ),
 });
 
 /**
@@ -19,11 +26,13 @@ const enableToolsInputSchema = z.object({
  *
  * @param enabledTools - Shared set that tracks which tools have been enabled
  * @param availableToolNames - Set of all tool names from the passthrough client
+ * @param connectionToolsMap - Map of connection ID → safe tool names in that connection
  * @param options - Optional config for plan-mode gating
  */
 export function createEnableToolsTool(
   enabledTools: Set<string>,
   availableToolNames: Set<string>,
+  connectionToolsMap: Map<string, string[]>,
   options?: {
     isPlanMode?: boolean;
     toolAnnotations?: Map<string, { readOnlyHint?: boolean }>;
@@ -34,16 +43,27 @@ export function createEnableToolsTool(
       "Enable tools from the available tools catalog so they can be called in subsequent steps. " +
       "Call this before using any tool listed in <available-connections>.\n\n" +
       "Usage notes:\n" +
-      "- Batch related tools in a single call to minimize round-trips.\n" +
-      "- Enable only the tools you need for your next step — you can always enable more later.\n" +
+      "- Pass connection IDs from <available-connections> to enable all tools in a connection at once.\n" +
+      "- Pass specific tool names to enable individual tools.\n" +
       "- Built-in tools (user_ask, subtask, agent_search, read_tool_output) are always available and do not need enabling.",
     inputSchema: enableToolsInputSchema,
-    execute: async ({ tools }) => {
+    execute: async ({ tools = [], connections = [] }) => {
       const enabled: string[] = [];
       const notFound: string[] = [];
       const blocked: string[] = [];
 
-      for (const name of tools) {
+      // Expand connection IDs to their tool names
+      const toolsToEnable = [...tools];
+      for (const connId of connections) {
+        const connTools = connectionToolsMap.get(connId);
+        if (!connTools || connTools.length === 0) {
+          notFound.push(connId);
+          continue;
+        }
+        toolsToEnable.push(...connTools);
+      }
+
+      for (const name of toolsToEnable) {
         if (!availableToolNames.has(name)) {
           notFound.push(name);
           continue;
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/generate-image.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/generate-image.ts
index b9b17b7669..b3b46d47c3 100644
--- a/apps/mesh/src/api/routes/decopilot/built-in-tools/generate-image.ts
+++ b/apps/mesh/src/api/routes/decopilot/built-in-tools/generate-image.ts
@@ -123,7 +123,9 @@ function validateExternalUrl(url: string): void {
     throw new Error("Invalid image URL");
   }
 
-  const allowHttp = getSettings().nodeEnv !== "production";
+  // Local mode is single-tenant developer experience and may want to point
+  // at `http://localhost`-style fixtures; everywhere else requires HTTPS.
+  const allowHttp = getSettings().localMode;
   if (
     parsed.protocol !== "https:" &&
     !(allowHttp && parsed.protocol === "http:")
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/index.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/index.ts
index 6e318316e6..8cf98c0729 100644
--- a/apps/mesh/src/api/routes/decopilot/built-in-tools/index.ts
+++ b/apps/mesh/src/api/routes/decopilot/built-in-tools/index.ts
@@ -6,46 +6,105 @@
  */
 
 import type { MeshContext, OrganizationScope } from "@/core/mesh-context";
+import { posthog } from "@/posthog";
 import type { UIMessageStreamWriter } from "ai";
 import { toolNeedsApproval, type ToolApprovalLevel } from "../helpers";
+
+// Known destructive/read-only classifications for built-in tools. Mirrors
+// the MCP annotations used by passthrough tools so dashboards can filter
+// uniformly across both sources.
+const BUILTIN_TOOL_ANNOTATIONS: Record<
+  string,
+  { readOnly?: boolean; destructive?: boolean }
+> = {
+  agent_search: { readOnly: true, destructive: false },
+  read_tool_output: { readOnly: true, destructive: false },
+  read_resource: { readOnly: true, destructive: false },
+  read_prompt: { readOnly: true, destructive: false },
+  web_search: { readOnly: true, destructive: false },
+  generate_image: { readOnly: false, destructive: false },
+  open_in_agent: { readOnly: false, destructive: false },
+  subtask: { readOnly: false, destructive: false },
+  user_ask: { readOnly: true, destructive: false },
+  propose_plan: { readOnly: true, destructive: false },
+  enable_tools: { readOnly: true, destructive: false },
+};
 import { createAgentSearchTool } from "./agent-search";
 import { createReadToolOutputTool } from "./read-tool-output";
 import { createReadPromptTool } from "./prompts";
 import { createReadResourceTool } from "./resources";
 import { createSandboxTool, type VirtualClient } from "./sandbox";
 import { createVmTools } from "./vm-tools";
-import { createOpenInAgentTool } from "./open-in-agent";
+import { getSharedRunner } from "@/sandbox/lifecycle";
+import { ensureVmForBranch } from "@/tools/vm/start";
 import { createSubtaskTool } from "./subtask";
 import { userAskTool } from "./user-ask";
 import { proposePlanTool } from "./propose-plan";
 import { createGenerateImageTool } from "./generate-image";
 import { createWebSearchTool } from "./web-search";
+import { createTakeScreenshotTool, type PendingImage } from "./take-screenshot";
+import { createScrapeUrlTool } from "./scrape-url";
+import { createInspectPageTool } from "./inspect-page";
 import type { ModelsConfig } from "../types";
 import type { MeshProvider } from "@/ai-providers/types";
 
+/**
+ * Identifies the (virtual MCP, branch, user) tuple that the built-in VM
+ * tools should bind to. Provisioning is lazy — the VM is only ensured on
+ * the first VM-tool invocation.
+ */
+export type VmContext = {
+  virtualMcpId: string;
+  branch: string;
+  userId: string;
+  /**
+   * Current chat thread id. Used by `share_with_user` to scope artifacts
+   * under `model-outputs/<threadId>/`. Required because one ephemeral
+   * sandbox serves multiple threads of the same (user, agent), so the
+   * thread isn't deducible from the sandbox identity alone.
+   */
+  threadId: string;
+};
+
 export interface BuiltinToolParams {
   /** Provider — null for Claude Code (subtask tool is omitted when null) */
   provider: MeshProvider | null;
   organization: OrganizationScope;
   models: ModelsConfig;
-  userId: string;
   toolApprovalLevel?: ToolApprovalLevel;
   /** When true (chat mode `plan`), include `propose_plan` and plan-style approvals */
   isPlanMode?: boolean;
   toolOutputMap: Map<string, string>;
   passthroughClient: VirtualClient;
-  /** When set, VM file tools replace the sandbox tool */
-  activeVm?: { vmBaseUrl: string } | null;
+  /**
+   * Images captured by take_screenshot, queued for injection as user
+   * messages by prepareStep in stream-core.ts. This approach works
+   * across all providers (including OpenRouter) since images in tool
+   * result messages aren't universally supported.
+   */
+  pendingImages: PendingImage[];
+  /**
+   * When set, the six VM file tools (read/write/edit/grep/glob/bash) are
+   * registered with a memoized lazy provisioner: the first tool call
+   * triggers `ensureVmForBranch`, subsequent calls reuse the same handle.
+   * When null, no VM-backed code execution tool is included.
+   */
+  vmContext?: VmContext | null;
+  /** Thread (task) id of the current run — needed by tools that persist
+   *  thread-scoped state (e.g. web_search reconnecting to Gemini Deep Research). */
+  taskId: string;
 }
 
+export type { PendingImage };
+
 /**
  * Full tool set type — always includes propose_plan so that ChatMessage
  * (derived via ReturnType) can render historical plan parts regardless
  * of the current chat mode.
  */
-export type BuiltInToolSet = ReturnType<typeof buildAllTools>;
+export type BuiltInToolSet = Awaited<ReturnType<typeof buildAllTools>>;
 
-function buildAllTools(
+async function buildAllTools(
   writer: UIMessageStreamWriter,
   params: BuiltinToolParams,
   ctx: MeshContext,
@@ -54,12 +113,13 @@ function buildAllTools(
     provider,
     organization,
     models,
-    userId,
     toolApprovalLevel = "auto",
     isPlanMode = false,
     toolOutputMap,
+    pendingImages,
     passthroughClient,
-    activeVm,
+    vmContext,
+    taskId,
   } = params;
   const approvalOpts = { isPlanMode };
   const tools: Record<string, unknown> = {
@@ -86,33 +146,46 @@ function buildAllTools(
       passthroughClient,
       toolOutputMap,
     }),
-    open_in_agent: createOpenInAgentTool(
-      writer,
-      {
-        organization,
-        userId,
-        needsApproval:
-          toolNeedsApproval(toolApprovalLevel, false, approvalOpts) !== false,
-      },
-      ctx,
-    ),
   };
-  // VM tools replace sandbox when a VM is active
-  if (activeVm) {
-    const vmTools = createVmTools({
-      vmBaseUrl: activeVm.vmBaseUrl,
-      toolOutputMap,
-      needsApproval:
-        toolNeedsApproval(toolApprovalLevel, false, approvalOpts) !== false,
-    });
-    Object.assign(tools, vmTools);
-  } else {
-    tools.sandbox = createSandboxTool({
-      passthroughClient,
-      toolOutputMap,
-      needsApproval:
-        toolNeedsApproval(toolApprovalLevel, false, approvalOpts) !== false,
-    });
+  // VM file tools — six LLM-visible tools (read/write/edit/grep/glob/bash)
+  // always registered when a vmContext is provided. The handle is resolved
+  // lazily on the first tool invocation: `ensureVmForBranch` either reuses
+  // the existing vmMap entry (fast path) or provisions a new sandbox via
+  // the env-selected runner. The promise is memoized on the closure so
+  // parallel first calls (e.g. the model emitting bash + read in one step)
+  // share a single provisioning round-trip.
+  const vmNeedsApproval =
+    toolNeedsApproval(toolApprovalLevel, false, approvalOpts) !== false;
+  if (vmContext) {
+    const runner = await getSharedRunner(ctx);
+    let cached: Promise<string> | null = null;
+    const ensureHandle = () => {
+      if (!cached) {
+        cached = ensureVmForBranch(
+          { virtualMcpId: vmContext.virtualMcpId, branch: vmContext.branch },
+          ctx,
+        ).then((entry) => entry.vmId);
+        // Reset on failure so the next tool call retries instead of
+        // permanently caching a rejected promise.
+        cached.catch(() => {
+          cached = null;
+        });
+      }
+      return cached;
+    };
+    Object.assign(
+      tools,
+      createVmTools({
+        runner,
+        ensureHandle,
+        toolOutputMap,
+        needsApproval: vmNeedsApproval,
+        pendingImages,
+        ctx,
+        threadId: vmContext.threadId,
+        virtualMcpId: vmContext.virtualMcpId,
+      }),
+    );
   }
   // subtask requires a provider (LLM calls) — skip when provider is null (Claude Code)
   if (provider) {
@@ -143,6 +216,23 @@ function buildAllTools(
       deepResearchModelInfo: models.deepResearch,
       ctx,
       toolOutputMap,
+      taskId,
+    });
+  }
+  // take_screenshot and scrape_url require Browserless API token
+  if (process.env.BROWSERLESS_TOKEN) {
+    tools.take_screenshot = createTakeScreenshotTool(writer, {
+      ctx,
+      toolOutputMap,
+      pendingImages,
+    });
+    tools.scrape_url = createScrapeUrlTool(writer, {
+      ctx,
+      toolOutputMap,
+    });
+    tools.inspect_page = createInspectPageTool(writer, {
+      ctx,
+      toolOutputMap,
     });
   }
   return tools as {
@@ -154,22 +244,106 @@ function buildAllTools(
     sandbox: ReturnType<typeof createSandboxTool>;
     read_resource: ReturnType<typeof createReadResourceTool>;
     read_prompt: ReturnType<typeof createReadPromptTool>;
-    open_in_agent: ReturnType<typeof createOpenInAgentTool>;
     generate_image: ReturnType<typeof createGenerateImageTool>;
     web_search: ReturnType<typeof createWebSearchTool>;
+    take_screenshot: ReturnType<typeof createTakeScreenshotTool>;
+    scrape_url: ReturnType<typeof createScrapeUrlTool>;
+    inspect_page: ReturnType<typeof createInspectPageTool>;
   };
 }
 
+/**
+ * Wrap each tool's execute() with a posthog tool_called capture so built-in
+ * tool usage shows up in the same analytics pipeline as passthrough MCP
+ * tools. Preserves the original tool shape so AI SDK can't tell the wrapper
+ * is there.
+ */
+export function instrumentBuiltIns<T extends Record<string, unknown>>(
+  tools: T,
+  params: BuiltinToolParams,
+  ctx: MeshContext,
+): T {
+  const orgId = params.organization.id;
+  const userId = ctx.auth?.user?.id;
+  const result: Record<string, unknown> = {};
+  for (const [name, tool] of Object.entries(tools)) {
+    const t = tool as { execute?: Function; [k: string]: unknown };
+    const originalExecute = t.execute;
+    if (typeof originalExecute !== "function") {
+      result[name] = tool;
+      continue;
+    }
+    const hints = BUILTIN_TOOL_ANNOTATIONS[name];
+    const isAsyncGen =
+      originalExecute.constructor?.name === "AsyncGeneratorFunction";
+    const captureToolCalled = (latencyMs: number, isError: boolean) => {
+      if (!orgId || !userId) return;
+      posthog.capture({
+        distinctId: userId,
+        event: "tool_called",
+        groups: { organization: orgId },
+        properties: {
+          organization_id: orgId,
+          tool_source: "builtin",
+          tool_name: name,
+          tool_safe_name: name,
+          read_only: hints?.readOnly ?? null,
+          destructive: hints?.destructive ?? null,
+          idempotent: null,
+          open_world: null,
+          latency_ms: Math.round(latencyMs),
+          is_error: isError,
+        },
+      });
+    };
+    // Generator-shaped execute must stay generator-shaped, otherwise the
+    // AI SDK's isAsyncIterable check fails on the returned Promise and the
+    // streamed yields are dropped (subtask "No output available" bug).
+    const wrappedExecute = isAsyncGen
+      ? async function* (input: unknown, options: unknown) {
+          const startTime = performance.now();
+          let isError = false;
+          try {
+            yield* originalExecute.call(
+              t,
+              input,
+              options,
+            ) as AsyncIterable<unknown>;
+          } catch (err) {
+            isError = true;
+            throw err;
+          } finally {
+            captureToolCalled(performance.now() - startTime, isError);
+          }
+        }
+      : async (input: unknown, options: unknown) => {
+          const startTime = performance.now();
+          let isError = false;
+          try {
+            return await originalExecute.call(t, input, options);
+          } catch (err) {
+            isError = true;
+            throw err;
+          } finally {
+            captureToolCalled(performance.now() - startTime, isError);
+          }
+        };
+    result[name] = { ...t, execute: wrappedExecute };
+  }
+  return result as T;
+}
+
 /**
  * Get built-in tools as a ToolSet.
  * propose_plan is only included when chat mode is `plan`.
  */
-export function getBuiltInTools(
+export async function getBuiltInTools(
   writer: UIMessageStreamWriter,
   params: BuiltinToolParams,
   ctx: MeshContext,
 ) {
-  const tools = buildAllTools(writer, params, ctx);
+  const raw = await buildAllTools(writer, params, ctx);
+  const tools = instrumentBuiltIns(raw, params, ctx) as typeof raw;
 
   if (!params.isPlanMode) {
     const { propose_plan: _, ...rest } = tools;
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/inspect-page.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/inspect-page.ts
new file mode 100644
index 0000000000..4e6b108d14
--- /dev/null
+++ b/apps/mesh/src/api/routes/decopilot/built-in-tools/inspect-page.ts
@@ -0,0 +1,211 @@
+/**
+ * inspect_page Built-in Tool
+ *
+ * Server-side tool that navigates to a URL using Browserless v2 Function API,
+ * collects console logs and JS errors during page load, and optionally
+ * evaluates a JavaScript expression in the page context.
+ *
+ * Requires the BROWSERLESS_TOKEN env var.
+ *
+ * Small results are returned inline. Large results (> 8k tokens) are
+ * offloaded to blob storage and a preview + mesh-storage: URI is returned.
+ * The model can re-access the full content via read_tool_output or
+ * read_resource.
+ */
+
+import { tool, zodSchema, type UIMessageStreamWriter } from "ai";
+import { z } from "zod";
+import type { MeshContext } from "@/core/mesh-context";
+import { createOutputPreview, estimateJsonTokens } from "./read-tool-output";
+import { toMeshStorageUri } from "../mesh-storage-uri";
+import {
+  BROWSERLESS_BASE_URL,
+  LARGE_RESULT_TOKEN_THRESHOLD,
+} from "./constants";
+
+const InspectPageInputSchema = z.object({
+  url: z.string().url().describe("The URL of the web page to inspect."),
+  evaluate: z
+    .string()
+    .optional()
+    .describe(
+      "Optional JavaScript expression to evaluate in the page context after load. " +
+        "Examples: 'window.dataLayer', 'document.querySelectorAll(\"script\").length', " +
+        "'performance.getEntriesByType(\"resource\").map(e => ({name: e.name, duration: e.duration}))'",
+    ),
+  waitUntil: z
+    .enum(["load", "domcontentloaded", "networkidle0", "networkidle2"])
+    .optional()
+    .describe(
+      "When to consider navigation complete. Defaults to 'networkidle2'.",
+    ),
+});
+
+export type InspectPageInput = z.infer<typeof InspectPageInputSchema>;
+
+/**
+ * Build the Puppeteer function code string sent to Browserless /function API.
+ * The function collects console logs, JS errors, navigates, and optionally
+ * evaluates a JS expression.
+ */
+function buildFunctionCode(
+  url: string,
+  options: { evaluate?: string; waitUntil?: string },
+): string {
+  const waitUntil = options.waitUntil ?? "networkidle2";
+  const evaluateExpr = options.evaluate
+    ? JSON.stringify(options.evaluate)
+    : "null";
+
+  return `
+    export default async function ({ page }) {
+      const consoleLogs = [];
+      const errors = [];
+
+      page.on("console", (msg) => {
+        consoleLogs.push({ type: msg.type(), text: msg.text() });
+      });
+
+      page.on("pageerror", (err) => {
+        errors.push(err.message || String(err));
+      });
+
+      await page.goto(${JSON.stringify(url)}, {
+        waitUntil: ${JSON.stringify(waitUntil)},
+        timeout: 30000,
+      });
+
+      let evaluateResult = null;
+      const expr = ${evaluateExpr};
+      if (expr) {
+        try {
+          evaluateResult = await page.evaluate(expr);
+        } catch (e) {
+          evaluateResult = { error: e.message || String(e) };
+        }
+      }
+
+      return { consoleLogs, errors, evaluateResult };
+    }
+  `;
+}
+
+export function createInspectPageTool(
+  writer: UIMessageStreamWriter,
+  params: {
+    ctx: MeshContext;
+    toolOutputMap: Map<string, string>;
+  },
+) {
+  const { ctx, toolOutputMap } = params;
+
+  return tool({
+    description:
+      "Inspect a web page's client-side runtime state. " +
+      "Navigates to a URL and collects browser console logs, JavaScript errors, " +
+      "and optionally evaluates a JS expression (e.g. window.dataLayer, document.title). " +
+      "Use this for debugging client-side issues, checking analytics setup, or inspecting runtime state. " +
+      "For very large results the output may be truncated — use read_tool_output to access the full content.",
+    inputSchema: zodSchema(InspectPageInputSchema),
+    execute: async (input, options) => {
+      const startTime = performance.now();
+      try {
+        const token = process.env.BROWSERLESS_TOKEN;
+        if (!token) {
+          return {
+            success: false,
+            error: "BROWSERLESS_TOKEN is not configured.",
+          };
+        }
+
+        const code = buildFunctionCode(input.url, {
+          evaluate: input.evaluate,
+          waitUntil: input.waitUntil,
+        });
+
+        const response = await fetch(
+          `${BROWSERLESS_BASE_URL}/function?token=${encodeURIComponent(token)}`,
+          {
+            method: "POST",
+            headers: { "Content-Type": "application/javascript" },
+            body: code,
+          },
+        );
+
+        if (!response.ok) {
+          const errorText = await response.text().catch(() => "Unknown error");
+          return {
+            success: false,
+            error: `Browserless function call failed (${response.status}): ${errorText}`,
+            url: input.url,
+          };
+        }
+
+        let result: {
+          consoleLogs?: { type: string; text: string }[];
+          errors?: string[];
+          evaluateResult?: unknown;
+        };
+        try {
+          result = await response.json();
+        } catch {
+          const text = await response.text().catch(() => "");
+          return {
+            success: false,
+            error: `Browserless returned non-JSON response: ${text.slice(0, 200)}`,
+            url: input.url,
+          };
+        }
+        const resultJson = JSON.stringify(result, null, 2);
+
+        // Always store in toolOutputMap for read_tool_output access
+        toolOutputMap.set(options.toolCallId, resultJson);
+
+        const tokenCount = estimateJsonTokens(resultJson);
+
+        // Large results → blob storage with preview
+        if (tokenCount > LARGE_RESULT_TOKEN_THRESHOLD && ctx.objectStorage) {
+          const key = `inspect-pages/${crypto.randomUUID()}.json`;
+          const bytes = new TextEncoder().encode(resultJson);
+          try {
+            await ctx.objectStorage.put(key, bytes, {
+              contentType: "application/json",
+            });
+            const preview = createOutputPreview(resultJson);
+            return {
+              success: true,
+              uri: toMeshStorageUri(key),
+              preview,
+              url: input.url,
+              tokenCount,
+              consoleLogCount: result.consoleLogs?.length ?? 0,
+              errorCount: result.errors?.length ?? 0,
+              hasEvaluateResult: result.evaluateResult != null,
+            };
+          } catch (err) {
+            console.error(
+              "[inspect-page] Failed to upload to storage, returning inline",
+              err,
+            );
+          }
+        }
+
+        return {
+          success: true,
+          consoleLogs: result.consoleLogs,
+          errors: result.errors,
+          evaluateResult: result.evaluateResult,
+          url: input.url,
+          tokenCount,
+        };
+      } finally {
+        const latencyMs = performance.now() - startTime;
+        writer.write({
+          type: "data-tool-metadata",
+          id: options.toolCallId,
+          data: { latencyMs },
+        });
+      }
+    },
+  });
+}
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/instrument-built-ins.test.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/instrument-built-ins.test.ts
new file mode 100644
index 0000000000..aaa4c7ee2a
--- /dev/null
+++ b/apps/mesh/src/api/routes/decopilot/built-in-tools/instrument-built-ins.test.ts
@@ -0,0 +1,96 @@
+/**
+ * Tests for instrumentBuiltIns wrapper.
+ *
+ * The AI SDK's executeTool checks isAsyncIterable on the value returned from
+ * tool.execute(). If a tool's execute is `async function*` (a generator),
+ * wrapping it in a plain `async function` produces a Promise — and the AI SDK
+ * never iterates it, dropping every preliminary yield and capturing the bare
+ * generator object as the final output. That's how `subtask` results showed
+ * "No output available" on every call. These tests pin the wrapper down so the
+ * generator surface survives instrumentation.
+ */
+
+import { describe, expect, test } from "bun:test";
+import { instrumentBuiltIns, type BuiltinToolParams } from "./index";
+
+const mockParams: BuiltinToolParams = {
+  provider: null,
+  organization: { id: "org_test" } as never,
+  models: { connectionId: "conn_test", thinking: { id: "m" } } as never,
+  toolOutputMap: new Map(),
+  pendingImages: [],
+  passthroughClient: {} as never,
+  taskId: "task_test",
+};
+
+const mockCtx = { auth: { user: { id: "user_test" } } } as never;
+
+describe("instrumentBuiltIns", () => {
+  test("preserves async-generator execute as async-iterable and yields all values", async () => {
+    const yielded = ["a", "b", "final"];
+    const tools = {
+      gen_tool: {
+        description: "test gen tool",
+        execute: async function* (_input: unknown, _options: unknown) {
+          for (const v of yielded) yield v;
+        },
+      },
+    };
+
+    const wrapped = instrumentBuiltIns(tools, mockParams, mockCtx);
+    const result = wrapped.gen_tool.execute({}, {});
+
+    expect(
+      typeof (result as AsyncIterable<unknown>)[Symbol.asyncIterator],
+    ).toBe("function");
+
+    const collected: unknown[] = [];
+    for await (const v of result as AsyncIterable<unknown>) {
+      collected.push(v);
+    }
+    expect(collected).toEqual(yielded);
+  });
+
+  test("propagates errors thrown inside async-generator execute", async () => {
+    const tools = {
+      gen_throws: {
+        description: "throws",
+        execute: async function* (_input: unknown, _options: unknown) {
+          yield "first";
+          throw new Error("boom");
+        },
+      },
+    };
+
+    const wrapped = instrumentBuiltIns(tools, mockParams, mockCtx);
+    const collected: unknown[] = [];
+    let caught: unknown;
+    try {
+      for await (const v of wrapped.gen_throws.execute(
+        {},
+        {},
+      ) as AsyncIterable<unknown>) {
+        collected.push(v);
+      }
+    } catch (err) {
+      caught = err;
+    }
+    expect(collected).toEqual(["first"]);
+    expect((caught as Error)?.message).toBe("boom");
+  });
+
+  test("keeps plain async execute working unchanged", async () => {
+    const tools = {
+      plain_tool: {
+        description: "plain",
+        execute: async (input: { n: number }, _options: unknown) => ({
+          doubled: input.n * 2,
+        }),
+      },
+    };
+
+    const wrapped = instrumentBuiltIns(tools, mockParams, mockCtx);
+    const result = await wrapped.plain_tool.execute({ n: 21 }, {});
+    expect(result).toEqual({ doubled: 42 });
+  });
+});
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/open-in-agent.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/open-in-agent.ts
deleted file mode 100644
index 476fded18d..0000000000
--- a/apps/mesh/src/api/routes/decopilot/built-in-tools/open-in-agent.ts
+++ /dev/null
@@ -1,106 +0,0 @@
-/**
- * open_in_agent Built-in Tool
- *
- * Validates the target agent and creates an empty thread (task).
- * Returns immediately with a taskId — the frontend starts the actual
- * agent run via the standard decopilot/stream endpoint.
- */
-
-import type { MeshContext, OrganizationScope } from "@/core/mesh-context";
-import type { UIMessageStreamWriter } from "ai";
-import { tool, zodSchema } from "ai";
-import { z } from "zod";
-
-const OpenInAgentInputSchema = z.object({
-  agent_id: z
-    .string()
-    .min(1)
-    .max(128)
-    .describe("The ID of the agent (Virtual MCP) to open."),
-  context: z
-    .string()
-    .min(1)
-    .max(50_000)
-    .describe(
-      "The context/task to forward to the agent. Include all relevant information " +
-        "from the current conversation — the agent will start fresh with only this context.",
-    ),
-});
-
-const description =
-  "Open a task in another agent's UI. Use this when the user @mentions an agent " +
-  "and wants to hand off work to that agent's specialized interface. " +
-  "The user will see a clickable card to navigate to the agent.\n\n" +
-  "Usage notes:\n" +
-  "- Include full context (conversation summary, tool results, relevant data) in the context field.\n" +
-  "- The agent starts fresh — it has no access to this conversation.\n" +
-  "- This is NOT subtask — the work runs in the agent's own UI, not inline.";
-
-export interface OpenInAgentParams {
-  organization: OrganizationScope;
-  userId: string;
-  needsApproval?: boolean;
-}
-
-const ANNOTATIONS = {
-  readOnlyHint: false,
-  destructiveHint: false,
-  idempotentHint: false,
-  openWorldHint: false,
-} as const;
-
-export function createOpenInAgentTool(
-  writer: UIMessageStreamWriter,
-  params: OpenInAgentParams,
-  ctx: MeshContext,
-) {
-  const { organization, userId, needsApproval } = params;
-
-  return tool({
-    description,
-    inputSchema: zodSchema(OpenInAgentInputSchema),
-    needsApproval,
-    execute: async ({ agent_id }, options) => {
-      const startTime = performance.now();
-      try {
-        const virtualMcp = await ctx.storage.virtualMcps.findById(
-          agent_id,
-          organization.id,
-        );
-
-        if (!virtualMcp || virtualMcp.organization_id !== organization.id) {
-          throw new Error("Agent not found");
-        }
-
-        if (virtualMcp.status !== "active") {
-          throw new Error("Agent is not active");
-        }
-
-        if (!userId) {
-          throw new Error("User ID is required to create a thread");
-        }
-
-        const taskId = crypto.randomUUID();
-        await ctx.storage.threads.create({
-          id: taskId,
-          created_by: userId,
-          virtual_mcp_id: agent_id,
-        });
-
-        return {
-          success: true,
-          agent_id: virtualMcp.id,
-          agent_title: virtualMcp.title,
-          task_id: taskId,
-        };
-      } finally {
-        const latencyMs = performance.now() - startTime;
-        writer.write({
-          type: "data-tool-metadata",
-          id: options.toolCallId,
-          data: { annotations: ANNOTATIONS, latencyMs },
-        });
-      }
-    },
-  });
-}
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/registration.test.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/registration.test.ts
index db3d6ef4d6..537dbd15db 100644
--- a/apps/mesh/src/api/routes/decopilot/built-in-tools/registration.test.ts
+++ b/apps/mesh/src/api/routes/decopilot/built-in-tools/registration.test.ts
@@ -14,8 +14,9 @@ const mockParams: BuiltinToolParams = {
     connectionId: "conn_test",
     thinking: { id: "model_test" },
   } as never,
-  userId: "user_test",
   toolOutputMap: new Map(),
+  pendingImages: [],
+  taskId: "task_test",
   passthroughClient: {
     listTools: () => Promise.resolve({ tools: [] }),
     callTool: () => Promise.resolve({ content: [] }),
@@ -36,44 +37,44 @@ function getTools() {
 }
 
 describe("getBuiltInTools", () => {
-  test("returns ToolSet with user_ask tool", () => {
-    const tools = getTools();
+  test("returns ToolSet with user_ask tool", async () => {
+    const tools = await getTools();
 
     expect(tools).toBeDefined();
     expect(tools.user_ask).toBeDefined();
   });
 
-  test("returns ToolSet with subtask tool", () => {
-    const tools = getTools();
+  test("returns ToolSet with subtask tool", async () => {
+    const tools = await getTools();
 
     expect(tools).toBeDefined();
     expect(tools.subtask).toBeDefined();
   });
 
-  test("user_ask tool has correct description", () => {
-    const tools = getTools();
+  test("user_ask tool has correct description", async () => {
+    const tools = await getTools();
 
     expect(tools.user_ask?.description).toContain(
       "Ask the user instead of guessing when requirements are ambiguous",
     );
   });
 
-  test("user_ask tool has no execute function", () => {
-    const tools = getTools();
+  test("user_ask tool has no execute function", async () => {
+    const tools = await getTools();
 
     // Client-side tools should not have execute function defined
     // (execute is optional in AI SDK tool type)
     expect(tools.user_ask?.execute).toBeUndefined();
   });
 
-  test("subtask tool has execute function", () => {
-    const tools = getTools();
+  test("subtask tool has execute function", async () => {
+    const tools = await getTools();
 
     expect(tools.subtask?.execute).toBeDefined();
   });
 
-  test("returns object matching ToolSet type structure", () => {
-    const tools = getTools();
+  test("returns object matching ToolSet type structure", async () => {
+    const tools = await getTools();
 
     // ToolSet is Record<string, CoreTool>
     // Each tool should be an object with description, inputSchema, etc.
@@ -85,4 +86,10 @@ describe("getBuiltInTools", () => {
     expect(userAskTool).toHaveProperty("description");
     expect(typeof userAskTool?.description).toBe("string");
   });
+
+  test("does not include open_in_agent tool", () => {
+    const tools = getTools();
+
+    expect(Object.keys(tools)).not.toContain("open_in_agent");
+  });
 });
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/scrape-url.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/scrape-url.ts
new file mode 100644
index 0000000000..03d401d66b
--- /dev/null
+++ b/apps/mesh/src/api/routes/decopilot/built-in-tools/scrape-url.ts
@@ -0,0 +1,123 @@
+/**
+ * scrape_url Built-in Tool
+ *
+ * Server-side tool that fetches the rendered HTML content of a web page
+ * using Browserless v2 cloud API. Requires the BROWSERLESS_TOKEN env var.
+ *
+ * Small results are returned inline. Large results (> 8k tokens) are
+ * offloaded to blob storage and a preview + mesh-storage: URI is returned.
+ * The model can re-access the full content via read_tool_output or
+ * read_resource.
+ */
+
+import { tool, zodSchema, type UIMessageStreamWriter } from "ai";
+import { z } from "zod";
+import type { MeshContext } from "@/core/mesh-context";
+import { createOutputPreview, estimateJsonTokens } from "./read-tool-output";
+import { toMeshStorageUri } from "../mesh-storage-uri";
+import {
+  BROWSERLESS_BASE_URL,
+  LARGE_RESULT_TOKEN_THRESHOLD,
+} from "./constants";
+
+const ScrapeUrlInputSchema = z.object({
+  url: z.string().url().describe("The URL of the web page to scrape."),
+});
+
+export type ScrapeUrlInput = z.infer<typeof ScrapeUrlInputSchema>;
+
+export function createScrapeUrlTool(
+  writer: UIMessageStreamWriter,
+  params: {
+    ctx: MeshContext;
+    toolOutputMap: Map<string, string>;
+  },
+) {
+  const { ctx, toolOutputMap } = params;
+
+  return tool({
+    description:
+      "Scrape the rendered HTML content of a web page. " +
+      "Use this when you need to read the content, structure, or data from a website. " +
+      "Returns the full HTML of the page after JavaScript has been executed. " +
+      "For very large pages the result may be truncated — use read_tool_output to access the full content.",
+    inputSchema: zodSchema(ScrapeUrlInputSchema),
+    execute: async (input, options) => {
+      const startTime = performance.now();
+      try {
+        const token = process.env.BROWSERLESS_TOKEN;
+        if (!token) {
+          return {
+            success: false,
+            error: "BROWSERLESS_TOKEN is not configured.",
+          };
+        }
+
+        const response = await fetch(
+          `${BROWSERLESS_BASE_URL}/content?token=${encodeURIComponent(token)}`,
+          {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+              url: input.url,
+            }),
+          },
+        );
+
+        if (!response.ok) {
+          const errorText = await response.text().catch(() => "Unknown error");
+          return {
+            success: false,
+            error: `Browserless content fetch failed (${response.status}): ${errorText}`,
+            url: input.url,
+          };
+        }
+
+        const htmlText = await response.text();
+
+        // Always store in toolOutputMap for read_tool_output access
+        toolOutputMap.set(options.toolCallId, htmlText);
+
+        const tokenCount = estimateJsonTokens(htmlText);
+
+        // Large results → blob storage with preview
+        if (tokenCount > LARGE_RESULT_TOKEN_THRESHOLD && ctx.objectStorage) {
+          const key = `scraped-pages/${crypto.randomUUID()}.html`;
+          const bytes = new TextEncoder().encode(htmlText);
+          try {
+            await ctx.objectStorage.put(key, bytes, {
+              contentType: "text/html",
+            });
+            const preview = createOutputPreview(htmlText);
+            return {
+              success: true,
+              uri: toMeshStorageUri(key),
+              preview,
+              url: input.url,
+              tokenCount,
+            };
+          } catch (err) {
+            console.error(
+              "[scrape-url] Failed to upload to storage, returning inline",
+              err,
+            );
+          }
+        }
+
+        return {
+          success: true,
+          content: htmlText,
+          url: input.url,
+          tokenCount,
+        };
+      } finally {
+        const latencyMs = performance.now() - startTime;
+        writer.write({
+          type: "data-tool-metadata",
+          id: options.toolCallId,
+          data: { latencyMs },
+        });
+      }
+    },
+  });
+}
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/take-screenshot.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/take-screenshot.ts
new file mode 100644
index 0000000000..308f6fe10d
--- /dev/null
+++ b/apps/mesh/src/api/routes/decopilot/built-in-tools/take-screenshot.ts
@@ -0,0 +1,186 @@
+/**
+ * take_screenshot Built-in Tool
+ *
+ * Server-side tool that captures a JPEG screenshot of a web page using
+ * Browserless v2 cloud API. Requires the BROWSERLESS_TOKEN env var.
+ *
+ * The screenshot is uploaded to object storage and injected into the
+ * conversation as a user message via `pendingImages` + `prepareStep`,
+ * bypassing provider-specific limitations with images in tool results.
+ */
+
+import { tool, zodSchema, type UIMessageStreamWriter } from "ai";
+import { z } from "zod";
+import type { MeshContext } from "@/core/mesh-context";
+import { toMeshStorageUri } from "../mesh-storage-uri";
+import { generatePresignedGetUrl } from "../file-materializer";
+import { BROWSERLESS_BASE_URL } from "./constants";
+
+/**
+ * Default viewport for screenshots. 1280x800 gives a reasonable desktop
+ * view while staying well under the 1568px optimal limit for Claude's
+ * vision processing.
+ */
+const DEFAULT_VIEWPORT = { width: 1280, height: 800 };
+
+/** JPEG quality for screenshots (0-100). Lower = smaller payload. */
+const JPEG_QUALITY = 80;
+
+const TakeScreenshotInputSchema = z.object({
+  url: z.string().url().describe("The URL of the web page to screenshot."),
+  fullPage: z
+    .boolean()
+    .optional()
+    .describe(
+      "When true, captures the full scrollable page instead of just the viewport. Defaults to false.",
+    ),
+});
+
+export type TakeScreenshotInput = z.infer<typeof TakeScreenshotInputSchema>;
+
+/**
+ * Pending image entry. Stored by `execute`, consumed by `prepareStep`
+ * in stream-core.ts which injects it as a user message content part.
+ *
+ * One of `pageUrl` or `label` should be set; `label` takes precedence
+ * when present. Screenshots use `pageUrl` (preserving the legacy
+ * `[Screenshot of <url>]` framing); other sources (e.g. `view` loading
+ * a sandbox image) set `label` directly.
+ */
+export interface PendingImage {
+  url: string;
+  mediaType: string;
+  pageUrl?: string;
+  label?: string;
+}
+
+export function createTakeScreenshotTool(
+  writer: UIMessageStreamWriter,
+  params: {
+    ctx: MeshContext;
+    toolOutputMap: Map<string, string>;
+    pendingImages: PendingImage[];
+  },
+) {
+  const { ctx, toolOutputMap, pendingImages } = params;
+
+  return tool({
+    description:
+      "Take a screenshot of a web page. " +
+      "Use this when you need to visually see a website, check its layout, " +
+      "verify a deployment, or inspect a page's appearance. " +
+      "The screenshot is displayed automatically by the UI — do NOT include image URLs or markdown images in your response.",
+    inputSchema: zodSchema(TakeScreenshotInputSchema),
+    execute: async (input, options) => {
+      const startTime = performance.now();
+      try {
+        const token = process.env.BROWSERLESS_TOKEN;
+        if (!token) {
+          return {
+            success: false as const,
+            error: "BROWSERLESS_TOKEN is not configured.",
+          };
+        }
+
+        // Use JPEG with quality to keep payload small for the LLM.
+        // Set a viewport so the screenshot dimensions are predictable.
+        const response = await fetch(
+          `${BROWSERLESS_BASE_URL}/screenshot?token=${encodeURIComponent(token)}`,
+          {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+              url: input.url,
+              options: {
+                fullPage: input.fullPage ?? false,
+                type: "jpeg",
+                quality: JPEG_QUALITY,
+              },
+              viewport: DEFAULT_VIEWPORT,
+            }),
+          },
+        );
+
+        if (!response.ok) {
+          const errorText = await response.text().catch(() => "Unknown error");
+          return {
+            success: false as const,
+            error: `Browserless screenshot failed (${response.status}): ${errorText}`,
+            url: input.url,
+          };
+        }
+
+        const imgBytes = new Uint8Array(await response.arrayBuffer());
+        const mediaType = "image/jpeg";
+        const key = `screenshots/${crypto.randomUUID()}.jpg`;
+
+        // Upload to object storage — needed for UI rendering.
+        // Also generates a presigned URL or data URI for injecting
+        // the image into the conversation via prepareStep.
+        let uri = `data:${mediaType};base64,${Buffer.from(imgBytes).toString("base64")}`;
+        let imageUrl: string | null = null;
+
+        if (ctx.objectStorage) {
+          try {
+            await ctx.objectStorage.put(key, imgBytes, {
+              contentType: mediaType,
+            });
+            uri = toMeshStorageUri(key);
+            imageUrl = await generatePresignedGetUrl(key, ctx);
+          } catch (err) {
+            console.error(
+              "[take-screenshot] Failed to upload, using data: URI fallback",
+              err,
+            );
+          }
+        }
+
+        // Fallback: use the data URI directly if no presigned URL
+        if (!imageUrl) {
+          imageUrl = `data:${mediaType};base64,${Buffer.from(imgBytes).toString("base64")}`;
+        }
+
+        // Queue the image for injection as a user message in prepareStep.
+        // This bypasses provider limitations with images in tool results.
+        pendingImages.push({
+          url: imageUrl,
+          mediaType,
+          pageUrl: input.url,
+        });
+
+        toolOutputMap.set(
+          options.toolCallId,
+          `Screenshot of ${input.url} stored at ${uri}`,
+        );
+
+        return {
+          success: true as const,
+          image: { uri, mediaType },
+          url: input.url,
+        };
+      } finally {
+        const latencyMs = performance.now() - startTime;
+        writer.write({
+          type: "data-tool-metadata",
+          id: options.toolCallId,
+          data: { latencyMs },
+        });
+      }
+    },
+    // Return text-only result for the tool message. The actual image
+    // is injected as a user message by prepareStep in stream-core.ts,
+    // which is universally supported by all providers (including OpenRouter).
+    toModelOutput({ output }) {
+      if (!output.success) {
+        return {
+          type: "text",
+          value: output.error ?? "Screenshot failed",
+        };
+      }
+      return {
+        type: "text",
+        value: `Screenshot of ${output.url} captured successfully. The image is attached below.`,
+      };
+    },
+  });
+}
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/user-ask.e2e.test.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/user-ask.e2e.test.ts
index 034f61de64..b4ef95ac69 100644
--- a/apps/mesh/src/api/routes/decopilot/built-in-tools/user-ask.e2e.test.ts
+++ b/apps/mesh/src/api/routes/decopilot/built-in-tools/user-ask.e2e.test.ts
@@ -26,8 +26,9 @@ const mockParams: BuiltinToolParams = {
     connectionId: "conn_test",
     thinking: { id: "model_test" },
   } as never,
-  userId: "user_test",
   toolOutputMap: new Map(),
+  pendingImages: [],
+  taskId: "task_test",
   passthroughClient: {
     listTools: () => Promise.resolve({ tools: [] }),
     callTool: () => Promise.resolve({ content: [] }),
@@ -53,16 +54,16 @@ describe("user_ask E2E Integration", () => {
   // ============================================================================
 
   describe("Tool Registration", () => {
-    test("tool is registered in getBuiltInTools()", () => {
-      const tools = getTools();
+    test("tool is registered in getBuiltInTools()", async () => {
+      const tools = await getTools();
 
       expect(tools).toBeDefined();
       expect(tools.user_ask).toBeDefined();
       expect(tools.user_ask).toBe(userAskTool);
     });
 
-    test("getBuiltInTools() returns correct ToolSet structure", () => {
-      const tools = getTools();
+    test("getBuiltInTools() returns correct ToolSet structure", async () => {
+      const tools = await getTools();
 
       // ToolSet is Record<string, CoreTool>
       expect(typeof tools).toBe("object");
@@ -75,22 +76,22 @@ describe("user_ask E2E Integration", () => {
   // ============================================================================
 
   describe("Tool Metadata", () => {
-    test("has correct description", () => {
-      const tools = getTools();
+    test("has correct description", async () => {
+      const tools = await getTools();
 
       expect(tools.user_ask?.description).toContain(
         "Ask the user instead of guessing when requirements are ambiguous",
       );
     });
 
-    test("has inputSchema defined", () => {
-      const tools = getTools();
+    test("has inputSchema defined", async () => {
+      const tools = await getTools();
 
       expect(tools.user_ask?.inputSchema).toBeDefined();
     });
 
-    test("has outputSchema defined", () => {
-      const tools = getTools();
+    test("has outputSchema defined", async () => {
+      const tools = await getTools();
 
       expect(tools.user_ask?.outputSchema).toBeDefined();
     });
@@ -113,8 +114,8 @@ describe("user_ask E2E Integration", () => {
   // ============================================================================
 
   describe("Client-Side Only", () => {
-    test("has no execute function", () => {
-      const tools = getTools();
+    test("has no execute function", async () => {
+      const tools = await getTools();
 
       // Client-side tools should not have execute function defined
       // (execute is optional in AI SDK tool type)
@@ -345,9 +346,9 @@ describe("user_ask E2E Integration", () => {
   // ============================================================================
 
   describe("Complete Integration Flow", () => {
-    test("full workflow from registration to validation", () => {
+    test("full workflow from registration to validation", async () => {
       // 1. Get tool from registry
-      const tools = getTools();
+      const tools = await getTools();
       const tool = tools.user_ask;
 
       expect(tool).toBeDefined();
@@ -371,9 +372,9 @@ describe("user_ask E2E Integration", () => {
       expect(outputValidation.success).toBe(true);
     });
 
-    test("choice type workflow with validation", () => {
+    test("choice type workflow with validation", async () => {
       // 1. Get tool
-      const tools = getTools();
+      const tools = await getTools();
       expect(tools.user_ask).toBeDefined();
 
       // 2. Validate choice input
@@ -396,9 +397,9 @@ describe("user_ask E2E Integration", () => {
       expect(outputValidation.success).toBe(true);
     });
 
-    test("confirm type workflow with validation", () => {
+    test("confirm type workflow with validation", async () => {
       // 1. Get tool
-      const tools = getTools();
+      const tools = await getTools();
       expect(tools.user_ask).toBeDefined();
 
       // 2. Validate confirm input
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/vm-tools.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/vm-tools.ts
deleted file mode 100644
index a4904efe92..0000000000
--- a/apps/mesh/src/api/routes/decopilot/built-in-tools/vm-tools.ts
+++ /dev/null
@@ -1,272 +0,0 @@
-/**
- * VM File Tools
- *
- * Built-in decopilot tools that proxy to the in-VM daemon's file operation
- * endpoints. Registered when a Virtual MCP has an active Freestyle VM,
- * replacing the QuickJS sandbox tool.
- */
-
-import { tool, zodSchema } from "ai";
-import { z } from "zod";
-import {
-  MAX_RESULT_TOKENS,
-  createOutputPreview,
-  estimateJsonTokens,
-} from "./read-tool-output";
-
-export interface VmToolsParams {
-  readonly vmBaseUrl: string;
-  readonly toolOutputMap: Map<string, string>;
-  readonly needsApproval: boolean;
-}
-
-async function daemonPost(
-  baseUrl: string,
-  endpoint: string,
-  body: Record<string, unknown>,
-): Promise<unknown> {
-  const url = `${baseUrl}/_decopilot_vm/${endpoint}`;
-  const serialized = JSON.stringify(body);
-  // Base64-encode the payload to avoid Cloudflare WAF triggering on
-  // shell commands and other sensitive-looking content in the JSON body.
-  const encoded = btoa(
-    encodeURIComponent(serialized).replace(/%([0-9A-F]{2})/g, (_, p1) =>
-      String.fromCharCode(parseInt(p1, 16)),
-    ),
-  );
-  let res: Response;
-  try {
-    res = await fetch(url, {
-      method: "POST",
-      headers: { "Content-Type": "text/plain" },
-      body: encoded,
-    });
-  } catch {
-    throw new Error(
-      "The server is not running. Ask the user to start it by clicking the server button (left side of the header bar).",
-    );
-  }
-  const rawText = await res.text();
-  let json: unknown;
-  try {
-    json = JSON.parse(rawText);
-  } catch {
-    console.error(
-      "[vm-tools:daemonPost] Failed to parse JSON response endpoint=%s status=%d rawText=%s",
-      endpoint,
-      res.status,
-      rawText.slice(0, 2000),
-    );
-    const statusHint =
-      res.status >= 500
-        ? " (server error)"
-        : res.status === 0
-          ? " (no response)"
-          : "";
-    throw new Error(
-      `Daemon ${endpoint} returned invalid JSON (HTTP ${res.status}${statusHint}): ${rawText.slice(0, 800)}`,
-    );
-  }
-  if (!res.ok) {
-    console.error(
-      "[vm-tools:daemonPost] Non-OK response endpoint=%s status=%d body=%s",
-      endpoint,
-      res.status,
-      rawText.slice(0, 2000),
-    );
-    throw new Error(
-      (json as { error?: string }).error ??
-        `Daemon ${endpoint} failed (${res.status})`,
-    );
-  }
-  return json;
-}
-
-function maybeTruncate(
-  result: unknown,
-  toolOutputMap: Map<string, string>,
-): unknown {
-  let serialized: string;
-  try {
-    serialized =
-      typeof result === "string" ? result : JSON.stringify(result, null, 2);
-  } catch {
-    serialized = String(result);
-  }
-  const tokenCount = estimateJsonTokens(serialized);
-  if (tokenCount > MAX_RESULT_TOKENS) {
-    const toolCallId = `vm_${Date.now()}`;
-    toolOutputMap.set(toolCallId, serialized);
-    const preview = createOutputPreview(serialized);
-    return {
-      truncated: true,
-      message: `Output too large (${tokenCount} tokens). Use read_tool_output with tool_call_id "${toolCallId}" to extract specific data.`,
-      preview,
-    };
-  }
-  return result;
-}
-
-export function createVmTools(params: VmToolsParams) {
-  const { vmBaseUrl, toolOutputMap, needsApproval } = params;
-
-  const read = tool({
-    needsApproval: false,
-    description:
-      "Read a file from the VM's project directory. Returns content with line numbers. " +
-      "Use offset and limit for large files.",
-
-    inputSchema: zodSchema(
-      z.object({
-        path: z
-          .string()
-          .describe("File path relative to project root (e.g. 'src/index.ts')"),
-        offset: z
-          .number()
-          .optional()
-          .describe("Starting line number (1-based, default 1)"),
-        limit: z
-          .number()
-          .optional()
-          .describe("Max lines to return (default 2000)"),
-      }),
-    ),
-    execute: async (input) => {
-      const result = await daemonPost(vmBaseUrl, "read", input);
-      return maybeTruncate(result, toolOutputMap);
-    },
-  });
-
-  const write = tool({
-    needsApproval,
-    description:
-      "Write content to a file in the VM's project directory. " +
-      "Creates parent directories if needed. Overwrites existing files entirely.",
-
-    inputSchema: zodSchema(
-      z.object({
-        path: z.string().describe("File path relative to project root"),
-        content: z.string().describe("The full file content to write"),
-      }),
-    ),
-    execute: async (input) => {
-      return await daemonPost(vmBaseUrl, "write", input);
-    },
-  });
-
-  const edit = tool({
-    needsApproval,
-    description:
-      "Perform exact string replacement in a file in the VM. " +
-      "old_string must be unique in the file unless replace_all is true.",
-
-    inputSchema: zodSchema(
-      z.object({
-        path: z.string().describe("File path relative to project root"),
-        old_string: z.string().describe("The exact text to find and replace"),
-        new_string: z
-          .string()
-          .describe("The replacement text (must differ from old_string)"),
-        replace_all: z
-          .boolean()
-          .optional()
-          .describe("Replace all occurrences (default false)"),
-      }),
-    ),
-    execute: async (input) => {
-      return await daemonPost(vmBaseUrl, "edit", input);
-    },
-  });
-
-  const grep = tool({
-    needsApproval: false,
-    description:
-      "Search file contents in the VM using ripgrep. " +
-      "Supports regex patterns, file type filtering via glob, and context lines.",
-
-    inputSchema: zodSchema(
-      z.object({
-        pattern: z.string().describe("Regex pattern to search for"),
-        path: z
-          .string()
-          .optional()
-          .describe("Directory or file to search in (default: project root)"),
-        glob: z
-          .string()
-          .optional()
-          .describe("Glob pattern to filter files (e.g. '*.ts', '*.{js,jsx}')"),
-        context: z
-          .number()
-          .optional()
-          .describe("Lines of context around matches"),
-        ignore_case: z.boolean().optional().describe("Case-insensitive search"),
-        output_mode: z
-          .enum(["content", "files", "count"])
-          .optional()
-          .describe("Output mode (default: 'files')"),
-        limit: z.number().optional().describe("Max result lines (default 250)"),
-      }),
-    ),
-    execute: async (input) => {
-      console.log(
-        "[vm-tools:grep] inputType=%s input=%s",
-        typeof input,
-        JSON.stringify(input).slice(0, 500),
-      );
-      const result = await daemonPost(vmBaseUrl, "grep", input);
-      return maybeTruncate(result, toolOutputMap);
-    },
-  });
-
-  const glob = tool({
-    needsApproval: false,
-    description:
-      "Find files by name pattern in the VM's project directory. " +
-      "Uses ripgrep for gitignore-aware matching. Returns relative file paths.",
-
-    inputSchema: zodSchema(
-      z.object({
-        pattern: z
-          .string()
-          .describe(
-            "Glob pattern to match files (e.g. '**/*.ts', 'src/**/*.test.tsx')",
-          ),
-        path: z
-          .string()
-          .optional()
-          .describe("Directory to search in (default: project root)"),
-      }),
-    ),
-    execute: async (input) => {
-      const result = await daemonPost(vmBaseUrl, "glob", input);
-      return maybeTruncate(result, toolOutputMap);
-    },
-  });
-
-  const bashSchema = z.object({
-    command: z.string().describe("The bash command to execute"),
-    timeout: z
-      .number()
-      .optional()
-      .describe("Timeout in milliseconds (default 30000, max 120000)"),
-  });
-  const bash = tool({
-    needsApproval,
-    description:
-      "Execute a shell command in the VM's project directory. " +
-      "Working directory is the project root. Timeout default 30s, max 2min.",
-
-    inputSchema: zodSchema(bashSchema),
-    execute: async (input: z.infer<typeof bashSchema>) => {
-      console.log(
-        "[vm-tools:bash] inputType=%s input=%s",
-        typeof input,
-        JSON.stringify(input).slice(0, 500),
-      );
-      const result = await daemonPost(vmBaseUrl, "bash", input);
-      return maybeTruncate(result, toolOutputMap);
-    },
-  });
-
-  return { read, write, edit, grep, glob, bash };
-}
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/vm-tools/common.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/vm-tools/common.ts
new file mode 100644
index 0000000000..ca11891ded
--- /dev/null
+++ b/apps/mesh/src/api/routes/decopilot/built-in-tools/vm-tools/common.ts
@@ -0,0 +1,34 @@
+import {
+  MAX_RESULT_TOKENS,
+  createOutputPreview,
+  estimateJsonTokens,
+} from "../read-tool-output";
+
+/**
+ * Oversized results are stashed in `toolOutputMap` and returned as a preview
+ * pointer; the LLM extracts via `read_tool_output`.
+ */
+export function maybeTruncate(
+  result: unknown,
+  toolOutputMap: Map<string, string>,
+): unknown {
+  let serialized: string;
+  try {
+    serialized =
+      typeof result === "string" ? result : JSON.stringify(result, null, 2);
+  } catch {
+    serialized = String(result);
+  }
+  const tokenCount = estimateJsonTokens(serialized);
+  if (tokenCount > MAX_RESULT_TOKENS) {
+    const toolCallId = `vm_${Date.now()}`;
+    toolOutputMap.set(toolCallId, serialized);
+    const preview = createOutputPreview(serialized);
+    return {
+      truncated: true,
+      message: `Output too large (${tokenCount} tokens). Use read_tool_output with tool_call_id "${toolCallId}" to extract specific data.`,
+      preview,
+    };
+  }
+  return result;
+}
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/vm-tools/index.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/vm-tools/index.ts
new file mode 100644
index 0000000000..4a211cc377
--- /dev/null
+++ b/apps/mesh/src/api/routes/decopilot/built-in-tools/vm-tools/index.ts
@@ -0,0 +1,331 @@
+/**
+ * VM File Tools — runner-agnostic.
+ *
+ * Registers the six LLM-visible tools (read/write/edit/grep/glob/bash) on
+ * top of any `SandboxRunner.proxyDaemonRequest`. All runners speak the
+ * unified `/_decopilot_vm/*` surface with base64-wrapped JSON bodies
+ * (Cloudflare WAF bypass; harmless 33% overhead on non-CF paths).
+ */
+
+import { tool, zodSchema } from "ai";
+import path from "node:path";
+import type { SandboxRunner } from "@decocms/sandbox/runner";
+import { maybeTruncate } from "./common";
+import {
+  buildBashDescription,
+  BashInputSchema,
+  COPY_TO_SANDBOX_DESCRIPTION,
+  CopyToSandboxInputSchema,
+  EDIT_DESCRIPTION,
+  EditInputSchema,
+  GLOB_DESCRIPTION,
+  GREP_DESCRIPTION,
+  GlobInputSchema,
+  GrepInputSchema,
+  READ_DESCRIPTION,
+  ReadInputSchema,
+  SHARE_WITH_USER_DESCRIPTION,
+  ShareWithUserInputSchema,
+  TOOL_APPROVAL,
+  WRITE_DESCRIPTION,
+  WriteInputSchema,
+} from "./schemas";
+import type { VmToolsParams } from "./types";
+
+const MESH_STORAGE_SCHEME = "mesh-storage://";
+
+/**
+ * Resolve a `copy_to_sandbox` input to a fetchable URL the daemon can GET.
+ * Accepts only org-scoped storage references — `mesh-storage://KEY` (the
+ * shape that lands in chat annotations) or a bare KEY. Both are minted
+ * to a presigned GET via `ctx.objectStorage`, so the daemon only ever
+ * fetches from S3/R2 endpoints mesh controls.
+ *
+ * Arbitrary `http(s)://` URLs are intentionally rejected: for public
+ * URLs the model can use `bash` + `curl` (which is approval-gated, like
+ * any shell command), and excluding them keeps the daemon's fetch path
+ * free of SSRF concerns.
+ *
+ * The tool-arg interceptor (`resolveArgsStorageRefs` in file-materializer)
+ * substitutes mesh-storage:// → presigned-URL before this handler runs in
+ * the happy path. This function is the safety net when interception didn't
+ * happen, plus the path for bare keys.
+ */
+async function resolveSourceUrl(
+  raw: string,
+  ctx: VmToolsParams["ctx"],
+): Promise<string> {
+  if (raw.startsWith("https://") || raw.startsWith("http://")) {
+    throw new Error(
+      "copy_to_sandbox does not accept arbitrary URLs — pass a " +
+        "mesh-storage:// URI or a bare org storage key. For public URLs, " +
+        "use the bash tool (curl).",
+    );
+  }
+  const key = raw.startsWith(MESH_STORAGE_SCHEME)
+    ? raw.slice(MESH_STORAGE_SCHEME.length)
+    : raw;
+  if (!key || key.startsWith("/") || key.includes("..")) {
+    throw new Error(`Invalid source: ${raw}`);
+  }
+  const storage = ctx.objectStorage;
+  if (!storage) {
+    throw new Error("Object storage is not configured for this org");
+  }
+  return storage.presignedGetUrl(key);
+}
+
+function sanitizeFilename(name: string): string | null {
+  const trimmed = name.trim();
+  if (!trimmed) return null;
+  if (trimmed.includes("/") || trimmed.includes("\\")) return null;
+  if (trimmed === "." || trimmed === ".." || trimmed.includes("..")) {
+    return null;
+  }
+  if (trimmed.length > 255) return null;
+  return trimmed;
+}
+
+/**
+ * Build a stable file-redirect URL. Must encode each path segment so
+ * keys carrying URL-special chars (`?`, `#`, `&`, space, ...) survive
+ * round-trip — the `/api/:org/files/*` route reads `c.req.path` which
+ * truncates at the first unescaped `?`.
+ */
+function toFileDownloadUrl(
+  baseUrl: string,
+  orgSlug: string,
+  key: string,
+): string {
+  const encodedKey = key.split("/").map(encodeURIComponent).join("/");
+  return `${baseUrl}/api/${encodeURIComponent(orgSlug)}/files/${encodedKey}`;
+}
+
+export type { VmToolsParams } from "./types";
+
+/**
+ * Exported because the config tools (`get_vm_config` / `set_vm_config`) live
+ * in a sibling file but speak the same `/_decopilot_vm/*` wire — base64
+ * JSON bodies, identical error mapping, identical "sandbox is not running"
+ * surface. Keeping one helper avoids drift between the two callers.
+ */
+async function daemonRequest(
+  runner: SandboxRunner,
+  handle: string,
+  path: string,
+  body: Record<string, unknown> | null,
+  method: "GET" | "POST" | "PUT" = "POST",
+): Promise<unknown> {
+  let res: Response;
+  try {
+    const init: {
+      method: string;
+      headers: Headers;
+      body: string | null;
+    } = {
+      method,
+      headers: new Headers({ "content-type": "application/json" }),
+      body: null,
+    };
+    // GET/HEAD must not carry a body; the runners' proxy strips it anyway,
+    // but constructing it is wasteful and obscures intent.
+    if (method !== "GET" && body !== null) {
+      init.body = Buffer.from(JSON.stringify(body), "utf-8").toString("base64");
+    }
+    res = await runner.proxyDaemonRequest(handle, path, init);
+  } catch {
+    throw new Error(
+      "The sandbox is not running. Ask the user to start it by clicking the server button (left side of the header bar).",
+    );
+  }
+  const rawText = await res.text();
+  let json: unknown;
+  try {
+    json = JSON.parse(rawText);
+  } catch {
+    console.error(
+      "[vm-tools] Failed to parse JSON response runner=%s path=%s status=%d rawText=%s",
+      runner.kind,
+      path,
+      res.status,
+      rawText.slice(0, 2000),
+    );
+    const statusHint =
+      res.status >= 500
+        ? " (server error)"
+        : res.status === 0
+          ? " (no response)"
+          : "";
+    throw new Error(
+      `Daemon ${path} returned invalid JSON (HTTP ${res.status}${statusHint}): ${rawText.slice(0, 800)}`,
+    );
+  }
+  if (!res.ok) {
+    console.error(
+      "[vm-tools] Non-OK response runner=%s path=%s status=%d body=%s",
+      runner.kind,
+      path,
+      res.status,
+      rawText.slice(0, 2000),
+    );
+    throw new Error(
+      (json as { error?: string }).error ??
+        `Daemon ${path} failed (${res.status})`,
+    );
+  }
+  return json;
+}
+
+export function createVmTools(params: VmToolsParams) {
+  const {
+    runner,
+    ensureHandle,
+    toolOutputMap,
+    needsApproval,
+    pendingImages,
+    ctx,
+    threadId,
+  } = params;
+  const approvalFor = (mutating: boolean) => (mutating ? needsApproval : false);
+  const call = async (
+    daemonPath: string,
+    input: Record<string, unknown>,
+    method: "POST" | "PUT" = "POST",
+  ) => {
+    const handle = await ensureHandle();
+    return daemonRequest(runner, handle, daemonPath, input, method);
+  };
+
+  const read = tool({
+    needsApproval: approvalFor(TOOL_APPROVAL.read),
+    description: READ_DESCRIPTION,
+    inputSchema: zodSchema(ReadInputSchema),
+    execute: async (input) => {
+      const result = (await call("/_decopilot_vm/read", input)) as
+        | { kind: "text"; content: string; lineCount: number }
+        | {
+            kind: "image";
+            mediaType: string;
+            base64: string;
+            size: number;
+          };
+      if (result.kind === "image") {
+        // Queue the image for injection as a user message in prepareStep.
+        // Tool result is text-only — providers don't all carry images in
+        // tool result messages, but everyone supports them in user content.
+        pendingImages.push({
+          url: `data:${result.mediaType};base64,${result.base64}`,
+          mediaType: result.mediaType,
+          label: `[Image at ${input.path}]`,
+        });
+        return {
+          kind: "image" as const,
+          path: input.path,
+          mediaType: result.mediaType,
+          size: result.size,
+          message: "Image attached below.",
+        };
+      }
+      return maybeTruncate(result, toolOutputMap);
+    },
+  });
+
+  const write = tool({
+    needsApproval: approvalFor(TOOL_APPROVAL.write),
+    description: WRITE_DESCRIPTION,
+    inputSchema: zodSchema(WriteInputSchema),
+    execute: async (input) => call("/_decopilot_vm/write", input),
+  });
+
+  const edit = tool({
+    needsApproval: approvalFor(TOOL_APPROVAL.edit),
+    description: EDIT_DESCRIPTION,
+    inputSchema: zodSchema(EditInputSchema),
+    execute: async (input) => call("/_decopilot_vm/edit", input),
+  });
+
+  const grep = tool({
+    needsApproval: approvalFor(TOOL_APPROVAL.grep),
+    description: GREP_DESCRIPTION,
+    inputSchema: zodSchema(GrepInputSchema),
+    execute: async (input) => {
+      const result = await call("/_decopilot_vm/grep", input);
+      return maybeTruncate(result, toolOutputMap);
+    },
+  });
+
+  const glob = tool({
+    needsApproval: approvalFor(TOOL_APPROVAL.glob),
+    description: GLOB_DESCRIPTION,
+    inputSchema: zodSchema(GlobInputSchema),
+    execute: async (input) => {
+      const result = await call("/_decopilot_vm/glob", input);
+      return maybeTruncate(result, toolOutputMap);
+    },
+  });
+
+  const bash = tool({
+    needsApproval: approvalFor(TOOL_APPROVAL.bash),
+    description: buildBashDescription(),
+    inputSchema: zodSchema(BashInputSchema),
+    execute: async (input) => {
+      const result = await call("/_decopilot_vm/bash", input);
+      return maybeTruncate(result, toolOutputMap);
+    },
+  });
+
+  const copy_to_sandbox = tool({
+    needsApproval: approvalFor(TOOL_APPROVAL.copy_to_sandbox),
+    description: COPY_TO_SANDBOX_DESCRIPTION,
+    inputSchema: zodSchema(CopyToSandboxInputSchema),
+    execute: async (input) => {
+      const sourceUrl = await resolveSourceUrl(input.url, ctx);
+      const result = await call("/_decopilot_vm/write_from_url", {
+        url: sourceUrl,
+        path: input.target,
+      });
+      return result as { ok: boolean; path: string; size: number };
+    },
+  });
+
+  const share_with_user = tool({
+    needsApproval: approvalFor(TOOL_APPROVAL.share_with_user),
+    description: SHARE_WITH_USER_DESCRIPTION,
+    inputSchema: zodSchema(ShareWithUserInputSchema),
+    execute: async (input) => {
+      const orgSlug = ctx.organization?.slug;
+      const storage = ctx.objectStorage;
+      if (!orgSlug || !storage) {
+        throw new Error("Object storage is not configured for this org");
+      }
+      const filename = sanitizeFilename(
+        input.name ?? path.basename(input.source),
+      );
+      if (!filename) {
+        throw new Error(`Invalid filename: ${input.name ?? input.source}`);
+      }
+      const key = `model-outputs/${threadId}/${filename}`;
+      const presignedPutUrl = await storage.presignedPutUrl(key);
+      await call("/_decopilot_vm/upload_to_url", {
+        path: input.source,
+        url: presignedPutUrl,
+      });
+      return {
+        key,
+        filename,
+        downloadUrl: toFileDownloadUrl(ctx.baseUrl, orgSlug, key),
+      };
+    },
+  });
+
+  return {
+    read,
+    write,
+    edit,
+    grep,
+    glob,
+    bash,
+    copy_to_sandbox,
+    share_with_user,
+  };
+}
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/vm-tools/schemas.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/vm-tools/schemas.ts
new file mode 100644
index 0000000000..55d6ff6383
--- /dev/null
+++ b/apps/mesh/src/api/routes/decopilot/built-in-tools/vm-tools/schemas.ts
@@ -0,0 +1,198 @@
+/**
+ * Single source of truth for the six file-op tool schemas — drift between
+ * runner implementations becomes a type error, not a silent behavior split.
+ */
+
+import { z } from "zod";
+
+export const ReadInputSchema = z.object({
+  path: z
+    .string()
+    .describe(
+      "File path. Relative paths resolve against the project root (e.g. " +
+        "'src/index.ts'); absolute paths are accepted for files outside the " +
+        "project (e.g. '/home/sandbox/deck.thumbnail.jpg').",
+    ),
+  offset: z
+    .number()
+    .optional()
+    .describe("Starting line number for text files (1-based, default 1)"),
+  limit: z
+    .number()
+    .optional()
+    .describe("Max lines to return for text files (default 2000)"),
+});
+
+export const WriteInputSchema = z.object({
+  path: z.string().describe("File path relative to project root"),
+  content: z.string().describe("The full file content to write"),
+});
+
+export const EditInputSchema = z.object({
+  path: z.string().describe("File path relative to project root"),
+  old_string: z.string().describe("The exact text to find and replace"),
+  new_string: z
+    .string()
+    .describe("The replacement text (must differ from old_string)"),
+  replace_all: z
+    .boolean()
+    .optional()
+    .describe("Replace all occurrences (default false)"),
+});
+
+export const GrepInputSchema = z.object({
+  pattern: z.string().describe("Regex pattern to search for"),
+  path: z
+    .string()
+    .optional()
+    .describe("Directory or file to search in (default: project root)"),
+  glob: z
+    .string()
+    .optional()
+    .describe("Glob pattern to filter files (e.g. '*.ts', '*.{js,jsx}')"),
+  context: z.number().optional().describe("Lines of context around matches"),
+  ignore_case: z.boolean().optional().describe("Case-insensitive search"),
+  output_mode: z
+    .enum(["content", "files", "count"])
+    .optional()
+    .describe("Output mode (default: 'files')"),
+  limit: z.number().optional().describe("Max result lines (default 250)"),
+});
+
+export const GlobInputSchema = z.object({
+  pattern: z
+    .string()
+    .describe(
+      "Glob pattern to match files (e.g. '**/*.ts', 'src/**/*.test.tsx')",
+    ),
+  path: z
+    .string()
+    .optional()
+    .describe("Directory to search in (default: project root)"),
+});
+
+export const BashInputSchema = z.object({
+  command: z.string().describe("The bash command to execute"),
+  timeout: z
+    .number()
+    .optional()
+    .describe("Timeout in milliseconds (default 30000, max 120000)"),
+});
+
+export const CopyToSandboxInputSchema = z.object({
+  url: z
+    .string()
+    .describe(
+      "Org-scoped storage reference. Accepts a mesh-storage:// URI from " +
+        "chat (e.g. mesh-storage://chat-uploads/abc.pdf) or a bare key " +
+        "(e.g. chat-uploads/abc.pdf). Arbitrary http(s):// URLs are NOT " +
+        "accepted — for public URLs use the bash tool with curl.",
+    ),
+  target: z
+    .string()
+    .describe(
+      "Destination path on the sandbox FS (relative to project root). " +
+        "Parent directories are created as needed.",
+    ),
+});
+
+export const ShareWithUserInputSchema = z.object({
+  source: z
+    .string()
+    .describe(
+      "Path to a file on the sandbox FS to share back to the user. " +
+        "Must be a single file (not a directory).",
+    ),
+  name: z
+    .string()
+    .optional()
+    .describe(
+      "Filename to surface in the chat UI (default: basename of source). " +
+        "Cannot contain slashes.",
+    ),
+});
+
+export type ReadInput = z.infer<typeof ReadInputSchema>;
+export type WriteInput = z.infer<typeof WriteInputSchema>;
+export type EditInput = z.infer<typeof EditInputSchema>;
+export type GrepInput = z.infer<typeof GrepInputSchema>;
+export type GlobInput = z.infer<typeof GlobInputSchema>;
+export type BashInput = z.infer<typeof BashInputSchema>;
+export type CopyToSandboxInput = z.infer<typeof CopyToSandboxInputSchema>;
+export type ShareWithUserInput = z.infer<typeof ShareWithUserInputSchema>;
+
+export const READ_DESCRIPTION =
+  "Read a file. For text files, returns content with line numbers (use offset " +
+  "and limit for large files). For images (jpeg, png, gif, webp), the image " +
+  "is injected into the next turn as a vision input — do NOT describe what " +
+  "you 'expect' to see, just call read and look at the next message. Other " +
+  "binary formats are not supported; use a format-specific skill " +
+  "(e.g. pptx-extract for .pptx).";
+
+export const WRITE_DESCRIPTION =
+  "Write content to a file in the VM's project directory. " +
+  "Creates parent directories if needed. Overwrites existing files entirely.";
+
+export const EDIT_DESCRIPTION =
+  "Perform exact string replacement in a file in the VM. " +
+  "old_string must be unique in the file unless replace_all is true.";
+
+export const GREP_DESCRIPTION =
+  "Search file contents in the VM using ripgrep. " +
+  "Supports regex patterns, file type filtering via glob, and context lines.";
+
+export const GLOB_DESCRIPTION =
+  "Find files by name pattern in the VM's project directory. " +
+  "Uses ripgrep for gitignore-aware matching. Returns relative file paths.";
+
+export function buildBashDescription(): string {
+  return (
+    "Execute a shell command in the VM's project directory. " +
+    "Working directory is the project root. Timeout default 30s, max 2min.\n\n" +
+    "Pre-installed skills live at `/mnt/skills/public/<name>/SKILL.md`. " +
+    "Run `ls /mnt/skills/public/` for the index and " +
+    "`cat /mnt/skills/public/<name>/SKILL.md` before using one. " +
+    "Skills cover common file operations: pptx (PowerPoint), docx (Word), " +
+    "xlsx (Excel), pdf, file-reading (router).\n\n" +
+    "To bring chat attachments / presigned URLs into the sandbox FS use " +
+    "`copy_to_sandbox` (NOT bash + curl). To deliver a file you produced " +
+    "back to the user as a download chip, use `share_with_user`."
+  );
+}
+
+export const COPY_TO_SANDBOX_DESCRIPTION =
+  "Copy a chat-attached or org-storage file into the sandbox filesystem " +
+  "at `target`. Use this BEFORE running format-specific skills " +
+  "(pptx-extract, pdf, docx, ...) on user-uploaded files. Accepts " +
+  "mesh-storage:// URIs and bare org-storage keys only — for arbitrary " +
+  "public URLs use bash + curl. Bytes stream directly from S3 to the " +
+  "sandbox; they do not pass through the model.";
+
+export const SHARE_WITH_USER_DESCRIPTION =
+  "Upload a file from the sandbox FS back to the user's chat as a download " +
+  "chip on this turn. Use this for artifacts the user should be able to " +
+  "save (CSV reports, generated decks, zipped builds, etc). The file " +
+  "lands under the current thread's outputs prefix; the UI surfaces it " +
+  "automatically when the turn finishes.";
+
+// read/grep/glob are non-mutating; write/edit/bash mutate.
+//
+// copy_to_sandbox + share_with_user are intentionally NOT approval-gated.
+// Both write side effects technically mutate state — copy_to_sandbox
+// drops bytes on the sandbox FS (already gated by `safePath`, no escape
+// outside `/app`), and share_with_user uploads to a thread-scoped S3
+// prefix the user already owns. Gating either would surface an approval
+// prompt on the most natural path the model takes for chat artifacts
+// (download → process → share), which is high-friction for a flow the
+// user just initiated by attaching a file. Reserve approvals for shell
+// + project-FS mutation where the blast radius is broader.
+export const TOOL_APPROVAL = {
+  read: false,
+  write: true,
+  edit: true,
+  grep: false,
+  glob: false,
+  bash: true,
+  copy_to_sandbox: false,
+  share_with_user: false,
+} as const;
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/vm-tools/types.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/vm-tools/types.ts
new file mode 100644
index 0000000000..b38195e383
--- /dev/null
+++ b/apps/mesh/src/api/routes/decopilot/built-in-tools/vm-tools/types.ts
@@ -0,0 +1,37 @@
+import type { SandboxRunner } from "@decocms/sandbox/runner";
+import type { MeshContext } from "@/core/mesh-context";
+import type { PendingImage } from "../take-screenshot";
+
+export interface VmToolsParams {
+  readonly runner: SandboxRunner;
+  /**
+   * Lazy handle resolver. Invoked on every tool call; caller is expected
+   * to memoise so the first invocation provisions and later calls reuse.
+   */
+  readonly ensureHandle: () => Promise<string>;
+  readonly toolOutputMap: Map<string, string>;
+  readonly needsApproval: boolean;
+  /**
+   * Shared queue for vision inputs that should be injected into the next
+   * model turn. The `read` tool pushes here when it loads an image; the
+   * queue is flushed by `prepareStep` in stream-core.ts.
+   */
+  readonly pendingImages: PendingImage[];
+  /**
+   * Mesh context for tools that need to mint presigned URLs against the
+   * org's object storage (`copy_to_sandbox`, `share_with_user`) or
+   * resolve the org id for stable file URLs.
+   */
+  readonly ctx: MeshContext;
+  /**
+   * Current chat thread id. `share_with_user` writes artifacts under
+   * `model-outputs/<threadId>/<filename>` so the chat UI can list them.
+   */
+  readonly threadId: string;
+  /**
+   * Virtual MCP ID. `set_vm_config` mirrors packageManager / previewPort
+   * back to the Virtual MCP metadata so new branch sandboxes are
+   * provisioned with the updated workload rather than stale defaults.
+   */
+  readonly virtualMcpId: string;
+}
diff --git a/apps/mesh/src/api/routes/decopilot/built-in-tools/web-search.ts b/apps/mesh/src/api/routes/decopilot/built-in-tools/web-search.ts
index bda1f49bb1..f6f39d19d9 100644
--- a/apps/mesh/src/api/routes/decopilot/built-in-tools/web-search.ts
+++ b/apps/mesh/src/api/routes/decopilot/built-in-tools/web-search.ts
@@ -17,15 +17,16 @@
 
 import { tool, zodSchema, streamText, type UIMessageStreamWriter } from "ai";
 import { z } from "zod";
-import type { MeshProvider } from "@/ai-providers/types";
+import {
+  AsyncResearchTerminalError,
+  type MeshProvider,
+} from "@/ai-providers/types";
 import type { MeshContext } from "@/core/mesh-context";
 import { sanitizeProviderMetadata } from "@decocms/mesh-sdk";
 import type { ModelInfo } from "../types";
 import { createOutputPreview } from "./read-tool-output";
 import { toMeshStorageUri } from "../mesh-storage-uri";
-
-/** Results above this threshold are offloaded to blob storage. */
-const LARGE_RESULT_TOKEN_THRESHOLD = 8_000;
+import { LARGE_RESULT_TOKEN_THRESHOLD } from "./constants";
 
 const WebSearchInputSchema = z.object({
   query: z
@@ -46,9 +47,12 @@ export function createWebSearchTool(
     deepResearchModelInfo: ModelInfo;
     ctx: MeshContext;
     toolOutputMap: Map<string, string>;
+    /** Current thread/task id — used to find or persist Gemini interactions. */
+    taskId: string;
   },
 ) {
-  const { provider, deepResearchModelInfo, ctx, toolOutputMap } = params;
+  const { provider, deepResearchModelInfo, ctx, toolOutputMap, taskId } =
+    params;
 
   return tool({
     description:
@@ -60,71 +64,161 @@ export function createWebSearchTool(
     execute: async (input, options) => {
       const startTime = performance.now();
       try {
-        const model = provider.aiSdk.languageModel(deepResearchModelInfo.id);
-
-        const result = streamText({
-          model,
-          prompt: input.query,
-          abortSignal: options.abortSignal,
-        });
+        const modelId = deepResearchModelInfo.id;
+        const asyncResearch = provider.asyncResearch;
+        const useAsyncResearch = asyncResearch?.canHandle(modelId) === true;
 
-        // Accumulate text while streaming to the UI.
-        // The AI SDK replaces data parts with the same id on each write,
-        // so we send the full accumulated text (not just the delta).
-        // Throttled to limit wire overhead.
         let fullText = "";
-        let lastSendTime = 0;
-        const THROTTLE_MS = 50;
-
-        for await (const chunk of result.textStream) {
-          fullText += chunk;
-          const now = Date.now();
-          if (now - lastSendTime >= THROTTLE_MS) {
-            lastSendTime = now;
-            (writer as any).write({
-              type: "data-web-search",
-              id: options.toolCallId,
-              data: { text: fullText },
+        let citations: Array<{ url: string; title?: string }> = [];
+        let inputTokens = 0;
+        let outputTokens = 0;
+        let safeProviderMeta:
+          | ReturnType<typeof sanitizeProviderMetadata>
+          | undefined;
+
+        const writeProgress = (text: string) => {
+          (writer as any).write({
+            type: "data-web-search",
+            id: options.toolCallId,
+            data: { text },
+          });
+        };
+
+        if (useAsyncResearch && asyncResearch) {
+          const providerId = provider.info.id;
+
+          // Resume path: if a previous run for this (thread, provider, model,
+          // query) already submitted a job and never reached terminal state,
+          // resume that one instead of paying for a fresh job.
+          const existing = await ctx.storage.threads.findInflightAsyncJob(
+            taskId,
+            providerId,
+            modelId,
+            input.query,
+          );
+          let jobId: string;
+          if (existing) {
+            jobId = existing.jobId;
+          } else {
+            const started = await asyncResearch.start({
+              modelId,
+              query: input.query,
+              abortSignal: options.abortSignal,
+            });
+            jobId = started.jobId;
+            // Persist BEFORE polling — if the pod dies during the wait, the
+            // next pod that retries this tool call will find this row.
+            await ctx.storage.threads.addInflightAsyncJob(taskId, {
+              toolCallId: options.toolCallId,
+              provider: providerId,
+              modelId,
+              query: input.query,
+              jobId,
+              startedAt: new Date().toISOString(),
             });
           }
-        }
-        // Final flush to ensure all text is sent
-        (writer as any).write({
-          type: "data-web-search",
-          id: options.toolCallId,
-          data: { text: fullText },
-        });
 
-        const [usage, sources, providerMetadata] = await Promise.all([
-          result.usage,
-          result.sources,
-          result.providerMetadata,
-        ]);
-        const inputTokens = usage.inputTokens ?? 0;
-        const outputTokens = usage.outputTokens ?? 0;
-        const safeProviderMeta = sanitizeProviderMetadata(
-          providerMetadata as Record<string, unknown> | undefined,
-        );
-
-        // Normalize sources into a simple { url, title } array for the UI.
-        const citations: Array<{ url: string; title?: string }> = [];
-        if (sources && Array.isArray(sources)) {
-          for (const s of sources) {
-            if (
-              s &&
-              typeof s === "object" &&
-              "sourceType" in s &&
-              s.sourceType === "url" &&
-              "url" in s &&
-              typeof s.url === "string"
-            ) {
-              citations.push({
-                url: s.url,
-                title:
-                  "title" in s && typeof s.title === "string"
-                    ? s.title
-                    : undefined,
-              });
+          let lastSendTime = 0;
+          const THROTTLE_MS = 50;
+
+          // Only delete the persisted handle when we know the provider-side
+          // job is gone (success OR terminal provider failure). Transient
+          // errors (network, 5xx) keep the row so the next attempt can
+          // reconnect to the still-running job rather than spawning a fresh
+          // expensive duplicate.
+          let providerJobGone = false;
+          try {
+            const result = await asyncResearch.resume({
+              jobId,
+              abortSignal: options.abortSignal,
+              onProgress: (transcript: string) => {
+                const now = Date.now();
+                if (now - lastSendTime >= THROTTLE_MS) {
+                  lastSendTime = now;
+                  writeProgress(transcript);
+                }
+              },
+            });
+            providerJobGone = true;
+            fullText = result.text;
+            citations = result.citations;
+            inputTokens = result.usage.inputTokens;
+            outputTokens = result.usage.outputTokens;
+            // Final flush with the report only — drops the *thinking* prefix
+            // streamed during the run.
+            writeProgress(fullText);
+          } catch (err) {
+            if (err instanceof AsyncResearchTerminalError) {
+              providerJobGone = true;
+            }
+            throw err;
+          } finally {
+            if (providerJobGone) {
+              await ctx.storage.threads.removeInflightAsyncJob(
+                taskId,
+                providerId,
+                modelId,
+                input.query,
+              );
+            }
+          }
+        } else {
+          const model = provider.aiSdk.languageModel(deepResearchModelInfo.id);
+
+          const result = streamText({
+            model,
+            prompt: input.query,
+            abortSignal: options.abortSignal,
+          });
+
+          // Accumulate text while streaming to the UI.
+          // The AI SDK replaces data parts with the same id on each write,
+          // so we send the full accumulated text (not just the delta).
+          // Throttled to limit wire overhead.
+          let lastSendTime = 0;
+          const THROTTLE_MS = 50;
+
+          for await (const chunk of result.textStream) {
+            fullText += chunk;
+            const now = Date.now();
+            if (now - lastSendTime >= THROTTLE_MS) {
+              lastSendTime = now;
+              writeProgress(fullText);
+            }
+          }
+          // Final flush to ensure all text is sent
+          writeProgress(fullText);
+
+          const [usage, sources, providerMetadata] = await Promise.all([
+            result.usage,
+            result.sources,
+            result.providerMetadata,
+          ]);
+          inputTokens = usage.inputTokens ?? 0;
+          outputTokens = usage.outputTokens ?? 0;
+          safeProviderMeta = sanitizeProviderMetadata(
+            providerMetadata as Record<string, unknown> | undefined,
+          );
+
+          // Normalize sources into a simple { url, title } array for the UI.
+          if (sources && Array.isArray(sources)) {
+            for (const s of sources) {
+              if (
+                s &&
+                typeof s === "object" &&
+                "sourceType" in s &&
+                s.sourceType === "url" &&
+                "url" in s &&
+                typeof s.url === "string"
+              ) {
+                citations.push({
+                  url: s.url,
+                  title:
+                    "title" in s && typeof s.title === "string"
+                      ? s.title
+                      : undefined,
+                });
+              }
             }
           }
         }
diff --git a/apps/mesh/src/api/routes/decopilot/constants.ts b/apps/mesh/src/api/routes/decopilot/constants.ts
index 01024d5649..fe144a3fa4 100644
--- a/apps/mesh/src/api/routes/decopilot/constants.ts
+++ b/apps/mesh/src/api/routes/decopilot/constants.ts
@@ -1,3 +1,4 @@
+import type { GithubRepo } from "@decocms/mesh-sdk";
 import { generatePrefixedId } from "@/shared/utils/generate-id";
 
 /** Message ID generator. Use as closure where a () => string is expected (e.g. toUIMessageStreamResponse). */
@@ -9,17 +10,22 @@ export const DEFAULT_THREAD_TITLE = "New chat";
 
 export const PARENT_STEP_LIMIT = 30;
 export const SUBAGENT_STEP_LIMIT = 15;
-export const SUBAGENT_EXCLUDED_TOOLS = ["user_ask", "subtask", "open_in_agent"];
+export const SUBAGENT_EXCLUDED_TOOLS = ["user_ask", "subtask"];
 
 /**
  * Base platform prompt — shared by all agents (decopilot and custom).
  * Covers: platform concepts, tool usage, default workflow, safety, output style.
  */
 export function buildBasePlatformPrompt(): string {
+  const now = new Date();
+  const currentDate = now.toISOString().split("T")[0];
+
   return `<platform>
 You are an AI agent running on Deco CMS — a control plane for connecting
 AI agents to external services via the Model Context Protocol (MCP).
 
+Current date: ${currentDate}
+
 Building blocks:
 - **Connections** — tool providers that connect to external services
   (Gmail, Slack, GitHub, databases, etc). Each exposes tools you can call.
@@ -143,6 +149,27 @@ Focus exclusively on:
 </scope>`;
 }
 
+/**
+ * Repo environment prompt — injected when the active virtual MCP has a
+ * GitHub repository linked (and therefore exposes the VM/filesystem/shell
+ * tool suite).
+ */
+export function buildRepoEnvironmentPrompt(repo: GithubRepo): string {
+  return `<repo-environment>
+You are running inside the repository \`${repo.owner}/${repo.name}\`.
+
+Cite file locations as \`path:line\` so the user can jump to them.
+
+Git operations live in two layers:
+- Working tree, history, commits, branches, pushes → BASH + git CLI
+  inside the VM. The repo is already cloned and checked out; never
+  re-clone.
+- PR-level operations (open, close, merge, review, comment) → GitHub
+  MCP tools. For rebasing a branch on its base, use git CLI — never
+  \`update_pull_request_branch\`, which merges instead of rebasing.
+</repo-environment>`;
+}
+
 export const TITLE_GENERATOR_PROMPT = `Generate a concise, sentence-case title (3-7 words) that captures the main topic or goal of this session. Use sentence case: capitalize only the first word and proper nouns.
 
 Return JSON with a single "title" field.
diff --git a/apps/mesh/src/api/routes/decopilot/file-materializer.ts b/apps/mesh/src/api/routes/decopilot/file-materializer.ts
index 7cec4855a7..9fdb633463 100644
--- a/apps/mesh/src/api/routes/decopilot/file-materializer.ts
+++ b/apps/mesh/src/api/routes/decopilot/file-materializer.ts
@@ -29,10 +29,37 @@ import {
 /** Build the stable redirect URL the UI / tools use to access a file. */
 function toFileRedirectUrl(
   baseUrl: string,
-  orgId: string,
+  orgSlug: string,
   key: string,
 ): string {
-  return `${baseUrl}/api/${orgId}/files/${key}`;
+  return `${baseUrl}/api/${orgSlug}/files/${key}`;
+}
+
+/**
+ * MIME types we never hand to providers as native file parts.
+ * Provider support for Office formats is uneven (Anthropic chokes with
+ * "Failed to parse [file://...]", others silently ignore the file), and
+ * the sandbox skills (pptx-extract, docx, xlsx) consistently produce
+ * better results than any provider's native parser. The model picks
+ * these up from the annotation text emitted by uploadFileParts and
+ * pulls them in via copy_to_sandbox.
+ *
+ * PDFs stay on the native path — every provider with a `file` capability
+ * handles them fine and going through the sandbox would be a regression.
+ */
+const SANDBOX_ONLY_MIME_TYPES = new Set([
+  "application/vnd.openxmlformats-officedocument.presentationml.presentation",
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+]);
+
+function isSandboxOnlyFilePart(part: { type: string }): boolean {
+  return (
+    part.type === "file" &&
+    "mediaType" in part &&
+    typeof (part as { mediaType?: unknown }).mediaType === "string" &&
+    SANDBOX_ONLY_MIME_TYPES.has((part as { mediaType: string }).mediaType)
+  );
 }
 
 // ============================================================================
@@ -142,7 +169,8 @@ export async function uploadFileParts(
   ctx: MeshContext,
 ): Promise<ChatMessage[]> {
   if (!ctx.organization) return messages;
-  const orgId = ctx.organization.id;
+  const orgSlug = ctx.organization.slug;
+  if (!orgSlug) return messages;
 
   const lastUserIdx = messages.findLastIndex((m) => m.role === "user");
   if (lastUserIdx === -1) return messages;
@@ -189,7 +217,7 @@ export async function uploadFileParts(
       return {
         dataUrl: part.url,
         meshStorageUrl: toMeshStorageUri(uploadedKey),
-        redirectUrl: toFileRedirectUrl(ctx.baseUrl, orgId, uploadedKey),
+        redirectUrl: toFileRedirectUrl(ctx.baseUrl, orgSlug, uploadedKey),
         filename,
       };
     }),
@@ -268,9 +296,21 @@ export async function resolveStorageRefs(
 ): Promise<ChatMessage[]> {
   if (!ctx.organization) return messages;
 
-  // Collect unique mesh-storage: keys from file parts only (not text)
+  // First pass: drop sandbox-only file parts (Office formats). The model
+  // reads these via copy_to_sandbox using the mesh-storage URI in the
+  // annotation text emitted by uploadFileParts.
+  const filtered = messages.map((msg) => {
+    const filteredParts = msg.parts.filter(
+      (part) => !isSandboxOnlyFilePart(part),
+    );
+    return filteredParts.length === msg.parts.length
+      ? msg
+      : { ...msg, parts: filteredParts };
+  });
+
+  // Collect unique mesh-storage: keys from remaining file parts (not text)
   const keysToResolve = new Set<string>();
-  for (const msg of messages) {
+  for (const msg of filtered) {
     for (const part of msg.parts) {
       if (
         part.type === "file" &&
@@ -293,12 +333,12 @@ export async function resolveStorageRefs(
   );
 
   if (keyToPresigned.size === 0) {
-    // No mesh-storage: refs in file parts — safety net for legacy data: URLs
-    return legacyMaterialize(messages, ctx);
+    // No mesh-storage: refs in remaining file parts — safety net for legacy data: URLs
+    return legacyMaterialize(filtered, ctx);
   }
 
   // Replace mesh-storage: in file part URLs only; leave text parts untouched
-  const resolved = messages.map((msg) => {
+  const resolved = filtered.map((msg) => {
     const newParts = msg.parts.map((part) => {
       if (
         part.type === "file" &&
diff --git a/apps/mesh/src/api/routes/decopilot/helpers.ts b/apps/mesh/src/api/routes/decopilot/helpers.ts
index f6aaa9f6a2..6ccf660546 100644
--- a/apps/mesh/src/api/routes/decopilot/helpers.ts
+++ b/apps/mesh/src/api/routes/decopilot/helpers.ts
@@ -18,6 +18,7 @@ import {
 import type { Context } from "hono";
 
 import type { MeshContext, OrganizationScope } from "@/core/mesh-context";
+import { posthog } from "@/posthog";
 import { HTTPException } from "hono/http-exception";
 import { MCP_TOOL_CALL_TIMEOUT_MS } from "@/core/constants";
 import { resolveArgsStorageRefs } from "./file-materializer";
@@ -77,7 +78,7 @@ export function ensureOrganization(
  * only [a-zA-Z0-9_.\-:], and be at most 128 characters.
  */
 export function sanitizeToolName(name: string): string {
-  // Replace any character outside the allowed set with an underscore
+  // Replace any character outside the allowed set with an underscore.
   let safe = name.replace(/[^a-zA-Z0-9_.\-:]/g, "_");
   // Ensure it starts with a letter or underscore
   if (safe.length === 0 || !/^[a-zA-Z_]/.test(safe)) {
@@ -101,8 +102,7 @@ export function buildSanitizedNameMap(names: string[]): Map<string, string> {
   for (const name of names) {
     let safeName = sanitizeToolName(name);
     if (usedNames.has(safeName)) {
-      // Reserve room for the suffix (up to "_999") within the 128-char limit
-      const maxBase = 128 - 4; // "_" + up to 3 digits
+      const maxBase = 128 - 4;
       const base =
         safeName.length > maxBase ? safeName.slice(0, maxBase) : safeName;
       let i = 2;
@@ -115,6 +115,86 @@ export function buildSanitizedNameMap(names: string[]): Map<string, string> {
   return map;
 }
 
+/**
+ * Strip the GatewayClient namespace prefix (`slugify(clientId) + "_"`) from a tool name.
+ */
+function stripGatewayPrefix(
+  namespacedName: string,
+  gatewayClientId: string,
+): string {
+  const slug = gatewayClientId
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, "-")
+    .replace(/^-|-$/g, "");
+  const prefix = `${slug}_`;
+  return namespacedName.startsWith(prefix)
+    ? namespacedName.slice(prefix.length)
+    : namespacedName;
+}
+
+/**
+ * Sanitize a tool name for LLM use: same as sanitizeToolName but also
+ * converts hyphens to underscores, since many LLMs normalize hyphens when
+ * invoking tool names, causing "tool not found" errors.
+ */
+function sanitizeForLlm(name: string): string {
+  return sanitizeToolName(name).replace(/-/g, "_");
+}
+
+/**
+ * Build a collision-aware name map from MCP tools.
+ * Uses the short (un-namespaced) tool name when it's unique across all
+ * connections; only prepends the connection prefix when two connections
+ * expose a tool with the same base name.
+ *
+ * Examples (no collision): "search_repositories", "list_objects"
+ * Examples (collision):    "conn_togsm0_search_code", "conn_abc_search_code"
+ */
+function buildShortNameMap(
+  tools: Array<{ name: string; _meta?: Record<string, unknown> }>,
+): Map<string, string> {
+  // Pass 1: count how many tools share each sanitized short name
+  const shortCount = new Map<string, number>();
+  for (const t of tools) {
+    const connId =
+      typeof t._meta?.gatewayClientId === "string"
+        ? t._meta.gatewayClientId
+        : "";
+    const short = connId ? stripGatewayPrefix(t.name, connId) : t.name;
+    const safe = sanitizeForLlm(short);
+    shortCount.set(safe, (shortCount.get(safe) ?? 0) + 1);
+  }
+
+  // Pass 2: assign safe names, prefixing only on collision
+  const used = new Set<string>();
+  const map = new Map<string, string>();
+  for (const t of tools) {
+    const connId =
+      typeof t._meta?.gatewayClientId === "string"
+        ? t._meta.gatewayClientId
+        : "";
+    const short = connId ? stripGatewayPrefix(t.name, connId) : t.name;
+    const safeShort = sanitizeForLlm(short);
+    const unique = (shortCount.get(safeShort) ?? 0) <= 1;
+
+    // For the collision prefix, normalize the connId too so hyphens in
+    // connection IDs don't produce names the LLM will mangle.
+    let safeName = unique ? safeShort : sanitizeForLlm(`${connId}_${short}`);
+
+    // Suffix for any remaining collision (same conn + same tool name)
+    if (used.has(safeName)) {
+      const base = safeName.slice(0, 124);
+      let i = 2;
+      while (used.has(`${base}_${i}`)) i++;
+      safeName = `${base}_${i}`;
+    }
+
+    used.add(safeName);
+    map.set(t.name, safeName);
+  }
+  return map;
+}
+
 /**
  * Convert MCP tools to AI SDK ToolSet
  */
@@ -149,7 +229,7 @@ export async function toolsFromMCP(
   const list = await client.listTools();
   const visibleTools = list.tools.filter(isToolVisibleToModel);
 
-  const nameMap = buildSanitizedNameMap(visibleTools.map((t) => t.name));
+  const nameMap = buildShortNameMap(visibleTools);
   const toolEntries = visibleTools.map((t) => {
     const { name, title, description, inputSchema, annotations, _meta } = t;
     const safeName = nameMap.get(name)!;
@@ -167,6 +247,7 @@ export async function toolsFromMCP(
           }) !== false,
         execute: async (input, callOptions) => {
           const startTime = performance.now();
+          let isError = false;
           try {
             // Resolve any mesh-storage: URIs in tool arguments to fresh
             // presigned URLs before forwarding to the MCP client.
@@ -187,10 +268,14 @@ export async function toolsFromMCP(
                 timeout: MCP_TOOL_CALL_TIMEOUT_MS,
               },
             );
+            isError = Boolean((result as { isError?: boolean })?.isError);
             return result as unknown as CallToolResult;
+          } catch (err) {
+            isError = true;
+            throw err;
           } finally {
+            const latencyMs = performance.now() - startTime;
             if (writer) {
-              const latencyMs = performance.now() - startTime;
               writer.write({
                 type: "data-tool-metadata",
                 id: callOptions.toolCallId,
@@ -201,6 +286,28 @@ export async function toolsFromMCP(
                 },
               });
             }
+            // Product analytics: fire-and-forget. Posthog-node batches.
+            const orgId = meshCtx?.organization?.id;
+            const userId = meshCtx?.auth?.user?.id;
+            if (orgId && userId) {
+              posthog.capture({
+                distinctId: userId,
+                event: "tool_called",
+                groups: { organization: orgId },
+                properties: {
+                  organization_id: orgId,
+                  tool_source: "mcp",
+                  tool_name: t.name,
+                  tool_safe_name: safeName,
+                  read_only: annotations?.readOnlyHint ?? null,
+                  destructive: annotations?.destructiveHint ?? null,
+                  idempotent: annotations?.idempotentHint ?? null,
+                  open_world: annotations?.openWorldHint ?? null,
+                  latency_ms: Math.round(latencyMs),
+                  is_error: isError,
+                },
+              });
+            }
           }
         },
         toModelOutput: async ({ output, toolCallId }) => {
diff --git a/apps/mesh/src/api/routes/decopilot/memory.test.ts b/apps/mesh/src/api/routes/decopilot/memory.test.ts
new file mode 100644
index 0000000000..2d75b7fba8
--- /dev/null
+++ b/apps/mesh/src/api/routes/decopilot/memory.test.ts
@@ -0,0 +1,45 @@
+import { describe, it, expect, beforeAll, afterAll } from "bun:test";
+import { createMemory } from "./memory";
+import {
+  buildThreadTestContext,
+  type ThreadTestEnv,
+} from "../../../tools/thread/test-helpers";
+
+describe("createMemory", () => {
+  let env: ThreadTestEnv;
+
+  beforeAll(async () => {
+    env = await buildThreadTestContext();
+  });
+  afterAll(async () => {
+    await env.close();
+  });
+
+  it("returns Memory when thread exists", async () => {
+    const thread = await env.ctx.storage.threads.create({
+      id: "thrd_existing",
+      organization_id: env.orgId,
+      title: "ok",
+      created_by: env.userId,
+      virtual_mcp_id: "vmcp_x",
+    });
+
+    const memory = await createMemory(env.ctx.storage.threads, {
+      thread_id: thread.id,
+      organization_id: env.orgId,
+      userId: env.userId,
+    });
+
+    expect(memory.thread.id).toBe("thrd_existing");
+  });
+
+  it("throws when thread_id is provided but thread does not exist", async () => {
+    await expect(
+      createMemory(env.ctx.storage.threads, {
+        thread_id: "thrd_does_not_exist",
+        organization_id: env.orgId,
+        userId: env.userId,
+      }),
+    ).rejects.toThrow(/thread.*not.*found/i);
+  });
+});
diff --git a/apps/mesh/src/api/routes/decopilot/memory.ts b/apps/mesh/src/api/routes/decopilot/memory.ts
index e7e1d23bf9..463b4b0084 100644
--- a/apps/mesh/src/api/routes/decopilot/memory.ts
+++ b/apps/mesh/src/api/routes/decopilot/memory.ts
@@ -7,14 +7,13 @@
 
 import type { OrgScopedThreadStorage } from "@/storage/threads";
 import type { Thread, ThreadMessage } from "@/storage/types";
-import { generatePrefixedId } from "@/shared/utils/generate-id";
 
 /**
  * Configuration for creating a Memory instance
  */
 export interface MemoryConfig {
-  /** Thread ID (creates new if not found) */
-  thread_id?: string | null;
+  /** Thread ID (required — thread must exist) */
+  thread_id: string;
 
   /** Organization scope */
   organization_id: string;
@@ -24,12 +23,6 @@ export interface MemoryConfig {
 
   /** Default window size for pruning */
   defaultWindowSize?: number;
-
-  /** Optional trigger ID for automation-created threads */
-  triggerId?: string;
-
-  /** Virtual MCP ID to associate with the thread */
-  virtualMcpId?: string;
 }
 
 /**
@@ -81,50 +74,23 @@ export class Memory {
 }
 
 /**
- * Create or get a thread, returning a Memory instance
+ * Get an existing thread by id, returning a Memory instance.
+ * Throws if the thread does not exist — the route loader is responsible for
+ * creating threads up-front via COLLECTION_THREADS_CREATE.
  */
 export async function createMemory(
   storage: OrgScopedThreadStorage,
   config: MemoryConfig,
 ): Promise<Memory> {
-  const {
-    thread_id,
-    organization_id,
-    userId,
-    defaultWindowSize,
-    triggerId,
-    virtualMcpId,
-  } = config;
-
-  let thread: Thread;
+  const { thread_id, defaultWindowSize } = config;
 
   if (!thread_id) {
-    // Create new thread
-    thread = await storage.create({
-      id: generatePrefixedId("thrd"),
-      organization_id,
-      created_by: userId,
-      trigger_id: triggerId ?? null,
-      virtual_mcp_id: virtualMcpId ?? "",
-    });
-  } else {
-    // Try to get existing thread scoped to this org
-    const existing = await storage.get(thread_id);
+    throw new Error("createMemory: thread_id is required");
+  }
 
-    if (existing) {
-      thread = existing;
-    } else {
-      // Thread not found — create using the client-provided ID so the
-      // frontend and server stay in sync (avoids a thread-ID switch in
-      // onFinish which causes a full re-render cascade).
-      thread = await storage.create({
-        id: thread_id,
-        organization_id,
-        created_by: userId,
-        trigger_id: triggerId ?? null,
-        virtual_mcp_id: virtualMcpId ?? "",
-      });
-    }
+  const thread = await storage.get(thread_id);
+  if (!thread) {
+    throw new Error(`Thread not found: ${thread_id}`);
   }
 
   return new Memory({
diff --git a/apps/mesh/src/api/routes/decopilot/model-compat.ts b/apps/mesh/src/api/routes/decopilot/model-compat.ts
index f13cc5a1fe..ab5b901c7f 100644
--- a/apps/mesh/src/api/routes/decopilot/model-compat.ts
+++ b/apps/mesh/src/api/routes/decopilot/model-compat.ts
@@ -19,9 +19,10 @@ export function ensureModelCompatibility(
   models: ModelsConfig,
   messages: MessageWithParts[],
 ): void {
-  const modelHasVision = models.thinking.capabilities?.vision ?? false;
+  const caps = models.thinking.capabilities;
+  const modelSupportsFiles = (caps?.vision ?? false) || (caps?.file ?? false);
 
-  if (!modelHasVision) {
+  if (!modelSupportsFiles) {
     const hasFiles = messages.some((message) =>
       message.parts?.some((part) => part.type === "file"),
     );
diff --git a/apps/mesh/src/api/routes/decopilot/routes.ts b/apps/mesh/src/api/routes/decopilot/routes.ts
index f3e5faf811..eb617e7370 100644
--- a/apps/mesh/src/api/routes/decopilot/routes.ts
+++ b/apps/mesh/src/api/routes/decopilot/routes.ts
@@ -6,6 +6,7 @@
  */
 
 import type { MeshContext } from "@/core/mesh-context";
+import { posthog } from "@/posthog";
 import {
   consumeStream,
   createUIMessageStream,
@@ -153,6 +154,7 @@ export function createDecopilotRoutes(deps: DecopilotDeps) {
         temperature,
         memory: memoryConfig,
         thread_id,
+        branch,
         toolApprovalLevel,
         mode,
       } = await validateRequest(c);
@@ -202,11 +204,25 @@ export function createDecopilotRoutes(deps: DecopilotDeps) {
           userId,
           taskId: resolvedThreadId,
           windowSize,
+          branch: branch ?? null,
         },
         ctx,
         { runRegistry, streamBuffer, cancelBroadcast },
       );
 
+      posthog.capture({
+        distinctId: userId,
+        event: "chat_message_started",
+        groups: { organization: organization.id },
+        properties: {
+          organization_id: organization.id,
+          agent_id: agent,
+          mode,
+          thread_id: resolvedThreadId,
+          credential_id: models.credentialId,
+        },
+      });
+
       return createUIMessageStreamResponse({
         stream: result.stream,
         consumeSseStream: consumeStream,
@@ -223,6 +239,7 @@ export function createDecopilotRoutes(deps: DecopilotDeps) {
         return c.json({ error: "Request aborted" }, 400);
       }
 
+      posthog.captureException(err);
       console.error("[decopilot:stream] Failed", {
         error: err instanceof Error ? err.message : JSON.stringify(err),
         stack: err instanceof Error ? err.stack : undefined,
@@ -248,6 +265,7 @@ export function createDecopilotRoutes(deps: DecopilotDeps) {
         temperature,
         memory: memoryConfig,
         thread_id,
+        branch,
         toolApprovalLevel,
         mode,
       } = await validateRequest(c);
@@ -297,6 +315,7 @@ export function createDecopilotRoutes(deps: DecopilotDeps) {
           userId,
           taskId: resolvedThreadId,
           windowSize,
+          branch: branch ?? null,
         },
         ctx,
         { runRegistry, streamBuffer, cancelBroadcast },
diff --git a/apps/mesh/src/api/routes/decopilot/run-config.ts b/apps/mesh/src/api/routes/decopilot/run-config.ts
index 8f99106a39..077f4ae24d 100644
--- a/apps/mesh/src/api/routes/decopilot/run-config.ts
+++ b/apps/mesh/src/api/routes/decopilot/run-config.ts
@@ -19,6 +19,7 @@ const PersistedModelInfoSchema = z.object({
       text: z.boolean().optional(),
       tools: z.boolean().optional(),
       reasoning: z.boolean().optional(),
+      file: z.boolean().optional(),
     })
     .passthrough()
     .optional(),
diff --git a/apps/mesh/src/api/routes/decopilot/run-reactor.test.ts b/apps/mesh/src/api/routes/decopilot/run-reactor.test.ts
index fef72d3d64..d42ef950b0 100644
--- a/apps/mesh/src/api/routes/decopilot/run-reactor.test.ts
+++ b/apps/mesh/src/api/routes/decopilot/run-reactor.test.ts
@@ -25,6 +25,9 @@ function makeDeps(): RunReactorDeps {
       listOrphanedRuns: mock(() => Promise.resolve([])),
       listOrphanedRunsByPod: mock(() => Promise.resolve([])),
       orphanRunsByPod: mock(() => Promise.resolve([])),
+      addInflightAsyncJob: mock(() => Promise.resolve()),
+      findInflightAsyncJob: mock(() => Promise.resolve(null)),
+      removeInflightAsyncJob: mock(() => Promise.resolve()),
     },
     streamBuffer: { purge: mock(() => {}) } as unknown as StreamBuffer,
     sseHub: { emit: mock(() => {}) },
diff --git a/apps/mesh/src/api/routes/decopilot/run-registry.test.ts b/apps/mesh/src/api/routes/decopilot/run-registry.test.ts
index 0bcc08f241..2e19daf226 100644
--- a/apps/mesh/src/api/routes/decopilot/run-registry.test.ts
+++ b/apps/mesh/src/api/routes/decopilot/run-registry.test.ts
@@ -24,6 +24,9 @@ function makeNoopDeps(): RunReactorDeps {
       listOrphanedRuns: mock(() => Promise.resolve([])),
       listOrphanedRunsByPod: mock(() => Promise.resolve([])),
       orphanRunsByPod: mock(() => Promise.resolve([])),
+      addInflightAsyncJob: mock(() => Promise.resolve()),
+      findInflightAsyncJob: mock(() => Promise.resolve(null)),
+      removeInflightAsyncJob: mock(() => Promise.resolve()),
     },
     streamBuffer: { purge: mock(() => {}) } as unknown as StreamBuffer,
     sseHub: { emit: mock(() => {}) },
@@ -421,7 +424,7 @@ describe("RunRegistry", () => {
             created_at: "",
             updated_at: "",
             created_by: "u1",
-            updated_by: null,
+            updated_by: undefined,
             hidden: false,
             context_start_message_id: null,
             run_owner_pod: null,
@@ -455,7 +458,7 @@ describe("RunRegistry", () => {
             created_at: "",
             updated_at: "",
             created_by: "u1",
-            updated_by: null,
+            updated_by: undefined,
             hidden: false,
             context_start_message_id: null,
             run_owner_pod: null,
@@ -489,7 +492,7 @@ describe("RunRegistry", () => {
             created_at: "",
             updated_at: "",
             created_by: "u1",
-            updated_by: null,
+            updated_by: undefined,
             hidden: false,
             context_start_message_id: null,
             run_owner_pod: null,
@@ -523,7 +526,7 @@ describe("RunRegistry", () => {
             created_at: "",
             updated_at: "",
             created_by: "u1",
-            updated_by: null,
+            updated_by: undefined,
             hidden: false,
             context_start_message_id: null,
             run_owner_pod: null,
@@ -637,7 +640,7 @@ describe("RunRegistry", () => {
       created_at: "",
       updated_at: "",
       created_by: "u1",
-      updated_by: null,
+      updated_by: undefined,
       hidden: false,
       context_start_message_id: null,
       run_owner_pod: "dead-pod",
diff --git a/apps/mesh/src/api/routes/decopilot/schemas.ts b/apps/mesh/src/api/routes/decopilot/schemas.ts
index cfb5d97e45..f827fe4e1e 100644
--- a/apps/mesh/src/api/routes/decopilot/schemas.ts
+++ b/apps/mesh/src/api/routes/decopilot/schemas.ts
@@ -90,6 +90,11 @@ export const StreamRequestSchema = z.object({
   stream: z.boolean().optional(),
   temperature: z.number().default(0.5),
   thread_id: z.string().optional(),
+  /**
+   * Git branch to pin the thread to on first-message creation. Only honored
+   * when the thread doesn't exist yet; existing threads keep their branch.
+   */
+  branch: z.string().nullish(),
   toolApprovalLevel: z.enum(["auto", "readonly"]).default("auto"),
   mode: z
     .enum(["default", "plan", "web-search", "gen-image"])
diff --git a/apps/mesh/src/api/routes/decopilot/stream-core.ts b/apps/mesh/src/api/routes/decopilot/stream-core.ts
index bd092cede6..f886f80a7a 100644
--- a/apps/mesh/src/api/routes/decopilot/stream-core.ts
+++ b/apps/mesh/src/api/routes/decopilot/stream-core.ts
@@ -7,22 +7,30 @@
  */
 
 import type { MeshContext } from "@/core/mesh-context";
+import { posthog } from "@/posthog";
 import { createVirtualClientFrom } from "@/mcp-clients/virtual-mcp";
 import { monitorLlmCall } from "@/monitoring/emit-llm-call";
 import { recordLlmCallMetrics } from "@/monitoring/record-llm-call-metrics";
-import { isDecopilot, sanitizeProviderMetadata } from "@decocms/mesh-sdk";
+import {
+  type GithubRepo,
+  isDecopilot,
+  sanitizeProviderMetadata,
+} from "@decocms/mesh-sdk";
 import { SpanStatusCode } from "@opentelemetry/api";
 import {
   type ToolSet,
   createUIMessageStream,
   stepCountIs,
   streamText,
+  tool,
 } from "ai";
-import { getBuiltInTools } from "./built-in-tools";
+import { z } from "zod";
+import { getBuiltInTools, type PendingImage } from "./built-in-tools";
 import { createEnableToolsTool } from "./built-in-tools/enable-tools";
 import {
   buildBasePlatformPrompt,
   buildDecopilotAgentPrompt,
+  buildRepoEnvironmentPrompt,
   DEFAULT_MAX_TOKENS,
   DEFAULT_THREAD_TITLE,
   DEFAULT_WINDOW_SIZE,
@@ -61,6 +69,57 @@ import {
 import { getInternalUrl } from "@/core/server-constants";
 import { traced, tracer } from "@/observability";
 import { getPodId } from "@/core/pod-identity";
+import { getSharedRunner } from "@/sandbox/lifecycle";
+
+function stringifyError(error: unknown): string {
+  if (error instanceof Error) return error.message;
+  if (typeof error === "object" && error !== null) {
+    try {
+      return JSON.stringify(error);
+    } catch {
+      return "[unserializable object]";
+    }
+  }
+  return String(error);
+}
+
+/**
+ * Classify a stream error into a small, stable taxonomy for analytics.
+ * Consumers (dashboards) can rely on these values being consistent across
+ * providers — the raw error message stays in the separate `error_message`
+ * prop for debugging.
+ */
+function classifyStreamError(
+  error: unknown,
+):
+  | "aborted"
+  | "insufficient_funds"
+  | "rate_limit"
+  | "timeout"
+  | "auth"
+  | "model_error"
+  | "tool_error"
+  | "unknown" {
+  if (error instanceof Error && error.name === "AbortError") return "aborted";
+  const msg = (
+    error instanceof Error ? error.message : stringifyError(error)
+  ).toLowerCase();
+  if (
+    /insufficient|no credits|out of credits|balance|payment|quota exceeded|402/i.test(
+      msg,
+    )
+  ) {
+    return "insufficient_funds";
+  }
+  if (/rate.?limit|too many requests|429/i.test(msg)) return "rate_limit";
+  if (/timeout|timed out|deadline/i.test(msg)) return "timeout";
+  if (/unauthor|forbidden|401|403|invalid.*(key|token)/i.test(msg))
+    return "auth";
+  if (/tool|mcp|connection/i.test(msg)) return "tool_error";
+  if (/model|provider|anthropic|openai|gemini|claude/i.test(msg))
+    return "model_error";
+  return "unknown";
+}
 
 /**
  * Creates a language model from the provider, enabling reasoning when the
@@ -101,6 +160,8 @@ export interface StreamCoreInput {
   windowSize?: number;
   abortSignal?: AbortSignal;
   isResume?: boolean;
+  /** Persisted to the thread row on first-message creation. */
+  branch?: string | null;
 }
 
 export interface StreamCoreDeps {
@@ -190,6 +251,10 @@ async function streamCoreInner(
 
     const windowSize = input.windowSize ?? DEFAULT_WINDOW_SIZE;
 
+    if (!input.taskId) {
+      throw new Error("streamCore: taskId is required");
+    }
+
     // 2. Load entities and create/load memory in parallel
     const [virtualMcp, provider, mem] = await Promise.all([
       ctx.storage.virtualMcps.findById(input.agent.id, input.organizationId),
@@ -204,12 +269,11 @@ async function streamCoreInner(
         thread_id: input.taskId,
         userId: input.userId,
         defaultWindowSize: windowSize,
-        triggerId: input.triggerId,
-        virtualMcpId: input.agent.id,
       }),
     ]);
 
     taskId = mem.thread.id;
+    ctx.metadata.threadId = mem.thread.id;
     rootSpan.setAttribute("decopilot.thread.id", mem.thread.id);
 
     if (mem.thread.created_by !== input.userId) {
@@ -218,6 +282,28 @@ async function streamCoreInner(
       );
     }
 
+    // Guard: async-research-only models (e.g. Gemini Deep Research) cannot
+    // drive `streamText`. They only work via the AsyncResearchProvider path
+    // routed through the `web_search` tool. Detect early and surface a clear
+    // error instead of letting Google's opaque "This model only supports
+    // Interactions API" bubble up from deep inside the agent loop.
+    if (provider?.asyncResearch) {
+      const slots: Array<["thinking" | "coding" | "fast" | "image", string]> = [
+        ["thinking", input.models.thinking.id],
+      ];
+      if (input.models.coding) slots.push(["coding", input.models.coding.id]);
+      if (input.models.fast) slots.push(["fast", input.models.fast.id]);
+      if (input.models.image) slots.push(["image", input.models.image.id]);
+      for (const [slot, modelId] of slots) {
+        if (provider.asyncResearch.canHandle(modelId)) {
+          throw new Error(
+            `Model "${modelId}" can only be used as a Deep Research model. ` +
+              `It is not usable as the ${slot} model — set it in the Deep Research slot instead.`,
+          );
+        }
+      }
+    }
+
     const saveMessagesToThread = async (
       ...messages: (ChatMessage | undefined)[]
     ) => {
@@ -374,7 +460,14 @@ async function streamCoreInner(
     }
 
     const toolOutputMap = new Map<string, string>();
+    const pendingImages: PendingImage[] = [];
     const organization = ctx.organization!;
+    const streamStartAt = Date.now();
+    let aggregatedUsage: {
+      inputTokens: number;
+      outputTokens: number;
+      totalTokens: number;
+    } = { inputTokens: 0, outputTokens: 0, totalTokens: 0 };
     let titleHandle: ReturnType<typeof genTitle> | null = null;
 
     const uiStream = createUIMessageStream({
@@ -382,11 +475,16 @@ async function streamCoreInner(
       execute: async ({ writer }) => {
         const modeConfig = resolveModeConfig(input.mode, { isCliAgent });
 
+        // superUser=true: the user is already authenticated as an org member,
+        // the virtual MCP enforces which connections are in scope, and the
+        // per-tool AuthTransport check would block every non-public connection
+        // tool (GitHub, Slack, etc.) for users who don't have explicit per-tool
+        // permissions configured — the wrong enforcement layer for chat.
         const passthroughClient = await createVirtualClientFrom(
           virtualMcp,
           ctx,
           "passthrough",
-          false,
+          true,
           { listTimeoutMs: 1_000 },
         );
 
@@ -410,15 +508,36 @@ async function streamCoreInner(
                 { ctx, isPlanMode: modeConfig.isPlanMode },
               );
 
-        // Resolve active VM for the current user — when present, VM file tools
-        // replace the QuickJS sandbox in the built-in tool set.
-        const activeVmEntry = (
-          virtualMcp.metadata as {
-            activeVms?: Record<string, { previewUrl: string }>;
-          }
-        )?.activeVms?.[input.userId];
-        const activeVm = activeVmEntry
-          ? { vmBaseUrl: activeVmEntry.previewUrl }
+        // VM file tools bind to (virtualMcpId, branch, userId). The VM is
+        // provisioned lazily on the first tool call inside getBuiltInTools.
+        //
+        // Two keying regimes:
+        // - GitHub-linked agents (githubRepo set) need per-branch isolation
+        //   so PR/branch workflows don't trample each other. Falls back to a
+        //   `thread:<taskId>` synthetic branch when no explicit branch is
+        //   supplied yet.
+        // - Ephemeral agents (no githubRepo) share one VM per (user, agent)
+        //   across threads. The skills work is mostly read-heavy and
+        //   sharing a sandbox cuts the VM count linearly with thread count.
+        //   Tradeoff: concurrent threads share /app, /home/sandbox, /tmp —
+        //   parallel writes to overlapping filenames can race. Fine for
+        //   reads and scoped outputs; revisit if it bites.
+        const vmMetadata = virtualMcp.metadata as {
+          githubRepo?: GithubRepo | null;
+        };
+        const isEphemeralAgent = !vmMetadata.githubRepo;
+        const vmContext = input.userId
+          ? {
+              virtualMcpId: input.agent.id,
+              branch: isEphemeralAgent
+                ? "ephemeral"
+                : (input.branch ?? `thread:${mem.thread.id}`),
+              userId: input.userId,
+              // Used by share_with_user to scope artifacts under
+              // model-outputs/<threadId>/. Cannot be derived from the
+              // sandbox row since one ephemeral sandbox serves many threads.
+              threadId: mem.thread.id,
+            }
           : null;
 
         const builtInTools = isCliAgent
@@ -429,12 +548,13 @@ async function streamCoreInner(
                 provider,
                 organization,
                 models: input.models,
-                userId: input.userId,
                 toolApprovalLevel: input.toolApprovalLevel,
                 isPlanMode: modeConfig.isPlanMode,
                 toolOutputMap,
+                pendingImages,
                 passthroughClient,
-                activeVm,
+                vmContext,
+                taskId: mem.thread.id,
               },
               ctx,
             );
@@ -463,14 +583,29 @@ async function streamCoreInner(
           }
         }
 
+        // Build connection title map once — used by catalog, list_connection_tools, and enable_tools.
+        const connectionTitleMap = isCliAgent
+          ? new Map<string, string>()
+          : passthroughClient.getConnectionTitleMap();
+
+        // Declared before tools so enable_tools can close over it.
+        // Populated after buildToolCatalog runs below (before streamText starts).
+        const connectionToolsMap = new Map<string, string[]>();
+
         const tools = isCliAgent
           ? {}
           : {
               ...passthroughTools,
               ...builtInTools,
+              list_connection_tools: createListConnectionToolsTool(
+                passthroughClient,
+                passthroughNameMap,
+                connectionTitleMap,
+              ),
               enable_tools: createEnableToolsTool(
                 enabledTools,
                 passthroughToolNames,
+                connectionToolsMap,
                 {
                   isPlanMode: modeConfig.isPlanMode,
                   toolAnnotations,
@@ -481,11 +616,22 @@ async function streamCoreInner(
         // Build composable system prompt array
         const basePrompt = buildBasePlatformPrompt();
 
-        const [toolCatalog, promptCatalog] = await Promise.all([
-          buildToolCatalog(passthroughClient, enabledTools, passthroughNameMap),
+        const [catalogResult, promptCatalog] = await Promise.all([
+          buildToolCatalog(
+            passthroughClient,
+            enabledTools,
+            passthroughNameMap,
+            connectionTitleMap,
+          ),
           buildPromptCatalog(passthroughClient),
         ]);
 
+        // Populate connectionToolsMap in-place so enable_tools closure sees it
+        for (const [k, v] of catalogResult.connectionToolsMap.entries()) {
+          connectionToolsMap.set(k, v);
+        }
+        const toolCatalog = catalogResult.catalog;
+
         // Agent prompt: decopilot-specific or custom agent instructions
         const serverInstructions = passthroughClient.getInstructions();
         const agentPrompt = isDecopilot(input.agent.id)
@@ -499,10 +645,28 @@ async function streamCoreInner(
             ? modeConfig.webSearchInstructionPrompt
             : null;
 
+        const repoEnvironmentPrompt = vmMetadata?.githubRepo
+          ? buildRepoEnvironmentPrompt(vmMetadata.githubRepo)
+          : null;
+
+        // Step-0 system prompt: includes the tool catalog for initial discovery.
+        // The catalog is built once before streamText runs — it's already stale by step 1
+        // (doesn't reflect tools the model enables mid-turn), so subsequent steps use
+        // systemPromptsBase which omits it to keep context lean.
+        const systemPromptsBase = [
+          basePrompt,
+          planModePrompt,
+          webSearchPrompt,
+          repoEnvironmentPrompt,
+          promptCatalog,
+          agentPrompt,
+        ].filter((s): s is string => Boolean(s?.trim()));
+
         const systemPrompts = [
           basePrompt,
           planModePrompt,
           webSearchPrompt,
+          repoEnvironmentPrompt,
           toolCatalog,
           promptCatalog,
           agentPrompt,
@@ -580,6 +744,12 @@ async function streamCoreInner(
         let lastProviderMetadata: Record<string, unknown> | undefined;
         let codingAgentSessionId: string | undefined;
         let codingAgentProvider: string | undefined;
+        let stepAccumulatedUsage = {
+          inputTokens: 0,
+          outputTokens: 0,
+          totalTokens: 0,
+        };
+        let stepAccumulatedCost = 0;
         llmCallStartTime = Date.now();
 
         // Build language model based on provider type
@@ -600,6 +770,31 @@ async function streamCoreInner(
           });
 
           const mcpUrl = `${getInternalUrl()}/mcp/virtual-mcp/${input.agent.id}`;
+
+          let claudeCodeCwd: string | undefined;
+          if (vmContext && vmMetadata.githubRepo) {
+            const runner = await getSharedRunner(ctx);
+            if (runner.kind === "host") {
+              const { computeHandle, composeSandboxRef } = await import(
+                "@decocms/sandbox/runner"
+              );
+              const projectRef = composeSandboxRef({
+                orgId: organization.id,
+                virtualMcpId: vmContext.virtualMcpId,
+                branch: vmContext.branch,
+              });
+              const handle = computeHandle(
+                { userId: vmContext.userId, projectRef },
+                vmContext.branch,
+              );
+              const hostRunner = runner as unknown as {
+                localWorkdir(h: string): Promise<string | null>;
+              };
+              claudeCodeCwd =
+                (await hostRunner.localWorkdir(handle)) ?? undefined;
+            }
+          }
+
           languageModel = createClaudeCodeModel(
             resolveClaudeCodeModelId(input.models.thinking.id),
             {
@@ -616,6 +811,7 @@ async function streamCoreInner(
               toolApprovalLevel: input.toolApprovalLevel,
               isPlanMode: modeConfig.isPlanMode,
               resume: resumeSessionId,
+              cwd: claudeCodeCwd,
             },
           );
         } else if (isCodex) {
@@ -693,12 +889,62 @@ async function streamCoreInner(
                         : null;
                     let stepIndex = 0;
 
-                    return () => {
+                    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                    return (stepArgs: any) => {
+                      const stepMessages = stepArgs.messages;
                       const isFirstStep = stepIndex === 0;
                       stepIndex++;
 
+                      // Inject pending screenshot images as a user message.
+                      // Images in tool result messages aren't supported by all
+                      // providers (e.g. OpenRouter), so we append them as user
+                      // content which is universally supported.
+                      // biome-ignore lint: complex AI SDK generic types
+                      let injectedMessages: any;
+                      if (pendingImages.length > 0) {
+                        const imageParts = pendingImages.splice(
+                          0,
+                          pendingImages.length,
+                        );
+                        const content: unknown[] = [];
+                        for (const img of imageParts) {
+                          content.push({
+                            type: "text",
+                            text:
+                              img.label ??
+                              (img.pageUrl
+                                ? `[Screenshot of ${img.pageUrl}]`
+                                : "[Image]"),
+                          });
+                          if (img.url.startsWith("data:")) {
+                            // data URI → send as inline image
+                            const match = img.url.match(
+                              /^data:([^;]+);base64,(.+)$/s,
+                            );
+                            if (match) {
+                              content.push({
+                                type: "image",
+                                image: match[2],
+                                mimeType: match[1],
+                              });
+                            }
+                          } else {
+                            // Presigned URL → send as image URL
+                            content.push({
+                              type: "image",
+                              image: new URL(img.url),
+                            });
+                          }
+                        }
+                        injectedMessages = [
+                          ...stepMessages,
+                          { role: "user", content },
+                        ];
+                      }
+
                       let activeToolNames = [
                         ...builtInToolNames,
+                        "list_connection_tools",
                         "enable_tools",
                         ...enabledTools,
                       ];
@@ -710,7 +956,8 @@ async function streamCoreInner(
                           // Built-in tools and enable_tools are always allowed
                           if (
                             builtInToolNames.includes(name) ||
-                            name === "enable_tools"
+                            name === "enable_tools" ||
+                            name === "list_connection_tools"
                           ) {
                             return true;
                           }
@@ -727,12 +974,27 @@ async function streamCoreInner(
 
                       return {
                         activeTools: activeToolNames as (keyof typeof tools)[],
+                        ...(injectedMessages && {
+                          messages: injectedMessages,
+                        }),
                         ...(forcedToolName && {
                           toolChoice: {
                             type: "tool" as const,
                             toolName: forcedToolName as never,
                           },
                         }),
+                        // From step 1 onwards, drop the tool catalog from the system
+                        // prompt. The catalog is already in the model's context from
+                        // step 0, and is stale (built before this turn started).
+                        ...(!isFirstStep && {
+                          system: [
+                            ...systemPromptsBase.map((content) => ({
+                              role: "system" as const,
+                              content,
+                            })),
+                            ...processedSystemMessages,
+                          ],
+                        }),
                       };
                     };
                   })(),
@@ -760,7 +1022,7 @@ async function streamCoreInner(
               llmSpan.setStatus({ code: SpanStatusCode.OK });
               llmSpan.end();
 
-              if (registrySignal.aborted) return;
+              // Always record usage even on abort — tokens were already consumed.
               const durationMs = Date.now() - (llmCallStartTime ?? Date.now());
               llmCallLogged = true;
               recordLlmCallMetrics({
@@ -772,6 +1034,14 @@ async function streamCoreInner(
                 inputTokens: totalUsage.inputTokens,
                 outputTokens: totalUsage.outputTokens,
               });
+              aggregatedUsage = {
+                inputTokens:
+                  aggregatedUsage.inputTokens + (totalUsage.inputTokens ?? 0),
+                outputTokens:
+                  aggregatedUsage.outputTokens + (totalUsage.outputTokens ?? 0),
+                totalTokens:
+                  aggregatedUsage.totalTokens + (totalUsage.totalTokens ?? 0),
+              };
               monitorLlmCall({
                 ctx,
                 organizationId: input.organizationId,
@@ -800,10 +1070,14 @@ async function streamCoreInner(
                 requestId: ctx.metadata.requestId,
                 userAgent: ctx.metadata.userAgent ?? null,
               });
+
+              if (registrySignal.aborted) return;
             },
             onError: async (error) => {
               const err =
-                error instanceof Error ? error : new Error(String(error));
+                error instanceof Error
+                  ? error
+                  : new Error(stringifyError(error));
               llmSpan.setStatus({
                 code: SpanStatusCode.ERROR,
                 message: err.message,
@@ -839,7 +1113,9 @@ async function streamCoreInner(
                   durationMs,
                   isError: true,
                   errorMessage:
-                    error instanceof Error ? error.message : String(error),
+                    error instanceof Error
+                      ? error.message
+                      : stringifyError(error),
                   userId: input.userId,
                   requestId: ctx.metadata.requestId,
                   userAgent: ctx.metadata.userAgent ?? null,
@@ -847,11 +1123,81 @@ async function streamCoreInner(
               }
               throw error;
             },
+            onAbort: async ({ steps }) => {
+              if (!steps.length || llmCallLogged) return;
+              llmCallLogged = true;
+              const durationMs = Date.now() - (llmCallStartTime ?? Date.now());
+              const abortTotalUsage = steps.reduce(
+                (acc, s) => ({
+                  inputTokens: acc.inputTokens + (s.usage.inputTokens ?? 0),
+                  outputTokens: acc.outputTokens + (s.usage.outputTokens ?? 0),
+                  totalTokens: acc.totalTokens + (s.usage.totalTokens ?? 0),
+                }),
+                { inputTokens: 0, outputTokens: 0, totalTokens: 0 },
+              );
+              const lastStepUsage = steps[steps.length - 1]!.usage;
+              recordLlmCallMetrics({
+                ctx,
+                organizationId: input.organizationId,
+                modelId: input.models.thinking.id,
+                durationMs,
+                isError: false,
+                inputTokens: abortTotalUsage.inputTokens,
+                outputTokens: abortTotalUsage.outputTokens,
+              });
+              monitorLlmCall({
+                ctx,
+                organizationId: input.organizationId,
+                agentId: input.agent.id,
+                modelId: input.models.thinking.id,
+                modelTitle:
+                  input.models.thinking.title ?? input.models.thinking.id,
+                credentialId: input.models.credentialId,
+                taskId: mem.thread.id,
+                durationMs,
+                isError: false,
+                finishReason: "abort",
+                usage: {
+                  inputTokens: lastStepUsage.inputTokens ?? 0,
+                  outputTokens: lastStepUsage.outputTokens ?? 0,
+                  totalTokens: lastStepUsage.totalTokens ?? 0,
+                },
+                totalUsage: abortTotalUsage,
+                request: undefined,
+                response: undefined,
+                userId: input.userId,
+                requestId: ctx.metadata.requestId,
+                userAgent: ctx.metadata.userAgent ?? null,
+              });
+
+              // Re-push accumulated usage to the client. On abort the SDK
+              // resets message.metadata to its pre-stream state, so we
+              // explicitly write it here before the stream closes.
+              if (abortTotalUsage.totalTokens > 0) {
+                writer.write({
+                  type: "message-metadata",
+                  messageMetadata: {
+                    usage: {
+                      inputTokens: abortTotalUsage.inputTokens,
+                      outputTokens: abortTotalUsage.outputTokens,
+                      totalTokens: abortTotalUsage.totalTokens,
+                      ...(stepAccumulatedCost > 0 && {
+                        providerMetadata: {
+                          openrouter: {
+                            usage: { cost: stepAccumulatedCost },
+                          },
+                        },
+                      }),
+                    },
+                  },
+                });
+              }
+            },
           });
         } catch (err) {
           llmSpan.setStatus({
             code: SpanStatusCode.ERROR,
-            message: err instanceof Error ? err.message : String(err),
+            message: err instanceof Error ? err.message : stringifyError(err),
           });
           if (err instanceof Error) llmSpan.recordException(err);
           llmSpan.end();
@@ -878,6 +1224,14 @@ async function streamCoreInner(
                   },
                 },
                 created_at: new Date(),
+                _request: {
+                  systemSections: systemPrompts.map((p) => ({
+                    chars: p.length,
+                    preview: p.slice(0, 80).replace(/\s+/g, " "),
+                  })),
+                  tools: Object.keys(tools).length,
+                  activeTools: builtInToolNames.length + 1 + enabledTools.size,
+                },
                 thread_id: mem.thread.id,
               };
             }
@@ -909,7 +1263,39 @@ async function streamCoreInner(
                 ).threadId;
                 codingAgentProvider = "codex";
               }
-              return;
+              stepAccumulatedUsage = {
+                inputTokens:
+                  stepAccumulatedUsage.inputTokens +
+                  (part.usage?.inputTokens ?? 0),
+                outputTokens:
+                  stepAccumulatedUsage.outputTokens +
+                  (part.usage?.outputTokens ?? 0),
+                totalTokens:
+                  stepAccumulatedUsage.totalTokens +
+                  (part.usage?.totalTokens ?? 0),
+              };
+              const stepCost = (
+                part.providerMetadata?.openrouter as
+                  | { usage?: { cost?: number } }
+                  | undefined
+              )?.usage?.cost;
+              if (stepCost != null) {
+                stepAccumulatedCost += stepCost;
+              }
+              return {
+                usage: {
+                  inputTokens: stepAccumulatedUsage.inputTokens,
+                  outputTokens: stepAccumulatedUsage.outputTokens,
+                  totalTokens: stepAccumulatedUsage.totalTokens,
+                  ...(stepAccumulatedCost > 0 && {
+                    providerMetadata: {
+                      openrouter: {
+                        usage: { cost: stepAccumulatedCost },
+                      },
+                    },
+                  }),
+                },
+              };
             }
 
             if (part.type === "finish") {
@@ -919,22 +1305,56 @@ async function streamCoreInner(
                 lastProviderMetadata ??
                 (part as { providerMetadata?: Record<string, unknown> })
                   .providerMetadata;
-              const usage = totalUsage
+              // Merge accumulated per-step cost into the final provider metadata.
+              // Per-step cost is tracked in stepAccumulatedCost from finish-step events.
+              const finalProviderMeta =
+                stepAccumulatedCost > 0 && providerMeta
+                  ? {
+                      ...providerMeta,
+                      openrouter: {
+                        ...((providerMeta.openrouter as Record<
+                          string,
+                          unknown
+                        >) ?? {}),
+                        usage: {
+                          ...(((
+                            providerMeta.openrouter as Record<string, unknown>
+                          )?.usage as Record<string, unknown>) ?? {}),
+                          cost: stepAccumulatedCost,
+                        },
+                      },
+                    }
+                  : providerMeta;
+              // On abort the SDK emits finish with totalUsage = 0.
+              // Fall back to stepAccumulatedUsage so we don't overwrite the
+              // per-step metadata that was already sent to the client.
+              const effectiveUsage =
+                totalUsage &&
+                ((totalUsage.inputTokens ?? 0) > 0 ||
+                  (totalUsage.outputTokens ?? 0) > 0)
+                  ? totalUsage
+                  : stepAccumulatedUsage.totalTokens > 0
+                    ? stepAccumulatedUsage
+                    : totalUsage;
+              const usage = effectiveUsage
                 ? {
-                    inputTokens: totalUsage.inputTokens ?? 0,
-                    outputTokens: totalUsage.outputTokens ?? 0,
-                    reasoningTokens: totalUsage.reasoningTokens ?? undefined,
-                    totalTokens: totalUsage.totalTokens ?? 0,
+                    inputTokens: effectiveUsage.inputTokens ?? 0,
+                    outputTokens: effectiveUsage.outputTokens ?? 0,
+                    reasoningTokens:
+                      (totalUsage as { reasoningTokens?: number } | null)
+                        ?.reasoningTokens ?? undefined,
+                    totalTokens: effectiveUsage.totalTokens ?? 0,
                     providerMetadata: sanitizeProviderMetadata(
-                      provider && providerMeta
+                      provider && finalProviderMeta
                         ? {
-                            ...providerMeta,
+                            ...finalProviderMeta,
                             [provider]: {
-                              ...((providerMeta[provider] as object) ?? {}),
+                              ...((finalProviderMeta[provider] as object) ??
+                                {}),
                               reasoning_details: undefined,
                             },
                           }
-                        : providerMeta,
+                        : finalProviderMeta,
                     ),
                   }
                 : undefined;
@@ -989,6 +1409,27 @@ async function streamCoreInner(
           taskId: mem.thread.id,
           threadStatus,
         });
+
+        posthog.capture({
+          distinctId: input.userId,
+          event: "chat_message_completed",
+          groups: { organization: input.organizationId },
+          properties: {
+            organization_id: input.organizationId,
+            thread_id: mem.thread.id,
+            agent_id: input.agent.id,
+            model_id: input.models.thinking.id,
+            model_title: input.models.thinking.title,
+            mode: input.mode,
+            duration_ms: Date.now() - streamStartAt,
+            finish_reason: finishReason,
+            thread_status: threadStatus,
+            input_tokens: aggregatedUsage.inputTokens,
+            output_tokens: aggregatedUsage.outputTokens,
+            total_tokens: aggregatedUsage.totalTokens,
+            is_resume: input.isResume ?? false,
+          },
+        });
       },
       onStepFinish: ({ responseMessage }) => {
         const transitions = runRegistry.dispatch({
@@ -1018,10 +1459,45 @@ async function streamCoreInner(
         closeClients?.();
         titleHandle?.finish();
         if (registrySignal.aborted) {
+          // User cancelled (frontend stop button), tab closed mid-stream, or
+          // run was force-failed. Frontend chat_message_stopped covers the
+          // first case; this server event also covers the other two.
+          posthog.capture({
+            distinctId: input.userId,
+            event: "chat_message_aborted",
+            groups: { organization: input.organizationId },
+            properties: {
+              organization_id: input.organizationId,
+              thread_id: mem.thread.id,
+              agent_id: input.agent.id,
+              model_id: input.models.thinking.id,
+              mode: input.mode,
+              duration_ms: Date.now() - streamStartAt,
+              is_resume: input.isResume ?? false,
+            },
+          });
           return sanitizeStreamError(error);
         }
         console.error("[decopilot] stream error:", error);
 
+        posthog.capture({
+          distinctId: input.userId,
+          event: "chat_message_failed",
+          groups: { organization: input.organizationId },
+          properties: {
+            organization_id: input.organizationId,
+            thread_id: mem.thread.id,
+            agent_id: input.agent.id,
+            model_id: input.models.thinking.id,
+            mode: input.mode,
+            duration_ms: Date.now() - streamStartAt,
+            error_category: classifyStreamError(error),
+            error_message:
+              error instanceof Error ? error.message : stringifyError(error),
+            is_resume: input.isResume ?? false,
+          },
+        });
+
         runRegistry
           .execute({
             type: "FINISH",
@@ -1098,7 +1574,7 @@ function sanitizeStreamError(error: unknown): string {
     }
     return error.message;
   }
-  return String(error);
+  return stringifyError(error);
 }
 
 /**
@@ -1122,7 +1598,12 @@ function reconstructEnabledTools(
         const result = part.result as { enabled?: string[] };
         if (Array.isArray(result.enabled)) {
           for (const name of result.enabled) {
-            if (availableToolNames.has(name)) {
+            // Normalize stored names: old threads may have hyphenated names
+            // (e.g. conn-togsm0..._tool) while current safe names use underscores.
+            const normalized = name.replace(/[^a-zA-Z0-9_]/g, "_");
+            if (availableToolNames.has(normalized)) {
+              enabled.add(normalized);
+            } else if (availableToolNames.has(name)) {
               enabled.add(name);
             }
           }
@@ -1133,23 +1614,14 @@ function reconstructEnabledTools(
   return enabled;
 }
 
-const REDUNDANT_PREFIXES =
-  /^(this tool |use this to |allows you to |a tool that |a tool to |tool to |tool that )/i;
-
-function trimToolDescription(desc: string, maxLen = 80): string {
-  let trimmed = desc.replace(REDUNDANT_PREFIXES, "").trim();
-  if (trimmed.length > 0) {
-    trimmed = trimmed[0]!.toUpperCase() + trimmed.slice(1);
-  }
-  if (trimmed.length > maxLen) {
-    return trimmed.slice(0, maxLen - 1) + "…";
-  }
-  return trimmed;
-}
+const CATALOG_PREVIEW_COUNT = 5;
 
 /**
- * Build a compact tool catalog for the system prompt, grouped by connection.
- * Format: <available-connections><connection name="..." id="...">TOOL|desc</connection></available-connections>
+ * Build a compact connection-level catalog for the system prompt.
+ * Shows each connection's name, id, tool count, and up to 5 representative
+ * tool names so the model can route to the right connection without needing
+ * a list_connection_tools round trip.
+ * Also returns connectionToolsMap for enable_tools({ connections }) expansion.
  */
 async function buildToolCatalog(
   client: {
@@ -1163,41 +1635,147 @@ async function buildToolCatalog(
   },
   enabledTools: Set<string>,
   nameMap: Map<string, string>,
-): Promise<string | null> {
+  connectionTitleMap: Map<string, string>,
+): Promise<{
+  catalog: string | null;
+  connectionToolsMap: Map<string, string[]>;
+}> {
   const { tools } = await client.listTools();
 
   const connections = new Map<
     string,
-    { name: string; id: string; lines: string[] }
+    { name: string; totalCount: number; preview: string[] }
   >();
+  const connectionToolsMap = new Map<string, string[]>();
 
   for (const t of tools) {
     const safeName = nameMap.get(t.name);
-    if (!safeName || enabledTools.has(safeName)) continue;
+    if (!safeName) continue;
     if (!isToolVisibleToModel(t)) continue;
 
-    const connId = (t._meta?.connectionId as string) ?? "unknown";
-    const connName = connId;
-    const desc = trimToolDescription(t.description ?? "");
+    const connId = (t._meta?.gatewayClientId as string) ?? "unknown";
+    const prefix = `${connId}_`;
+    const shortName = safeName.startsWith(prefix)
+      ? safeName.slice(prefix.length)
+      : safeName;
+
+    // Track all tools per connection for enable_tools expansion
+    let toolList = connectionToolsMap.get(connId);
+    if (!toolList) {
+      toolList = [];
+      connectionToolsMap.set(connId, toolList);
+    }
+    toolList.push(safeName);
+
+    // Only include in catalog if not already enabled
+    if (enabledTools.has(safeName)) continue;
 
     let group = connections.get(connId);
     if (!group) {
-      group = { name: connName, id: connId, lines: [] };
+      group = {
+        name: connectionTitleMap.get(connId) ?? connId,
+        totalCount: 0,
+        preview: [],
+      };
       connections.set(connId, group);
     }
-    group.lines.push(`${safeName}|${desc}`);
+    group.totalCount++;
+    if (group.preview.length < CATALOG_PREVIEW_COUNT) {
+      group.preview.push(shortName);
+    }
   }
 
-  if (connections.size === 0) return null;
+  const pending = [...connections.entries()].filter(
+    ([, g]) => g.totalCount > 0,
+  );
+  if (pending.length === 0) return { catalog: null, connectionToolsMap };
 
-  const sections: string[] = [];
-  for (const { name, id, lines } of connections.values()) {
-    sections.push(
-      `<connection name="${escapeXmlAttr(name)}" id="${escapeXmlAttr(id)}">\n${lines.join("\n")}\n</connection>`,
-    );
-  }
+  const lines = pending.map(([id, { name, totalCount, preview }]) => {
+    const more = totalCount - preview.length;
+    const hint = preview.join(", ") + (more > 0 ? `, +${more} more` : "");
+    return `<connection name="${escapeXmlAttr(name)}" id="${escapeXmlAttr(id)}" tools="${totalCount}">${escapeXmlAttr(hint)}</connection>`;
+  });
+
+  return {
+    catalog: `\n\n<available-connections>\n${lines.join("\n")}\n</available-connections>`,
+    connectionToolsMap,
+  };
+}
 
-  return `\n\n<available-connections>\n${sections.join("\n")}\n</available-connections>`;
+/**
+ * Creates the list_connection_tools built-in tool.
+ * Returns tool names and descriptions for a given connection ID so the model
+ * can discover what's available before deciding what to enable.
+ */
+function createListConnectionToolsTool(
+  client: {
+    listTools(): Promise<{
+      tools: Array<{
+        name: string;
+        description?: string;
+        _meta?: Record<string, unknown>;
+      }>;
+    }>;
+  },
+  nameMap: Map<string, string>,
+  connectionTitleMap: Map<string, string>,
+) {
+  return tool({
+    description:
+      "List the tools available in a specific connection, including their names and descriptions. " +
+      "Call this to discover what a connection can do before enabling tools with enable_tools.",
+    inputSchema: z.object({
+      connection_id: z
+        .string()
+        .describe("The connection id from <available-connections>"),
+    }),
+    execute: async ({ connection_id }) => {
+      const { tools } = await client.listTools();
+      const result: { name: string; safe_name: string; description: string }[] =
+        [];
+      // The model may pass a normalized (underscore) version of the connection
+      // id, but _meta.gatewayClientId still has the original (hyphenated) form.
+      // Build a lookup that matches either form.
+      const normalizedInput = connection_id
+        .replace(/[^a-zA-Z0-9_]/g, "_")
+        .toLowerCase();
+      for (const t of tools) {
+        const safeName = nameMap.get(t.name);
+        if (!safeName) continue;
+        if (!isToolVisibleToModel(t)) continue;
+        const connId = (t._meta?.gatewayClientId as string) ?? "unknown";
+        const normalizedConnId = connId
+          .replace(/[^a-zA-Z0-9_]/g, "_")
+          .toLowerCase();
+        if (normalizedConnId !== normalizedInput && connId !== connection_id) {
+          continue;
+        }
+        // Use the safe name's prefix to derive the short name
+        const safePrefix = `${normalizedConnId}_`;
+        const shortName = safeName.toLowerCase().startsWith(safePrefix)
+          ? safeName.slice(safePrefix.length)
+          : safeName;
+        result.push({
+          name: shortName,
+          safe_name: safeName,
+          description: t.description ?? "",
+        });
+      }
+      // Resolve connection name: try original id first, then normalized lookup
+      const connName =
+        connectionTitleMap.get(connection_id) ??
+        [...connectionTitleMap.entries()].find(
+          ([id]) =>
+            id.replace(/[^a-zA-Z0-9_]/g, "_").toLowerCase() === normalizedInput,
+        )?.[1] ??
+        connection_id;
+      return {
+        connection: connName,
+        connection_id,
+        tools: result,
+      };
+    },
+  });
 }
 
 function escapeXmlAttr(s: string): string {
diff --git a/apps/mesh/src/api/routes/decopilot/types.ts b/apps/mesh/src/api/routes/decopilot/types.ts
index bc18b22d18..edcad011bb 100644
--- a/apps/mesh/src/api/routes/decopilot/types.ts
+++ b/apps/mesh/src/api/routes/decopilot/types.ts
@@ -64,6 +64,7 @@ export interface ModelInfo {
     text?: boolean;
     tools?: boolean;
     reasoning?: boolean;
+    file?: boolean;
   };
   provider?: string | null;
   limits?: { contextWindow?: number; maxOutputTokens?: number };
diff --git a/apps/mesh/src/api/routes/dev-assets-mcp.ts b/apps/mesh/src/api/routes/dev-assets-mcp.ts
index 7fed681425..cd5f8bc2a9 100644
--- a/apps/mesh/src/api/routes/dev-assets-mcp.ts
+++ b/apps/mesh/src/api/routes/dev-assets-mcp.ts
@@ -7,7 +7,7 @@
  * This enables testing the object-storage plugin locally without needing
  * an actual S3 bucket.
  *
- * Only available when NODE_ENV !== "production"
+ * Only mounted when DevObjectStorage is the active backend (no S3 configured)
  */
 
 import { getSettings } from "../../settings";
diff --git a/apps/mesh/src/api/routes/dev-assets.ts b/apps/mesh/src/api/routes/dev-assets.ts
index 3d98d53f24..db42455bd1 100644
--- a/apps/mesh/src/api/routes/dev-assets.ts
+++ b/apps/mesh/src/api/routes/dev-assets.ts
@@ -8,20 +8,19 @@
  * - GET /api/dev-assets/:orgId/* - Download a file
  * - PUT /api/dev-assets/:orgId/* - Upload a file
  *
- * Only available when NODE_ENV !== "production"
+ * Only mounted when DevObjectStorage is the active backend (no S3 configured)
  */
 
 import { Hono } from "hono";
 import { createHmac } from "node:crypto";
 import { mkdir, writeFile } from "node:fs/promises";
 import { dirname, join } from "node:path";
+import type { MeshContext } from "../../core/mesh-context";
 import { getSettings } from "../../settings";
 
 // Base directory for dev assets (relative to cwd)
 const DEV_ASSETS_BASE_DIR = "./data/assets";
 
-const app = new Hono();
-
 // ============================================================================
 // Utility Functions
 // ============================================================================
@@ -129,137 +128,178 @@ export function getContentType(key: string): string {
 // Routes
 // ============================================================================
 
-/**
- * GET /api/dev-assets/:orgId/* - Download a file
- *
- * Query params:
- * - expires: Unix timestamp when URL expires
- * - signature: HMAC signature
- * - method: Must be "GET"
- */
-app.get("/:orgId/*", async (c) => {
-  const orgId = c.req.param("orgId");
-  // Get the path after /:orgId/
-  const key = c.req.path.replace(`/api/dev-assets/${orgId}/`, "");
-
-  if (!orgId || !key) {
-    return c.json({ error: "Missing orgId or key" }, 400);
-  }
-
-  // Validate query params
-  const expiresStr = c.req.query("expires");
-  const signature = c.req.query("signature");
-  const method = c.req.query("method");
-
-  if (!expiresStr || !signature || method !== "GET") {
-    return c.json({ error: "Invalid or missing signature parameters" }, 400);
-  }
-
-  const expires = parseInt(expiresStr, 10);
-  if (!Number.isFinite(expires)) {
-    return c.json({ error: "Invalid expires parameter" }, 400);
-  }
-
-  const now = Math.floor(Date.now() / 1000);
-
-  // Check expiration
-  if (expires < now) {
-    return c.json({ error: "URL has expired" }, 403);
-  }
-
-  // Verify signature
-  if (!verifySignature(orgId, key, expires, "GET", signature)) {
-    return c.json({ error: "Invalid signature" }, 403);
-  }
-
-  // Get the file
-  const filePath = getFilePath(orgId, key);
-
-  try {
-    const file = Bun.file(filePath);
-    const exists = await file.exists();
-
-    if (!exists) {
-      return c.json({ error: "File not found" }, 404);
+type DevAssetsVariables = { meshContext: MeshContext };
+
+interface CreateDevAssetsRoutesOptions {
+  /**
+   * When `true`, the routes are mounted at `/*` and the org id is read from
+   * `meshContext.organization.id` (set by the `resolveOrgFromPath` middleware).
+   * When `false`, the routes are mounted at `/:orgId/*` and the org id is read
+   * from the path param — preserves the legacy `/api/dev-assets/:orgId/*`
+   * behaviour.
+   */
+  orgFromPath: boolean;
+}
+
+export const createDevAssetsRoutes = (opts: CreateDevAssetsRoutesOptions) => {
+  const app = new Hono<{ Variables: DevAssetsVariables }>();
+
+  const path = opts.orgFromPath ? "/*" : "/:orgId/*";
+
+  /**
+   * GET /api/dev-assets/:orgId/* (or /api/:org/dev-assets/* in org-scoped mode)
+   * Download a file.
+   *
+   * Query params:
+   * - expires: Unix timestamp when URL expires
+   * - signature: HMAC signature
+   * - method: Must be "GET"
+   */
+  app.get(path, async (c) => {
+    const orgId = opts.orgFromPath
+      ? c.get("meshContext")?.organization?.id
+      : c.req.param("orgId");
+
+    if (!orgId) {
+      return c.json({ error: "Missing organization context" }, 500);
     }
 
-    const contentType = getContentType(key);
-
-    return new Response(file.stream(), {
-      headers: {
-        "Content-Type": contentType,
-        "Content-Length": file.size.toString(),
-        "Cache-Control": "private, max-age=3600",
-      },
-    });
-  } catch (err) {
-    console.error("Error serving file:", err);
-    return c.json({ error: "Failed to read file" }, 500);
-  }
-});
+    // Get the path after the org segment.
+    const prefix = opts.orgFromPath
+      ? `/api/${c.req.param("org") ?? ""}/dev-assets/`
+      : `/api/dev-assets/${orgId}/`;
+    const key = c.req.path.replace(prefix, "");
 
-/**
- * PUT /api/dev-assets/:orgId/* - Upload a file
- *
- * Query params:
- * - expires: Unix timestamp when URL expires
- * - signature: HMAC signature
- * - method: Must be "PUT"
- */
-app.put("/:orgId/*", async (c) => {
-  const orgId = c.req.param("orgId");
-  // Get the path after /:orgId/
-  const key = c.req.path.replace(`/api/dev-assets/${orgId}/`, "");
-
-  if (!orgId || !key) {
-    return c.json({ error: "Missing orgId or key" }, 400);
-  }
-
-  // Validate query params
-  const expiresStr = c.req.query("expires");
-  const signature = c.req.query("signature");
-  const method = c.req.query("method");
-
-  if (!expiresStr || !signature || method !== "PUT") {
-    return c.json({ error: "Invalid or missing signature parameters" }, 400);
-  }
-
-  const expires = parseInt(expiresStr, 10);
-  if (!Number.isFinite(expires)) {
-    return c.json({ error: "Invalid expires parameter" }, 400);
-  }
-
-  const now = Math.floor(Date.now() / 1000);
-
-  // Check expiration
-  if (expires < now) {
-    return c.json({ error: "URL has expired" }, 403);
-  }
-
-  // Verify signature
-  if (!verifySignature(orgId, key, expires, "PUT", signature)) {
-    return c.json({ error: "Invalid signature" }, 403);
-  }
-
-  // Get the file path and ensure directory exists
-  const filePath = getFilePath(orgId, key);
-  const dir = dirname(filePath);
-
-  try {
-    // Create directory if it doesn't exist
-    await mkdir(dir, { recursive: true });
-
-    // Read the request body
-    const body = await c.req.arrayBuffer();
-
-    // Write the file
-    await writeFile(filePath, Buffer.from(body));
-
-    return c.json({ success: true, key });
-  } catch (err) {
-    console.error("Error saving file:", err);
-    return c.json({ error: "Failed to save file" }, 500);
-  }
-});
-
-export default app;
+    if (!key) {
+      return c.json({ error: "Missing key" }, 400);
+    }
+
+    // Validate query params
+    const expiresStr = c.req.query("expires");
+    const signature = c.req.query("signature");
+    const method = c.req.query("method");
+
+    if (!expiresStr || !signature || method !== "GET") {
+      return c.json({ error: "Invalid or missing signature parameters" }, 400);
+    }
+
+    const expires = parseInt(expiresStr, 10);
+    if (!Number.isFinite(expires)) {
+      return c.json({ error: "Invalid expires parameter" }, 400);
+    }
+
+    const now = Math.floor(Date.now() / 1000);
+
+    // Check expiration
+    if (expires < now) {
+      return c.json({ error: "URL has expired" }, 403);
+    }
+
+    // Verify signature
+    if (!verifySignature(orgId, key, expires, "GET", signature)) {
+      return c.json({ error: "Invalid signature" }, 403);
+    }
+
+    // Get the file
+    const filePath = getFilePath(orgId, key);
+
+    try {
+      const file = Bun.file(filePath);
+      const exists = await file.exists();
+
+      if (!exists) {
+        return c.json({ error: "File not found" }, 404);
+      }
+
+      const contentType = getContentType(key);
+
+      return new Response(file.stream(), {
+        headers: {
+          "Content-Type": contentType,
+          "Content-Length": file.size.toString(),
+          "Cache-Control": "private, max-age=3600",
+        },
+      });
+    } catch (err) {
+      console.error("Error serving file:", err);
+      return c.json({ error: "Failed to read file" }, 500);
+    }
+  });
+
+  /**
+   * PUT /api/dev-assets/:orgId/* (or /api/:org/dev-assets/* in org-scoped mode)
+   * Upload a file.
+   *
+   * Query params:
+   * - expires: Unix timestamp when URL expires
+   * - signature: HMAC signature
+   * - method: Must be "PUT"
+   */
+  app.put(path, async (c) => {
+    const orgId = opts.orgFromPath
+      ? c.get("meshContext")?.organization?.id
+      : c.req.param("orgId");
+
+    if (!orgId) {
+      return c.json({ error: "Missing organization context" }, 500);
+    }
+
+    // Get the path after the org segment.
+    const prefix = opts.orgFromPath
+      ? `/api/${c.req.param("org") ?? ""}/dev-assets/`
+      : `/api/dev-assets/${orgId}/`;
+    const key = c.req.path.replace(prefix, "");
+
+    if (!key) {
+      return c.json({ error: "Missing key" }, 400);
+    }
+
+    // Validate query params
+    const expiresStr = c.req.query("expires");
+    const signature = c.req.query("signature");
+    const method = c.req.query("method");
+
+    if (!expiresStr || !signature || method !== "PUT") {
+      return c.json({ error: "Invalid or missing signature parameters" }, 400);
+    }
+
+    const expires = parseInt(expiresStr, 10);
+    if (!Number.isFinite(expires)) {
+      return c.json({ error: "Invalid expires parameter" }, 400);
+    }
+
+    const now = Math.floor(Date.now() / 1000);
+
+    // Check expiration
+    if (expires < now) {
+      return c.json({ error: "URL has expired" }, 403);
+    }
+
+    // Verify signature
+    if (!verifySignature(orgId, key, expires, "PUT", signature)) {
+      return c.json({ error: "Invalid signature" }, 403);
+    }
+
+    // Get the file path and ensure directory exists
+    const filePath = getFilePath(orgId, key);
+    const dir = dirname(filePath);
+
+    try {
+      // Create directory if it doesn't exist
+      await mkdir(dir, { recursive: true });
+
+      // Read the request body
+      const body = await c.req.arrayBuffer();
+
+      // Write the file
+      await writeFile(filePath, Buffer.from(body));
+
+      return c.json({ success: true, key });
+    } catch (err) {
+      console.error("Error saving file:", err);
+      return c.json({ error: "Failed to save file" }, 500);
+    }
+  });
+
+  return app;
+};
diff --git a/apps/mesh/src/api/routes/dev-only.ts b/apps/mesh/src/api/routes/dev-only.ts
index f4b3aa2e6a..79fb38bfeb 100644
--- a/apps/mesh/src/api/routes/dev-only.ts
+++ b/apps/mesh/src/api/routes/dev-only.ts
@@ -1,28 +1,30 @@
 /**
- * Dev-Only Routes Module
+ * Local Object Storage Routes Module
  *
- * This module contains all dev-only routes and handlers that should NEVER
- * be loaded in production. It consolidates:
+ * Mounted whenever the active object storage backend is the DevObjectStorage
+ * filesystem fallback (no S3 configured). Consolidates:
  * - Dev Assets MCP (local filesystem object storage)
  * - Dev Assets file serving (presigned URL handlers)
  * - Connection ID pattern routing for dev-assets
  *
  * USAGE (in app.ts):
  * ```
- * if (process.env.NODE_ENV !== "production") {
+ * if (usesLocalObjectStorage()) {
  *   const { mountDevRoutes } = await import("./routes/dev-only");
  *   mountDevRoutes(app, mcpAuth);
  * }
  * ```
  */
 
-import type { Context, Hono, MiddlewareHandler } from "hono";
+import { Hono } from "hono";
+import type { Context, MiddlewareHandler } from "hono";
 import type { MeshContext } from "../../core/mesh-context";
+import { logDeprecatedRoute } from "../middleware/log-deprecated-route";
+import { createDevAssetsRoutes } from "./dev-assets";
 import devAssetsMcpRoutes, {
   callDevAssetsTool,
   handleDevAssetsMcpRequest,
 } from "./dev-assets-mcp";
-import devAssetsFileRoutes from "./dev-assets";
 
 /**
  * Mount all dev-only routes on the app
@@ -79,7 +81,12 @@ export function mountDevRoutes(
   app.use("/mcp/dev-assets", mcpAuth);
   app.route("/mcp/dev-assets", devAssetsMcpRoutes);
 
-  // Dev Assets file serving routes (presigned URL handlers)
-  // These are public but use signed URLs for security
-  app.route("/api/dev-assets", devAssetsFileRoutes);
+  // Dev Assets file serving routes (presigned URL handlers).
+  // Legacy mount at /api/dev-assets/:orgId/* with deprecation log; the new
+  // /api/:org/dev-assets/* mount is wired in a later task.
+  // These are public but use signed URLs for security.
+  const legacyDevAssets = new Hono();
+  legacyDevAssets.use("*", logDeprecatedRoute);
+  legacyDevAssets.route("/", createDevAssetsRoutes({ orgFromPath: false }));
+  app.route("/api/dev-assets", legacyDevAssets);
 }
diff --git a/apps/mesh/src/api/routes/downstream-token.test.ts b/apps/mesh/src/api/routes/downstream-token.test.ts
index 14ef55de61..af09889626 100644
--- a/apps/mesh/src/api/routes/downstream-token.test.ts
+++ b/apps/mesh/src/api/routes/downstream-token.test.ts
@@ -11,7 +11,7 @@ import {
   createTestSchema,
   seedCommonTestFixtures,
 } from "../../storage/test-helpers";
-import downstreamTokenRoutes from "./downstream-token";
+import { createDownstreamTokenRoutes } from "./downstream-token";
 
 describe("Downstream Token Routes", () => {
   let database: TestDatabase;
@@ -50,7 +50,7 @@ describe("Downstream Token Routes", () => {
       c.set("meshContext", ctx);
       await next();
     });
-    app.route("/", downstreamTokenRoutes);
+    app.route("/", createDownstreamTokenRoutes());
   });
 
   afterEach(async () => {
diff --git a/apps/mesh/src/api/routes/downstream-token.ts b/apps/mesh/src/api/routes/downstream-token.ts
index b118516826..cb576f6a38 100644
--- a/apps/mesh/src/api/routes/downstream-token.ts
+++ b/apps/mesh/src/api/routes/downstream-token.ts
@@ -18,204 +18,206 @@ type Variables = {
   meshContext: MeshContext;
 };
 
-const app = new Hono<{ Variables: Variables }>();
+export const createDownstreamTokenRoutes = () => {
+  const app = new Hono<{ Variables: Variables }>();
+
+  /**
+   * POST /api/connections/:connectionId/oauth-token
+   *
+   * Save OAuth tokens after authentication.
+   * Called from frontend after OAuth flow completes.
+   */
+  app.post("/connections/:connectionId/oauth-token", async (c) => {
+    const ctx = c.get("meshContext");
+    const connectionId = c.req.param("connectionId");
+
+    // Require authentication
+    const userId = ctx.auth.user?.id ?? ctx.auth.apiKey?.userId ?? null;
+    if (!userId) {
+      return c.json({ error: "Unauthorized" }, 401);
+    }
 
-/**
- * POST /api/connections/:connectionId/oauth-token
- *
- * Save OAuth tokens after authentication.
- * Called from frontend after OAuth flow completes.
- */
-app.post("/connections/:connectionId/oauth-token", async (c) => {
-  const ctx = c.get("meshContext");
-  const connectionId = c.req.param("connectionId");
-
-  // Require authentication
-  const userId = ctx.auth.user?.id ?? ctx.auth.apiKey?.userId ?? null;
-  if (!userId) {
-    return c.json({ error: "Unauthorized" }, 401);
-  }
-
-  const organizationId = ctx.organization?.id;
-  if (!organizationId) {
-    return c.json({ error: "Organization context required" }, 403);
-  }
-
-  // Verify connection exists and user has access
-  const connection = await ctx.storage.connections.findById(
-    connectionId,
-    organizationId,
-  );
-  if (!connection) {
-    return c.json({ error: "Connection not found" }, 404);
-  }
-
-  // Parse request body
-  const body = await c.req.json<{
-    accessToken: string;
-    refreshToken?: string | null;
-    expiresIn?: number | null;
-    scope?: string | null;
-    clientId?: string | null;
-    clientSecret?: string | null;
-    tokenEndpoint?: string | null;
-  }>();
-
-  if (!body.accessToken) {
-    return c.json({ error: "accessToken is required" }, 400);
-  }
-
-  if (body.tokenEndpoint) {
-    let url: URL;
-    try {
-      url = new URL(body.tokenEndpoint);
-    } catch {
-      return c.json({ error: "tokenEndpoint must be a valid URL" }, 400);
+    const organizationId = ctx.organization?.id;
+    if (!organizationId) {
+      return c.json({ error: "Organization context required" }, 403);
+    }
+
+    // Verify connection exists and user has access
+    const connection = await ctx.storage.connections.findById(
+      connectionId,
+      organizationId,
+    );
+    if (!connection) {
+      return c.json({ error: "Connection not found" }, 404);
     }
 
-    if (url.protocol !== "http:" && url.protocol !== "https:") {
-      return c.json({ error: "tokenEndpoint must be an http(s) URL" }, 400);
+    // Parse request body
+    const body = await c.req.json<{
+      accessToken: string;
+      refreshToken?: string | null;
+      expiresIn?: number | null;
+      scope?: string | null;
+      clientId?: string | null;
+      clientSecret?: string | null;
+      tokenEndpoint?: string | null;
+    }>();
+
+    if (!body.accessToken) {
+      return c.json({ error: "accessToken is required" }, 400);
+    }
+
+    if (body.tokenEndpoint) {
+      let url: URL;
+      try {
+        url = new URL(body.tokenEndpoint);
+      } catch {
+        return c.json({ error: "tokenEndpoint must be a valid URL" }, 400);
+      }
+
+      if (url.protocol !== "http:" && url.protocol !== "https:") {
+        return c.json({ error: "tokenEndpoint must be an http(s) URL" }, 400);
+      }
     }
-  }
-
-  // Calculate expiry time
-  const expiresAt = body.expiresIn
-    ? new Date(Date.now() + body.expiresIn * 1000)
-    : null;
-
-  // If tokenEndpoint is a proxy URL (goes through /oauth-proxy/), resolve the
-  // origin's actual token endpoint so server-side refresh calls origin directly
-  // instead of making a self-referential call through the proxy.
-  let resolvedTokenEndpoint = body.tokenEndpoint ?? null;
-  if (
-    resolvedTokenEndpoint?.includes("/oauth-proxy/") &&
-    connection.connection_url
-  ) {
-    try {
-      const originEndpoint = await resolveOriginTokenEndpoint(
-        connection.connection_url,
-      );
-      if (originEndpoint) {
-        // Apply same URL/protocol validation as the user-supplied tokenEndpoint
-        try {
-          const u = new URL(originEndpoint);
-          if (u.protocol === "http:" || u.protocol === "https:") {
-            resolvedTokenEndpoint = originEndpoint;
+
+    // Calculate expiry time
+    const expiresAt = body.expiresIn
+      ? new Date(Date.now() + body.expiresIn * 1000)
+      : null;
+
+    // If tokenEndpoint is a proxy URL (goes through /oauth-proxy/), resolve the
+    // origin's actual token endpoint so server-side refresh calls origin directly
+    // instead of making a self-referential call through the proxy.
+    let resolvedTokenEndpoint = body.tokenEndpoint ?? null;
+    if (
+      resolvedTokenEndpoint?.includes("/oauth-proxy/") &&
+      connection.connection_url
+    ) {
+      try {
+        const originEndpoint = await resolveOriginTokenEndpoint(
+          connection.connection_url,
+        );
+        if (originEndpoint) {
+          // Apply same URL/protocol validation as the user-supplied tokenEndpoint
+          try {
+            const u = new URL(originEndpoint);
+            if (u.protocol === "http:" || u.protocol === "https:") {
+              resolvedTokenEndpoint = originEndpoint;
+            }
+          } catch {
+            // Invalid URL from discovery — keep proxy URL as fallback
           }
-        } catch {
-          // Invalid URL from discovery — keep proxy URL as fallback
         }
+      } catch {
+        // Keep proxy URL as fallback
       }
-    } catch {
-      // Keep proxy URL as fallback
     }
-  }
-
-  // Create storage instance
-  const tokenStorage = new DownstreamTokenStorage(ctx.db, ctx.vault);
-
-  // Save token
-  const tokenData: DownstreamTokenData = {
-    connectionId,
-    accessToken: body.accessToken,
-    refreshToken: body.refreshToken ?? null,
-    scope: body.scope ?? null,
-    expiresAt,
-    clientId: body.clientId ?? null,
-    clientSecret: body.clientSecret ?? null,
-    tokenEndpoint: resolvedTokenEndpoint,
-  };
-
-  const token = await tokenStorage.upsert(tokenData);
-
-  return c.json({
-    success: true,
-    expiresAt: token.expiresAt,
-  });
-});
 
-/**
- * DELETE /api/connections/:connectionId/oauth-token
- *
- * Delete OAuth token for a connection.
- */
-app.delete("/connections/:connectionId/oauth-token", async (c) => {
-  const ctx = c.get("meshContext");
-  const connectionId = c.req.param("connectionId");
-
-  const userId = ctx.auth.user?.id ?? ctx.auth.apiKey?.userId ?? null;
-  if (!userId) {
-    return c.json({ error: "Unauthorized" }, 401);
-  }
-
-  const organizationId = ctx.organization?.id;
-  if (!organizationId) {
-    return c.json({ error: "Organization context required" }, 403);
-  }
-
-  // Verify connection exists and belongs to the user's organization
-  const connection = await ctx.storage.connections.findById(
-    connectionId,
-    organizationId,
-  );
-  if (!connection) {
-    return c.json({ error: "Connection not found" }, 404);
-  }
-
-  const tokenStorage = new DownstreamTokenStorage(ctx.db, ctx.vault);
-  await tokenStorage.delete(connectionId);
-
-  return c.json({ success: true });
-});
+    // Create storage instance
+    const tokenStorage = new DownstreamTokenStorage(ctx.db, ctx.vault);
+
+    // Save token
+    const tokenData: DownstreamTokenData = {
+      connectionId,
+      accessToken: body.accessToken,
+      refreshToken: body.refreshToken ?? null,
+      scope: body.scope ?? null,
+      expiresAt,
+      clientId: body.clientId ?? null,
+      clientSecret: body.clientSecret ?? null,
+      tokenEndpoint: resolvedTokenEndpoint,
+    };
+
+    const token = await tokenStorage.upsert(tokenData);
 
-/**
- * GET /api/connections/:connectionId/oauth-token/status
- *
- * Check if there's a valid cached token for a connection.
- */
-app.get("/connections/:connectionId/oauth-token/status", async (c) => {
-  const ctx = c.get("meshContext");
-  const connectionId = c.req.param("connectionId");
-
-  const userId = ctx.auth.user?.id ?? ctx.auth.apiKey?.userId ?? null;
-  if (!userId) {
-    return c.json({ error: "Unauthorized" }, 401);
-  }
-
-  const organizationId = ctx.organization?.id;
-  if (!organizationId) {
-    return c.json({ error: "Organization context required" }, 403);
-  }
-
-  // Verify connection exists and belongs to the user's organization
-  const connection = await ctx.storage.connections.findById(
-    connectionId,
-    organizationId,
-  );
-  if (!connection) {
-    return c.json({ error: "Connection not found" }, 404);
-  }
-
-  const tokenStorage = new DownstreamTokenStorage(ctx.db, ctx.vault);
-  const token = await tokenStorage.get(connectionId);
-
-  if (!token) {
     return c.json({
-      hasToken: false,
-      isExpired: true,
-      canRefresh: false,
+      success: true,
+      expiresAt: token.expiresAt,
     });
-  }
+  });
 
-  const isExpired = tokenStorage.isExpired(token);
-  const canRefresh = !!token.refreshToken && !!token.tokenEndpoint;
+  /**
+   * DELETE /api/connections/:connectionId/oauth-token
+   *
+   * Delete OAuth token for a connection.
+   */
+  app.delete("/connections/:connectionId/oauth-token", async (c) => {
+    const ctx = c.get("meshContext");
+    const connectionId = c.req.param("connectionId");
+
+    const userId = ctx.auth.user?.id ?? ctx.auth.apiKey?.userId ?? null;
+    if (!userId) {
+      return c.json({ error: "Unauthorized" }, 401);
+    }
+
+    const organizationId = ctx.organization?.id;
+    if (!organizationId) {
+      return c.json({ error: "Organization context required" }, 403);
+    }
+
+    // Verify connection exists and belongs to the user's organization
+    const connection = await ctx.storage.connections.findById(
+      connectionId,
+      organizationId,
+    );
+    if (!connection) {
+      return c.json({ error: "Connection not found" }, 404);
+    }
+
+    const tokenStorage = new DownstreamTokenStorage(ctx.db, ctx.vault);
+    await tokenStorage.delete(connectionId);
 
-  return c.json({
-    hasToken: true,
-    isExpired,
-    canRefresh,
-    expiresAt: token.expiresAt,
+    return c.json({ success: true });
   });
-});
 
-export default app;
+  /**
+   * GET /api/connections/:connectionId/oauth-token/status
+   *
+   * Check if there's a valid cached token for a connection.
+   */
+  app.get("/connections/:connectionId/oauth-token/status", async (c) => {
+    const ctx = c.get("meshContext");
+    const connectionId = c.req.param("connectionId");
+
+    const userId = ctx.auth.user?.id ?? ctx.auth.apiKey?.userId ?? null;
+    if (!userId) {
+      return c.json({ error: "Unauthorized" }, 401);
+    }
+
+    const organizationId = ctx.organization?.id;
+    if (!organizationId) {
+      return c.json({ error: "Organization context required" }, 403);
+    }
+
+    // Verify connection exists and belongs to the user's organization
+    const connection = await ctx.storage.connections.findById(
+      connectionId,
+      organizationId,
+    );
+    if (!connection) {
+      return c.json({ error: "Connection not found" }, 404);
+    }
+
+    const tokenStorage = new DownstreamTokenStorage(ctx.db, ctx.vault);
+    const token = await tokenStorage.get(connectionId);
+
+    if (!token) {
+      return c.json({
+        hasToken: false,
+        isExpired: true,
+        canRefresh: false,
+      });
+    }
+
+    const isExpired = tokenStorage.isExpired(token);
+    const canRefresh = !!token.refreshToken && !!token.tokenEndpoint;
+
+    return c.json({
+      hasToken: true,
+      isExpired,
+      canRefresh,
+      expiresAt: token.expiresAt,
+    });
+  });
+
+  return app;
+};
diff --git a/apps/mesh/src/api/routes/files.ts b/apps/mesh/src/api/routes/files.ts
index ba74430046..acce42e6d2 100644
--- a/apps/mesh/src/api/routes/files.ts
+++ b/apps/mesh/src/api/routes/files.ts
@@ -19,7 +19,7 @@ import { Hono } from "hono";
 import { HTTPException } from "hono/http-exception";
 import type { MeshContext } from "@/core/mesh-context";
 import { generatePresignedGetUrl } from "./decopilot/file-materializer";
-import { isDevMode } from "@/tools/connection/dev-assets";
+import { usesLocalObjectStorage } from "@/tools/connection/dev-assets";
 
 type Variables = { meshContext: MeshContext };
 
@@ -48,9 +48,9 @@ app.get("/:org/files/*", async (c) => {
     throw new HTTPException(503, { message: "Object storage not configured" });
   }
 
-  // In dev mode, DevObjectStorage returns data: URIs which browsers can't
-  // follow as 302 redirects. Serve the bytes inline instead.
-  if (presignedUrl.startsWith("data:") && isDevMode()) {
+  // DevObjectStorage returns data: URIs which browsers can't follow as 302
+  // redirects. Serve the bytes inline instead.
+  if (presignedUrl.startsWith("data:") && usesLocalObjectStorage()) {
     const match = presignedUrl.match(/^data:([^;]+);base64,(.+)$/s);
     if (!match) {
       throw new HTTPException(500, {
diff --git a/apps/mesh/src/api/routes/oauth-proxy.test.ts b/apps/mesh/src/api/routes/oauth-proxy.test.ts
index 17bd3e17af..424b50ec58 100644
--- a/apps/mesh/src/api/routes/oauth-proxy.test.ts
+++ b/apps/mesh/src/api/routes/oauth-proxy.test.ts
@@ -445,18 +445,45 @@ describe("OAuth Proxy Routes", () => {
   });
 
   describe("Authorization Server Metadata Proxy", () => {
+    // Default org slug used by mocked connections. The handler emits OAuth
+    // endpoint URLs under `/api/${slug}/oauth-proxy/...` so it can route DCR
+    // through `resolveOrgFromPath`. Tests that assert the rewritten URLs use
+    // this slug.
+    const TEST_ORG_SLUG = "org-test";
+
+    const mockOrgDb = (slug: string | null) => ({
+      selectFrom: () => ({
+        select: () => ({
+          where: () => ({
+            executeTakeFirst: () =>
+              slug ? Promise.resolve({ slug }) : Promise.resolve(undefined),
+          }),
+        }),
+      }),
+    });
+
     const mockConnectionWithAuthServer = (
-      connection: { connection_url?: string } | null,
+      connection:
+        | ({ connection_url?: string; organization_id?: string } | null)
+        | undefined,
       protectedResourceResponse?: Response,
+      orgSlug: string | null = TEST_ORG_SLUG,
     ) => {
       (ContextFactory.create as ReturnType<typeof mock>).mockImplementation(
         () =>
           Promise.resolve({
             storage: {
               connections: {
-                findById: mock(() => Promise.resolve(connection)),
+                findById: mock(() =>
+                  Promise.resolve(
+                    connection
+                      ? { organization_id: "org_test", ...connection }
+                      : connection,
+                  ),
+                ),
               },
             },
+            db: mockOrgDb(orgSlug),
           }),
       );
 
@@ -502,10 +529,12 @@ describe("OAuth Proxy Routes", () => {
                 findById: mock(() =>
                   Promise.resolve({
                     connection_url: "https://origin.example.com/mcp",
+                    organization_id: "org_test",
                   }),
                 ),
               },
             },
+            db: mockOrgDb(TEST_ORG_SLUG),
           }),
       );
 
@@ -552,12 +581,13 @@ describe("OAuth Proxy Routes", () => {
         authorization_endpoint: string;
         token_endpoint: string;
       };
-      // URLs should be rewritten to go through our proxy
+      // URLs are rewritten through our proxy under the org-scoped mount so DCR
+      // benefits from `resolveOrgFromPath` membership enforcement.
       expect(body.authorization_endpoint).toBe(
-        "http://localhost:3000/oauth-proxy/conn_123/authorize",
+        `http://localhost:3000/api/${TEST_ORG_SLUG}/oauth-proxy/conn_123/authorize`,
       );
       expect(body.token_endpoint).toBe(
-        "http://localhost:3000/oauth-proxy/conn_123/token",
+        `http://localhost:3000/api/${TEST_ORG_SLUG}/oauth-proxy/conn_123/token`,
       );
     });
 
@@ -580,20 +610,47 @@ describe("OAuth Proxy Routes", () => {
       expect(res.status).toBe(200);
       const body = await res.json();
 
-      // Should rewrite endpoints to our proxy
+      // Endpoints are rewritten under the org-scoped mount so DCR / token /
+      // authorize benefit from `resolveOrgFromPath` cross-org enforcement.
       expect(body.authorization_endpoint).toBe(
-        "http://localhost:3000/oauth-proxy/conn_123/authorize",
+        `http://localhost:3000/api/${TEST_ORG_SLUG}/oauth-proxy/conn_123/authorize`,
       );
       expect(body.token_endpoint).toBe(
-        "http://localhost:3000/oauth-proxy/conn_123/token",
+        `http://localhost:3000/api/${TEST_ORG_SLUG}/oauth-proxy/conn_123/token`,
       );
       expect(body.registration_endpoint).toBe(
-        "http://localhost:3000/oauth-proxy/conn_123/register",
+        `http://localhost:3000/api/${TEST_ORG_SLUG}/oauth-proxy/conn_123/register`,
       );
       // Should preserve issuer
       expect(body.issuer).toBe("https://origin.example.com");
     });
 
+    test("falls back to legacy proxy path when connection has no resolvable org slug", async () => {
+      // Defensive: orphaned connections (org row missing) keep working via the
+      // legacy mount instead of emitting `/api//oauth-proxy/...` URLs.
+      mockConnectionWithAuthServer(
+        { connection_url: "https://origin.example.com/mcp" },
+        new Response(
+          JSON.stringify({
+            resource: "https://origin.example.com/mcp",
+            authorization_servers: ["https://origin.example.com"],
+          }),
+          { status: 200, headers: { "Content-Type": "application/json" } },
+        ),
+        null, // org lookup returns no slug
+      );
+
+      const res = await app.request(
+        "http://localhost:3000/.well-known/oauth-authorization-server/oauth-proxy/conn_123",
+      );
+
+      expect(res.status).toBe(200);
+      const body = (await res.json()) as { authorization_endpoint: string };
+      expect(body.authorization_endpoint).toBe(
+        "http://localhost:3000/oauth-proxy/conn_123/authorize",
+      );
+    });
+
     test("handles root path auth server without trailing slash", async () => {
       // When auth server is at root (https://example.com), the well-known URL
       // should be /.well-known/oauth-authorization-server (no trailing slash)
diff --git a/apps/mesh/src/api/routes/oauth-proxy.ts b/apps/mesh/src/api/routes/oauth-proxy.ts
index 9fdeed8f9e..51b601ebad 100644
--- a/apps/mesh/src/api/routes/oauth-proxy.ts
+++ b/apps/mesh/src/api/routes/oauth-proxy.ts
@@ -23,8 +23,6 @@ type Variables = {
 
 type HonoEnv = { Variables: Variables };
 
-const app = new Hono<HonoEnv>();
-
 // ============================================================================
 // Constants
 // ============================================================================
@@ -43,14 +41,20 @@ const NO_METADATA_STATUSES = [404, 401, 406];
 // ============================================================================
 
 /**
- * Get connection URL from storage by connection ID
- * Does not require organization ID - connections are globally unique
+ * Get connection URL from storage by connection ID, optionally scoped to an
+ * organization. Connection IDs are globally unique, but callers that have an
+ * org slug in scope should pass `organizationId` so cross-org lookups return
+ * null instead of a connection from another org.
  */
 async function getConnectionUrl(
   connectionId: string,
   ctx: MeshContext,
+  organizationId?: string,
 ): Promise<string | null> {
-  const connection = await ctx.storage.connections.findById(connectionId);
+  const connection = await ctx.storage.connections.findById(
+    connectionId,
+    organizationId,
+  );
   return connection?.connection_url ?? null;
 }
 
@@ -210,12 +214,8 @@ export async function fetchProtectedResourceMetadata(
  * since many servers (like Apify) expose /.well-known/oauth-authorization-server at the root.
  */
 async function getOriginAuthServer(
-  connectionId: string,
-  ctx: MeshContext,
+  connectionUrl: string,
 ): Promise<string | null> {
-  const connectionUrl = await getConnectionUrl(connectionId, ctx);
-  if (!connectionUrl) return null;
-
   // Parse URL upfront - if invalid, bail early
   let origin: string;
   try {
@@ -275,6 +275,24 @@ export interface HandleAuthErrorOptions {
   connectionUrl: string;
   /** Headers to use when checking the origin server */
   headers: Record<string, string>;
+  /**
+   * Optional org slug. When set, the WWW-Authenticate `resource_metadata`
+   * URL is built under `/api/:orgSlug/mcp/...` instead of the legacy
+   * `/mcp/...`. Set this when the request was served via the new
+   * `/api/:org/mcp/...` mount so OAuth clients discover the correct
+   * metadata URL.
+   */
+  orgSlug?: string;
+}
+
+/**
+ * Build the URL prefix for OAuth-related URLs based on org slug.
+ * - With slug: `/api/${slug}` (new path shape)
+ * - Without slug: `` (legacy path shape — `/mcp/...` and `/oauth-proxy/...`
+ *   live at the root)
+ */
+function buildPathPrefix(orgSlug: string | undefined): string {
+  return orgSlug ? `/api/${orgSlug}` : "";
 }
 
 /**
@@ -291,6 +309,7 @@ export async function handleAuthError({
   connectionId,
   connectionUrl,
   headers,
+  orgSlug,
 }: HandleAuthErrorOptions): Promise<Response | null> {
   const message = error.message?.toLowerCase() ?? "";
   const isAuthError =
@@ -313,10 +332,11 @@ export async function handleAuthError({
   );
 
   if (originSupportsOAuth) {
+    const prefix = buildPathPrefix(orgSlug);
     return new Response(null, {
       status: 401,
       headers: {
-        "WWW-Authenticate": `Bearer realm="mcp",resource_metadata="${reqUrl.origin}/mcp/${connectionId}/.well-known/oauth-protected-resource"`,
+        "WWW-Authenticate": `Bearer realm="mcp",resource_metadata="${reqUrl.origin}${prefix}/mcp/${connectionId}/.well-known/oauth-protected-resource"`,
       },
     });
   }
@@ -353,8 +373,13 @@ const fixProtocol = (url: URL) => {
  * to our OAuth proxy. This enables OAuth flows for servers like Apify that use WWW-Authenticate
  * but don't expose .well-known/oauth-protected-resource.
  */
-const protectedResourceMetadataHandler = async (c: {
-  req: { param: (key: string) => string; raw: Request; url: string };
+export const protectedResourceMetadataHandler = async (c: {
+  req: {
+    param: ((key: "connectionId") => string) &
+      ((key: "org") => string | undefined);
+    raw: Request;
+    url: string;
+  };
   get: (key: "meshContext") => MeshContext | undefined;
   set: (key: "meshContext", value: MeshContext) => void;
   json: (data: unknown, status?: number) => Response;
@@ -362,13 +387,66 @@ const protectedResourceMetadataHandler = async (c: {
   const connectionId = c.req.param("connectionId");
   const ctx = await ensureContext(c);
 
-  const connectionUrl = await getConnectionUrl(connectionId, ctx);
+  const requestUrl = fixProtocol(new URL(c.req.url));
+  // Org slug sources (in priority order):
+  // 1. `c.req.param("org")` — present on the top-level well-known prefix
+  //    route `/.well-known/oauth-protected-resource/api/:org/mcp/:id` and
+  //    on the `/api/:org`-mounted variant. The path slug is the source of
+  //    truth: the URL literally names which org's connection the SDK is
+  //    asking metadata for. The path-mounted variant lives outside the
+  //    sub-app so `resolveOrgFromPath` never runs there — without honoring
+  //    the path param first, `ctx.organization` falls back to the session's
+  //    `activeOrganizationId`, and multi-org users hitting another org's URL
+  //    silently lookup against their active org and 404.
+  // 2. `ctx.organization?.slug` — set by `resolveOrgFromPath` for routes
+  //    inside the `/api/:org` sub-app, or by the meshContext factory from
+  //    the session's active org. Used only when the path doesn't carry a
+  //    slug (legacy `/mcp/:id/.well-known/...` mount).
+  // 3. undefined — legacy routes have no slug; the prefix is empty and
+  //    we issue legacy-shape metadata URLs.
+  const orgSlug = c.req.param("org") ?? ctx.organization?.slug;
+
+  // When :org is in scope, the connection MUST belong to that org. Resolve
+  // the slug to an org id so the connection lookup filters on it; otherwise
+  // we'd hand back metadata claiming the connection is served at a path it
+  // doesn't actually resolve from. `resolveOrgFromPath` already cached the id
+  // for the sub-app mount; the top-level well-known prefix route resolves
+  // the slug here. Unknown slug or cross-org connection → 404 (we don't
+  // distinguish, to avoid leaking which slugs exist).
+  let scopedOrgId: string | undefined;
+  if (orgSlug) {
+    if (ctx.organization?.id && ctx.organization.slug === orgSlug) {
+      scopedOrgId = ctx.organization.id;
+    } else {
+      const org = await ctx.db
+        .selectFrom("organization")
+        .select("id")
+        .where("slug", "=", orgSlug)
+        .executeTakeFirst();
+      if (!org) {
+        return c.json({ error: "Connection not found" }, 404);
+      }
+      scopedOrgId = org.id;
+    }
+  }
+
+  const connectionUrl = await getConnectionUrl(connectionId, ctx, scopedOrgId);
   if (!connectionUrl) {
     return c.json({ error: "Connection not found" }, 404);
   }
 
-  const requestUrl = fixProtocol(new URL(c.req.url));
-  const proxyResourceUrl = `${requestUrl.origin}/mcp/${connectionId}`;
+  const prefix = buildPathPrefix(orgSlug);
+  const proxyResourceUrl = `${requestUrl.origin}${prefix}/mcp/${connectionId}`;
+  // Auth-server URL (the value advertised in `authorization_servers`) stays on
+  // the legacy `/oauth-proxy/:connectionId` path regardless of the resource
+  // path family. The well-known auth-server metadata route
+  // (`createWellKnownAuthServerRoutes`) only exists at the legacy URL, and
+  // moving it to `/api/:org/...` would land the SDK on Better Auth's catch-all
+  // metadata handler (which returns Better Auth's own MCP gateway endpoints)
+  // and break DCR with `invalid_client`. The OAuth endpoint URLs *inside*
+  // that metadata document (authorize/token/register) are emitted under the
+  // org-scoped mount by `authServerMetadataHandler` so they benefit from
+  // `resolveOrgFromPath` membership enforcement.
   const proxyAuthServer = `${requestUrl.origin}/oauth-proxy/${connectionId}`;
 
   try {
@@ -474,15 +552,50 @@ const protectedResourceMetadataHandler = async (c: {
   }
 };
 
-// Route 1: /.well-known/oauth-protected-resource/mcp/:connectionId
-app.get("/.well-known/oauth-protected-resource/mcp/:connectionId", (c) =>
-  protectedResourceMetadataHandler(c),
-);
+/**
+ * Legacy `.well-known/oauth-protected-resource` routes for the pre-org-scoped
+ * server URL shape (`/mcp/:id`). Mounted at the URL root with a deprecation
+ * log; will be removed once the deprecation window closes.
+ *
+ * Two URL shapes are served (both probed by MCP clients in the wild):
+ *  1. `/.well-known/oauth-protected-resource/mcp/:connectionId` — RFC 9728
+ *     Format 2 (well-known prefix), what `@modelcontextprotocol/sdk` probes.
+ *  2. `/mcp/:connectionId/.well-known/oauth-protected-resource` — RFC 9728
+ *     Format 1 (resource-relative), what the proxy's WWW-Authenticate
+ *     `resource_metadata` header points to.
+ */
+export const createLegacyWellKnownProtectedResourceRoutes = () => {
+  const app = new Hono<HonoEnv>();
+  app.get("/.well-known/oauth-protected-resource/mcp/:connectionId", (c) =>
+    protectedResourceMetadataHandler(c),
+  );
+  app.get("/mcp/:connectionId/.well-known/oauth-protected-resource", (c) =>
+    protectedResourceMetadataHandler(c),
+  );
+  return app;
+};
 
-// Route 2: /mcp/:connectionId/.well-known/oauth-protected-resource
-app.get("/mcp/:connectionId/.well-known/oauth-protected-resource", (c) =>
-  protectedResourceMetadataHandler(c),
-);
+/**
+ * Org-scoped resource-relative `.well-known/oauth-protected-resource` route.
+ * Mounted inside the `/api/:org` sub-app; expands to
+ * `/api/:org/mcp/:connectionId/.well-known/oauth-protected-resource`. This is
+ * the URL the proxy's WWW-Authenticate `resource_metadata` points to under
+ * the new path family — `resolveOrgFromPath` runs first, so the handler picks
+ * up `ctx.organization?.slug` directly.
+ *
+ * The well-known *prefix* shape for org-scoped server URLs
+ * (`/.well-known/oauth-protected-resource/api/:org/mcp/:connectionId`) is
+ * registered separately at the URL root in `app.ts` — RFC 9728 Format 2
+ * anchors the well-known prefix at the origin, so it must live outside any
+ * `/api/:org` sub-app.
+ */
+export const createOrgScopedWellKnownProtectedResourceRoutes = () => {
+  const app = new Hono<HonoEnv>();
+  app.get("/mcp/:connectionId/.well-known/oauth-protected-resource", (c) =>
+    protectedResourceMetadataHandler(c),
+  );
+  return app;
+};
 
 // ============================================================================
 // Authorization Server Metadata Proxy
@@ -576,62 +689,122 @@ export async function fetchAuthorizationServerMetadata(
  * Proxy authorization server metadata to avoid CORS issues
  * Rewrites OAuth endpoint URLs to go through our proxy
  */
-app.get(
-  "/.well-known/oauth-authorization-server/oauth-proxy/:connectionId",
-  async (c) => {
-    const connectionId = c.req.param("connectionId");
-    const ctx = await ensureContext(c);
-
-    const originAuthServer = await getOriginAuthServer(connectionId, ctx);
-    if (!originAuthServer) {
-      return c.json({ error: "Connection not found or no auth server" }, 404);
-    }
+const authServerMetadataHandler = async (c: {
+  req: { param: (key: string) => string; raw: Request; url: string };
+  get: (key: "meshContext") => MeshContext | undefined;
+  set: (key: "meshContext", value: MeshContext) => void;
+  json: (data: unknown, status?: number) => Response;
+}) => {
+  const connectionId = c.req.param("connectionId");
+  const ctx = await ensureContext(c);
 
-    try {
-      // Fetch auth server metadata, trying all well-known URL formats
-      const response = await fetchAuthorizationServerMetadata(originAuthServer);
+  // Fetch the connection (unscoped — connection IDs are globally unique) so we
+  // can derive both the origin auth server and the owning org slug for
+  // org-scoped endpoint URLs.
+  const connection = await ctx.storage.connections.findById(connectionId);
+  if (!connection?.connection_url) {
+    return c.json({ error: "Connection not found or no auth server" }, 404);
+  }
 
-      if (!response.ok) {
-        return new Response(response.body, {
-          status: response.status,
-          statusText: response.statusText,
-          headers: { "Content-Type": "application/json" },
-        });
-      }
+  const originAuthServer = await getOriginAuthServer(connection.connection_url);
+  if (!originAuthServer) {
+    return c.json({ error: "Connection not found or no auth server" }, 404);
+  }
 
-      // Parse and rewrite URLs to point to our proxy
-      const data = (await response.json()) as Record<string, unknown>;
-      const requestUrl = fixProtocol(new URL(c.req.url));
-      const proxyBase = `${requestUrl.origin}/oauth-proxy/${connectionId}`;
-
-      // Rewrite OAuth endpoint URLs to go through our proxy
-      const rewrittenData = {
-        ...data,
-        authorization_endpoint: data.authorization_endpoint
-          ? `${proxyBase}/authorize`
-          : undefined,
-        token_endpoint: data.token_endpoint ? `${proxyBase}/token` : undefined,
-        registration_endpoint: data.registration_endpoint
-          ? `${proxyBase}/register`
-          : undefined,
-      };
+  // Look up the connection's owning org slug. The endpoints inside this
+  // metadata document route through the canonical `/api/:org/oauth-proxy/...`
+  // mount — `resolveOrgFromPath` runs there and enforces cross-org access via
+  // membership. The legacy `/oauth-proxy/:connectionId/*` mount can't tell the
+  // path-resolved org apart from the session's `activeOrganizationId` and
+  // silently 404s multi-org users on DCR (`POST /register`).
+  const org = await ctx.db
+    .selectFrom("organization")
+    .select("slug")
+    .where("id", "=", connection.organization_id)
+    .executeTakeFirst();
 
-      return new Response(JSON.stringify(rewrittenData), {
-        status: 200,
+  try {
+    // Fetch auth server metadata, trying all well-known URL formats
+    const response = await fetchAuthorizationServerMetadata(originAuthServer);
+
+    if (!response.ok) {
+      return new Response(response.body, {
+        status: response.status,
+        statusText: response.statusText,
         headers: { "Content-Type": "application/json" },
       });
-    } catch (error) {
-      const err = error as Error;
-      console.error("[oauth-proxy] Failed to proxy auth server metadata:", err);
-      return c.json(
-        { error: "Failed to proxy auth server metadata", message: err.message },
-        502,
-      );
     }
-  },
-);
+
+    // Parse and rewrite URLs to point to our proxy
+    const data = (await response.json()) as Record<string, unknown>;
+    const requestUrl = fixProtocol(new URL(c.req.url));
+    // The AS metadata route itself stays at the legacy global path
+    // (`/.well-known/oauth-authorization-server/oauth-proxy/:connectionId`)
+    // because the SDK derives it from the `authorization_servers` value in the
+    // protected-resource metadata, which we keep legacy for cache stability
+    // and to avoid landing on Better Auth's catch-all metadata handler.
+    // The endpoint URLs *inside* this metadata, however, move to the canonical
+    // org-scoped mount so DCR/token/authorize benefit from `resolveOrgFromPath`
+    // membership enforcement. Connections without a resolvable org slug
+    // (orphaned data) fall back to the legacy proxy path.
+    const proxyBase = org?.slug
+      ? `${requestUrl.origin}/api/${org.slug}/oauth-proxy/${connectionId}`
+      : `${requestUrl.origin}/oauth-proxy/${connectionId}`;
+
+    // Rewrite OAuth endpoint URLs to go through our proxy
+    const rewrittenData = {
+      ...data,
+      authorization_endpoint: data.authorization_endpoint
+        ? `${proxyBase}/authorize`
+        : undefined,
+      token_endpoint: data.token_endpoint ? `${proxyBase}/token` : undefined,
+      registration_endpoint: data.registration_endpoint
+        ? `${proxyBase}/register`
+        : undefined,
+    };
+
+    return new Response(JSON.stringify(rewrittenData), {
+      status: 200,
+      headers: { "Content-Type": "application/json" },
+    });
+  } catch (error) {
+    const err = error as Error;
+    console.error("[oauth-proxy] Failed to proxy auth server metadata:", err);
+    return c.json(
+      { error: "Failed to proxy auth server metadata", message: err.message },
+      502,
+    );
+  }
+};
+
+/**
+ * Factory for the auth-server metadata route. This stays at the legacy
+ * RFC-mandated path `/.well-known/oauth-authorization-server/oauth-proxy/:connectionId`
+ * — third-party OAuth providers may have this URL registered as a
+ * redirect_uri base, so we keep it global indefinitely.
+ */
+export const createWellKnownAuthServerRoutes = () => {
+  const app = new Hono<HonoEnv>();
+  app.get(
+    "/.well-known/oauth-authorization-server/oauth-proxy/:connectionId",
+    authServerMetadataHandler,
+  );
+  return app;
+};
 
 // Note: The /oauth-proxy/:connectionId/:endpoint route is defined directly in app.ts
 // because app.route() doesn't properly register routes with dynamic segments at root level
 
+/**
+ * Default export: a Hono app that mounts every route in this file.
+ *
+ * Kept for backward compatibility with `oauth-proxy.test.ts` (which mounts
+ * the whole module under `/`) and as an escape hatch for any other caller
+ * that wants the full surface in one go. Production code (`app.ts`) uses
+ * the individual factories so it can apply `logDeprecatedRoute` to the
+ * legacy mounts and dual-mount under `/api/:org/...`.
+ */
+const app = new Hono<HonoEnv>();
+app.route("/", createLegacyWellKnownProtectedResourceRoutes());
+app.route("/", createWellKnownAuthServerRoutes());
 export default app;
diff --git a/apps/mesh/src/api/routes/org-scoped.ts b/apps/mesh/src/api/routes/org-scoped.ts
new file mode 100644
index 0000000000..f523619ff1
--- /dev/null
+++ b/apps/mesh/src/api/routes/org-scoped.ts
@@ -0,0 +1,119 @@
+import { Hono } from "hono";
+import type { MiddlewareHandler } from "hono";
+import type { EventTriggerEngine } from "@/automations/event-trigger-engine";
+import type { KVStorage } from "@/storage/kv";
+import type { TriggerCallbackTokenStorage } from "@/storage/trigger-callback-tokens";
+import { resolveOrgFromPath } from "../middleware/resolve-org-from-path";
+import type { Env } from "../hono-env";
+
+import { createDecoSitesOrgRoutes } from "./deco-sites";
+import { createDevAssetsRoutes } from "./dev-assets";
+import { createDownstreamTokenRoutes } from "./downstream-token";
+import { createKVRoutes } from "./kv";
+import { createOrgScopedWellKnownProtectedResourceRoutes } from "./oauth-proxy";
+import { createSsoRoutes } from "./org-sso";
+import { createProxyRoutes } from "./proxy";
+import { createSelfRoutes } from "./self";
+import { createThreadOutputsRoutes } from "./thread-outputs";
+import { createTriggerCallbackRoutes } from "./trigger-callback";
+import { createVirtualMcpRoutes } from "./virtual-mcp";
+import { createVmEventsRoutes } from "./vm-events";
+import { createVmExecRoutes } from "./vm-exec";
+
+interface OrgScopedDeps {
+  kvStorage: KVStorage;
+  tokenStorage: TriggerCallbackTokenStorage;
+  eventTriggerEngine: EventTriggerEngine;
+  /** Whether dev-only routes should be mounted (no S3 → DevObjectStorage). */
+  mountDevAssets: boolean;
+  /** mcpAuth middleware (defined in app.ts; must be applied under the new MCP prefixes). */
+  mcpAuth: MiddlewareHandler<Env>;
+  /**
+   * OAuth-proxy handler (defined in app.ts). Mounted under
+   * `/api/:org/oauth-proxy/:connectionId/*` and inherits cross-org enforcement
+   * from `resolveOrgFromPath` (the handler additionally checks that the
+   * connection's `organization_id` matches the resolved org).
+   */
+  oauthProxyHandler: MiddlewareHandler<Env>;
+  /**
+   * Public events handler (defined in app.ts). Mounted at
+   * `POST /api/:org/events/:type`.
+   */
+  eventsHandler: MiddlewareHandler<Env>;
+  /**
+   * SSE watch handler (defined in app.ts). Mounted at
+   * `GET /api/:org/watch`.
+   */
+  watchHandler: MiddlewareHandler<Env>;
+  /**
+   * Better-Auth-served Protected Resource Metadata for the gateway-style MCP
+   * URL family. Mounted at
+   * `/api/:org/mcp/:gateway?/:connectionId/.well-known/oauth-protected-resource/*`.
+   */
+  betterAuthProtectedResourceHandler: MiddlewareHandler<Env>;
+}
+
+export const createOrgScopedApi = (deps: OrgScopedDeps) => {
+  const app = new Hono<Env>();
+
+  // EVERY route in this sub-app gets org resolved from :org path param
+  app.use("*", resolveOrgFromPath);
+
+  // --- Routes that don't need extra middleware ---
+  app.route("/", createDownstreamTokenRoutes()); // /api/:org/connections/:connectionId/oauth-token
+  app.route("/", createThreadOutputsRoutes()); // /api/:org/threads/:threadId/outputs
+  app.route("/", createKVRoutes({ kvStorage: deps.kvStorage }));
+  app.route("/vm-events", createVmEventsRoutes()); // /api/:org/vm-events
+  app.route("/vm-exec", createVmExecRoutes()); // /api/:org/vm-exec/{exec,kill}/:script
+  app.route("/deco-sites", createDecoSitesOrgRoutes()); // /api/:org/deco-sites
+  app.route("/sso", createSsoRoutes()); // /api/:org/sso/* (renamed from /api/org-sso)
+  app.route(
+    "/",
+    createTriggerCallbackRoutes({
+      tokenStorage: deps.tokenStorage,
+      eventTriggerEngine: deps.eventTriggerEngine,
+    }),
+  ); // /api/:org/trigger-callback
+
+  if (deps.mountDevAssets) {
+    app.route("/dev-assets", createDevAssetsRoutes({ orgFromPath: true }));
+  }
+
+  // --- MCP routes need mcpAuth in addition to resolveOrgFromPath ---
+  // Order matters (preserve from legacy): virtual-mcp → self → proxy
+  app.use("/mcp/:connectionId?", deps.mcpAuth);
+  app.use("/mcp/gateway/:virtualMcpId?", deps.mcpAuth);
+  app.use("/mcp/virtual-mcp/:virtualMcpId?", deps.mcpAuth);
+  app.use("/mcp/self", deps.mcpAuth);
+
+  // OAuth Protected-Resource discovery for connection MCPs (resource-relative
+  // shape). Expands to
+  // `/api/:org/mcp/:connectionId/.well-known/oauth-protected-resource`, which
+  // is what the proxy's WWW-Authenticate `resource_metadata` header points to.
+  // The well-known *prefix* shape lives outside this sub-app — see app.ts.
+  // Must mount BEFORE the catch-all proxy routes so the well-known suffix wins.
+  app.route("/", createOrgScopedWellKnownProtectedResourceRoutes());
+
+  // Better-Auth Protected Resource Metadata for the gateway-style URL family.
+  // Mounted BEFORE the proxy routes for the same reason.
+  app.get(
+    "/mcp/:gateway?/:connectionId/.well-known/oauth-protected-resource/*",
+    deps.betterAuthProtectedResourceHandler,
+  );
+
+  app.route("/mcp", createVirtualMcpRoutes());
+  app.route("/mcp/self", createSelfRoutes());
+  app.route("/mcp", createProxyRoutes());
+
+  // --- Inline routes migrated from app.ts (Task 15) ---
+  // OAuth proxy under the org-scoped prefix; resolveOrgFromPath has run, so
+  // the handler can enforce cross-org access (connection.organization_id
+  // must match the resolved org).
+  app.all("/oauth-proxy/:connectionId/*", deps.oauthProxyHandler);
+
+  // Public events publish + SSE watch.
+  app.post("/events/:type", deps.eventsHandler);
+  app.get("/watch", deps.watchHandler);
+
+  return app;
+};
diff --git a/apps/mesh/src/api/routes/org-sso.ts b/apps/mesh/src/api/routes/org-sso.ts
index f6298ec1ec..1e403ac14b 100644
--- a/apps/mesh/src/api/routes/org-sso.ts
+++ b/apps/mesh/src/api/routes/org-sso.ts
@@ -18,429 +18,443 @@ type Variables = {
   meshContext: MeshContext;
 };
 
-const app = new Hono<{ Variables: Variables }>();
-
-// ============================================================================
-// SSO Status Check
-// ============================================================================
+export const createSsoRoutes = () => {
+  const app = new Hono<{ Variables: Variables }>();
+  registerSsoRoutes(app);
+  return app;
+};
 
-/**
- * Check if the current user has a valid SSO session for an organization.
- *
- * Route: GET /api/org-sso/status?orgId=<id>
- */
-app.get("/status", async (c) => {
-  const ctx = c.get("meshContext") as MeshContext;
-  if (!ctx.auth.user) {
-    return c.json({ error: "Authentication required" }, 401);
-  }
+type SsoApp = Hono<{ Variables: Variables }>;
+
+function registerSsoRoutes(app: SsoApp) {
+  // ============================================================================
+  // SSO Status Check
+  // ============================================================================
+
+  /**
+   * Check if the current user has a valid SSO session for an organization.
+   *
+   * Route: GET /api/org-sso/status?orgId=<id>
+   */
+  app.get("/status", async (c) => {
+    const ctx = c.get("meshContext") as MeshContext;
+    if (!ctx.auth.user) {
+      return c.json({ error: "Authentication required" }, 401);
+    }
 
-  const orgId = ctx.organization?.id;
-  if (!orgId) {
-    return c.json({ error: "Organization context required" }, 400);
-  }
+    const orgId = ctx.organization?.id;
+    if (!orgId) {
+      return c.json({ error: "Organization context required" }, 400);
+    }
 
-  // Verify user is a member of the organization
-  const membership = await getOrgMembership(ctx, ctx.auth.user.id, orgId);
-  if (!membership) {
-    return c.json({ error: "Not a member of this organization" }, 403);
-  }
+    // Verify user is a member of the organization
+    const membership = await getOrgMembership(ctx, ctx.auth.user.id, orgId);
+    if (!membership) {
+      return c.json({ error: "Not a member of this organization" }, 403);
+    }
 
-  const ssoConfig = await ctx.storage.orgSsoConfig.getByOrgId(orgId);
-  if (!ssoConfig || !ssoConfig.enforced) {
-    return c.json({ ssoRequired: false });
-  }
+    const ssoConfig = await ctx.storage.orgSsoConfig.getByOrgId(orgId);
+    if (!ssoConfig || !ssoConfig.enforced) {
+      return c.json({ ssoRequired: false });
+    }
 
-  const isValid = await ctx.storage.orgSsoSessions.isValid(
-    ctx.auth.user.id,
-    orgId,
-  );
+    const isValid = await ctx.storage.orgSsoSessions.isValid(
+      ctx.auth.user.id,
+      orgId,
+    );
 
-  return c.json({
-    ssoRequired: true,
-    authenticated: isValid,
-    issuer: ssoConfig.issuer,
-    domain: ssoConfig.domain,
+    return c.json({
+      ssoRequired: true,
+      authenticated: isValid,
+      issuer: ssoConfig.issuer,
+      domain: ssoConfig.domain,
+    });
   });
-});
 
-// ============================================================================
-// OIDC Authorization Flow
-// ============================================================================
+  // ============================================================================
+  // OIDC Authorization Flow
+  // ============================================================================
+
+  /**
+   * Start OIDC authorization flow for org SSO.
+   *
+   * Route: GET /api/org-sso/authorize?orgId=<id>
+   */
+  app.get("/authorize", async (c) => {
+    const ctx = c.get("meshContext") as MeshContext;
+    if (!ctx.auth.user) {
+      return c.json({ error: "Authentication required" }, 401);
+    }
 
-/**
- * Start OIDC authorization flow for org SSO.
- *
- * Route: GET /api/org-sso/authorize?orgId=<id>
- */
-app.get("/authorize", async (c) => {
-  const ctx = c.get("meshContext") as MeshContext;
-  if (!ctx.auth.user) {
-    return c.json({ error: "Authentication required" }, 401);
-  }
+    const orgId = ctx.organization?.id;
+    if (!orgId) {
+      return c.json({ error: "Organization context required" }, 400);
+    }
 
-  const orgId = ctx.organization?.id;
-  if (!orgId) {
-    return c.json({ error: "Organization context required" }, 400);
-  }
+    // Verify user is a member of the organization
+    const membership = await getOrgMembership(ctx, ctx.auth.user.id, orgId);
+    if (!membership) {
+      return c.json({ error: "Not a member of this organization" }, 403);
+    }
 
-  // Verify user is a member of the organization
-  const membership = await getOrgMembership(ctx, ctx.auth.user.id, orgId);
-  if (!membership) {
-    return c.json({ error: "Not a member of this organization" }, 403);
-  }
+    const ssoConfig = await ctx.storage.orgSsoConfig.getByOrgId(orgId);
+    if (!ssoConfig) {
+      return c.json({ error: "SSO not configured for this organization" }, 404);
+    }
 
-  const ssoConfig = await ctx.storage.orgSsoConfig.getByOrgId(orgId);
-  if (!ssoConfig) {
-    return c.json({ error: "SSO not configured for this organization" }, 404);
-  }
+    // Discover OIDC endpoints
+    const discovery = await discoverOIDC(
+      ssoConfig.issuer,
+      ssoConfig.discoveryEndpoint,
+    );
 
-  // Discover OIDC endpoints
-  const discovery = await discoverOIDC(
-    ssoConfig.issuer,
-    ssoConfig.discoveryEndpoint,
-  );
-
-  // Generate PKCE
-  const codeVerifier = generateCodeVerifier();
-  const codeChallenge = await generateCodeChallenge(codeVerifier);
-
-  // Generate state
-  const state = crypto.randomUUID();
-
-  // Store state + verifier in a secure cookie (short-lived)
-  const stateData = JSON.stringify({
-    state,
-    codeVerifier,
-    orgId,
-    userId: ctx.auth.user.id,
-  });
+    // Generate PKCE
+    const codeVerifier = generateCodeVerifier();
+    const codeChallenge = await generateCodeChallenge(codeVerifier);
 
-  setCookie(c, "org_sso_state", stateData, {
-    httpOnly: true,
-    secure: true,
-    sameSite: "Lax",
-    path: "/api/org-sso/callback",
-    maxAge: 600, // 10 minutes
-  });
+    // Generate state
+    const state = crypto.randomUUID();
 
-  // Build authorization URL
-  const params = new URLSearchParams({
-    response_type: "code",
-    client_id: ssoConfig.clientId,
-    redirect_uri: `${ctx.baseUrl}/api/org-sso/callback`,
-    scope: ssoConfig.scopes.join(" "),
-    state,
-    code_challenge: codeChallenge,
-    code_challenge_method: "S256",
-  });
+    // Store state + verifier in a secure cookie (short-lived)
+    const stateData = JSON.stringify({
+      state,
+      codeVerifier,
+      orgId,
+      userId: ctx.auth.user.id,
+    });
 
-  const authUrl = `${discovery.authorization_endpoint}?${params.toString()}`;
-  return c.redirect(authUrl);
-});
+    setCookie(c, "org_sso_state", stateData, {
+      httpOnly: true,
+      secure: true,
+      sameSite: "Lax",
+      path: "/api/org-sso/callback",
+      maxAge: 600, // 10 minutes
+    });
 
-/**
- * OIDC callback — exchanges code for tokens and creates SSO session.
- *
- * Route: GET /api/org-sso/callback
- */
-app.get("/callback", async (c) => {
-  const ctx = c.get("meshContext") as MeshContext;
+    // Build authorization URL
+    const params = new URLSearchParams({
+      response_type: "code",
+      client_id: ssoConfig.clientId,
+      redirect_uri: `${ctx.baseUrl}/api/org-sso/callback`,
+      scope: ssoConfig.scopes.join(" "),
+      state,
+      code_challenge: codeChallenge,
+      code_challenge_method: "S256",
+    });
 
-  const code = c.req.query("code");
-  const state = c.req.query("state");
-  const error = c.req.query("error");
+    const authUrl = `${discovery.authorization_endpoint}?${params.toString()}`;
+    return c.redirect(authUrl);
+  });
 
-  if (error) {
-    return c.redirect(`/?sso_error=${encodeURIComponent(error)}`);
-  }
+  /**
+   * OIDC callback — exchanges code for tokens and creates SSO session.
+   *
+   * Route: GET /api/org-sso/callback
+   */
+  app.get("/callback", async (c) => {
+    const ctx = c.get("meshContext") as MeshContext;
 
-  if (!code || !state) {
-    return c.redirect("/?sso_error=missing_code_or_state");
-  }
+    const code = c.req.query("code");
+    const state = c.req.query("state");
+    const error = c.req.query("error");
 
-  // Retrieve state from cookie
-  const stateDataRaw = getCookie(c, "org_sso_state");
-  if (!stateDataRaw) {
-    return c.redirect("/?sso_error=state_expired");
-  }
+    if (error) {
+      return c.redirect(`/?sso_error=${encodeURIComponent(error)}`);
+    }
 
-  // Clear the state cookie
-  setCookie(c, "org_sso_state", "", {
-    httpOnly: true,
-    secure: true,
-    sameSite: "Lax",
-    path: "/api/org-sso/callback",
-    maxAge: 0,
-  });
+    if (!code || !state) {
+      return c.redirect("/?sso_error=missing_code_or_state");
+    }
 
-  let stateData: {
-    state: string;
-    codeVerifier: string;
-    orgId: string;
-    userId: string;
-  };
-  try {
-    stateData = JSON.parse(stateDataRaw);
-  } catch {
-    return c.redirect("/?sso_error=invalid_state");
-  }
+    // Retrieve state from cookie
+    const stateDataRaw = getCookie(c, "org_sso_state");
+    if (!stateDataRaw) {
+      return c.redirect("/?sso_error=state_expired");
+    }
 
-  // Validate state
-  if (stateData.state !== state) {
-    return c.redirect("/?sso_error=state_mismatch");
-  }
+    // Clear the state cookie
+    setCookie(c, "org_sso_state", "", {
+      httpOnly: true,
+      secure: true,
+      sameSite: "Lax",
+      path: "/api/org-sso/callback",
+      maxAge: 0,
+    });
 
-  // Verify the user is still authenticated
-  if (!ctx.auth.user || ctx.auth.user.id !== stateData.userId) {
-    return c.redirect("/?sso_error=session_expired");
-  }
+    let stateData: {
+      state: string;
+      codeVerifier: string;
+      orgId: string;
+      userId: string;
+    };
+    try {
+      stateData = JSON.parse(stateDataRaw);
+    } catch {
+      return c.redirect("/?sso_error=invalid_state");
+    }
 
-  const ssoConfig = await ctx.storage.orgSsoConfig.getByOrgId(stateData.orgId);
-  if (!ssoConfig) {
-    return c.redirect("/?sso_error=sso_not_configured");
-  }
+    // Validate state
+    if (stateData.state !== state) {
+      return c.redirect("/?sso_error=state_mismatch");
+    }
 
-  // Discover endpoints
-  const discovery = await discoverOIDC(
-    ssoConfig.issuer,
-    ssoConfig.discoveryEndpoint,
-  );
-
-  // Exchange code for tokens
-  const tokenResponse = await fetch(discovery.token_endpoint, {
-    method: "POST",
-    headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body: new URLSearchParams({
-      grant_type: "authorization_code",
-      code,
-      redirect_uri: `${ctx.baseUrl}/api/org-sso/callback`,
-      client_id: ssoConfig.clientId,
-      client_secret: ssoConfig.clientSecret,
-      code_verifier: stateData.codeVerifier,
-    }),
-  });
+    // Verify the user is still authenticated
+    if (!ctx.auth.user || ctx.auth.user.id !== stateData.userId) {
+      return c.redirect("/?sso_error=session_expired");
+    }
 
-  if (!tokenResponse.ok) {
-    console.error(
-      "[org-sso] Token exchange failed:",
-      await tokenResponse.text(),
+    const ssoConfig = await ctx.storage.orgSsoConfig.getByOrgId(
+      stateData.orgId,
     );
-    return c.redirect("/?sso_error=token_exchange_failed");
-  }
-
-  const tokens = (await tokenResponse.json()) as {
-    id_token?: string;
-    access_token?: string;
-  };
+    if (!ssoConfig) {
+      return c.redirect("/?sso_error=sso_not_configured");
+    }
 
-  if (!tokens.id_token) {
-    return c.redirect("/?sso_error=no_id_token");
-  }
+    // Discover endpoints
+    const discovery = await discoverOIDC(
+      ssoConfig.issuer,
+      ssoConfig.discoveryEndpoint,
+    );
 
-  // Verify ID token
-  try {
-    const JWKS = jose.createRemoteJWKSet(new URL(discovery.jwks_uri));
-    const { payload } = await jose.jwtVerify(tokens.id_token, JWKS, {
-      issuer: ssoConfig.issuer,
-      audience: ssoConfig.clientId,
+    // Exchange code for tokens
+    const tokenResponse = await fetch(discovery.token_endpoint, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        grant_type: "authorization_code",
+        code,
+        redirect_uri: `${ctx.baseUrl}/api/org-sso/callback`,
+        client_id: ssoConfig.clientId,
+        client_secret: ssoConfig.clientSecret,
+        code_verifier: stateData.codeVerifier,
+      }),
     });
 
-    // Verify the token email matches the authenticated user
-    const tokenEmail = (payload.email as string)?.toLowerCase();
-    const userEmail = ctx.auth.user.email?.toLowerCase();
-    if (!tokenEmail || tokenEmail !== userEmail) {
+    if (!tokenResponse.ok) {
       console.error(
-        `[org-sso] Email mismatch: token=${tokenEmail}, user=${userEmail}`,
+        "[org-sso] Token exchange failed:",
+        await tokenResponse.text(),
       );
-      return c.redirect("/?sso_error=email_mismatch");
+      return c.redirect("/?sso_error=token_exchange_failed");
     }
-  } catch (err) {
-    console.error("[org-sso] ID token verification failed:", err);
-    return c.redirect("/?sso_error=token_verification_failed");
-  }
 
-  // Create SSO session
-  await ctx.storage.orgSsoSessions.upsert(ctx.auth.user.id, stateData.orgId);
+    const tokens = (await tokenResponse.json()) as {
+      id_token?: string;
+      access_token?: string;
+    };
 
-  // Look up org slug via membership to redirect to the org
-  const membership = await getOrgMembership(
-    ctx,
-    ctx.auth.user.id,
-    stateData.orgId,
-  );
+    if (!tokens.id_token) {
+      return c.redirect("/?sso_error=no_id_token");
+    }
 
-  const redirectPath = membership?.orgSlug ? `/${membership.orgSlug}` : "/";
-  return c.redirect(redirectPath);
-});
+    // Verify ID token
+    try {
+      const JWKS = jose.createRemoteJWKSet(new URL(discovery.jwks_uri));
+      const { payload } = await jose.jwtVerify(tokens.id_token, JWKS, {
+        issuer: ssoConfig.issuer,
+        audience: ssoConfig.clientId,
+      });
+
+      // Verify the token email matches the authenticated user
+      const tokenEmail = (payload.email as string)?.toLowerCase();
+      const userEmail = ctx.auth.user.email?.toLowerCase();
+      if (!tokenEmail || tokenEmail !== userEmail) {
+        console.error(
+          `[org-sso] Email mismatch: token=${tokenEmail}, user=${userEmail}`,
+        );
+        return c.redirect("/?sso_error=email_mismatch");
+      }
+    } catch (err) {
+      console.error("[org-sso] ID token verification failed:", err);
+      return c.redirect("/?sso_error=token_verification_failed");
+    }
 
-// ============================================================================
-// SSO Config Management (Admin)
-// ============================================================================
+    // Create SSO session
+    await ctx.storage.orgSsoSessions.upsert(ctx.auth.user.id, stateData.orgId);
 
-/**
- * Get SSO config for the current organization.
- *
- * Route: GET /api/org-sso/config
- */
-app.get("/config", async (c) => {
-  const ctx = c.get("meshContext") as MeshContext;
-  if (!ctx.auth.user) {
-    return c.json({ error: "Authentication required" }, 401);
-  }
+    // Look up org slug via membership to redirect to the org
+    const membership = await getOrgMembership(
+      ctx,
+      ctx.auth.user.id,
+      stateData.orgId,
+    );
 
-  const orgId = ctx.organization?.id;
-  if (!orgId) {
-    return c.json({ error: "Organization context required" }, 400);
-  }
+    const redirectPath = membership?.orgSlug ? `/${membership.orgSlug}` : "/";
+    return c.redirect(redirectPath);
+  });
 
-  // Check admin role
-  if (!isOrgAdmin(ctx)) {
-    return c.json({ error: "Admin role required" }, 403);
-  }
+  // ============================================================================
+  // SSO Config Management (Admin)
+  // ============================================================================
+
+  /**
+   * Get SSO config for the current organization.
+   *
+   * Route: GET /api/org-sso/config
+   */
+  app.get("/config", async (c) => {
+    const ctx = c.get("meshContext") as MeshContext;
+    if (!ctx.auth.user) {
+      return c.json({ error: "Authentication required" }, 401);
+    }
 
-  const config = await ctx.storage.orgSsoConfig.getByOrgId(orgId);
-  if (!config) {
-    return c.json({ configured: false });
-  }
+    const orgId = ctx.organization?.id;
+    if (!orgId) {
+      return c.json({ error: "Organization context required" }, 400);
+    }
 
-  return c.json({
-    configured: true,
-    config: ctx.storage.orgSsoConfig.toPublic(config),
-  });
-});
+    // Check admin role
+    if (!isOrgAdmin(ctx)) {
+      return c.json({ error: "Admin role required" }, 403);
+    }
 
-/**
- * Create or update SSO config for the current organization.
- *
- * Route: POST /api/org-sso/config
- */
-app.post("/config", async (c) => {
-  const ctx = c.get("meshContext") as MeshContext;
-  if (!ctx.auth.user) {
-    return c.json({ error: "Authentication required" }, 401);
-  }
+    const config = await ctx.storage.orgSsoConfig.getByOrgId(orgId);
+    if (!config) {
+      return c.json({ configured: false });
+    }
 
-  const orgId = ctx.organization?.id;
-  if (!orgId) {
-    return c.json({ error: "Organization context required" }, 400);
-  }
+    return c.json({
+      configured: true,
+      config: ctx.storage.orgSsoConfig.toPublic(config),
+    });
+  });
 
-  if (!isOrgOwner(ctx)) {
-    return c.json({ error: "Owner role required" }, 403);
-  }
+  /**
+   * Create or update SSO config for the current organization.
+   *
+   * Route: POST /api/org-sso/config
+   */
+  app.post("/config", async (c) => {
+    const ctx = c.get("meshContext") as MeshContext;
+    if (!ctx.auth.user) {
+      return c.json({ error: "Authentication required" }, 401);
+    }
 
-  const body = await c.req.json<{
-    issuer: string;
-    clientId: string;
-    clientSecret: string;
-    discoveryEndpoint?: string;
-    scopes?: string[];
-    domain: string;
-    enforced?: boolean;
-  }>();
-
-  if (!body.issuer || !body.clientId || !body.domain) {
-    return c.json({ error: "issuer, clientId, and domain are required" }, 400);
-  }
+    const orgId = ctx.organization?.id;
+    if (!orgId) {
+      return c.json({ error: "Organization context required" }, 400);
+    }
 
-  // Client secret required for new configs, optional for updates
-  const existingConfig = await ctx.storage.orgSsoConfig.getByOrgId(orgId);
-  if (!existingConfig && !body.clientSecret) {
-    return c.json(
-      { error: "clientSecret is required for initial SSO setup" },
-      400,
-    );
-  }
+    if (!isOrgOwner(ctx)) {
+      return c.json({ error: "Owner role required" }, 403);
+    }
+
+    const body = await c.req.json<{
+      issuer: string;
+      clientId: string;
+      clientSecret: string;
+      discoveryEndpoint?: string;
+      scopes?: string[];
+      domain: string;
+      enforced?: boolean;
+    }>();
+
+    if (!body.issuer || !body.clientId || !body.domain) {
+      return c.json(
+        { error: "issuer, clientId, and domain are required" },
+        400,
+      );
+    }
 
-  // Use existing secret if not provided on update
-  const clientSecret = body.clientSecret || existingConfig?.clientSecret || "";
+    // Client secret required for new configs, optional for updates
+    const existingConfig = await ctx.storage.orgSsoConfig.getByOrgId(orgId);
+    if (!existingConfig && !body.clientSecret) {
+      return c.json(
+        { error: "clientSecret is required for initial SSO setup" },
+        400,
+      );
+    }
 
-  // Validate OIDC discovery endpoint is reachable
-  try {
-    await discoverOIDC(body.issuer, body.discoveryEndpoint);
-  } catch (err) {
-    return c.json(
-      {
-        error: "Failed to reach OIDC discovery endpoint",
-        details: err instanceof Error ? err.message : String(err),
-      },
-      400,
-    );
-  }
+    // Use existing secret if not provided on update
+    const clientSecret =
+      body.clientSecret || existingConfig?.clientSecret || "";
+
+    // Validate OIDC discovery endpoint is reachable
+    try {
+      await discoverOIDC(body.issuer, body.discoveryEndpoint);
+    } catch (err) {
+      return c.json(
+        {
+          error: "Failed to reach OIDC discovery endpoint",
+          details: err instanceof Error ? err.message : String(err),
+        },
+        400,
+      );
+    }
 
-  const config = await ctx.storage.orgSsoConfig.upsert(orgId, {
-    issuer: body.issuer,
-    clientId: body.clientId,
-    clientSecret,
-    discoveryEndpoint: body.discoveryEndpoint,
-    scopes: body.scopes,
-    domain: body.domain,
-    enforced: body.enforced,
-  });
+    const config = await ctx.storage.orgSsoConfig.upsert(orgId, {
+      issuer: body.issuer,
+      clientId: body.clientId,
+      clientSecret,
+      discoveryEndpoint: body.discoveryEndpoint,
+      scopes: body.scopes,
+      domain: body.domain,
+      enforced: body.enforced,
+    });
 
-  return c.json({
-    success: true,
-    config: ctx.storage.orgSsoConfig.toPublic(config),
+    return c.json({
+      success: true,
+      config: ctx.storage.orgSsoConfig.toPublic(config),
+    });
   });
-});
 
-/**
- * Toggle SSO enforcement for the current organization.
- *
- * Route: POST /api/org-sso/config/enforce
- */
-app.post("/config/enforce", async (c) => {
-  const ctx = c.get("meshContext") as MeshContext;
-  if (!ctx.auth.user) {
-    return c.json({ error: "Authentication required" }, 401);
-  }
+  /**
+   * Toggle SSO enforcement for the current organization.
+   *
+   * Route: POST /api/org-sso/config/enforce
+   */
+  app.post("/config/enforce", async (c) => {
+    const ctx = c.get("meshContext") as MeshContext;
+    if (!ctx.auth.user) {
+      return c.json({ error: "Authentication required" }, 401);
+    }
 
-  const orgId = ctx.organization?.id;
-  if (!orgId) {
-    return c.json({ error: "Organization context required" }, 400);
-  }
+    const orgId = ctx.organization?.id;
+    if (!orgId) {
+      return c.json({ error: "Organization context required" }, 400);
+    }
 
-  if (!isOrgOwner(ctx)) {
-    return c.json({ error: "Owner role required" }, 403);
-  }
+    if (!isOrgOwner(ctx)) {
+      return c.json({ error: "Owner role required" }, 403);
+    }
 
-  const body = await c.req.json<{ enforced: boolean }>();
+    const body = await c.req.json<{ enforced: boolean }>();
 
-  // Verify config exists before enforcing
-  const existing = await ctx.storage.orgSsoConfig.getByOrgId(orgId);
-  if (!existing) {
-    return c.json({ error: "SSO must be configured before enforcing" }, 400);
-  }
+    // Verify config exists before enforcing
+    const existing = await ctx.storage.orgSsoConfig.getByOrgId(orgId);
+    if (!existing) {
+      return c.json({ error: "SSO must be configured before enforcing" }, 400);
+    }
 
-  await ctx.storage.orgSsoConfig.setEnforced(orgId, body.enforced);
+    await ctx.storage.orgSsoConfig.setEnforced(orgId, body.enforced);
 
-  return c.json({ success: true, enforced: body.enforced });
-});
+    return c.json({ success: true, enforced: body.enforced });
+  });
 
-/**
- * Delete SSO config for the current organization.
- *
- * Route: DELETE /api/org-sso/config
- */
-app.delete("/config", async (c) => {
-  const ctx = c.get("meshContext") as MeshContext;
-  if (!ctx.auth.user) {
-    return c.json({ error: "Authentication required" }, 401);
-  }
+  /**
+   * Delete SSO config for the current organization.
+   *
+   * Route: DELETE /api/org-sso/config
+   */
+  app.delete("/config", async (c) => {
+    const ctx = c.get("meshContext") as MeshContext;
+    if (!ctx.auth.user) {
+      return c.json({ error: "Authentication required" }, 401);
+    }
 
-  const orgId = ctx.organization?.id;
-  if (!orgId) {
-    return c.json({ error: "Organization context required" }, 400);
-  }
+    const orgId = ctx.organization?.id;
+    if (!orgId) {
+      return c.json({ error: "Organization context required" }, 400);
+    }
 
-  if (!isOrgOwner(ctx)) {
-    return c.json({ error: "Owner role required" }, 403);
-  }
+    if (!isOrgOwner(ctx)) {
+      return c.json({ error: "Owner role required" }, 403);
+    }
 
-  await ctx.storage.orgSsoConfig.delete(orgId);
-  return c.json({ success: true });
-});
+    await ctx.storage.orgSsoConfig.delete(orgId);
+    return c.json({ success: true });
+  });
+}
 
 // ============================================================================
 // Helpers
@@ -461,7 +475,8 @@ const discoveryCache = new Map<
 
 /**
  * Validate that a URL is safe for server-side fetching (SSRF prevention).
- * Enforces HTTPS in production and blocks private/link-local IP ranges.
+ * Enforces HTTPS and blocks private/link-local IP ranges. Local mode opts
+ * in to HTTP and loopback so developers can point at a local Keycloak/etc.
  */
 function validateOIDCUrl(url: string): void {
   let parsed: URL;
@@ -471,8 +486,8 @@ function validateOIDCUrl(url: string): void {
     throw new Error(`Invalid URL: ${url}`);
   }
 
-  // Enforce HTTPS in production (allow HTTP for local dev)
-  const allowHttp = getSettings().nodeEnv !== "production";
+  // Local mode opts in to HTTP + loopback for local OIDC providers.
+  const allowHttp = getSettings().localMode;
   if (
     parsed.protocol !== "https:" &&
     !(allowHttp && parsed.protocol === "http:")
@@ -483,7 +498,7 @@ function validateOIDCUrl(url: string): void {
   // Block private and link-local IP ranges
   const host = parsed.hostname;
   const privatePatterns = [
-    /^127\./, // loopback (allow in dev below)
+    /^127\./, // loopback (allowed in local mode below)
     /^10\./, // 10.0.0.0/8
     /^172\.(1[6-9]|2\d|3[01])\./, // 172.16.0.0/12
     /^192\.168\./, // 192.168.0.0/16
@@ -495,7 +510,7 @@ function validateOIDCUrl(url: string): void {
     /^localhost$/i, // localhost hostname
   ];
 
-  // Allow loopback in dev for local OIDC providers (e.g. Keycloak)
+  // Allow loopback in local mode for local OIDC providers (e.g. Keycloak)
   const isLoopback = /^127\.|^\[::1\]$|^localhost$/i.test(host);
   if (allowHttp && isLoopback) {
     return;
@@ -596,5 +611,3 @@ function isOrgAdmin(ctx: MeshContext): boolean {
 function isOrgOwner(ctx: MeshContext): boolean {
   return ctx.auth.user?.role === "owner";
 }
-
-export default app;
diff --git a/apps/mesh/src/api/routes/proxy.ts b/apps/mesh/src/api/routes/proxy.ts
index 531d465b8e..57d5534016 100644
--- a/apps/mesh/src/api/routes/proxy.ts
+++ b/apps/mesh/src/api/routes/proxy.ts
@@ -12,11 +12,13 @@
  */
 
 import { clientFromConnection, serverFromConnection } from "@/mcp-clients";
+import { SpanStatusCode } from "@opentelemetry/api";
 import { WebStandardStreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js";
 import { Context, Hono } from "hono";
 import { endTime, startTime } from "hono/timing";
 import type { MeshContext } from "../../core/mesh-context";
 import { managementMCP } from "../../tools";
+import { guardResponseStream } from "../utils/stream-guard";
 import { handleAuthError } from "./oauth-proxy";
 import { handleVirtualMcpRequest } from "./virtual-mcp";
 export { toServerClient, type MCPProxyClient } from "./mcp-proxy-factory";
@@ -26,199 +28,248 @@ type Variables = {
   meshContext: MeshContext;
 };
 
-const app = new Hono<{ Variables: Variables }>();
+type ProxyEnv = { Variables: Variables };
+
+const handleError = (err: Error, c: Context) => {
+  if (err.message.includes("not found")) {
+    return c.json({ error: err.message }, 404);
+  }
+  if (err.message.includes("does not belong to the active organization")) {
+    return c.json({ error: "Connection not found" }, 404);
+  }
+  if (err.message.includes("inactive")) {
+    return c.json({ error: err.message }, 503);
+  }
+  return c.json({ error: "Internal server error", message: err.message }, 500);
+};
 
 // ============================================================================
 // Route Handlers
 // ============================================================================
 
-/**
- * Default MCP endpoint - serves Decopilot virtual MCP (aggregates all org connections)
- *
- * Route: POST /mcp
- * Uses the Decopilot default virtual MCP which excludes Mesh MCP and org registry
- */
-app.all("/", async (c) => {
-  return handleVirtualMcpRequest(c, undefined);
-});
+export const createProxyRoutes = () => {
+  const app = new Hono<ProxyEnv>();
 
-/**
- * Proxy MCP request to a downstream connection
- *
- * Route: POST /mcp/:connectionId
- * Connection IDs are globally unique UUIDs (no project prefix needed)
- */
-app.all("/:connectionId", async (c) => {
-  const connectionId = c.req.param("connectionId");
-  const ctx = c.get("meshContext");
-
-  // SELF MCP connections ({orgId}_self) route to the management MCP server
-  // instead of creating an outbound client connection
-  if (connectionId.endsWith("_self")) {
-    const selfOrgId = connectionId.slice(0, -"_self".length);
-    if (!ctx.organization || ctx.organization.id !== selfOrgId) {
-      return c.json({ error: "Connection not found" }, 404);
-    }
-    const server = await managementMCP(ctx);
-    const transport = new WebStandardStreamableHTTPServerTransport({
-      enableJsonResponse:
-        c.req.raw.headers.get("Accept")?.includes("application/json") ?? false,
-    });
-    await server.connect(transport);
-    return await transport.handleRequest(c.req.raw);
-  }
+  /**
+   * Default MCP endpoint - serves Decopilot virtual MCP (aggregates all org connections)
+   *
+   * Route: POST /mcp
+   * Uses the Decopilot default virtual MCP which excludes Mesh MCP and org registry
+   */
+  app.all("/", async (c) => {
+    return handleVirtualMcpRequest(c, undefined);
+  });
 
-  try {
-    try {
-      // Organization context is required — without it the ownership
-      // check below would be skipped, allowing cross-tenant access.
-      if (!ctx.organization?.id) {
-        return c.json({ error: "Organization context is required" }, 403);
-      }
+  /**
+   * Proxy MCP request to a downstream connection
+   *
+   * Route: POST /mcp/:connectionId
+   * Connection IDs are globally unique UUIDs (no project prefix needed)
+   */
+  app.all("/:connectionId", async (c) => {
+    const connectionId = c.req.param("connectionId");
+    const ctx = c.get("meshContext");
 
-      // Fetch connection scoped to the caller's organization
-      startTime(c, "mcp.find_connection");
-      const connection = await ctx.storage.connections.findById(
-        connectionId,
-        ctx.organization.id,
-      );
-      endTime(c, "mcp.find_connection");
-      if (!connection) {
-        throw new Error("Connection not found");
+    // SELF MCP connections ({orgId}_self) route to the management MCP server
+    // instead of creating an outbound client connection
+    if (connectionId.endsWith("_self")) {
+      const selfOrgId = connectionId.slice(0, -"_self".length);
+      if (!ctx.organization || ctx.organization.id !== selfOrgId) {
+        return c.json({ error: "Connection not found" }, 404);
       }
+      const server = await managementMCP(ctx);
+      const transport = new WebStandardStreamableHTTPServerTransport({
+        enableJsonResponse:
+          c.req.raw.headers.get("Accept")?.includes("application/json") ??
+          false,
+      });
+      await server.connect(transport);
+      const selfResponse = await transport.handleRequest(c.req.raw);
+      return guardResponseStream(selfResponse, `mcp:self:${connectionId}`);
+    }
 
-      // Validate organization ownership
-      if (connection.organization_id !== ctx.organization.id) {
-        throw new Error(
-          "Connection does not belong to the active organization",
+    try {
+      try {
+        // Organization context is required — without it the ownership
+        // check below would be skipped, allowing cross-tenant access.
+        if (!ctx.organization?.id) {
+          return c.json({ error: "Organization context is required" }, 403);
+        }
+
+        // Fetch connection scoped to the caller's organization
+        const connection = await ctx.tracer.startActiveSpan(
+          "mesh.connection.lookup",
+          { attributes: { "connection.id": connectionId } },
+          async (span) => {
+            startTime(c, "mcp.find_connection");
+            try {
+              const result = await ctx.storage.connections.findById(
+                connectionId,
+                ctx.organization!.id,
+              );
+              span.setStatus({ code: SpanStatusCode.OK });
+              return result;
+            } catch (err) {
+              span.setStatus({
+                code: SpanStatusCode.ERROR,
+                message: (err as Error).message,
+              });
+              span.recordException(err as Error);
+              throw err;
+            } finally {
+              endTime(c, "mcp.find_connection");
+              span.end();
+            }
+          },
         );
-      }
+        if (!connection) {
+          throw new Error("Connection not found");
+        }
 
-      // Check connection status
-      if (connection.status !== "active") {
-        throw new Error(`Connection inactive: ${connection.status}`);
-      }
+        // Validate organization ownership
+        if (connection.organization_id !== ctx.organization.id) {
+          throw new Error(
+            "Connection does not belong to the active organization",
+          );
+        }
 
-      // For HTTP connections, eagerly attempt the upstream MCP handshake to
-      // surface auth errors (e.g. OAuth 401). The lazy client inside
-      // serverFromConnection defers the connection, so without this probe
-      // the proxy would handle "initialize" locally and return 200 OK —
-      // hiding the 401 the frontend needs to trigger the OAuth popup.
-      // On success this also warms the per-request client pool, so the
-      // lazy client reuses the same connection instead of double-connecting.
-      if (connection.connection_url) {
-        startTime(c, "mcp.client_handshake");
-        await clientFromConnection(connection, ctx, false);
-        endTime(c, "mcp.client_handshake");
-      }
+        // Check connection status
+        if (connection.status !== "active") {
+          throw new Error(`Connection inactive: ${connection.status}`);
+        }
 
-      // Create enhanced server directly (no need for bridge - server is used directly!)
-      startTime(c, "mcp.create_server");
-      const server = serverFromConnection(connection, ctx, false);
-      endTime(c, "mcp.create_server");
+        // For HTTP connections, eagerly attempt the upstream MCP handshake to
+        // surface auth errors (e.g. OAuth 401). The lazy client inside
+        // serverFromConnection defers the connection, so without this probe
+        // the proxy would handle "initialize" locally and return 200 OK —
+        // hiding the 401 the frontend needs to trigger the OAuth popup.
+        // On success this also warms the per-request client pool, so the
+        // lazy client reuses the same connection instead of double-connecting.
+        if (connection.connection_url) {
+          await ctx.tracer.startActiveSpan(
+            "mesh.connection.handshake",
+            {
+              attributes: {
+                "connection.id": connectionId,
+                "connection.url": connection.connection_url,
+              },
+            },
+            async (span) => {
+              startTime(c, "mcp.client_handshake");
+              try {
+                await clientFromConnection(connection, ctx, false);
+                span.setStatus({ code: SpanStatusCode.OK });
+              } catch (err) {
+                span.setStatus({
+                  code: SpanStatusCode.ERROR,
+                  message: (err as Error).message,
+                });
+                span.recordException(err as Error);
+                throw err;
+              } finally {
+                endTime(c, "mcp.client_handshake");
+                span.end();
+              }
+            },
+          );
+        }
 
-      // Create HTTP transport
-      const transport = new WebStandardStreamableHTTPServerTransport({
-        enableJsonResponse:
-          c.req.raw.headers.get("Accept")?.includes("application/json") ??
-          false,
-      });
+        // Create enhanced server directly (no need for bridge - server is used directly!)
+        startTime(c, "mcp.create_server");
+        const server = serverFromConnection(connection, ctx, false);
+        endTime(c, "mcp.create_server");
 
-      // Connect server to transport
-      startTime(c, "mcp.server_connect");
-      await server.connect(transport);
-      endTime(c, "mcp.server_connect");
+        // Create HTTP transport
+        const transport = new WebStandardStreamableHTTPServerTransport({
+          enableJsonResponse:
+            c.req.raw.headers.get("Accept")?.includes("application/json") ??
+            false,
+        });
+
+        // Connect server to transport
+        startTime(c, "mcp.server_connect");
+        await server.connect(transport);
+        endTime(c, "mcp.server_connect");
 
-      // Handle request and cleanup
-      startTime(c, "mcp.handle_request");
-      const response = await transport.handleRequest(c.req.raw);
-      endTime(c, "mcp.handle_request");
-      return response;
+        // Handle request and cleanup
+        startTime(c, "mcp.handle_request");
+        const response = await transport.handleRequest(c.req.raw);
+        endTime(c, "mcp.handle_request");
+        return guardResponseStream(response, `mcp:${connectionId}`);
+      } catch (error) {
+        // Check if this is an auth error - if so, return appropriate 401
+        // Note: This only applies to HTTP connections
+        const connection = await ctx.storage.connections.findById(
+          connectionId,
+          ctx.organization?.id,
+        );
+        if (connection?.connection_url) {
+          const authResponse = await handleAuthError({
+            error: error as Error & { status?: number },
+            reqUrl: new URL(c.req.raw.url),
+            connectionId,
+            connectionUrl: connection.connection_url,
+            headers: {}, // Headers are built internally by createEnhancedServer
+            orgSlug: ctx.organization?.slug,
+          });
+          if (authResponse) {
+            return authResponse;
+          }
+        }
+        throw error;
+      }
     } catch (error) {
-      // Check if this is an auth error - if so, return appropriate 401
-      // Note: This only applies to HTTP connections
+      return handleError(error as Error, c);
+    }
+  });
+
+  app.all("/:connectionId/call-tool/:toolName", async (c) => {
+    const connectionId = c.req.param("connectionId");
+    const toolName = c.req.param("toolName");
+    const ctx = c.get("meshContext");
+
+    try {
+      // Fetch connection and create client directly
       const connection = await ctx.storage.connections.findById(
         connectionId,
         ctx.organization?.id,
       );
-      if (connection?.connection_url) {
-        const authResponse = await handleAuthError({
-          error: error as Error & { status?: number },
-          reqUrl: new URL(c.req.raw.url),
-          connectionId,
-          connectionUrl: connection.connection_url,
-          headers: {}, // Headers are built internally by createEnhancedServer
-        });
-        if (authResponse) {
-          return authResponse;
-        }
+      if (!connection) {
+        return c.json({ error: "Connection not found" }, 404);
       }
-      throw error;
-    }
-  } catch (error) {
-    return handleError(error as Error, c);
-  }
-});
-
-const handleError = (err: Error, c: Context) => {
-  if (err.message.includes("not found")) {
-    return c.json({ error: err.message }, 404);
-  }
-  if (err.message.includes("does not belong to the active organization")) {
-    return c.json({ error: "Connection not found" }, 404);
-  }
-  if (err.message.includes("inactive")) {
-    return c.json({ error: err.message }, 503);
-  }
-  return c.json({ error: "Internal server error", message: err.message }, 500);
-};
 
-app.all("/:connectionId/call-tool/:toolName", async (c) => {
-  const connectionId = c.req.param("connectionId");
-  const toolName = c.req.param("toolName");
-  const ctx = c.get("meshContext");
-
-  try {
-    // Fetch connection and create client directly
-    const connection = await ctx.storage.connections.findById(
-      connectionId,
-      ctx.organization?.id,
-    );
-    if (!connection) {
-      return c.json({ error: "Connection not found" }, 404);
-    }
+      // Client pool manages lifecycle, no need for await using
+      const client = await clientFromConnection(connection, ctx, false);
+      const result = await client.callTool({
+        name: toolName,
+        arguments: await c.req.json(),
+      });
 
-    // Client pool manages lifecycle, no need for await using
-    const client = await clientFromConnection(connection, ctx, false);
-    const result = await client.callTool({
-      name: toolName,
-      arguments: await c.req.json(),
-    });
+      if (result instanceof Response) {
+        return result;
+      }
 
-    if (result instanceof Response) {
-      return result;
-    }
+      if (result.isError) {
+        return new Response(JSON.stringify(result.content), {
+          headers: {
+            "Content-Type": "application/json",
+          },
+          status: 500,
+        });
+      }
 
-    if (result.isError) {
-      return new Response(JSON.stringify(result.content), {
-        headers: {
-          "Content-Type": "application/json",
+      return new Response(
+        JSON.stringify(result.structuredContent ?? result.content),
+        {
+          headers: {
+            "Content-Type": "application/json",
+          },
         },
-        status: 500,
-      });
+      );
+    } catch (error) {
+      return handleError(error as Error, c);
     }
+  });
 
-    return new Response(
-      JSON.stringify(result.structuredContent ?? result.content),
-      {
-        headers: {
-          "Content-Type": "application/json",
-        },
-      },
-    );
-  } catch (error) {
-    return handleError(error as Error, c);
-  }
-});
-
-export default app;
+  return app;
+};
diff --git a/apps/mesh/src/api/routes/public-config.test.ts b/apps/mesh/src/api/routes/public-config.test.ts
new file mode 100644
index 0000000000..062cd661a3
--- /dev/null
+++ b/apps/mesh/src/api/routes/public-config.test.ts
@@ -0,0 +1,61 @@
+// CredentialVault requires a valid 32-byte base64 ENCRYPTION_KEY.
+// Must be set before any import triggers getSettings(), which freezes
+// the settings singleton on first access. (Same pattern as
+// apps/mesh/src/api/routes/oauth-proxy.e2e.test.ts.)
+process.env.ENCRYPTION_KEY ??= Buffer.from("0".repeat(32)).toString("base64");
+
+import { afterEach, beforeEach, describe, expect, it } from "bun:test";
+import publicConfigRoutes from "./public-config";
+
+describe("GET /api/config", () => {
+  let originalKey: string | undefined;
+  let originalHost: string | undefined;
+
+  beforeEach(() => {
+    originalKey = process.env.POSTHOG_KEY;
+    originalHost = process.env.POSTHOG_HOST;
+  });
+
+  afterEach(() => {
+    if (originalKey === undefined) delete process.env.POSTHOG_KEY;
+    else process.env.POSTHOG_KEY = originalKey;
+    if (originalHost === undefined) delete process.env.POSTHOG_HOST;
+    else process.env.POSTHOG_HOST = originalHost;
+  });
+
+  it("returns posthog config when POSTHOG_KEY is set", async () => {
+    process.env.POSTHOG_KEY = "phc_test_key";
+    delete process.env.POSTHOG_HOST;
+
+    const res = await publicConfigRoutes.request("/");
+    expect(res.status).toBe(200);
+    const body = await res.json();
+    expect(body.success).toBe(true);
+    expect(body.config.posthog).toEqual({
+      key: "phc_test_key",
+      host: "https://us.i.posthog.com",
+    });
+  });
+
+  it("returns posthog: null when POSTHOG_KEY is unset", async () => {
+    delete process.env.POSTHOG_KEY;
+
+    const res = await publicConfigRoutes.request("/");
+    expect(res.status).toBe(200);
+    const body = await res.json();
+    expect(body.config.posthog).toBeNull();
+  });
+
+  it("respects POSTHOG_HOST when both are set", async () => {
+    process.env.POSTHOG_KEY = "phc_test_key";
+    process.env.POSTHOG_HOST = "https://eu.i.posthog.com";
+
+    const res = await publicConfigRoutes.request("/");
+    expect(res.status).toBe(200);
+    const body = await res.json();
+    expect(body.config.posthog).toEqual({
+      key: "phc_test_key",
+      host: "https://eu.i.posthog.com",
+    });
+  });
+});
diff --git a/apps/mesh/src/api/routes/public-config.ts b/apps/mesh/src/api/routes/public-config.ts
index 3bbbe39677..b4caa3b7fd 100644
--- a/apps/mesh/src/api/routes/public-config.ts
+++ b/apps/mesh/src/api/routes/public-config.ts
@@ -10,6 +10,7 @@ import { getConfig, getThemeConfig, type ThemeConfig } from "@/core/config";
 import { isLocalMode } from "@/auth/local-mode";
 import { getInternalUrl } from "@/core/server-constants";
 import { getSettings } from "@/settings";
+import { buildAuthConfig, type AuthConfig } from "@/api/routes/auth";
 
 const app = new Hono();
 
@@ -43,13 +44,34 @@ export type PublicConfig = {
    * Requires FIRECRAWL_API_KEY to be configured.
    */
   brandExtractEnabled?: boolean;
+  /**
+   * Authentication methods available on this deployment.
+   * Replaces the previous /api/auth/custom/config endpoint.
+   */
+  auth: AuthConfig;
+  /**
+   * PostHog frontend config. `null` when POSTHOG_KEY is unset so the
+   * client can disable analytics cleanly without checking for `undefined`.
+   */
+  posthog: { key: string; host: string } | null;
 };
 
+const POSTHOG_DEFAULT_HOST = "https://us.i.posthog.com";
+
+function buildPosthogConfig(): PublicConfig["posthog"] {
+  const key = process.env.POSTHOG_KEY;
+  if (!key) return null;
+  return {
+    key,
+    host: process.env.POSTHOG_HOST ?? POSTHOG_DEFAULT_HOST,
+  };
+}
+
 /**
  * Public Configuration Endpoint
  *
- * Returns UI customization settings that don't require authentication.
- * This includes theme overrides and other public settings.
+ * Returns UI customization settings, auth methods, and analytics config.
+ * No authentication required — fetched by the SPA on boot.
  *
  * Route: GET /api/config
  */
@@ -61,6 +83,8 @@ app.get("/", (c) => {
     ...(isLocalMode() && { internalUrl: getInternalUrl() }),
     ...(getSettings().enableDecoImport && { enableDecoImport: true }),
     brandExtractEnabled: !!getSettings().firecrawlApiKey,
+    auth: buildAuthConfig(),
+    posthog: buildPosthogConfig(),
   };
 
   return c.json({ success: true, config });
diff --git a/apps/mesh/src/api/routes/registry/index.ts b/apps/mesh/src/api/routes/registry/index.ts
index 2c6519c2f8..e01033c96d 100644
--- a/apps/mesh/src/api/routes/registry/index.ts
+++ b/apps/mesh/src/api/routes/registry/index.ts
@@ -1,2 +1,2 @@
-export { publicMCPServerRoutes } from "./public-mcp-server";
-export { publicPublishRequestRoutes } from "./public-publish-request";
+export { createPublicMCPHandler } from "./public-mcp-server";
+export { createPublishRequestHandler } from "./public-publish-request";
diff --git a/apps/mesh/src/api/routes/registry/public-mcp-server.ts b/apps/mesh/src/api/routes/registry/public-mcp-server.ts
index a6582c42b9..01691b28d8 100644
--- a/apps/mesh/src/api/routes/registry/public-mcp-server.ts
+++ b/apps/mesh/src/api/routes/registry/public-mcp-server.ts
@@ -1,4 +1,4 @@
-import { Hono } from "hono";
+import type { Context } from "hono";
 import type { ServerPluginContext } from "@decocms/bindings/server-plugin";
 import { withRuntime } from "@decocms/runtime";
 import { createTool } from "@decocms/runtime/tools";
@@ -123,20 +123,25 @@ function createPublicMCPTools(storage: RegistryItemStorage, orgId: string) {
 }
 
 /**
- * Mount public MCP server for the registry at /org/:orgSlug/registry
+ * Build the public-MCP handler. The returned handler resolves the org slug
+ * from either `:orgSlug` (legacy) or `:org` (new `/api/:org/...`) so it can
+ * be mounted at both paths. It does its own org lookup; auth is not required.
+ *
+ * The returned handler also accepts the prefix to strip when rewriting the
+ * inner MCP path, since the legacy and new prefixes differ.
  */
-export function publicMCPServerRoutes(
-  app: Hono,
+export function createPublicMCPHandler(
   ctx: ServerPluginContext,
-): void {
-  // Use db as any to access both plugin tables and core tables like organization
+): (c: Context) => Promise<Response> {
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
   const db = ctx.db as any;
   const storage = new RegistryItemStorage(db);
 
-  // Mount MCP server at /org/:orgSlug/registry/*
-  app.all("/org/:orgSlug/registry/*", async (c) => {
-    const orgSlug = c.req.param("orgSlug");
+  return async (c) => {
+    const orgSlug = c.req.param("orgSlug") ?? c.req.param("org");
+    if (!orgSlug) {
+      return c.json({ error: "Organization not found" }, 404);
+    }
 
     // Lookup organization by slug
     const org = await db
@@ -152,13 +157,18 @@ export function publicMCPServerRoutes(
     // Create MCP server with public tools
     const tools = createPublicMCPTools(storage, org.id);
     const mcpServer = withRuntime({
-      tools: () => tools,
+      tools,
     });
 
-    // Rewrite the request URL to remove the /org/:orgSlug/registry prefix
-    // MCP server expects paths like /mcp, so we forward the remaining path
+    // Rewrite the request URL to remove the route prefix (everything up to
+    // and including `/registry`). Works for both legacy
+    // `/org/:orgSlug/registry/*` and new `/api/:org/registry/*`.
     const originalUrl = new URL(c.req.url);
-    const mcpPath = c.req.path.replace(`/org/${orgSlug}/registry`, "");
+    const registryIdx = c.req.path.indexOf("/registry");
+    const mcpPath =
+      registryIdx >= 0
+        ? c.req.path.slice(registryIdx + "/registry".length)
+        : "";
     const newUrl = new URL(mcpPath || "/", originalUrl.origin);
 
     // Copy query params
@@ -187,5 +197,5 @@ export function publicMCPServerRoutes(
       IS_LOCAL: false,
     };
     return await mcpServer.fetch(newRequest, env, c);
-  });
+  };
 }
diff --git a/apps/mesh/src/api/routes/registry/public-publish-request.ts b/apps/mesh/src/api/routes/registry/public-publish-request.ts
index 163c6c63b0..44bb0636fd 100644
--- a/apps/mesh/src/api/routes/registry/public-publish-request.ts
+++ b/apps/mesh/src/api/routes/registry/public-publish-request.ts
@@ -1,4 +1,5 @@
-import { Hono } from "hono";
+import type { Context } from "hono";
+import { posthog } from "@/posthog";
 import type { ServerPluginContext } from "@decocms/bindings/server-plugin";
 import { WellKnownOrgMCPId } from "@decocms/mesh-sdk";
 import type { Kysely } from "kysely";
@@ -263,18 +264,29 @@ async function findRegistryItemConflict(
     : null;
 }
 
-export function publicPublishRequestRoutes(
-  app: Hono,
+/**
+ * Build the publish-request handler. Returns a Hono handler that resolves the
+ * org from either the `:orgRef` or `:org` path param (so it can be mounted at
+ * both the legacy `/org/:orgRef/registry/publish-request` and the new
+ * `/api/:org/registry/publish-request` paths).
+ *
+ * NOTE: This handler does its own org lookup — it does NOT rely on
+ * resolveOrgFromPath (this is a public endpoint; auth is optional).
+ */
+export function createPublishRequestHandler(
   ctx: ServerPluginContext,
-): void {
+): (c: Context) => Promise<Response> {
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
   const db = ctx.db as any;
   const typedDb = ctx.db as Kysely<PrivateRegistryDatabase>;
   const storage = new PublishRequestStorage(typedDb);
   const apiKeyStorage = new PublishApiKeyStorage(typedDb);
 
-  app.post("/org/:orgRef/registry/publish-request", async (c) => {
-    const orgRef = c.req.param("orgRef");
+  return async (c) => {
+    const orgRef = c.req.param("orgRef") ?? c.req.param("org");
+    if (!orgRef) {
+      return c.json({ error: "Organization not found" }, 404);
+    }
     const organizationId = await resolveOrganizationId(db as CoreDb, orgRef);
     if (!organizationId) {
       return c.json({ error: "Organization not found" }, 404);
@@ -390,6 +402,19 @@ export function publicPublishRequestRoutes(
       );
     }
 
+    posthog.capture({
+      distinctId: parsed.data.requester?.email ?? `org:${organizationId}`,
+      event: "registry_publish_request_submitted",
+      groups: { organization: organizationId },
+      properties: {
+        organization_id: organizationId,
+        request_id: created.id,
+        requested_id: created.requested_id,
+        title: parsed.data.data.title,
+        requester_email: parsed.data.requester?.email ?? null,
+      },
+    });
+
     return c.json(
       {
         id: created.id,
@@ -398,5 +423,5 @@ export function publicPublishRequestRoutes(
       },
       201,
     );
-  });
+  };
 }
diff --git a/apps/mesh/src/api/routes/self.ts b/apps/mesh/src/api/routes/self.ts
index 3e9b344f3d..a2b7e1b8ab 100644
--- a/apps/mesh/src/api/routes/self.ts
+++ b/apps/mesh/src/api/routes/self.ts
@@ -14,22 +14,26 @@ type Variables = {
   meshContext: MeshContext;
 };
 
-const app = new Hono<{ Variables: Variables }>();
+type SelfEnv = { Variables: Variables };
 
-/**
- * MCP Server endpoint for self-management tools
- *
- * Route: POST /mcp/self
- * Exposes all PROJECT_* and CONNECTION_* tools via MCP protocol
- */
-app.all("/", async (c) => {
-  const server = await managementMCP(c.get("meshContext"));
-  const transport = new WebStandardStreamableHTTPServerTransport({
-    enableJsonResponse:
-      c.req.raw.headers.get("Accept")?.includes("application/json") ?? false,
+export const createSelfRoutes = () => {
+  const app = new Hono<SelfEnv>();
+
+  /**
+   * MCP Server endpoint for self-management tools
+   *
+   * Route: POST /mcp/self
+   * Exposes all PROJECT_* and CONNECTION_* tools via MCP protocol
+   */
+  app.all("/", async (c) => {
+    const server = await managementMCP(c.get("meshContext"));
+    const transport = new WebStandardStreamableHTTPServerTransport({
+      enableJsonResponse:
+        c.req.raw.headers.get("Accept")?.includes("application/json") ?? false,
+    });
+    await server.connect(transport);
+    return transport.handleRequest(c.req.raw);
   });
-  await server.connect(transport);
-  return transport.handleRequest(c.req.raw);
-});
 
-export default app;
+  return app;
+};
diff --git a/apps/mesh/src/api/routes/thread-outputs.ts b/apps/mesh/src/api/routes/thread-outputs.ts
new file mode 100644
index 0000000000..8447e00973
--- /dev/null
+++ b/apps/mesh/src/api/routes/thread-outputs.ts
@@ -0,0 +1,85 @@
+/**
+ * Thread Outputs Route
+ *
+ * Lists files the model has shared back to the user via the
+ * `share_with_user` tool. Files live under `model-outputs/<thread_id>/`
+ * and the chat UI polls this endpoint on assistant-turn completion to
+ * render download chips on the producing turn.
+ *
+ * Route: GET /api/threads/:threadId/outputs
+ *
+ * Auth: standard `meshContext` user-session middleware. The thread
+ * lookup uses `OrgScopedThreadStorage` so an authenticated user can
+ * only see threads belonging to their org.
+ */
+
+import { Hono } from "hono";
+import { HTTPException } from "hono/http-exception";
+import type { MeshContext } from "@/core/mesh-context";
+
+type Variables = { meshContext: MeshContext };
+
+export const createThreadOutputsRoutes = () => {
+  const app = new Hono<{ Variables: Variables }>();
+
+  app.get("/threads/:threadId/outputs", async (c) => {
+    const ctx = c.get("meshContext");
+    const userId = ctx.auth?.user?.id;
+    if (!userId) {
+      throw new HTTPException(401, { message: "Unauthorized" });
+    }
+    const orgSlug = ctx.organization?.slug;
+    if (!orgSlug) {
+      throw new HTTPException(400, { message: "Organization required" });
+    }
+
+    const threadId = c.req.param("threadId");
+    // Allow-list — every thread-id format the codebase produces (nanoid
+    // / UUID) fits these chars. Stricter than the legacy deny-list in
+    // validateThreadAccess (which only blocks `.*> \s`) and clearer
+    // about intent. Downstream usage is parameterised SQL + S3 prefix
+    // listing so this is hygiene, not a security boundary.
+    if (!threadId || !/^[A-Za-z0-9_-]+$/.test(threadId)) {
+      throw new HTTPException(400, { message: "Invalid thread ID" });
+    }
+
+    const thread = await ctx.storage.threads.get(threadId);
+    if (!thread) {
+      throw new HTTPException(404, { message: "Thread not found" });
+    }
+
+    const storage = ctx.objectStorage;
+    if (!storage) {
+      return c.json({ objects: [] });
+    }
+    const result = await storage.list({
+      prefix: `model-outputs/${threadId}/`,
+      maxKeys: 200,
+    });
+
+    // Use ctx.baseUrl (canonical, set during context creation from
+    // forwarded-host headers / env) rather than `new URL(c.req.url).origin`
+    // — behind a TLS-terminating proxy the latter resolves to the
+    // internal listen address, causing a freshly-shared file's
+    // share_with_user URL (which already uses ctx.baseUrl) to disagree
+    // with subsequent listings.
+    return c.json({
+      objects: result.objects.map((o) => {
+        const filename = o.key.split("/").pop() ?? o.key;
+        // Encode each path segment — keys may carry URL-special chars
+        // (?, #, &, space) and `c.req.path` in the files route truncates
+        // at the first unescaped `?`.
+        const encodedKey = o.key.split("/").map(encodeURIComponent).join("/");
+        return {
+          key: o.key,
+          filename,
+          size: o.size,
+          uploadedAt: o.lastModified?.toISOString(),
+          downloadUrl: `${ctx.baseUrl}/api/${encodeURIComponent(orgSlug)}/files/${encodedKey}`,
+        };
+      }),
+    });
+  });
+
+  return app;
+};
diff --git a/apps/mesh/src/api/routes/virtual-mcp.ts b/apps/mesh/src/api/routes/virtual-mcp.ts
index 521b8d9919..54a1cb910d 100644
--- a/apps/mesh/src/api/routes/virtual-mcp.ts
+++ b/apps/mesh/src/api/routes/virtual-mcp.ts
@@ -15,15 +15,14 @@
  */
 
 import { createServerFromClient, getDecopilotId } from "@decocms/mesh-sdk";
+import { SpanStatusCode } from "@opentelemetry/api";
 import { WebStandardStreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js";
 import { Hono } from "hono";
 import type { MeshContext } from "../../core/mesh-context";
 import { MCP_TOOL_CALL_TIMEOUT_MS } from "@/core/constants";
 import { createVirtualClientFrom } from "../../mcp-clients/virtual-mcp";
 import type { Env } from "../hono-env";
-
-// Define Hono variables type
-const app = new Hono<Env>();
+import { guardResponseStream } from "../utils/stream-guard";
 
 // ============================================================================
 // Route Handler (shared between /gateway and /virtual-mcp endpoints for backward compat)
@@ -70,9 +69,28 @@ export async function handleVirtualMcpRequest(
       return c.json({ error: "Agent ID or organization ID is required" }, 400);
     }
 
-    const virtualMcp = await ctx.storage.virtualMcps.findById(
-      virtualId,
-      organizationId ?? undefined,
+    const virtualMcp = await ctx.tracer.startActiveSpan(
+      "mesh.virtual_mcp.lookup",
+      { attributes: { "virtual_mcp.id": virtualId } },
+      async (span) => {
+        try {
+          const result = await ctx.storage.virtualMcps.findById(
+            virtualId,
+            organizationId ?? undefined,
+          );
+          span.setStatus({ code: SpanStatusCode.OK });
+          return result;
+        } catch (err) {
+          span.setStatus({
+            code: SpanStatusCode.ERROR,
+            message: (err as Error).message,
+          });
+          span.recordException(err as Error);
+          throw err;
+        } finally {
+          span.end();
+        }
+      },
     );
 
     if (!virtualMcp) {
@@ -122,10 +140,29 @@ export async function handleVirtualMcpRequest(
     }
 
     // Create client from entity (always passthrough)
-    const client = await createVirtualClientFrom(
-      virtualMcp,
-      ctx,
-      "passthrough",
+    const client = await ctx.tracer.startActiveSpan(
+      "mesh.virtual_mcp.create_client",
+      { attributes: { "virtual_mcp.id": virtualMcp.id ?? "decopilot" } },
+      async (span) => {
+        try {
+          const result = await createVirtualClientFrom(
+            virtualMcp,
+            ctx,
+            "passthrough",
+          );
+          span.setStatus({ code: SpanStatusCode.OK });
+          return result;
+        } catch (err) {
+          span.setStatus({
+            code: SpanStatusCode.ERROR,
+            message: (err as Error).message,
+          });
+          span.recordException(err as Error);
+          throw err;
+        } finally {
+          span.end();
+        }
+      },
     );
 
     // Build ImplementationSchema-compatible server info
@@ -156,7 +193,11 @@ export async function handleVirtualMcpRequest(
     // Connect server to transport
     await server.connect(transport);
 
-    return await transport.handleRequest(c.req.raw);
+    const response = await transport.handleRequest(c.req.raw);
+    return guardResponseStream(
+      response,
+      `virtual-mcp:${virtualMcp.id ?? "decopilot"}`,
+    );
   } catch (error) {
     const err = error as Error;
     console.error("[virtual-mcp] Error handling virtual MCP request:", err);
@@ -171,30 +212,34 @@ export async function handleVirtualMcpRequest(
 // Route Handlers
 // ============================================================================
 
-/**
- * Virtual MCP endpoint (backward compatible /mcp/gateway/:virtualMcpId)
- *
- * Route: POST /mcp/gateway/:virtualMcpId?
- * - If virtualMcpId is provided: use that specific Virtual MCP
- * - If virtualMcpId is omitted: use Decopilot agent (default agent)
- */
-app.all("/gateway/:virtualMcpId?", async (c) => {
-  const virtualMcpId =
-    c.req.param("virtualMcpId") || c.req.header("x-virtual-mcp-id");
-  return handleVirtualMcpRequest(c, virtualMcpId);
-});
-
-/**
- * Virtual MCP endpoint (new canonical /mcp/virtual-mcp/:virtualMcpId)
- *
- * Route: POST /mcp/virtual-mcp/:virtualMcpId?
- * - If virtualMcpId is provided: use that specific virtual MCP
- * - If virtualMcpId is omitted: use Decopilot agent (default agent)
- */
-app.all("/virtual-mcp/:virtualMcpId?", async (c) => {
-  const virtualMcpId =
-    c.req.param("virtualMcpId") || c.req.header("x-virtual-mcp-id");
-  return handleVirtualMcpRequest(c, virtualMcpId);
-});
-
-export default app;
+export const createVirtualMcpRoutes = () => {
+  const app = new Hono<Env>();
+
+  /**
+   * Virtual MCP endpoint (backward compatible /mcp/gateway/:virtualMcpId)
+   *
+   * Route: POST /mcp/gateway/:virtualMcpId?
+   * - If virtualMcpId is provided: use that specific Virtual MCP
+   * - If virtualMcpId is omitted: use Decopilot agent (default agent)
+   */
+  app.all("/gateway/:virtualMcpId?", async (c) => {
+    const virtualMcpId =
+      c.req.param("virtualMcpId") || c.req.header("x-virtual-mcp-id");
+    return handleVirtualMcpRequest(c, virtualMcpId);
+  });
+
+  /**
+   * Virtual MCP endpoint (new canonical /mcp/virtual-mcp/:virtualMcpId)
+   *
+   * Route: POST /mcp/virtual-mcp/:virtualMcpId?
+   * - If virtualMcpId is provided: use that specific virtual MCP
+   * - If virtualMcpId is omitted: use Decopilot agent (default agent)
+   */
+  app.all("/virtual-mcp/:virtualMcpId?", async (c) => {
+    const virtualMcpId =
+      c.req.param("virtualMcpId") || c.req.header("x-virtual-mcp-id");
+    return handleVirtualMcpRequest(c, virtualMcpId);
+  });
+
+  return app;
+};
diff --git a/apps/mesh/src/api/routes/vm-events.ts b/apps/mesh/src/api/routes/vm-events.ts
new file mode 100644
index 0000000000..a737e4f5d0
--- /dev/null
+++ b/apps/mesh/src/api/routes/vm-events.ts
@@ -0,0 +1,511 @@
+/**
+ * Unified VM events SSE.
+ *
+ * Single browser-facing stream for everything happening to a sandbox keyed
+ * on (virtualMcpId, branch, callerUserId):
+ *
+ *   1. Pre-Ready lifecycle phases (`event: phase`) — surfaces the gap between
+ *      VM_START posting a SandboxClaim and the daemon coming online.
+ *      Agent-sandbox runner emits real K8s phases; other runners emit a
+ *      single synthetic `ready`.
+ *   2. Daemon events (`event: log|status|scripts|processes|reload|branch-status`)
+ *      — proxied from the in-pod daemon's `/_decopilot_vm/events` SSE once
+ *      lifecycle reaches `ready`. Wire format is preserved verbatim by raw
+ *      byte-piping the upstream body, so daemon and client speak the same
+ *      protocol they always have.
+ *   3. `event: gone` — synthetic. Mesh's upstream daemon fetch returned 404
+ *      (sandbox handle missing → operator evicted on idle TTL, etc). Client
+ *      maps to `notFound` and triggers self-heal via VM_START.
+ *   4. `event: keepalive` — heartbeat. 15s matches the existing daemon SSE.
+ *
+ * Auth model:
+ *   - Caller must be authenticated.
+ *   - Caller's organization must own the requested virtualMcp.
+ *   - Claim name is derived deterministically from
+ *     (orgId, virtualMcpId, branch, callerUserId), so a caller only sees
+ *     events for *their own* sandbox; another user in the same org would
+ *     compute a different handle.
+ *
+ * Why one stream instead of two: prior design had the browser open
+ * `/api/vm-lifecycle` (mesh) plus a direct EventSource to the daemon's public
+ * `/_decopilot_vm/events`. The daemon endpoint is unauthenticated (Vercel-style
+ * "URL is the secret") and putting two long-lived SSEs in every tab burned
+ * the EventSource budget. Routing through mesh authenticates the surface and
+ * collapses to one connection per session.
+ */
+
+import { Hono } from "hono";
+import { streamSSE } from "hono/streaming";
+import {
+  composeSandboxRef,
+  resolveRunnerKindFromEnv,
+} from "@decocms/sandbox/runner";
+import type { ClaimPhase } from "@decocms/sandbox/runner";
+import { computeClaimHandle } from "../../sandbox/claim-handle";
+import {
+  getOrInitSharedRunner,
+  subscribeLifecycle,
+} from "../../sandbox/lifecycle";
+import {
+  getUserId,
+  requireAuth,
+  requireOrganization,
+  type MeshContext,
+} from "../../core/mesh-context";
+import { KyselySandboxRunnerStateStore } from "../../storage/sandbox-runner-state";
+import { readVmMap, resolveVm } from "../../tools/vm/vm-map";
+import type { Env } from "../hono-env";
+
+/**
+ * Cap on how long we keep the SSE open if a claim never materializes (e.g.
+ * caller raced VM_START but VM_START failed before `createSandboxClaim`).
+ * 90s is enough to absorb karpenter cold-start (~60–90s) plus a few seconds
+ * of operator latency; longer waits indicate VM_START never posted the claim
+ * and the user benefits from a faster failure surface so the retry button
+ * appears promptly.
+ */
+const NO_CLAIM_MAX_MS = 90_000;
+
+const HEARTBEAT_MS = 15_000;
+
+export const createVmEventsRoutes = () => {
+  const app = new Hono<Env>();
+  app.get("/", async (c) => {
+    const ctx = c.var.meshContext;
+    try {
+      requireAuth(ctx);
+    } catch {
+      return c.json({ error: "Unauthorized" }, 401);
+    }
+    const userId = getUserId(ctx);
+    if (!userId) {
+      return c.json({ error: "Unauthorized" }, 401);
+    }
+
+    let organization: ReturnType<typeof requireOrganization>;
+    try {
+      organization = requireOrganization(ctx);
+    } catch {
+      return c.json({ error: "Organization scope required" }, 403);
+    }
+
+    const virtualMcpId = c.req.query("virtualMcpId");
+    const branch = c.req.query("branch");
+    if (!virtualMcpId || !branch) {
+      return c.json({ error: "virtualMcpId and branch are required" }, 400);
+    }
+
+    // Verify caller's org actually owns this virtualMcp. Without this check,
+    // an authenticated user could probe arbitrary virtualMcpIds — the claim
+    // hash includes their userId so they couldn't *observe* anyone else's
+    // events, but the 404 vs not-yet-created surface would still leak
+    // existence/identity information.
+    const virtualMcp = await ctx.storage.virtualMcps.findById(virtualMcpId);
+    if (!virtualMcp || virtualMcp.organization_id !== organization.id) {
+      return c.json({ error: "Virtual MCP not found" }, 404);
+    }
+
+    const projectRef = composeSandboxRef({
+      orgId: organization.id,
+      virtualMcpId,
+      branch,
+    });
+    const claimName = computeClaimHandle({ userId, projectRef }, branch);
+    const runnerKind = resolveRunnerKindFromEnv();
+
+    // Snapshot vmMap from the same metadata read used for the org-ownership
+    // check. Used below to gate the stale-handle probe: we only run it when
+    // this user already had a vmMap entry pointing at *this exact* claim.
+    // The vmId-match guard avoids racing VM_START's claim-creation window
+    // (~250ms–1.2s for agent-sandbox before `createSandboxClaim` lands;
+    // similar window for host/docker between `runner.ensure` returning and
+    // `setVmMapEntry` writing the row). Without it, an SSE that opens during
+    // that window would observe alive=false and emit a spurious `gone`.
+    const existingVmEntry = resolveVm(
+      readVmMap(virtualMcp.metadata as Record<string, unknown> | null),
+      userId,
+      branch,
+    );
+    const expectingHandle = existingVmEntry?.vmId === claimName;
+    const existingRunnerKind = existingVmEntry?.runnerKind ?? null;
+
+    const runner = await getOrInitSharedRunner();
+
+    // No runner configured at all → can't proxy daemon SSE. Surface a failed
+    // phase rather than a silent close so the UI shows a meaningful error.
+    if (!runner) {
+      return streamSSE(c, async (stream) => {
+        await stream.writeSSE({
+          event: "phase",
+          data: JSON.stringify({
+            kind: "failed",
+            reason: "unknown",
+            message: "No sandbox runner configured on this mesh.",
+          } satisfies ClaimPhase),
+        });
+      });
+    }
+
+    c.header("X-Accel-Buffering", "no");
+    c.header("Content-Encoding", "identity");
+
+    return streamSSE(c, async (stream) => {
+      const abortCtl = new AbortController();
+      const heartbeat = setInterval(() => {
+        stream.writeSSE({ event: "keepalive", data: "" }).catch(() => {
+          clearInterval(heartbeat);
+        });
+      }, HEARTBEAT_MS);
+      stream.onAbort(() => {
+        abortCtl.abort();
+        clearInterval(heartbeat);
+      });
+
+      try {
+        // Same probe for every runner. `runner.alive` is honest across
+        // host/docker/freestyle/agent-sandbox: each implementation queries
+        // its respective source-of-truth (state-store + pid for host, docker
+        // inspect, K8s API, freestyle daemon HTTP). When the prior vmMap
+        // entry's runner kind differs from the env's current runner, we
+        // route the stale-state cleanup through the *prior* kind so we
+        // don't leave behind rows in the wrong table.
+        if (expectingHandle) {
+          const stale = await isStaleHandle(runner, claimName);
+          if (stale) {
+            await cleanupStaleEntry({
+              ctx,
+              runner,
+              claimName,
+              userId,
+              projectRef,
+              runnerKind: existingRunnerKind ?? runnerKind,
+            });
+            await stream.writeSSE({ event: "gone", data: "" }).catch(() => {});
+            return;
+          }
+        }
+
+        // ---- Phase 1: lifecycle (pre-Ready) ---------------------------------
+        const lifecycleOk = await emitLifecycle({
+          stream,
+          claimName,
+          runner,
+          signal: abortCtl.signal,
+        });
+        if (!lifecycleOk || abortCtl.signal.aborted) return;
+
+        // ---- Phase 2: daemon SSE proxy --------------------------------------
+        await proxyDaemonEvents({
+          stream,
+          runner,
+          claimName,
+          signal: abortCtl.signal,
+        });
+      } finally {
+        clearInterval(heartbeat);
+      }
+    });
+  });
+  return app;
+};
+
+async function isStaleHandle(
+  runner: NonNullable<Awaited<ReturnType<typeof getOrInitSharedRunner>>>,
+  claimName: string,
+): Promise<boolean> {
+  try {
+    const exists = await runner.alive(claimName);
+    return !exists;
+  } catch (err) {
+    console.warn(
+      `[vm-events] alive probe failed for ${claimName}; assuming alive: ${
+        err instanceof Error ? err.message : String(err)
+      }`,
+    );
+    return false;
+  }
+}
+
+/**
+ * Drop the stale in-memory record (closes its port-forward) AND the
+ * state-store row, so the next VM_START's `runner.ensure` skips the
+ * rehydrate path (which would chase a dead port-forward and timeout) and
+ * falls through to fresh provision. The state-store delete alone wasn't
+ * enough — when `runner.alive` returns false because the operator's
+ * housekeeper reaped the claim out from under us, mesh's `records` map
+ * still held the K8sRecord pointing at the now-deleted pod, and the
+ * deterministic preview port stayed bound to that dead pod's WS forwarder
+ * until process restart. Calling `runner.delete` invalidates both.
+ *
+ * `runner.delete` is idempotent: it 404-tolerantly tries to delete the
+ * SandboxClaim, closes any forwarder, drops in-memory + state-store rows.
+ * The runner-kind dispatch matches the *prior* kind (existingRunnerKind)
+ * so we don't leave behind rows in the wrong table when the env's runner
+ * has flipped between starts and stops.
+ *
+ * We deliberately do NOT touch the vmMap entry. Two reasons:
+ *   1. `runner.ensure` resumes from the state-store, not vmMap — vmMap is
+ *      informational metadata read by tools/UI, never the source of truth
+ *      for provisioning.
+ *   2. Removing it here would race with a concurrent VM_START's
+ *      `setVmMapEntry` on the same metadata JSON column (read-modify-write
+ *      is not atomic; see vm-map.ts). The next VM_START overwrites the
+ *      entry with a fresh one anyway — the `vmId` is deterministic
+ *      (computeHandle), so the entry's identity is stable across
+ *      reprovisions.
+ *
+ * Failures are logged, not thrown — the user-visible flow (emit `gone` →
+ * browser self-heal) is what matters; this is a fast-path optimisation.
+ */
+async function cleanupStaleEntry(args: {
+  ctx: MeshContext;
+  runner: NonNullable<Awaited<ReturnType<typeof getOrInitSharedRunner>>>;
+  claimName: string;
+  userId: string;
+  projectRef: string;
+  runnerKind: "host" | "docker" | "freestyle" | "agent-sandbox";
+}): Promise<void> {
+  const { ctx, runner, claimName, userId, projectRef, runnerKind } = args;
+  try {
+    await runner.delete(claimName);
+  } catch (err) {
+    console.warn(
+      `[vm-events] runner.delete failed for ${claimName}: ${
+        err instanceof Error ? err.message : String(err)
+      }`,
+    );
+  }
+  try {
+    const stateStore = new KyselySandboxRunnerStateStore(ctx.db);
+    await stateStore.delete({ userId, projectRef }, runnerKind);
+  } catch (err) {
+    console.warn(
+      `[vm-events] sandbox_runner_state delete failed for ${userId}/${projectRef}/${runnerKind}: ${
+        err instanceof Error ? err.message : String(err)
+      }`,
+    );
+  }
+}
+
+/**
+ * Drives the lifecycle phase stream until a terminal phase. Returns `true` if
+ * the terminal phase was `ready` (caller proceeds to daemon proxy), `false`
+ * otherwise (failed, aborted, or watchdog-tripped).
+ *
+ * Subscribes via `subscribeLifecycle` so multiple SSE clients for the same
+ * claim (multi-tab) share one underlying source. For agent-sandbox the source
+ * is the K8s watcher; for host/docker/freestyle the source yields a single
+ * `ready` phase and ends immediately.
+ */
+async function emitLifecycle(args: {
+  stream: import("hono/streaming").SSEStreamingApi;
+  claimName: string;
+  runner: NonNullable<Awaited<ReturnType<typeof getOrInitSharedRunner>>>;
+  signal: AbortSignal;
+}): Promise<boolean> {
+  const { stream, claimName, runner, signal } = args;
+
+  return new Promise<boolean>((resolve) => {
+    let settled = false;
+    let claimSeen = false;
+    let handle: { unsubscribe(): void } | null = null;
+
+    const settle = (result: boolean) => {
+      if (settled) return;
+      settled = true;
+      clearTimeout(watchdogTimer);
+      signal.removeEventListener("abort", onAbort);
+      handle?.unsubscribe();
+      resolve(result);
+    };
+
+    // Watchdog: if the source has only ever surfaced `claiming` after
+    // NO_CLAIM_MAX_MS, the SandboxClaim was never posted (VM_START likely
+    // failed earlier). Surface `claim-never-created` so the UI shows the
+    // retry affordance instead of stalling. Only meaningful for
+    // agent-sandbox; other runners go straight to `ready` so the watchdog
+    // never fires.
+    const watchdogTimer = setTimeout(() => {
+      if (claimSeen || settled) return;
+      stream
+        .writeSSE({
+          event: "phase",
+          data: JSON.stringify({
+            kind: "failed",
+            reason: "claim-never-created",
+            message:
+              "Sandbox claim was never created. The VM_START call may have failed earlier — check the start error.",
+          } satisfies ClaimPhase),
+        })
+        .catch(() => {});
+      settle(false);
+    }, NO_CLAIM_MAX_MS);
+
+    const onAbort = () => settle(false);
+    signal.addEventListener("abort", onAbort, { once: true });
+
+    handle = subscribeLifecycle(runner, claimName, (phase) => {
+      if (settled) return;
+      if (phase.kind !== "claiming") claimSeen = true;
+      stream
+        .writeSSE({ event: "phase", data: JSON.stringify(phase) })
+        .catch(() => {});
+      if (phase.kind === "ready") settle(true);
+      else if (phase.kind === "failed") settle(false);
+    });
+  });
+}
+
+/**
+ * Budget for the "lifecycle says ready but mesh hasn't finished its
+ * post-Ready bookkeeping" race. The Sandbox CR Ready=True signal fires the
+ * moment the operator's reconciliation completes; `runner.ensure()` then
+ * does Service-patch + HTTPRoute-mint + port-forward + daemon health probe
+ * before inserting the state-store row that `proxyDaemonRequest` reads. In
+ * a real cluster that post-Ready window is typically 2–10s. Without this
+ * retry the unified stream would 404 here, emit `gone`, and force the
+ * browser to reconnect — the symptom that motivated this fix.
+ */
+const PROXY_OPEN_RETRY_BUDGET_MS = 60_000;
+const PROXY_OPEN_RETRY_DELAY_MS = 500;
+
+/**
+ * Open the daemon's `/_decopilot_vm/events` SSE through the runner and pipe
+ * raw bytes to the client. Daemon emits a stable wire format the browser's
+ * EventSource already groks, so byte-passthrough preserves event names,
+ * payloads, and frame boundaries without parsing.
+ *
+ * 404 handling: retry within `PROXY_OPEN_RETRY_BUDGET_MS` rather than
+ * surfacing `gone` immediately. The most common cause of an immediate 404
+ * is the lifecycle-vs-ensure race described above — `gone` is reserved for
+ * genuine eviction, where the handle is absent from K8s + state-store after
+ * the budget expires.
+ *
+ * Non-404 upstream failure → `failed` phase. Caller's UI surfaces the
+ * existing error state.
+ */
+async function proxyDaemonEvents(args: {
+  stream: import("hono/streaming").SSEStreamingApi;
+  runner: NonNullable<Awaited<ReturnType<typeof getOrInitSharedRunner>>>;
+  claimName: string;
+  signal: AbortSignal;
+}): Promise<void> {
+  const { stream, runner, claimName, signal } = args;
+
+  const openedAt = Date.now();
+  let upstream: Response | null = null;
+
+  while (!signal.aborted) {
+    let attempt: Response | null = null;
+    try {
+      attempt = await runner.proxyDaemonRequest(
+        claimName,
+        "/_decopilot_vm/events",
+        {
+          method: "GET",
+          headers: new Headers({ accept: "text/event-stream" }),
+          body: null,
+          signal,
+        },
+      );
+    } catch (err) {
+      if (signal.aborted) return;
+      // Network-level failure (port-forward not yet open, daemon health
+      // probe still failing, ...). Same race window as 404 — retry, then
+      // surface as failed if the budget elapses.
+      if (Date.now() - openedAt < PROXY_OPEN_RETRY_BUDGET_MS) {
+        await sleepAbortable(PROXY_OPEN_RETRY_DELAY_MS, signal);
+        continue;
+      }
+      const message = err instanceof Error ? err.message : String(err);
+      await stream
+        .writeSSE({
+          event: "phase",
+          data: JSON.stringify({
+            kind: "failed",
+            reason: "unknown",
+            message: `Upstream daemon SSE error: ${message}`,
+          } satisfies ClaimPhase),
+        })
+        .catch(() => {});
+      return;
+    }
+
+    if (attempt.status === 404) {
+      try {
+        await attempt.body?.cancel();
+      } catch {
+        /* ignore */
+      }
+      if (Date.now() - openedAt < PROXY_OPEN_RETRY_BUDGET_MS) {
+        await sleepAbortable(PROXY_OPEN_RETRY_DELAY_MS, signal);
+        continue;
+      }
+      // Budget elapsed and handle still missing — genuine eviction. Emit
+      // `gone` so the client's self-heal (VM_START) takes over.
+      await stream.writeSSE({ event: "gone", data: "" }).catch(() => {});
+      return;
+    }
+
+    if (!attempt.ok || !attempt.body) {
+      try {
+        await attempt.body?.cancel();
+      } catch {
+        /* ignore */
+      }
+      await stream
+        .writeSSE({
+          event: "phase",
+          data: JSON.stringify({
+            kind: "failed",
+            reason: "unknown",
+            message: `Upstream daemon SSE failed (${attempt.status}).`,
+          } satisfies ClaimPhase),
+        })
+        .catch(() => {});
+      return;
+    }
+
+    upstream = attempt;
+    break;
+  }
+
+  if (!upstream || !upstream.body) return;
+
+  const reader = upstream.body.getReader();
+  try {
+    while (!signal.aborted) {
+      const { value, done } = await reader.read();
+      if (done) break;
+      if (value) await stream.write(value);
+    }
+  } catch {
+    // Upstream errored or client aborted mid-read. Either way we're done —
+    // the client will EventSource-reconnect if it wants to keep watching.
+  } finally {
+    try {
+      reader.releaseLock();
+    } catch {
+      /* ignore */
+    }
+  }
+}
+
+/** Sleep that resolves immediately when the abort signal fires. */
+function sleepAbortable(ms: number, signal: AbortSignal): Promise<void> {
+  return new Promise((resolve) => {
+    if (signal.aborted) {
+      resolve();
+      return;
+    }
+    const timeout = setTimeout(() => {
+      signal.removeEventListener("abort", onAbort);
+      resolve();
+    }, ms);
+    const onAbort = () => {
+      clearTimeout(timeout);
+      resolve();
+    };
+    signal.addEventListener("abort", onAbort, { once: true });
+  });
+}
diff --git a/apps/mesh/src/api/routes/vm-exec.ts b/apps/mesh/src/api/routes/vm-exec.ts
new file mode 100644
index 0000000000..3d5006330f
--- /dev/null
+++ b/apps/mesh/src/api/routes/vm-exec.ts
@@ -0,0 +1,98 @@
+/**
+ * Browser-facing `/exec` and `/kill` proxy.
+ *
+ * The daemon enforces `Authorization: Bearer <DAEMON_TOKEN>` on every mutating
+ * `/_decopilot_vm/*` route. The browser doesn't (and shouldn't) hold that
+ * token, so the env panel routes script start/stop here. We authenticate the
+ * user, derive their claim handle the same way `vm-events.ts` does, and
+ * forward through `runner.proxyDaemonRequest`, which injects the bearer
+ * inside the runner.
+ */
+
+import { Hono, type Context } from "hono";
+import { composeSandboxRef } from "@decocms/sandbox/runner";
+import { computeClaimHandle } from "../../sandbox/claim-handle";
+import { getOrInitSharedRunner } from "../../sandbox/lifecycle";
+import {
+  getUserId,
+  requireAuth,
+  requireOrganization,
+} from "../../core/mesh-context";
+import type { Env } from "../hono-env";
+
+async function proxy(c: Context<Env>, daemonPath: string) {
+  const ctx = c.var.meshContext;
+  try {
+    requireAuth(ctx);
+  } catch {
+    return c.json({ error: "Unauthorized" }, 401);
+  }
+  const userId = getUserId(ctx);
+  if (!userId) return c.json({ error: "Unauthorized" }, 401);
+
+  let organization: ReturnType<typeof requireOrganization>;
+  try {
+    organization = requireOrganization(ctx);
+  } catch {
+    return c.json({ error: "Organization scope required" }, 403);
+  }
+
+  const virtualMcpId = c.req.query("virtualMcpId");
+  const branch = c.req.query("branch");
+  if (!virtualMcpId || !branch) {
+    return c.json({ error: "virtualMcpId and branch are required" }, 400);
+  }
+
+  const virtualMcp = await ctx.storage.virtualMcps.findById(virtualMcpId);
+  if (!virtualMcp || virtualMcp.organization_id !== organization.id) {
+    return c.json({ error: "Virtual MCP not found" }, 404);
+  }
+
+  const projectRef = composeSandboxRef({
+    orgId: organization.id,
+    virtualMcpId,
+    branch,
+  });
+  const claimName = computeClaimHandle({ userId, projectRef }, branch);
+
+  const runner = await getOrInitSharedRunner();
+  if (!runner) {
+    return c.json({ error: "No sandbox runner configured" }, 503);
+  }
+
+  let upstream: Response;
+  try {
+    upstream = await runner.proxyDaemonRequest(claimName, daemonPath, {
+      method: "POST",
+      headers: new Headers(),
+      body: null,
+    });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return c.json({ error: `Daemon unreachable: ${message}` }, 502);
+  }
+
+  const text = await upstream.text();
+  return new Response(text, {
+    status: upstream.status,
+    headers: { "content-type": "application/json" },
+  });
+}
+
+export const createVmExecRoutes = () => {
+  const app = new Hono<Env>();
+
+  app.post("/exec/:script", (c) => {
+    const script = c.req.param("script");
+    if (!script) return c.json({ error: "missing script name" }, 400);
+    return proxy(c, `/_decopilot_vm/exec/${encodeURIComponent(script)}`);
+  });
+
+  app.post("/kill/:script", (c) => {
+    const script = c.req.param("script");
+    if (!script) return c.json({ error: "missing script name" }, 400);
+    return proxy(c, `/_decopilot_vm/exec/${encodeURIComponent(script)}/kill`);
+  });
+
+  return app;
+};
diff --git a/apps/mesh/src/api/utils/stream-guard.test.ts b/apps/mesh/src/api/utils/stream-guard.test.ts
new file mode 100644
index 0000000000..3222692736
--- /dev/null
+++ b/apps/mesh/src/api/utils/stream-guard.test.ts
@@ -0,0 +1,96 @@
+import { describe, expect, it, mock, spyOn } from "bun:test";
+import { guardResponseStream } from "./stream-guard";
+
+const collect = async (response: Response): Promise<string> => {
+  const reader = response.body!.getReader();
+  const decoder = new TextDecoder();
+  let out = "";
+  while (true) {
+    const { done, value } = await reader.read();
+    if (done) break;
+    out += decoder.decode(value);
+  }
+  return out;
+};
+
+describe("guardResponseStream", () => {
+  it("passes a normal stream through unchanged", async () => {
+    const encoder = new TextEncoder();
+    const source = new ReadableStream<Uint8Array>({
+      start(controller) {
+        controller.enqueue(encoder.encode("hello "));
+        controller.enqueue(encoder.encode("world"));
+        controller.close();
+      },
+    });
+    const original = new Response(source, {
+      status: 200,
+      headers: { "content-type": "text/event-stream" },
+    });
+
+    const guarded = guardResponseStream(original, "test:normal");
+
+    expect(guarded.status).toBe(200);
+    expect(guarded.headers.get("content-type")).toBe("text/event-stream");
+    expect(await collect(guarded)).toBe("hello world");
+  });
+
+  it("closes cleanly when the source errors mid-stream", async () => {
+    const encoder = new TextEncoder();
+    let phase = 0;
+    const source = new ReadableStream<Uint8Array>({
+      pull(controller) {
+        // First pull: emit a chunk. Second pull: error.
+        // Splitting across pulls ensures the consumer sees the chunk before
+        // the error surfaces, mirroring the realistic case where some bytes
+        // have already gone over the wire when the upstream fails.
+        if (phase === 0) {
+          phase = 1;
+          controller.enqueue(encoder.encode("partial"));
+        } else {
+          controller.error(new Error("upstream exploded"));
+        }
+      },
+    });
+    const original = new Response(source, { status: 200 });
+    const errSpy = spyOn(console, "error").mockImplementation(() => {});
+
+    const guarded = guardResponseStream(original, "test:erroring");
+
+    // The guard must resolve (clean close), not reject — that's the whole point
+    const body = await collect(guarded);
+    expect(body).toBe("partial");
+    expect(errSpy).toHaveBeenCalled();
+    const firstCall = errSpy.mock.calls[0];
+    expect(firstCall).toBeDefined();
+    expect(String(firstCall![0])).toContain("test:erroring");
+    expect(String(firstCall![1])).toContain("upstream exploded");
+
+    errSpy.mockRestore();
+  });
+
+  it("returns the response unchanged when there is no body", () => {
+    const original = new Response(null, { status: 204 });
+    const guarded = guardResponseStream(original, "test:empty");
+    expect(guarded).toBe(original);
+  });
+
+  it("forwards cancellation upstream", async () => {
+    const cancelFn = mock(() => {});
+    const source = new ReadableStream<Uint8Array>({
+      start() {
+        // never push, never close — keep the stream open until cancellation
+      },
+      cancel: cancelFn,
+    });
+    const original = new Response(source, { status: 200 });
+
+    const guarded = guardResponseStream(original, "test:cancel");
+    // Touch the body so the guard's start() runs and acquires the reader
+    // before we cancel.
+    const reader = guarded.body!.getReader();
+    await reader.cancel("client gone");
+
+    expect(cancelFn).toHaveBeenCalledWith("client gone");
+  });
+});
diff --git a/apps/mesh/src/api/utils/stream-guard.ts b/apps/mesh/src/api/utils/stream-guard.ts
new file mode 100644
index 0000000000..f8875bc138
--- /dev/null
+++ b/apps/mesh/src/api/utils/stream-guard.ts
@@ -0,0 +1,60 @@
+/**
+ * Wraps a streaming Response so a mid-flight error in the body's ReadableStream
+ * results in a clean close instead of an abrupt abort.
+ *
+ * Without this guard, when the underlying source throws after the Response has
+ * already been returned to Hono (e.g. an MCP bridge call to an upstream tool
+ * fails during a `tools/list` aggregation), the stream propagates the error and
+ * the connection drops mid-body — Cloudflare interprets that as a malformed
+ * origin response and serves the client a generic 520 instead of letting the
+ * client see the truncated stream and retry.
+ *
+ * The guard catches the error, logs it for the operator, and closes the
+ * controller cleanly. The client receives a well-formed but truncated SSE
+ * response and can recover via its own retry/reconnect logic.
+ */
+export function guardResponseStream(
+  response: Response,
+  label: string,
+): Response {
+  if (!response.body) return response;
+
+  const source = response.body;
+  let reader: ReadableStreamDefaultReader<Uint8Array> | null = null;
+
+  const guarded = new ReadableStream<Uint8Array>({
+    async start(controller) {
+      reader = source.getReader();
+      try {
+        for (;;) {
+          const { done, value } = await reader.read();
+          if (done) return;
+          controller.enqueue(value);
+        }
+      } catch (err) {
+        console.error(`[stream-guard] ${label} stream errored:`, err);
+      } finally {
+        try {
+          controller.close();
+        } catch {
+          // controller may already be closed (e.g. via downstream cancel)
+        }
+      }
+    },
+    async cancel(reason) {
+      // The source has a reader locked from start(); cancelling via the reader
+      // both releases the lock and propagates the cancel reason upstream.
+      if (reader) {
+        await reader.cancel(reason).catch(() => {});
+      } else {
+        await source.cancel(reason).catch(() => {});
+      }
+    },
+  });
+
+  return new Response(guarded, {
+    status: response.status,
+    statusText: response.statusText,
+    headers: response.headers,
+  });
+}
diff --git a/apps/mesh/src/auth/auth-env.ts b/apps/mesh/src/auth/auth-env.ts
index 718f9cb925..310e6b6513 100644
--- a/apps/mesh/src/auth/auth-env.ts
+++ b/apps/mesh/src/auth/auth-env.ts
@@ -62,6 +62,10 @@ export const authEnvSchema = z
     AUTH_SSO_MS_CLIENT_ID: z.string().optional(),
     AUTH_SSO_MS_CLIENT_SECRET: z.string().optional(),
     AUTH_SSO_SCOPES: csv(["openid", "email", "profile"]),
+
+    // SSO (Google)
+    AUTH_SSO_GOOGLE_CLIENT_ID: z.string().optional(),
+    AUTH_SSO_GOOGLE_CLIENT_SECRET: z.string().optional(),
   })
   .transform((env) => {
     // ── Social providers ───────────────────────────────────────────
@@ -121,6 +125,14 @@ export const authEnvSchema = z
         MS_CLIENT_SECRET: env.AUTH_SSO_MS_CLIENT_SECRET ?? "",
         scopes: env.AUTH_SSO_SCOPES,
       };
+    } else if (env.AUTH_SSO_GOOGLE_CLIENT_ID && env.AUTH_SSO_DOMAIN) {
+      ssoConfig = {
+        providerId: "google" as const,
+        domain: env.AUTH_SSO_DOMAIN,
+        GOOGLE_CLIENT_ID: env.AUTH_SSO_GOOGLE_CLIENT_ID,
+        GOOGLE_CLIENT_SECRET: env.AUTH_SSO_GOOGLE_CLIENT_SECRET ?? "",
+        scopes: env.AUTH_SSO_SCOPES,
+      };
     }
 
     // ── Magic link ─────────────────────────────────────────────────
diff --git a/apps/mesh/src/auth/index.ts b/apps/mesh/src/auth/index.ts
index ee2bb0e352..510fe25fdd 100644
--- a/apps/mesh/src/auth/index.ts
+++ b/apps/mesh/src/auth/index.ts
@@ -30,6 +30,7 @@ import {
 } from "better-auth/plugins/organization/access";
 
 import { getConfig } from "@/core/config";
+import { posthog } from "@/posthog";
 import { getBaseUrl } from "@/core/server-constants";
 import { createAccessControl, Role } from "@decocms/better-auth/plugins/access";
 import { getDb, getDatabaseUrl, getDbDialect } from "../database";
@@ -39,6 +40,7 @@ import { createEmailSender, findEmailProvider } from "./email-providers";
 import { emailButton, emailParagraph, emailTemplate } from "./email-template";
 import { createMagicLinkConfig } from "./magic-link";
 import { seedOrgDb } from "./org";
+import { identifyAuthenticatedUser } from "./posthog-identify";
 import { ADMIN_ROLES } from "./roles";
 import { createSSOConfig } from "./sso";
 
@@ -133,7 +135,7 @@ if (
 
     sendInvitationEmail = async (data) => {
       const inviterName = data.inviter.user?.name || data.inviter.user?.email;
-      const acceptUrl = `${getBaseUrl()}/auth/accept-invitation?invitationId=${data.invitation.id}&redirectTo=/`;
+      const acceptUrl = `${getBaseUrl()}/auth/accept-invitation?invitationId=${data.invitation.id}&redirectTo=/${data.organization.slug}`;
 
       await sendEmail({
         to: data.email,
@@ -433,6 +435,30 @@ export const auth = betterAuth({
     user: {
       create: {
         after: async (user) => {
+          // Tag the PostHog person record with email/name BEFORE the
+          // user_signed_up capture so that event lands on a person record
+          // that already has $set: { email } applied.
+          identifyAuthenticatedUser({
+            id: user.id,
+            email: user.email,
+            name: user.name ?? null,
+            emailVerified: !!user.emailVerified,
+          });
+
+          // Top-of-funnel signup event. Fires once per new user account,
+          // before any org is created. Use this (not organization_created)
+          // to measure raw signup volume.
+          posthog.capture({
+            distinctId: user.id,
+            event: "user_signed_up",
+            properties: {
+              email: user.email,
+              email_domain: user.email?.split("@")[1]?.toLowerCase() ?? null,
+              email_verified: !!user.emailVerified,
+              has_name: !!user.name,
+            },
+          });
+
           // Domain-based handling for verified corporate emails.
           // 1. If an org claimed the domain with auto-join → add as member
           // 2. If corporate but unclaimed → skip default org creation so
@@ -482,13 +508,39 @@ export const auth = betterAuth({
             const orgSlug = slugify(orgName);
 
             try {
-              await auth.api.createOrganization({
+              const created = await auth.api.createOrganization({
                 body: {
                   name: orgName,
                   slug: orgSlug,
                   userId: user.id,
                 },
               });
+
+              // Group identify for team-level analytics.
+              const orgId =
+                (created as { id?: string } | null)?.id ?? undefined;
+              if (orgId) {
+                posthog.groupIdentify({
+                  groupType: "organization",
+                  groupKey: orgId,
+                  properties: {
+                    name: orgName,
+                    slug: orgSlug,
+                    created_at: new Date().toISOString(),
+                    created_via: "signup_default",
+                  },
+                });
+                posthog.capture({
+                  distinctId: user.id,
+                  event: "organization_created",
+                  groups: { organization: orgId },
+                  properties: {
+                    organization_id: orgId,
+                    organization_slug: orgSlug,
+                    created_via: "signup_default",
+                  },
+                });
+              }
               return;
             } catch (error) {
               const isConflictError =
@@ -506,6 +558,31 @@ export const auth = betterAuth({
         },
       },
     },
+    session: {
+      create: {
+        // Re-identify on every successful login (email/password, OTP,
+        // magic link, SSO). PostHog merges person properties server-side,
+        // so this is idempotent and provides automatic backfill for
+        // existing users whose person records were created before
+        // posthog.identify was wired into the auth flow.
+        after: async (session) => {
+          const row = await getDb()
+            .db.selectFrom("user")
+            .select(["id", "email", "name", "emailVerified"])
+            .where("id", "=", session.userId)
+            .executeTakeFirst();
+
+          if (!row) return;
+
+          identifyAuthenticatedUser({
+            id: row.id,
+            email: row.email,
+            name: row.name ?? null,
+            emailVerified: !!row.emailVerified,
+          });
+        },
+      },
+    },
   },
 });
 
diff --git a/apps/mesh/src/auth/jwt.ts b/apps/mesh/src/auth/jwt.ts
index ec1a3f9f02..9a31f0c955 100644
--- a/apps/mesh/src/auth/jwt.ts
+++ b/apps/mesh/src/auth/jwt.ts
@@ -45,8 +45,14 @@ function getSecret(): Uint8Array {
 export interface MeshTokenPayload {
   /** User ID who initiated the request */
   sub: string;
-  /** User */
-  user?: { id: string };
+  /** User identity propagated to downstream apps via x-mesh-token */
+  user?: {
+    id: string;
+    email?: string;
+    name?: string;
+    image?: string;
+    role?: string;
+  };
   /** Metadata */
   metadata?: {
     /** Configuration state */
diff --git a/apps/mesh/src/auth/migrate.ts b/apps/mesh/src/auth/migrate.ts
index a64eae9b12..4ff8fb5dde 100644
--- a/apps/mesh/src/auth/migrate.ts
+++ b/apps/mesh/src/auth/migrate.ts
@@ -35,10 +35,17 @@ export async function migrateBetterAuth(databaseUrl?: string): Promise<string> {
 
   // Minimal options — only needs plugins to discover which tables to create.
   // Does not need auth config, rate limiting, hooks, etc.
+  //
+  // Plugin options that change which tables get created (e.g. organization's
+  // dynamicAccessControl, which gates the organizationRole and
+  // organizationResource tables) must mirror the real auth config in
+  // ../auth/index.ts so the in-process migration matches the CLI migration.
   const options = {
     database: freshDatabase,
     plugins: [
-      organization(),
+      organization({
+        dynamicAccessControl: { enabled: true, enableCustomResources: true },
+      }),
       adminPlugin(),
       apiKey(),
       jwt(),
diff --git a/apps/mesh/src/auth/posthog-identify.test.ts b/apps/mesh/src/auth/posthog-identify.test.ts
new file mode 100644
index 0000000000..823d4ea4dc
--- /dev/null
+++ b/apps/mesh/src/auth/posthog-identify.test.ts
@@ -0,0 +1,98 @@
+import { describe, expect, it } from "bun:test";
+import { buildIdentifyPayload } from "./posthog-identify";
+
+describe("buildIdentifyPayload", () => {
+  const now = new Date("2026-04-28T12:00:00.000Z");
+
+  it("sets email, name, and email_verified via $set", () => {
+    const payload = buildIdentifyPayload(
+      {
+        id: "user_123",
+        email: "alice@acme.com",
+        name: "Alice",
+        emailVerified: true,
+      },
+      now,
+    );
+
+    expect(payload.distinctId).toBe("user_123");
+    expect(payload.properties.$set).toEqual({
+      email: "alice@acme.com",
+      name: "Alice",
+      email_verified: true,
+    });
+  });
+
+  it("sets first_seen_at and signup_email_domain via $set_once", () => {
+    const payload = buildIdentifyPayload(
+      {
+        id: "user_123",
+        email: "alice@acme.com",
+        name: "Alice",
+        emailVerified: true,
+      },
+      now,
+    );
+
+    expect(payload.properties.$set_once).toEqual({
+      first_seen_at: "2026-04-28T12:00:00.000Z",
+      signup_email_domain: "acme.com",
+    });
+  });
+
+  it("forwards email_verified: false unchanged", () => {
+    const payload = buildIdentifyPayload(
+      {
+        id: "user_456",
+        email: "bob@example.com",
+        name: "Bob",
+        emailVerified: false,
+      },
+      now,
+    );
+
+    expect(payload.properties.$set.email_verified).toBe(false);
+  });
+
+  it("normalizes the email domain to lowercase", () => {
+    const payload = buildIdentifyPayload(
+      {
+        id: "user_789",
+        email: "CHARLIE@WIDGETS.IO",
+        name: null,
+        emailVerified: true,
+      },
+      now,
+    );
+
+    expect(payload.properties.$set_once.signup_email_domain).toBe("widgets.io");
+  });
+
+  it("sets name to null when user has no name", () => {
+    const payload = buildIdentifyPayload(
+      {
+        id: "user_789",
+        email: "charlie@widgets.io",
+        name: null,
+        emailVerified: true,
+      },
+      now,
+    );
+
+    expect(payload.properties.$set.name).toBeNull();
+  });
+
+  it("sets signup_email_domain to null when email has no @ separator", () => {
+    const payload = buildIdentifyPayload(
+      {
+        id: "user_999",
+        email: "malformed-email",
+        name: "Dave",
+        emailVerified: false,
+      },
+      now,
+    );
+
+    expect(payload.properties.$set_once.signup_email_domain).toBeNull();
+  });
+});
diff --git a/apps/mesh/src/auth/posthog-identify.ts b/apps/mesh/src/auth/posthog-identify.ts
new file mode 100644
index 0000000000..c4936a9adb
--- /dev/null
+++ b/apps/mesh/src/auth/posthog-identify.ts
@@ -0,0 +1,58 @@
+/**
+ * Builds the PostHog `identify` payload tagging the person record with
+ * email/name/email_verified ($set, last-write-wins) and first-seen
+ * metadata ($set_once, written only on the first identify per user).
+ *
+ * Pure for testability — all inputs are explicit. The impure wrapper
+ * `identifyAuthenticatedUser` below calls `posthog.identify` with the
+ * payload.
+ */
+
+import { posthog } from "@/posthog";
+
+export interface IdentifiableUser {
+  id: string;
+  email: string;
+  name: string | null;
+  emailVerified: boolean;
+}
+
+export interface PostHogIdentifyPayload {
+  distinctId: string;
+  properties: {
+    $set: {
+      email: string;
+      name: string | null;
+      email_verified: boolean;
+    };
+    $set_once: {
+      first_seen_at: string;
+      signup_email_domain: string | null;
+    };
+  };
+}
+
+export function buildIdentifyPayload(
+  user: IdentifiableUser,
+  now: Date,
+): PostHogIdentifyPayload {
+  const domain = user.email.split("@")[1]?.toLowerCase() ?? null;
+  return {
+    distinctId: user.id,
+    properties: {
+      $set: {
+        email: user.email,
+        name: user.name,
+        email_verified: user.emailVerified,
+      },
+      $set_once: {
+        first_seen_at: now.toISOString(),
+        signup_email_domain: domain,
+      },
+    },
+  };
+}
+
+export function identifyAuthenticatedUser(user: IdentifiableUser): void {
+  posthog.identify(buildIdentifyPayload(user, new Date()));
+}
diff --git a/apps/mesh/src/auth/sso.ts b/apps/mesh/src/auth/sso.ts
index 9587c8bf7d..f70f435d46 100644
--- a/apps/mesh/src/auth/sso.ts
+++ b/apps/mesh/src/auth/sso.ts
@@ -11,6 +11,14 @@ export interface MicrosoftSSOConfig {
   scopes: string[];
 }
 
+export interface GoogleSSOConfig {
+  domain: string;
+  providerId: "google";
+  GOOGLE_CLIENT_ID: string;
+  GOOGLE_CLIENT_SECRET: string;
+  scopes: string[];
+}
+
 const createMicrosoftSSO = (config: MicrosoftSSOConfig) => {
   return {
     trustEmailVerified: true,
@@ -48,6 +56,43 @@ const createMicrosoftSSO = (config: MicrosoftSSOConfig) => {
   };
 };
 
+const createGoogleSSO = (config: GoogleSSOConfig) => {
+  return {
+    trustEmailVerified: true,
+    defaultSSO: [
+      {
+        domain: config.domain,
+        providerId: config.providerId,
+        oidcConfig: {
+          issuer: "https://accounts.google.com",
+          pkce: true,
+          clientId: config.GOOGLE_CLIENT_ID,
+          clientSecret: config.GOOGLE_CLIENT_SECRET,
+          discoveryEndpoint:
+            "https://accounts.google.com/.well-known/openid-configuration",
+          authorizationEndpoint: "https://accounts.google.com/o/oauth2/v2/auth",
+          tokenEndpoint: "https://oauth2.googleapis.com/token",
+          jwksEndpoint: "https://www.googleapis.com/oauth2/v3/certs",
+          userInfoEndpoint: "https://openidconnect.googleapis.com/v1/userinfo",
+          tokenEndpointAuthentication: "client_secret_post" as const,
+          scopes: config.scopes,
+          mapping: {
+            id: "sub",
+            email: "email",
+            emailVerified: "email_verified",
+            name: "name",
+            image: "picture",
+            extraFields: {
+              emailVerified: "email_verified",
+              hd: "hd",
+            },
+          },
+        },
+      },
+    ],
+  };
+};
+
 /**
  * After SSO login, detect and merge duplicate users caused by email aliases.
  *
@@ -138,7 +183,12 @@ export const createSSOConfig = (config: SSOConfig) => {
   if (config.providerId === "microsoft") {
     return createMicrosoftSSO(config);
   }
-  throw new Error(`Unsupported provider: ${config.providerId}`);
+  if (config.providerId === "google") {
+    return createGoogleSSO(config);
+  }
+  throw new Error(
+    `Unsupported provider: ${(config as { providerId: string }).providerId}`,
+  );
 };
 
-export type SSOConfig = MicrosoftSSOConfig;
+export type SSOConfig = MicrosoftSSOConfig | GoogleSSOConfig;
diff --git a/apps/mesh/src/automations/build-stream-request.test.ts b/apps/mesh/src/automations/build-stream-request.test.ts
index 53a08e19c4..d064c8d59a 100644
--- a/apps/mesh/src/automations/build-stream-request.test.ts
+++ b/apps/mesh/src/automations/build-stream-request.test.ts
@@ -1,6 +1,6 @@
 import { describe, expect, it } from "bun:test";
 import type { Automation } from "@/storage/types";
-import { buildStreamRequest } from "./build-stream-request";
+import { buildStreamRequest, type TierOverride } from "./build-stream-request";
 
 function makeAutomation(overrides?: Partial<Automation>): Automation {
   return {
@@ -9,7 +9,6 @@ function makeAutomation(overrides?: Partial<Automation>): Automation {
     name: "Test",
     active: true,
     created_by: "user_1",
-    agent: JSON.stringify({ id: "agent_1" }),
     messages: JSON.stringify([
       { id: "m1", role: "user", parts: [{ type: "text", text: "hello" }] },
     ]),
@@ -18,7 +17,7 @@ function makeAutomation(overrides?: Partial<Automation>): Automation {
       credentialId: "cred_1",
     }),
     temperature: 0.7,
-    virtual_mcp_id: null,
+    virtual_mcp_id: "agent_1",
     created_at: "2026-01-01T00:00:00Z",
     updated_at: "2026-01-01T00:00:00Z",
     ...overrides,
@@ -105,14 +104,61 @@ describe("buildStreamRequest", () => {
     expect(result.mode).toBe("default");
   });
 
-  it("extracts agent id from stored JSON", () => {
-    const automation = makeAutomation({
-      agent: JSON.stringify({
-        id: "agent_1",
-        mode: "smart_tool_selection",
-      }),
-    });
+  it("uses virtual_mcp_id as the agent id", () => {
+    const automation = makeAutomation({ virtual_mcp_id: "vir_xyz" });
     const result = buildStreamRequest(automation, null, "thrd_1");
-    expect(result.agent).toEqual({ id: "agent_1" });
+    expect(result.agent).toEqual({ id: "vir_xyz" });
+  });
+
+  describe("tier override", () => {
+    const override: TierOverride = {
+      credentialId: "cred_live",
+      thinking: {
+        id: "model_live",
+        title: "Live Model",
+        provider: "anthropic",
+        capabilities: { vision: true, file: true },
+        limits: { contextWindow: 200_000, maxOutputTokens: 4096 },
+      },
+    };
+
+    it("replaces credential and the entire thinking field", () => {
+      const automation = makeAutomation({
+        models: JSON.stringify({
+          credentialId: "cred_stale",
+          thinking: {
+            id: "model_stale",
+            title: "Stale",
+            capabilities: { vision: false, file: false },
+            limits: { contextWindow: 8000, maxOutputTokens: 1024 },
+          },
+          tier: "smart",
+        }),
+      });
+      const result = buildStreamRequest(automation, null, "thrd_1", override);
+      expect(result.models.credentialId).toBe("cred_live");
+      expect(result.models.thinking).toEqual(override.thinking);
+    });
+
+    it("falls back to snapshot when no override is supplied", () => {
+      const automation = makeAutomation({
+        models: JSON.stringify({
+          credentialId: "cred_snapshot",
+          thinking: { id: "model_snapshot" },
+          tier: "smart",
+        }),
+      });
+      const result = buildStreamRequest(automation, null, "thrd_1", null);
+      expect(result.models.credentialId).toBe("cred_snapshot");
+      expect((result.models.thinking as { id: string }).id).toBe(
+        "model_snapshot",
+      );
+    });
+
+    it("leaves snapshot intact when override is undefined", () => {
+      const automation = makeAutomation();
+      const result = buildStreamRequest(automation, null, "thrd_1");
+      expect(result.models.credentialId).toBe("cred_1");
+    });
   });
 });
diff --git a/apps/mesh/src/automations/build-stream-request.ts b/apps/mesh/src/automations/build-stream-request.ts
index 6f0241f760..d6f5485f9b 100644
--- a/apps/mesh/src/automations/build-stream-request.ts
+++ b/apps/mesh/src/automations/build-stream-request.ts
@@ -3,16 +3,52 @@
  *
  * Converts a stored Automation row into a StreamCoreInput suitable
  * for passing to streamCore(). JSON columns are parsed back into objects.
+ *
+ * When the persisted models payload carries a Simple Mode `tier`, callers
+ * resolve the live slot via `resolveTierOverride()` and pass the resulting
+ * `tierOverride` here. The override fully replaces both `credentialId` and
+ * `thinking` — partial patching would leave stale capabilities / limits /
+ * provider / title from the snapshot, which downstream code (model-compat,
+ * stream-core max-tokens cap, telemetry) consumes.
  */
 
 import type { StreamCoreInput } from "@/api/routes/decopilot/stream-core";
 import type { Automation } from "@/storage/types";
-import { getDecopilotId } from "@decocms/mesh-sdk";
+
+type ThinkingShape = {
+  id: string;
+  title?: string;
+  provider?: string | null;
+  capabilities?: {
+    vision?: boolean;
+    text?: boolean;
+    reasoning?: boolean;
+    file?: boolean;
+  };
+  limits?: {
+    contextWindow?: number;
+    maxOutputTokens?: number;
+  };
+  [key: string]: unknown;
+};
+
+type AutomationModels = {
+  credentialId: string;
+  thinking: ThinkingShape;
+  tier?: "fast" | "smart" | "thinking";
+  [key: string]: unknown;
+};
+
+export type TierOverride = {
+  credentialId: string;
+  thinking: ThinkingShape;
+};
 
 export function buildStreamRequest(
   automation: Automation,
   triggerId: string | null,
   taskId: string,
+  tierOverride?: TierOverride | null,
 ): StreamCoreInput {
   const rawMessages = JSON.parse(automation.messages);
   // Generate fresh ids for each run so concurrent automation runs don't
@@ -23,14 +59,20 @@ export function buildStreamRequest(
     ...m,
     id: crypto.randomUUID(),
   }));
+
+  const models = JSON.parse(automation.models) as AutomationModels;
+  const resolvedModels: AutomationModels = tierOverride
+    ? {
+        ...models,
+        credentialId: tierOverride.credentialId,
+        thinking: tierOverride.thinking,
+      }
+    : models;
+
   const request: StreamCoreInput = {
     messages,
-    models: JSON.parse(automation.models),
-    agent: (() => {
-      const parsed = JSON.parse(automation.agent);
-      const id = parsed.id || getDecopilotId(automation.organization_id);
-      return { id };
-    })(),
+    models: resolvedModels,
+    agent: { id: automation.virtual_mcp_id },
     temperature: automation.temperature ?? 0.5,
     toolApprovalLevel: "auto",
     mode: "default",
diff --git a/apps/mesh/src/automations/cron-worker.test.ts b/apps/mesh/src/automations/cron-worker.test.ts
index 2981a3ad4f..d745e8e405 100644
--- a/apps/mesh/src/automations/cron-worker.test.ts
+++ b/apps/mesh/src/automations/cron-worker.test.ts
@@ -18,7 +18,6 @@ function makeAutomation(overrides?: Partial<Automation>): Automation {
     name: "Test",
     active: true,
     created_by: USER_ID,
-    agent: JSON.stringify({ id: "agent_1" }),
     messages: JSON.stringify([
       { id: "m1", role: "user", parts: [{ type: "text", text: "hi" }] },
     ]),
@@ -28,7 +27,7 @@ function makeAutomation(overrides?: Partial<Automation>): Automation {
       credentialId: "cred_1",
     }),
     temperature: 0.5,
-    virtual_mcp_id: null,
+    virtual_mcp_id: "agent_1",
     created_at: "2026-01-01T00:00:00Z",
     updated_at: "2026-01-01T00:00:00Z",
     ...overrides,
diff --git a/apps/mesh/src/automations/event-trigger-engine.test.ts b/apps/mesh/src/automations/event-trigger-engine.test.ts
index 8337ae63d0..af6fa3e7a6 100644
--- a/apps/mesh/src/automations/event-trigger-engine.test.ts
+++ b/apps/mesh/src/automations/event-trigger-engine.test.ts
@@ -20,7 +20,6 @@ function makeAutomation(overrides?: Partial<Automation>): Automation {
     name: "Test",
     active: true,
     created_by: USER_ID,
-    agent: JSON.stringify({ id: "agent_1" }),
     messages: JSON.stringify([
       { id: "m1", role: "user", parts: [{ type: "text", text: "hi" }] },
     ]),
@@ -30,7 +29,7 @@ function makeAutomation(overrides?: Partial<Automation>): Automation {
       credentialId: "cred_1",
     }),
     temperature: 0.5,
-    virtual_mcp_id: null,
+    virtual_mcp_id: "agent_1",
     created_at: "2026-01-01T00:00:00Z",
     updated_at: "2026-01-01T00:00:00Z",
     ...overrides,
@@ -60,7 +59,10 @@ function makeTriggerWithAutomation(
 function makeMeshContext(): MeshContext {
   return {
     organization: { id: ORG_ID, slug: "test", name: "Test" },
-    storage: { threads: {} },
+    storage: {
+      threads: {},
+      organizationSettings: { get: mock(() => Promise.resolve(null)) },
+    },
   } as unknown as MeshContext;
 }
 
@@ -516,5 +518,275 @@ describe("EventTriggerEngine", () => {
 
       expect(streamCoreFn).not.toHaveBeenCalled();
     });
+
+    // -------- array data sugar (back-compat) --------
+
+    it("matches scalar param against array event data via includes", async () => {
+      const trigger = makeTriggerWithAutomation({
+        params: JSON.stringify({ labelIds: "INBOX" }),
+      });
+      const storage = {
+        findActiveEventTriggers: mock(() => Promise.resolve([trigger])),
+        tryAcquireRunSlot: mock(() => Promise.resolve("thrd_1")),
+        deactivateAutomation: mock(() => Promise.resolve()),
+        markRunFailed: mock(() => Promise.resolve()),
+      } as unknown as AutomationsStorage;
+
+      const { engine, streamCoreFn } = makeEngine({ storage });
+      engine.notifyEvents([
+        {
+          source: "conn_1",
+          type: "test",
+          data: { labelIds: ["INBOX", "IMPORTANT"] },
+          organizationId: ORG_ID,
+        },
+      ]);
+      await flush();
+
+      expect(streamCoreFn).toHaveBeenCalled();
+    });
+
+    it("rejects scalar param when array event data does not include it", async () => {
+      const trigger = makeTriggerWithAutomation({
+        params: JSON.stringify({ labelIds: "INBOX" }),
+      });
+      const storage = {
+        findActiveEventTriggers: mock(() => Promise.resolve([trigger])),
+        tryAcquireRunSlot: mock(() => Promise.resolve("thrd_1")),
+        deactivateAutomation: mock(() => Promise.resolve()),
+        markRunFailed: mock(() => Promise.resolve()),
+      } as unknown as AutomationsStorage;
+
+      const { engine, streamCoreFn } = makeEngine({ storage });
+      engine.notifyEvents([
+        {
+          source: "conn_1",
+          type: "test",
+          data: { labelIds: ["SENT", "DRAFT"] },
+          organizationId: ORG_ID,
+        },
+      ]);
+      await flush();
+
+      expect(streamCoreFn).not.toHaveBeenCalled();
+    });
+
+    // -------- explicit { op: "eq" } --------
+
+    it('matches { op: "eq", value } the same as a scalar param', async () => {
+      const trigger = makeTriggerWithAutomation({
+        params: JSON.stringify({ status: { op: "eq", value: "paid" } }),
+      });
+      const storage = {
+        findActiveEventTriggers: mock(() => Promise.resolve([trigger])),
+        tryAcquireRunSlot: mock(() => Promise.resolve("thrd_1")),
+        deactivateAutomation: mock(() => Promise.resolve()),
+        markRunFailed: mock(() => Promise.resolve()),
+      } as unknown as AutomationsStorage;
+
+      const { engine, streamCoreFn } = makeEngine({ storage });
+      engine.notifyEvents([
+        {
+          source: "conn_1",
+          type: "test",
+          data: { status: "paid" },
+          organizationId: ORG_ID,
+        },
+      ]);
+      await flush();
+
+      expect(streamCoreFn).toHaveBeenCalled();
+    });
+
+    // -------- { op: "contains" } --------
+
+    it('matches { op: "contains" } against a string field (case-insensitive)', async () => {
+      const trigger = makeTriggerWithAutomation({
+        params: JSON.stringify({
+          subject: { op: "contains", value: "INVOICE" },
+        }),
+      });
+      const storage = {
+        findActiveEventTriggers: mock(() => Promise.resolve([trigger])),
+        tryAcquireRunSlot: mock(() => Promise.resolve("thrd_1")),
+        deactivateAutomation: mock(() => Promise.resolve()),
+        markRunFailed: mock(() => Promise.resolve()),
+      } as unknown as AutomationsStorage;
+
+      const { engine, streamCoreFn } = makeEngine({ storage });
+      engine.notifyEvents([
+        {
+          source: "conn_1",
+          type: "test",
+          data: { subject: "Your invoice for May" },
+          organizationId: ORG_ID,
+        },
+      ]);
+      await flush();
+
+      expect(streamCoreFn).toHaveBeenCalled();
+    });
+
+    it('rejects { op: "contains" } when the substring is absent', async () => {
+      const trigger = makeTriggerWithAutomation({
+        params: JSON.stringify({
+          subject: { op: "contains", value: "invoice" },
+        }),
+      });
+      const storage = {
+        findActiveEventTriggers: mock(() => Promise.resolve([trigger])),
+        tryAcquireRunSlot: mock(() => Promise.resolve("thrd_1")),
+        deactivateAutomation: mock(() => Promise.resolve()),
+        markRunFailed: mock(() => Promise.resolve()),
+      } as unknown as AutomationsStorage;
+
+      const { engine, streamCoreFn } = makeEngine({ storage });
+      engine.notifyEvents([
+        {
+          source: "conn_1",
+          type: "test",
+          data: { subject: "Daily standup reminder" },
+          organizationId: ORG_ID,
+        },
+      ]);
+      await flush();
+
+      expect(streamCoreFn).not.toHaveBeenCalled();
+    });
+
+    it('matches { op: "contains" } against an array field element', async () => {
+      const trigger = makeTriggerWithAutomation({
+        params: JSON.stringify({
+          tags: { op: "contains", value: "billing" },
+        }),
+      });
+      const storage = {
+        findActiveEventTriggers: mock(() => Promise.resolve([trigger])),
+        tryAcquireRunSlot: mock(() => Promise.resolve("thrd_1")),
+        deactivateAutomation: mock(() => Promise.resolve()),
+        markRunFailed: mock(() => Promise.resolve()),
+      } as unknown as AutomationsStorage;
+
+      const { engine, streamCoreFn } = makeEngine({ storage });
+      engine.notifyEvents([
+        {
+          source: "conn_1",
+          type: "test",
+          data: { tags: ["billing-team", "urgent"] },
+          organizationId: ORG_ID,
+        },
+      ]);
+      await flush();
+
+      expect(streamCoreFn).toHaveBeenCalled();
+    });
+
+    // -------- { op: "in" } --------
+
+    it('matches { op: "in", value: [...] } against scalar field', async () => {
+      const trigger = makeTriggerWithAutomation({
+        params: JSON.stringify({
+          status: { op: "in", value: ["paid", "shipped"] },
+        }),
+      });
+      const storage = {
+        findActiveEventTriggers: mock(() => Promise.resolve([trigger])),
+        tryAcquireRunSlot: mock(() => Promise.resolve("thrd_1")),
+        deactivateAutomation: mock(() => Promise.resolve()),
+        markRunFailed: mock(() => Promise.resolve()),
+      } as unknown as AutomationsStorage;
+
+      const { engine, streamCoreFn } = makeEngine({ storage });
+      engine.notifyEvents([
+        {
+          source: "conn_1",
+          type: "test",
+          data: { status: "shipped" },
+          organizationId: ORG_ID,
+        },
+      ]);
+      await flush();
+
+      expect(streamCoreFn).toHaveBeenCalled();
+    });
+
+    it('matches { op: "in", value: [...] } against array field via overlap', async () => {
+      const trigger = makeTriggerWithAutomation({
+        params: JSON.stringify({
+          labelIds: { op: "in", value: ["IMPORTANT", "STARRED"] },
+        }),
+      });
+      const storage = {
+        findActiveEventTriggers: mock(() => Promise.resolve([trigger])),
+        tryAcquireRunSlot: mock(() => Promise.resolve("thrd_1")),
+        deactivateAutomation: mock(() => Promise.resolve()),
+        markRunFailed: mock(() => Promise.resolve()),
+      } as unknown as AutomationsStorage;
+
+      const { engine, streamCoreFn } = makeEngine({ storage });
+      engine.notifyEvents([
+        {
+          source: "conn_1",
+          type: "test",
+          data: { labelIds: ["INBOX", "IMPORTANT"] },
+          organizationId: ORG_ID,
+        },
+      ]);
+      await flush();
+
+      expect(streamCoreFn).toHaveBeenCalled();
+    });
+
+    // -------- defensive --------
+
+    it("rejects unknown operator object", async () => {
+      const trigger = makeTriggerWithAutomation({
+        params: JSON.stringify({ status: { op: "regex", value: ".*" } }),
+      });
+      const storage = {
+        findActiveEventTriggers: mock(() => Promise.resolve([trigger])),
+        tryAcquireRunSlot: mock(() => Promise.resolve("thrd_1")),
+        deactivateAutomation: mock(() => Promise.resolve()),
+        markRunFailed: mock(() => Promise.resolve()),
+      } as unknown as AutomationsStorage;
+
+      const { engine, streamCoreFn } = makeEngine({ storage });
+      engine.notifyEvents([
+        {
+          source: "conn_1",
+          type: "test",
+          data: { status: "paid" },
+          organizationId: ORG_ID,
+        },
+      ]);
+      await flush();
+
+      expect(streamCoreFn).not.toHaveBeenCalled();
+    });
+
+    it("rejects malformed object param value (no op)", async () => {
+      const trigger = makeTriggerWithAutomation({
+        params: JSON.stringify({ status: { value: "paid" } }),
+      });
+      const storage = {
+        findActiveEventTriggers: mock(() => Promise.resolve([trigger])),
+        tryAcquireRunSlot: mock(() => Promise.resolve("thrd_1")),
+        deactivateAutomation: mock(() => Promise.resolve()),
+        markRunFailed: mock(() => Promise.resolve()),
+      } as unknown as AutomationsStorage;
+
+      const { engine, streamCoreFn } = makeEngine({ storage });
+      engine.notifyEvents([
+        {
+          source: "conn_1",
+          type: "test",
+          data: { status: "paid" },
+          organizationId: ORG_ID,
+        },
+      ]);
+      await flush();
+
+      expect(streamCoreFn).not.toHaveBeenCalled();
+    });
   });
 });
diff --git a/apps/mesh/src/automations/event-trigger-engine.ts b/apps/mesh/src/automations/event-trigger-engine.ts
index caab4b6261..78af1171e7 100644
--- a/apps/mesh/src/automations/event-trigger-engine.ts
+++ b/apps/mesh/src/automations/event-trigger-engine.ts
@@ -16,6 +16,71 @@ import {
 } from "./fire";
 import type { Semaphore } from "./semaphore";
 
+type ParamMatcher =
+  | { op: "eq"; value: unknown }
+  | { op: "contains"; value: string }
+  | { op: "in"; value: unknown[] };
+
+function isParamMatcher(v: unknown): v is ParamMatcher {
+  if (typeof v !== "object" || v === null || Array.isArray(v)) return false;
+  const op = (v as { op?: unknown }).op;
+  if (op !== "eq" && op !== "contains" && op !== "in") return false;
+  if (op === "in") return Array.isArray((v as { value?: unknown }).value);
+  if (op === "contains")
+    return typeof (v as { value?: unknown }).value === "string";
+  return "value" in v;
+}
+
+function caseInsensitiveContains(haystack: string, needle: string): boolean {
+  return haystack.toLowerCase().includes(needle.toLowerCase());
+}
+
+function paramMatchesField(fieldValue: unknown, paramValue: unknown): boolean {
+  // Explicit operator object — { op, value }.
+  if (isParamMatcher(paramValue)) {
+    if (paramValue.op === "eq") {
+      return scalarMatchesField(fieldValue, paramValue.value);
+    }
+    if (paramValue.op === "contains") {
+      if (typeof fieldValue === "string") {
+        return caseInsensitiveContains(fieldValue, paramValue.value);
+      }
+      if (Array.isArray(fieldValue)) {
+        return fieldValue.some(
+          (el) =>
+            typeof el === "string" &&
+            caseInsensitiveContains(el, paramValue.value),
+        );
+      }
+      return false;
+    }
+    if (paramValue.op === "in") {
+      const allowed = paramValue.value;
+      if (Array.isArray(fieldValue)) {
+        return fieldValue.some((el) => allowed.includes(el));
+      }
+      return allowed.includes(fieldValue);
+    }
+    return false;
+  }
+
+  // Back-compat: scalar param value. Accept array data via `.includes`
+  // sugar, fall back to strict equality otherwise. Reject param values
+  // that aren't comparable (objects/arrays without an explicit op) so
+  // malformed params don't silently match.
+  if (typeof paramValue === "object" && paramValue !== null) {
+    return false;
+  }
+  return scalarMatchesField(fieldValue, paramValue);
+}
+
+function scalarMatchesField(fieldValue: unknown, scalar: unknown): boolean {
+  if (Array.isArray(fieldValue)) {
+    return fieldValue.includes(scalar);
+  }
+  return fieldValue === scalar;
+}
+
 export class EventTriggerEngine {
   private static MAX_AUTOMATION_DEPTH = 3;
   private static MAX_EVENT_PAYLOAD_BYTES = 1_048_576; // 1MB
@@ -110,8 +175,27 @@ export class EventTriggerEngine {
   }
 
   /**
-   * Subset matching: all trigger params must exist and equal in event data.
-   * Extra fields in event data are ignored.
+   * Subset matching: every trigger param must be satisfied against the
+   * corresponding key in event data. Extra fields in event data are
+   * ignored.
+   *
+   * Supported param value shapes (per key):
+   *
+   *   "x"                              — exact equality (back-compat)
+   *   { op: "eq",       value: "x"   } — exact equality (explicit)
+   *   { op: "contains", value: "x"   } — substring (case-insensitive)
+   *                                       on string data; element check
+   *                                       on array data
+   *   { op: "in",       value: [...] } — any-of: data must equal one of
+   *                                       (or, if data is an array, must
+   *                                       overlap with) the listed values
+   *
+   * Array sugar for the back-compat string form: if `data[key]` is an
+   * array of strings/numbers and the param value is a scalar, we treat
+   * it as `array.includes(value)`. This is what unlocks filters like
+   * `labelIds: "INBOX"` on a Gmail message whose `labelIds` is
+   * `["INBOX", "IMPORTANT"]` — without breaking any existing strict-
+   * equal usage (an array would never `===` a scalar).
    */
   private paramsMatch(
     triggerParams: string | null,
@@ -134,12 +218,14 @@ export class EventTriggerEngine {
       return false;
     }
 
-    const params = parsed as Record<string, string>;
+    const params = parsed as Record<string, unknown>;
     if (Object.keys(params).length === 0) return true;
     if (typeof eventData !== "object" || eventData === null) return false;
 
     const data = eventData as Record<string, unknown>;
-    return Object.entries(params).every(([key, value]) => data[key] === value);
+    return Object.entries(params).every(([key, paramValue]) =>
+      paramMatchesField(data[key], paramValue),
+    );
   }
 
   /**
diff --git a/apps/mesh/src/automations/fire.test.ts b/apps/mesh/src/automations/fire.test.ts
index 3ac56f25e7..1552aa9050 100644
--- a/apps/mesh/src/automations/fire.test.ts
+++ b/apps/mesh/src/automations/fire.test.ts
@@ -23,7 +23,6 @@ function makeAutomation(overrides?: Partial<Automation>): Automation {
     name: "Test Automation",
     active: true,
     created_by: USER_ID,
-    agent: JSON.stringify({ id: "agent_1" }),
     messages: JSON.stringify([
       {
         id: "m1",
@@ -37,7 +36,7 @@ function makeAutomation(overrides?: Partial<Automation>): Automation {
       credentialId: "cred_1",
     }),
     temperature: 0.5,
-    virtual_mcp_id: null,
+    virtual_mcp_id: "agent_1",
     created_at: "2026-01-01T00:00:00Z",
     updated_at: "2026-01-01T00:00:00Z",
     ...overrides,
@@ -62,7 +61,10 @@ function makeStorage(
 function makeMeshContext(orgId: string): MeshContext {
   return {
     organization: { id: orgId, slug: "test", name: "Test Org" },
-    storage: { threads: { _orgId: orgId } },
+    storage: {
+      threads: { _orgId: orgId },
+      organizationSettings: { get: mock(() => Promise.resolve(null)) },
+    },
   } as unknown as MeshContext;
 }
 
diff --git a/apps/mesh/src/automations/fire.ts b/apps/mesh/src/automations/fire.ts
index f270cecbcc..62e020fcb0 100644
--- a/apps/mesh/src/automations/fire.ts
+++ b/apps/mesh/src/automations/fire.ts
@@ -20,6 +20,7 @@ import type { MeshContext } from "@/core/mesh-context";
 import type { AutomationsStorage } from "@/storage/automations";
 import type { Automation } from "@/storage/types";
 import { buildStreamRequest } from "./build-stream-request";
+import { resolveTierOverride } from "./resolve-tier-override";
 import type { Semaphore } from "./semaphore";
 
 // ============================================================================
@@ -122,7 +123,17 @@ export async function fireAutomation(opts: {
 
     let runError: string | undefined;
     try {
-      const request = buildStreamRequest(automation, triggerId, taskId);
+      // For tier-based automations, resolve the live model from the org's
+      // current Simple Mode slot — fetches fresh capabilities / limits /
+      // title from the AI provider so downstream gates (model-compat,
+      // max-tokens cap) see the right metadata.
+      const tierOverride = await resolveTierOverride(ctx, automation);
+      const request = buildStreamRequest(
+        automation,
+        triggerId,
+        taskId,
+        tierOverride,
+      );
       if (contextMessages) {
         request.messages = [
           ...request.messages,
diff --git a/apps/mesh/src/automations/resolve-tier-override.test.ts b/apps/mesh/src/automations/resolve-tier-override.test.ts
new file mode 100644
index 0000000000..859bd82220
--- /dev/null
+++ b/apps/mesh/src/automations/resolve-tier-override.test.ts
@@ -0,0 +1,166 @@
+import { describe, expect, it, mock } from "bun:test";
+import type { MeshContext } from "@/core/mesh-context";
+import { resolveTierOverride } from "./resolve-tier-override";
+
+type SettingsValue = {
+  simple_mode: {
+    enabled: boolean;
+    chat: Record<
+      "fast" | "smart" | "thinking",
+      { keyId: string; modelId: string; title?: string } | null
+    >;
+  } | null;
+} | null;
+
+function makeCtx(opts: {
+  settings: SettingsValue;
+  models?: Array<{
+    modelId: string;
+    title: string;
+    providerId: string;
+    capabilities: Array<
+      "text" | "image" | "vision" | "audio" | "video" | "file" | "reasoning"
+    >;
+    limits: { contextWindow: number; maxOutputTokens: number | null } | null;
+  }>;
+  listModelsThrows?: boolean;
+}): MeshContext {
+  return {
+    storage: {
+      organizationSettings: {
+        get: mock(() => Promise.resolve(opts.settings)),
+      },
+    },
+    aiProviders: {
+      listModels: mock(() => {
+        if (opts.listModelsThrows) {
+          return Promise.reject(new Error("provider unavailable"));
+        }
+        return Promise.resolve(opts.models ?? []);
+      }),
+    },
+  } as unknown as MeshContext;
+}
+
+describe("resolveTierOverride", () => {
+  it("returns null when models has no tier", async () => {
+    const ctx = makeCtx({ settings: null });
+    const result = await resolveTierOverride(ctx, {
+      models: JSON.stringify({ credentialId: "c", thinking: { id: "m" } }),
+      organization_id: "org_1",
+    });
+    expect(result).toBeNull();
+  });
+
+  it("returns null when simple mode is disabled", async () => {
+    const ctx = makeCtx({
+      settings: {
+        simple_mode: {
+          enabled: false,
+          chat: {
+            fast: null,
+            smart: { keyId: "k", modelId: "m" },
+            thinking: null,
+          },
+        },
+      },
+    });
+    const result = await resolveTierOverride(ctx, {
+      models: JSON.stringify({ tier: "smart" }),
+      organization_id: "org_1",
+    });
+    expect(result).toBeNull();
+  });
+
+  it("returns null when the configured tier slot is unset", async () => {
+    const ctx = makeCtx({
+      settings: {
+        simple_mode: {
+          enabled: true,
+          chat: { fast: null, smart: null, thinking: null },
+        },
+      },
+    });
+    const result = await resolveTierOverride(ctx, {
+      models: JSON.stringify({ tier: "smart" }),
+      organization_id: "org_1",
+    });
+    expect(result).toBeNull();
+  });
+
+  it("translates ModelInfo into the thinking shape with capability flags", async () => {
+    const ctx = makeCtx({
+      settings: {
+        simple_mode: {
+          enabled: true,
+          chat: {
+            fast: null,
+            smart: { keyId: "k_smart", modelId: "claude-3-5-sonnet" },
+            thinking: null,
+          },
+        },
+      },
+      models: [
+        {
+          modelId: "claude-3-5-sonnet",
+          title: "Claude 3.5 Sonnet",
+          providerId: "anthropic",
+          capabilities: ["text", "vision", "file", "reasoning"],
+          limits: { contextWindow: 200_000, maxOutputTokens: 8192 },
+        },
+      ],
+    });
+    const result = await resolveTierOverride(ctx, {
+      models: JSON.stringify({ tier: "smart" }),
+      organization_id: "org_1",
+    });
+    expect(result).toEqual({
+      credentialId: "k_smart",
+      thinking: {
+        id: "claude-3-5-sonnet",
+        title: "Claude 3.5 Sonnet",
+        provider: "anthropic",
+        capabilities: {
+          vision: true,
+          text: true,
+          reasoning: true,
+          file: true,
+        },
+        limits: { contextWindow: 200_000, maxOutputTokens: 8192 },
+      },
+    });
+  });
+
+  it("falls back to slot-only override when listModels throws", async () => {
+    const ctx = makeCtx({
+      settings: {
+        simple_mode: {
+          enabled: true,
+          chat: {
+            fast: null,
+            smart: { keyId: "k", modelId: "m", title: "Stored Title" },
+            thinking: null,
+          },
+        },
+      },
+      listModelsThrows: true,
+    });
+    const result = await resolveTierOverride(ctx, {
+      models: JSON.stringify({ tier: "smart" }),
+      organization_id: "org_1",
+    });
+    expect(result).toEqual({
+      credentialId: "k",
+      thinking: { id: "m", title: "Stored Title" },
+    });
+  });
+
+  it("returns null on malformed models JSON", async () => {
+    const ctx = makeCtx({ settings: null });
+    const result = await resolveTierOverride(ctx, {
+      models: "{not json",
+      organization_id: "org_1",
+    });
+    expect(result).toBeNull();
+  });
+});
diff --git a/apps/mesh/src/automations/resolve-tier-override.ts b/apps/mesh/src/automations/resolve-tier-override.ts
new file mode 100644
index 0000000000..8637dd2f76
--- /dev/null
+++ b/apps/mesh/src/automations/resolve-tier-override.ts
@@ -0,0 +1,103 @@
+/**
+ * Resolve Tier Override
+ *
+ * Server-side counterpart to the chat path's "look up the live model when
+ * Simple Mode is on" logic (see chat-context.tsx). When an automation row
+ * carries `models.tier` and the org has Simple Mode enabled, we fetch the
+ * full ModelInfo from the AI provider and translate it into the `thinking`
+ * shape consumed by streamCore / model-compat / max-tokens cap.
+ *
+ * Returns null when:
+ * - the automation has no tier intent (legacy / explicit pick)
+ * - Simple Mode is disabled for the org
+ * - the configured tier slot is unset
+ *
+ * Falls back to a slot-only override (no fresh metadata) if the AI
+ * provider's listModels call fails — this matches the prior behavior of
+ * "at least swap the credential and id" when the provider is flaky, but
+ * still skips downstream capability gates which would break against a
+ * model whose metadata we can't read.
+ */
+
+import type { MeshContext } from "@/core/mesh-context";
+import type { TierOverride } from "./build-stream-request";
+
+type SimpleModeChat = {
+  enabled: boolean;
+  chat?: Record<
+    "fast" | "smart" | "thinking",
+    { keyId: string; modelId: string; title?: string } | null
+  > | null;
+};
+
+export async function resolveTierOverride(
+  ctx: MeshContext,
+  automation: { models: string; organization_id: string },
+): Promise<TierOverride | null> {
+  let parsed: { tier?: "fast" | "smart" | "thinking" };
+  try {
+    parsed = JSON.parse(automation.models);
+  } catch {
+    return null;
+  }
+  const tier = parsed.tier;
+  if (!tier) return null;
+
+  const settings = await ctx.storage.organizationSettings.get(
+    automation.organization_id,
+  );
+  const simpleMode = settings?.simple_mode as SimpleModeChat | null | undefined;
+  if (!simpleMode?.enabled) return null;
+  const slot = simpleMode.chat?.[tier];
+  if (!slot) return null;
+
+  let title = slot.title ?? slot.modelId;
+  let provider: string | null | undefined;
+  let capabilities: TierOverride["thinking"]["capabilities"];
+  let limits: TierOverride["thinking"]["limits"];
+
+  try {
+    const list = await ctx.aiProviders.listModels(
+      slot.keyId,
+      automation.organization_id,
+    );
+    const modelInfo = list.find((m) => m.modelId === slot.modelId);
+    if (modelInfo) {
+      title = modelInfo.title ?? title;
+      provider = modelInfo.providerId;
+      const caps = modelInfo.capabilities;
+      capabilities =
+        caps && caps.length > 0
+          ? {
+              vision:
+                caps.includes("vision") || caps.includes("image") || undefined,
+              text: caps.includes("text") || undefined,
+              reasoning: caps.includes("reasoning") || undefined,
+              file: caps.includes("file") || undefined,
+            }
+          : undefined;
+      limits = modelInfo.limits
+        ? {
+            contextWindow: modelInfo.limits.contextWindow,
+            maxOutputTokens: modelInfo.limits.maxOutputTokens ?? undefined,
+          }
+        : undefined;
+    }
+  } catch (err) {
+    console.warn(
+      `[resolveTierOverride] Failed to fetch model metadata for tier=${tier} keyId=${slot.keyId}:`,
+      err instanceof Error ? err.message : err,
+    );
+  }
+
+  return {
+    credentialId: slot.keyId,
+    thinking: {
+      id: slot.modelId,
+      title,
+      ...(provider !== undefined ? { provider } : {}),
+      ...(capabilities ? { capabilities } : {}),
+      ...(limits ? { limits } : {}),
+    },
+  };
+}
diff --git a/apps/mesh/src/cli.ts b/apps/mesh/src/cli.ts
index 8a8c745b95..09c3fa4ff5 100644
--- a/apps/mesh/src/cli.ts
+++ b/apps/mesh/src/cli.ts
@@ -64,6 +64,8 @@ const { values, positionals } = parseArgs({
       type: "boolean",
       default: false,
     },
+    target: { type: "string" },
+    env: { type: "string", short: "e" },
   },
   allowPositionals: true,
 });
@@ -74,11 +76,13 @@ if (values.help) {
 Deco CMS — Open-source control plane for your AI agents
 
 Usage:
-  deco [options]                  Start server with Ink UI
-  deco dev [options]              Start dev server (Vite + hot reload)
-  deco services <up|down|status>  Manage services (Postgres, NATS)
-  deco init <directory>           Scaffold a new MCP app
-  deco completion [shell]         Install shell completions
+  deco [options]                     Start server with Ink UI
+  deco dev [options]                 Start dev server (Vite + hot reload)
+  deco services <up|down|status>     Manage services (Postgres, NATS)
+  deco init <directory>              Scaffold a new MCP app
+  deco auth <login|whoami|logout>    Manage CLI authentication
+  deco link [options] [-- <cmd>]     Tunnel a local port to a stable deco.host URL
+  deco completion [shell]            Install shell completions
 
 Server Options:
   -p, --port <port>     Port to listen on (default: 3000, or PORT env var)
@@ -95,6 +99,15 @@ Dev Options:
   --vite-port <port>    Vite dev server port (default: 4000)
   --base-url <url>      Base URL for the server
 
+Auth Options:
+  --target <url>        Decocms target (default: https://studio.decocms.com)
+
+Link Options:
+  -p, --port <port>     Local port to tunnel (default: 8787)
+  -e, --env <name>      Env var to inject the tunnel URL into when spawning
+                        a child command (default: BASE_URL)
+  -- <command>          Optional command to spawn after the tunnel opens
+
 Environment Variables:
   PORT                  Port to listen on (default: 3000)
   DATA_DIR              Data directory (default: ~/deco/)
@@ -106,15 +119,12 @@ Environment Variables:
 Examples:
   deco                            Start with defaults (~/deco/)
   deco -p 8080                    Start on port 8080
-  deco --home ~/my-project        Custom data directory
-  deco --no-local-mode             Disable auto-login (production)
   deco dev                        Start dev server
-  deco dev --vite-port 5000       Dev server with custom Vite port
-  deco services up                Start Postgres and NATS
-  deco services status            Show service status
-  deco services down              Stop services
   deco init my-app                Scaffold a new MCP app
-  deco --no-tui                   Start without terminal UI
+  deco auth login                 Log in to studio.decocms.com
+  deco auth whoami                Show current session
+  deco link -p 3000 -- bun dev    Tunnel localhost:3000, run "bun dev"
+  deco link -p 8787               Tunnel an already-running service on 8787
 
 Documentation:
   https://decocms.com/studio
@@ -185,6 +195,75 @@ if (command === "services") {
   process.exit(0);
 }
 
+// ── Auth / Link helpers ────────────────────────────────────────────────
+function resolveDataDir(): string {
+  return (
+    values.home ||
+    process.env.DATA_DIR ||
+    process.env.DECOCMS_HOME ||
+    join(homedir(), "deco")
+  );
+}
+
+// ── Auth command ───────────────────────────────────────────────────────
+if (command === "auth") {
+  const sub = positionals[1];
+  const dataDir = resolveDataDir();
+
+  if (sub === "login") {
+    const { loginCommand } = await import("./cli/commands/auth/login");
+    const code = await loginCommand({
+      dataDir,
+      target: values.target,
+    });
+    process.exit(code);
+  }
+  if (sub === "whoami") {
+    const { whoamiCommand } = await import("./cli/commands/auth/whoami");
+    const code = await whoamiCommand({ dataDir });
+    process.exit(code);
+  }
+  if (sub === "logout") {
+    const { logoutCommand } = await import("./cli/commands/auth/logout");
+    const code = await logoutCommand({ dataDir });
+    process.exit(code);
+  }
+  console.error(`Usage: decocms auth <login|whoami|logout>`);
+  process.exit(1);
+}
+
+// ── Link command ───────────────────────────────────────────────────────
+if (command === "link") {
+  const dataDir = resolveDataDir();
+  const port = Number(values.port);
+  if (!Number.isInteger(port) || port <= 0) {
+    console.error(`Invalid --port value: ${values.port}`);
+    process.exit(1);
+  }
+  const env = values.env ?? "BASE_URL";
+
+  // Trailing args after `--` are the run command. parseArgs gives us positionals
+  // including everything after `--`; we re-derive the boundary from the raw argv.
+  const dashDashIdx = process.argv.indexOf("--");
+  const runCommand =
+    dashDashIdx >= 0 ? process.argv.slice(dashDashIdx + 1) : [];
+
+  const { linkCommand } = await import("./cli/commands/link");
+  const result = linkCommand({
+    cwd: process.cwd(),
+    dataDir,
+    port,
+    env,
+    runCommand,
+  });
+
+  // Forward Ctrl-C to the link command for graceful shutdown.
+  process.on("SIGINT", () => void result.cancel());
+  process.on("SIGTERM", () => void result.cancel());
+
+  process.exit(await result.exit);
+}
+
 // ── Dev command (Ink TUI + dev servers) ─────────────────────────────────
 if (command === "dev") {
   const decoHome =
@@ -249,7 +328,10 @@ if (command === "dev") {
   }
 }
 
-if (command && !["init", "completion", "dev", "services"].includes(command)) {
+if (
+  command &&
+  !["init", "completion", "dev", "services", "auth", "link"].includes(command)
+) {
   console.error(`Unknown command: ${command}`);
   process.exit(1);
 }
diff --git a/apps/mesh/src/cli/build-child-env.ts b/apps/mesh/src/cli/build-child-env.ts
index ad45abc837..b18163d4c2 100644
--- a/apps/mesh/src/cli/build-child-env.ts
+++ b/apps/mesh/src/cli/build-child-env.ts
@@ -37,7 +37,6 @@ export function buildChildEnv(
     ENCRYPTION_KEY: settings.encryptionKey,
     MESH_JWT_SECRET: settings.meshJwtSecret,
     DECOCMS_LOCAL_MODE: String(settings.localMode),
-    DECOCMS_ALLOW_LOCAL_PROD: String(settings.allowLocalProd),
     DISABLE_RATE_LIMIT: String(settings.disableRateLimit),
     STUDIO_PROVISION_SECRET_KEY: settings.studioProvisionSecretKey,
 
@@ -49,9 +48,6 @@ export function buildChildEnv(
       Object.entries(process.env).filter(([k]) => k.startsWith("AUTH_")),
     ),
 
-    // Transport
-    UNSAFE_ALLOW_STDIO_TRANSPORT: String(settings.unsafeAllowStdioTransport),
-
     // AI Gateway
     DECO_AI_GATEWAY_ENABLED: String(settings.aiGatewayEnabled),
     DECO_AI_GATEWAY_URL: settings.aiGatewayUrl,
@@ -70,12 +66,33 @@ export function buildChildEnv(
     // Observability
     OTEL_SERVICE_NAME: settings.otelServiceName,
     CLICKHOUSE_URL: settings.clickhouseUrl,
+    OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
+    OTEL_EXPORTER_OTLP_PROTOCOL: process.env.OTEL_EXPORTER_OTLP_PROTOCOL,
+    OTEL_RESOURCE_ATTRIBUTES: process.env.OTEL_RESOURCE_ATTRIBUTES,
 
     // External service credentials
     DECO_SUPABASE_URL: settings.decoSupabaseUrl,
     DECO_SUPABASE_SERVICE_KEY: settings.decoSupabaseServiceKey,
     FIRECRAWL_API_KEY: settings.firecrawlApiKey,
 
+    // Sandbox runner: read from env by resolveRunnerKindFromEnv() in workers
+    STUDIO_SANDBOX_RUNNER: process.env.STUDIO_SANDBOX_RUNNER,
+    STUDIO_SANDBOX_TEMPLATE_NAME: process.env.STUDIO_SANDBOX_TEMPLATE_NAME,
+    STUDIO_ENV: process.env.STUDIO_ENV,
+    STUDIO_SANDBOX_PREVIEW_URL_PATTERN:
+      process.env.STUDIO_SANDBOX_PREVIEW_URL_PATTERN,
+    STUDIO_SANDBOX_PREVIEW_GATEWAY_NAME:
+      process.env.STUDIO_SANDBOX_PREVIEW_GATEWAY_NAME,
+    STUDIO_SANDBOX_PREVIEW_GATEWAY_NAMESPACE:
+      process.env.STUDIO_SANDBOX_PREVIEW_GATEWAY_NAMESPACE,
+    STUDIO_SANDBOX_SENTINEL_TOKEN: process.env.STUDIO_SANDBOX_SENTINEL_TOKEN,
+    KUBERNETES_SERVICE_HOST: process.env.KUBERNETES_SERVICE_HOST,
+    KUBERNETES_SERVICE_PORT: process.env.KUBERNETES_SERVICE_PORT,
+    FREESTYLE_API_KEY: process.env.FREESTYLE_API_KEY,
+
+    // Browserless
+    BROWSERLESS_TOKEN: process.env.BROWSERLESS_TOKEN,
+
     // TLS: propagate custom CA certificates (e.g. RDS CA bundles)
     NODE_EXTRA_CA_CERTS: process.env.NODE_EXTRA_CA_CERTS,
 
diff --git a/apps/mesh/src/cli/commands/auth/login.test.ts b/apps/mesh/src/cli/commands/auth/login.test.ts
new file mode 100644
index 0000000000..1052341db4
--- /dev/null
+++ b/apps/mesh/src/cli/commands/auth/login.test.ts
@@ -0,0 +1,202 @@
+import {
+  afterEach,
+  beforeEach,
+  describe,
+  expect,
+  it,
+  mock,
+  spyOn,
+} from "bun:test";
+import { mkdtemp, rm } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { readSession } from "../../lib/session";
+import { loginCommand } from "./login";
+
+let dir: string;
+let logSpy: ReturnType<typeof spyOn>;
+let errSpy: ReturnType<typeof spyOn>;
+
+beforeEach(async () => {
+  dir = await mkdtemp(join(tmpdir(), "deco-login-"));
+  logSpy = spyOn(console, "log").mockImplementation(() => {});
+  errSpy = spyOn(console, "error").mockImplementation(() => {});
+});
+
+afterEach(async () => {
+  logSpy.mockRestore();
+  errSpy.mockRestore();
+  await rm(dir, { recursive: true, force: true });
+});
+
+/**
+ * Stand up a fake decocms server that handles dynamic registration, the
+ * authorize redirect (back to the CLI's callback with a code), the token
+ * exchange, and userinfo. The mock simulates the browser by hitting the
+ * CLI's callback URL inside `openBrowser`.
+ */
+function mockTarget(target: string) {
+  let issuedClientId: string | undefined;
+  let issuedAccessToken: string | undefined;
+  let issuedCode: string | undefined;
+  let pkceVerifier: string | undefined;
+
+  const fetchMock = mock(async (url: string, init?: RequestInit) => {
+    if (url === `${target}/api/auth/mcp/register`) {
+      issuedClientId = `client_${Math.random().toString(36).slice(2, 8)}`;
+      return new Response(
+        JSON.stringify({
+          client_id: issuedClientId,
+          redirect_uris: ["http://127.0.0.1:0/"],
+        }),
+        { status: 200, headers: { "content-type": "application/json" } },
+      );
+    }
+    if (url === `${target}/api/auth/mcp/token`) {
+      const body = new URLSearchParams(init?.body as string);
+      pkceVerifier = body.get("code_verifier") ?? undefined;
+      issuedAccessToken = `at_${Math.random().toString(36).slice(2, 10)}`;
+      expect(body.get("grant_type")).toBe("authorization_code");
+      expect(body.get("code")).toBe(issuedCode ?? "");
+      expect(body.get("client_id")).toBe(issuedClientId ?? "");
+      const idTokenPayload = Buffer.from(
+        JSON.stringify({
+          sub: "user-123",
+          email: "tlgimenes@gmail.com",
+          name: "TL Gimenes",
+        }),
+      ).toString("base64url");
+      const idToken = `header.${idTokenPayload}.signature`;
+      return new Response(
+        JSON.stringify({
+          access_token: issuedAccessToken,
+          token_type: "Bearer",
+          expires_in: 3600,
+          refresh_token: "rt_xyz",
+          id_token: idToken,
+        }),
+        { status: 200, headers: { "content-type": "application/json" } },
+      );
+    }
+    throw new Error(`Unexpected fetch: ${url}`);
+  });
+
+  const openBrowser = mock(async (url: string) => {
+    const parsed = new URL(url);
+    const redirectUri = parsed.searchParams.get("redirect_uri")!;
+    const state = parsed.searchParams.get("state")!;
+    expect(parsed.searchParams.get("client_id")).toBe(issuedClientId ?? "");
+    expect(parsed.searchParams.get("response_type")).toBe("code");
+    expect(parsed.searchParams.get("code_challenge_method")).toBe("S256");
+    expect(parsed.searchParams.get("code_challenge")).toMatch(
+      /^[A-Za-z0-9_-]+$/,
+    );
+    issuedCode = `code_${Math.random().toString(36).slice(2, 8)}`;
+    // Simulate the browser hitting the CLI callback after auth.
+    await new Promise((r) => setTimeout(r, 10));
+    await fetch(`${redirectUri}?code=${issuedCode}&state=${state}`);
+  });
+
+  return {
+    fetchMock,
+    openBrowser,
+    getIssuedAccessToken: () => issuedAccessToken,
+    getIssuedClientId: () => issuedClientId,
+    getPkceVerifier: () => pkceVerifier,
+  };
+}
+
+describe("loginCommand", () => {
+  it("performs the full OAuth flow and persists a session", async () => {
+    const target = "https://studio.decocms.com";
+    const m = mockTarget(target);
+
+    const code = await loginCommand({
+      dataDir: dir,
+      target,
+      openBrowser: m.openBrowser,
+      fetch: m.fetchMock,
+    });
+
+    expect(code).toBe(0);
+
+    const session = await readSession(dir);
+    expect(session?.target).toBe(target);
+    expect(session?.clientId).toBe(m.getIssuedClientId());
+    expect(session?.accessToken).toBe(m.getIssuedAccessToken());
+    expect(session?.refreshToken).toBe("rt_xyz");
+    expect(session?.user.sub).toBe("user-123");
+    expect(session?.user.email).toBe("tlgimenes@gmail.com");
+    expect(session?.expiresAt).toBeGreaterThan(0);
+
+    // PKCE verifier was actually sent to the token endpoint.
+    expect(m.getPkceVerifier()).toMatch(/^[A-Za-z0-9_-]+$/);
+  });
+
+  it("defaults the target to https://studio.decocms.com", async () => {
+    const m = mockTarget("https://studio.decocms.com");
+    let openedUrl: string | undefined;
+    const captureOpen = mock(async (url: string) => {
+      openedUrl = url;
+      await m.openBrowser(url);
+    });
+
+    await loginCommand({
+      dataDir: dir,
+      openBrowser: captureOpen,
+      fetch: m.fetchMock,
+    });
+    expect(openedUrl).toMatch(/^https:\/\/studio\.decocms\.com\/login\?/);
+  });
+
+  it("returns non-zero and writes no session when token exchange fails", async () => {
+    const target = "https://studio.decocms.com";
+    const fetchMock = mock(async (url: string) => {
+      if (url.endsWith("/register")) {
+        return new Response(JSON.stringify({ client_id: "client_x" }), {
+          status: 200,
+          headers: { "content-type": "application/json" },
+        });
+      }
+      if (url.endsWith("/token")) {
+        return new Response("invalid_grant", { status: 400 });
+      }
+      throw new Error(`Unexpected: ${url}`);
+    });
+    const openBrowser = mock(async (url: string) => {
+      const parsed = new URL(url);
+      const callback = parsed.searchParams.get("redirect_uri")!;
+      const state = parsed.searchParams.get("state")!;
+      await new Promise((r) => setTimeout(r, 10));
+      await fetch(`${callback}?code=c&state=${state}`);
+    });
+    const code = await loginCommand({
+      dataDir: dir,
+      target,
+      openBrowser,
+      fetch: fetchMock,
+    });
+    expect(code).not.toBe(0);
+    expect(await readSession(dir)).toBeNull();
+  });
+
+  it("returns non-zero when client registration fails", async () => {
+    const fetchMock = mock(async (url: string) => {
+      if (url.endsWith("/register")) {
+        return new Response("forbidden", { status: 403 });
+      }
+      throw new Error(`Unexpected: ${url}`);
+    });
+    const openBrowser = mock(async () => {
+      throw new Error("openBrowser should not be called");
+    });
+    const code = await loginCommand({
+      dataDir: dir,
+      target: "https://studio.decocms.com",
+      openBrowser,
+      fetch: fetchMock,
+    });
+    expect(code).not.toBe(0);
+    expect(await readSession(dir)).toBeNull();
+  });
+});
diff --git a/apps/mesh/src/cli/commands/auth/login.ts b/apps/mesh/src/cli/commands/auth/login.ts
new file mode 100644
index 0000000000..1b65edc7ce
--- /dev/null
+++ b/apps/mesh/src/cli/commands/auth/login.ts
@@ -0,0 +1,223 @@
+import { spawn } from "node:child_process";
+import { randomUUID } from "node:crypto";
+import { startOAuthCallbackServer } from "../../lib/oauth-callback";
+import { generatePkcePair } from "../../lib/pkce";
+import { type Session, writeSession } from "../../lib/session";
+
+export interface LoginOptions {
+  dataDir: string;
+  target?: string;
+  /** Injectable for tests. Defaults to opening the user's default browser. */
+  openBrowser?: (url: string) => Promise<void>;
+  /** Injectable for tests. */
+  fetch?: (input: string, init?: RequestInit) => Promise<Response>;
+}
+
+const DEFAULT_TARGET = "https://studio.decocms.com";
+
+const SCOPES = "openid profile email offline_access";
+
+interface RegisterResponse {
+  client_id: string;
+}
+
+interface TokenResponse {
+  access_token: string;
+  refresh_token?: string;
+  id_token?: string;
+  expires_in?: number;
+  token_type?: string;
+}
+
+interface IdTokenClaims {
+  sub: string;
+  email?: string;
+  name?: string;
+}
+
+export async function loginCommand(options: LoginOptions): Promise<number> {
+  const target = (options.target ?? DEFAULT_TARGET).replace(/\/$/, "");
+  const fetchImpl = options.fetch ?? fetch;
+  const openImpl = options.openBrowser ?? defaultOpenBrowser;
+
+  const state = randomUUID();
+  const pkce = generatePkcePair();
+
+  const server = await startOAuthCallbackServer({ expectedState: state });
+  try {
+    const redirectUri = `${server.url}/`;
+
+    // 1. Dynamically register this CLI install as an OAuth client.
+    const clientId = await registerClient(fetchImpl, target, redirectUri);
+
+    // 2. Build the /login URL — this triggers the existing OAuth-aware login UI,
+    //    which routes to /api/auth/mcp/authorize after the user signs in.
+    const params = new URLSearchParams({
+      client_id: clientId,
+      redirect_uri: redirectUri,
+      response_type: "code",
+      state,
+      scope: SCOPES,
+      code_challenge: pkce.challenge,
+      code_challenge_method: "S256",
+    });
+    const url = `${target}/login?${params.toString()}`;
+
+    console.log(`Opening ${url} in your browser...`);
+    await openImpl(url);
+
+    // 3. Wait for the browser to redirect back with an authorization code.
+    const { code } = await server.waitForCallback();
+
+    // 4. Exchange the code for an access + id token.
+    const token = await exchangeToken(
+      fetchImpl,
+      target,
+      clientId,
+      code,
+      redirectUri,
+      pkce.verifier,
+    );
+
+    // 5. Read the user from the id_token (the OIDC standard way — userinfo
+    //    endpoint is advertised but not implemented upstream).
+    if (!token.id_token) {
+      throw new Error("Token endpoint returned no id_token");
+    }
+    const claims = decodeIdToken(token.id_token);
+
+    const session: Session = {
+      target,
+      clientId,
+      user: { sub: claims.sub, email: claims.email, name: claims.name },
+      accessToken: token.access_token,
+      refreshToken: token.refresh_token,
+      expiresAt: token.expires_in
+        ? Math.floor(Date.now() / 1000) + token.expires_in
+        : undefined,
+      createdAt: new Date().toISOString(),
+    };
+    await writeSession(options.dataDir, session);
+
+    console.log(`Logged in as ${claims.email ?? claims.sub}.`);
+    return 0;
+  } catch (err) {
+    console.error(
+      `Login failed: ${err instanceof Error ? err.message : String(err)}`,
+    );
+    return 1;
+  } finally {
+    server.close();
+  }
+}
+
+async function registerClient(
+  fetchImpl: (input: string, init?: RequestInit) => Promise<Response>,
+  target: string,
+  redirectUri: string,
+): Promise<string> {
+  const res = await fetchImpl(`${target}/api/auth/mcp/register`, {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: JSON.stringify({
+      client_name: "decocms-cli",
+      redirect_uris: [redirectUri],
+      grant_types: ["authorization_code", "refresh_token"],
+      response_types: ["code"],
+      token_endpoint_auth_method: "none",
+      application_type: "native",
+    }),
+  });
+  if (!res.ok) {
+    throw new Error(
+      `Client registration failed: HTTP ${res.status} ${await res.text().catch(() => "")}`,
+    );
+  }
+  const data = (await res.json()) as RegisterResponse;
+  if (typeof data?.client_id !== "string") {
+    throw new Error("Client registration returned no client_id");
+  }
+  return data.client_id;
+}
+
+async function exchangeToken(
+  fetchImpl: (input: string, init?: RequestInit) => Promise<Response>,
+  target: string,
+  clientId: string,
+  code: string,
+  redirectUri: string,
+  verifier: string,
+): Promise<TokenResponse> {
+  const body = new URLSearchParams({
+    grant_type: "authorization_code",
+    code,
+    redirect_uri: redirectUri,
+    client_id: clientId,
+    code_verifier: verifier,
+  });
+  const res = await fetchImpl(`${target}/api/auth/mcp/token`, {
+    method: "POST",
+    headers: { "content-type": "application/x-www-form-urlencoded" },
+    body: body.toString(),
+  });
+  if (!res.ok) {
+    throw new Error(
+      `Token exchange failed: HTTP ${res.status} ${await res.text().catch(() => "")}`,
+    );
+  }
+  const data = (await res.json()) as TokenResponse;
+  if (typeof data?.access_token !== "string") {
+    throw new Error("Token endpoint returned no access_token");
+  }
+  return data;
+}
+
+function decodeIdToken(idToken: string): IdTokenClaims {
+  const parts = idToken.split(".");
+  if (parts.length !== 3 || !parts[1]) {
+    throw new Error("id_token is not a valid JWT");
+  }
+  const payload = JSON.parse(
+    Buffer.from(parts[1], "base64url").toString("utf8"),
+  ) as Record<string, unknown>;
+  if (typeof payload.sub !== "string") {
+    throw new Error("id_token has no sub claim");
+  }
+  return {
+    sub: payload.sub,
+    email: typeof payload.email === "string" ? payload.email : undefined,
+    name: typeof payload.name === "string" ? payload.name : undefined,
+  };
+}
+
+async function defaultOpenBrowser(url: string): Promise<void> {
+  let command: string;
+  let args: string[];
+  switch (process.platform) {
+    case "darwin":
+      command = "open";
+      args = [url];
+      break;
+    case "win32":
+      command = "cmd";
+      args = ["/c", "start", "", url];
+      break;
+    default:
+      command = "xdg-open";
+      args = [url];
+      break;
+  }
+  await new Promise<void>((resolve) => {
+    const child = spawn(command, args, { stdio: "ignore", detached: true });
+    child.on("error", () => {
+      console.log(
+        `Could not open browser automatically. Please open this URL manually:\n  ${url}`,
+      );
+      resolve();
+    });
+    child.on("spawn", () => {
+      child.unref();
+      resolve();
+    });
+  });
+}
diff --git a/apps/mesh/src/cli/commands/auth/logout.test.ts b/apps/mesh/src/cli/commands/auth/logout.test.ts
new file mode 100644
index 0000000000..7aea34f77b
--- /dev/null
+++ b/apps/mesh/src/cli/commands/auth/logout.test.ts
@@ -0,0 +1,40 @@
+import { afterEach, beforeEach, describe, expect, it, spyOn } from "bun:test";
+import { mkdtemp, rm } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { readSession, writeSession } from "../../lib/session";
+import { logoutCommand } from "./logout";
+
+let dir: string;
+let logSpy: ReturnType<typeof spyOn>;
+
+beforeEach(async () => {
+  dir = await mkdtemp(join(tmpdir(), "deco-logout-"));
+  logSpy = spyOn(console, "log").mockImplementation(() => {});
+});
+
+afterEach(async () => {
+  logSpy.mockRestore();
+  await rm(dir, { recursive: true, force: true });
+});
+
+describe("logoutCommand", () => {
+  it("clears the session and exits 0 when logged in", async () => {
+    await writeSession(dir, {
+      target: "https://studio.decocms.com",
+      clientId: "client_abc",
+      user: { sub: "u_1", email: "tlgimenes@gmail.com" },
+      accessToken: "tok_abc",
+      createdAt: "2026-05-04T00:00:00.000Z",
+    });
+
+    const code = await logoutCommand({ dataDir: dir });
+    expect(code).toBe(0);
+    expect(await readSession(dir)).toBeNull();
+  });
+
+  it("is a no-op + exit 0 when no session is present", async () => {
+    const code = await logoutCommand({ dataDir: dir });
+    expect(code).toBe(0);
+  });
+});
diff --git a/apps/mesh/src/cli/commands/auth/logout.ts b/apps/mesh/src/cli/commands/auth/logout.ts
new file mode 100644
index 0000000000..7a531fe1e0
--- /dev/null
+++ b/apps/mesh/src/cli/commands/auth/logout.ts
@@ -0,0 +1,16 @@
+import { clearSession, readSession } from "../../lib/session";
+
+export interface LogoutOptions {
+  dataDir: string;
+}
+
+export async function logoutCommand(options: LogoutOptions): Promise<number> {
+  const session = await readSession(options.dataDir);
+  if (!session) {
+    console.log("Already logged out.");
+    return 0;
+  }
+  await clearSession(options.dataDir);
+  console.log("Logged out.");
+  return 0;
+}
diff --git a/apps/mesh/src/cli/commands/auth/whoami.test.ts b/apps/mesh/src/cli/commands/auth/whoami.test.ts
new file mode 100644
index 0000000000..654bdc91b4
--- /dev/null
+++ b/apps/mesh/src/cli/commands/auth/whoami.test.ts
@@ -0,0 +1,53 @@
+import { describe, it, expect, beforeEach, afterEach, spyOn } from "bun:test";
+import { mkdtemp, rm } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { writeSession } from "../../lib/session";
+import { whoamiCommand } from "./whoami";
+
+let dir: string;
+let logs: string[];
+let logSpy: ReturnType<typeof spyOn>;
+let errSpy: ReturnType<typeof spyOn>;
+
+beforeEach(async () => {
+  dir = await mkdtemp(join(tmpdir(), "deco-whoami-"));
+  logs = [];
+  logSpy = spyOn(console, "log").mockImplementation((msg: unknown) => {
+    logs.push(String(msg));
+  });
+  errSpy = spyOn(console, "error").mockImplementation((msg: unknown) => {
+    logs.push(String(msg));
+  });
+});
+
+afterEach(async () => {
+  logSpy.mockRestore();
+  errSpy.mockRestore();
+  await rm(dir, { recursive: true, force: true });
+});
+
+describe("whoamiCommand", () => {
+  it("prints session details and exits 0 when logged in", async () => {
+    await writeSession(dir, {
+      target: "https://studio.decocms.com",
+      clientId: "client_abc",
+      user: { sub: "u_1", email: "tlgimenes@gmail.com" },
+      accessToken: "tok",
+      createdAt: "2026-05-04T00:00:00.000Z",
+    });
+
+    const code = await whoamiCommand({ dataDir: dir });
+    const joined = logs.join("\n");
+
+    expect(code).toBe(0);
+    expect(joined).toContain("https://studio.decocms.com");
+    expect(joined).toContain("tlgimenes@gmail.com");
+  });
+
+  it("prints a hint and exits 1 when no session is present", async () => {
+    const code = await whoamiCommand({ dataDir: dir });
+    expect(code).toBe(1);
+    expect(logs.join("\n")).toMatch(/Not logged in.*decocms auth login/);
+  });
+});
diff --git a/apps/mesh/src/cli/commands/auth/whoami.ts b/apps/mesh/src/cli/commands/auth/whoami.ts
new file mode 100644
index 0000000000..06d5598c06
--- /dev/null
+++ b/apps/mesh/src/cli/commands/auth/whoami.ts
@@ -0,0 +1,16 @@
+import { readSession } from "../../lib/session";
+
+export interface WhoamiOptions {
+  dataDir: string;
+}
+
+export async function whoamiCommand(options: WhoamiOptions): Promise<number> {
+  const session = await readSession(options.dataDir);
+  if (!session) {
+    console.error("Not logged in. Run `decocms auth login` to authenticate.");
+    return 1;
+  }
+  console.log(`Target: ${session.target}`);
+  console.log(`User:   ${session.user.email ?? session.user.sub}`);
+  return 0;
+}
diff --git a/apps/mesh/src/cli/commands/link.test.ts b/apps/mesh/src/cli/commands/link.test.ts
new file mode 100644
index 0000000000..db5ad4f50d
--- /dev/null
+++ b/apps/mesh/src/cli/commands/link.test.ts
@@ -0,0 +1,346 @@
+import {
+  afterEach,
+  beforeEach,
+  describe,
+  expect,
+  it,
+  mock,
+  spyOn,
+} from "bun:test";
+import { mkdtemp, rm, writeFile } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { computeAppDomain } from "../lib/app-domain";
+import { writeSession } from "../lib/session";
+import { linkCommand, type SpawnFn, type TunnelOpener } from "./link";
+
+let dir: string;
+let cwdDir: string;
+let logSpy: ReturnType<typeof spyOn>;
+
+async function makeProject(name: string): Promise<string> {
+  const projectDir = await mkdtemp(join(tmpdir(), "deco-link-cwd-"));
+  await writeFile(
+    join(projectDir, "package.json"),
+    JSON.stringify({ name }, null, 2),
+  );
+  return projectDir;
+}
+
+beforeEach(async () => {
+  dir = await mkdtemp(join(tmpdir(), "deco-link-"));
+  logSpy = spyOn(console, "log").mockImplementation(() => {});
+});
+
+afterEach(async () => {
+  logSpy.mockRestore();
+  await rm(dir, { recursive: true, force: true });
+  if (cwdDir) await rm(cwdDir, { recursive: true, force: true });
+});
+
+describe("linkCommand", () => {
+  it("opens a tunnel to localhost-<sha1-8>.deco.host with the session token", async () => {
+    cwdDir = await makeProject("my-app");
+    await writeSession(dir, {
+      target: "https://studio.decocms.com",
+      clientId: "client_abc",
+      user: { sub: "u_1", email: "u@x" },
+      accessToken: "tok_link",
+      createdAt: "2026-05-04T00:00:00.000Z",
+    });
+
+    const expectedDomain = computeAppDomain("u_1", "my-app");
+    const tunnelOpener = mock<TunnelOpener>(async (params) => {
+      expect(params.domain).toBe(expectedDomain);
+      expect(params.localAddr).toBe("http://127.0.0.1:8787");
+      expect(params.apiKey).toBe("tok_link");
+      expect(params.server).toBe(`wss://${expectedDomain}`);
+      return { closed: new Promise<void>(() => {}), close: () => {} };
+    });
+
+    const port = 8787;
+    // Pretend the port is already listening so waitForPort returns instantly.
+    const portWaiter = mock(async () => "127.0.0.1");
+
+    const result = linkCommand({
+      cwd: cwdDir,
+      dataDir: dir,
+      port,
+      env: "BASE_URL",
+      runCommand: [],
+      tunnelOpener,
+      portWaiter,
+      copyClipboard: async () => true,
+      ensureSession: async () => null, // session is already present
+    });
+
+    // Give the command a tick to call tunnelOpener and reach the await on closed.
+    await new Promise((r) => setTimeout(r, 30));
+
+    expect(tunnelOpener).toHaveBeenCalledTimes(1);
+
+    // Cleanup so the test actually finishes.
+    await result.cancel();
+  });
+
+  it("auto-triggers ensureSession when no session is present", async () => {
+    cwdDir = await makeProject("my-app");
+    const ensureSession = mock(async () => ({
+      target: "https://studio.decocms.com",
+      clientId: "client_x",
+      user: { sub: "u", email: "u@x" },
+      accessToken: "tok",
+      createdAt: "2026-05-04T00:00:00.000Z",
+    }));
+    const tunnelOpener = mock<TunnelOpener>(async () => ({
+      closed: new Promise<void>(() => {}),
+      close: () => {},
+    }));
+
+    const result = linkCommand({
+      cwd: cwdDir,
+      dataDir: dir,
+      port: 8787,
+      env: "BASE_URL",
+      runCommand: [],
+      tunnelOpener,
+      portWaiter: async () => "127.0.0.1",
+      copyClipboard: async () => false,
+      ensureSession,
+    });
+
+    await new Promise((r) => setTimeout(r, 30));
+    expect(ensureSession).toHaveBeenCalledTimes(1);
+    expect(tunnelOpener).toHaveBeenCalledTimes(1);
+    await result.cancel();
+  });
+
+  it("reconnects when the tunnel closes mid-session", async () => {
+    cwdDir = await makeProject("my-app");
+    await writeSession(dir, {
+      target: "https://studio.decocms.com",
+      clientId: "client_x",
+      user: { sub: "u", email: "u@x" },
+      accessToken: "tok",
+      createdAt: "2026-05-04T00:00:00.000Z",
+    });
+
+    let openCount = 0;
+    const tunnelOpener = mock<TunnelOpener>(async () => {
+      openCount += 1;
+      // First call: a tunnel that closes immediately. Second: never closes.
+      if (openCount === 1) {
+        return { closed: Promise.resolve(), close: () => {} };
+      }
+      return { closed: new Promise<void>(() => {}), close: () => {} };
+    });
+
+    const result = linkCommand({
+      cwd: cwdDir,
+      dataDir: dir,
+      port: 8787,
+      env: "BASE_URL",
+      runCommand: [],
+      tunnelOpener,
+      portWaiter: async () => "127.0.0.1",
+      copyClipboard: async () => false,
+      ensureSession: async () => null,
+      reconnectDelayMs: 5,
+    });
+
+    // Allow time for the first tunnel to close and reconnect.
+    await new Promise((r) => setTimeout(r, 60));
+    expect(openCount).toBeGreaterThanOrEqual(2);
+    await result.cancel();
+  });
+
+  it("logs and retries when tunnelOpener throws (e.g. registration timeout)", async () => {
+    cwdDir = await makeProject("my-app");
+    await writeSession(dir, {
+      target: "https://studio.decocms.com",
+      clientId: "client_x",
+      user: { sub: "u", email: "u@x" },
+      accessToken: "tok",
+      createdAt: "2026-05-04T00:00:00.000Z",
+    });
+
+    const errMessages: string[] = [];
+    const errSpy = spyOn(console, "error").mockImplementation(
+      (msg: unknown) => {
+        errMessages.push(String(msg));
+      },
+    );
+
+    let openCount = 0;
+    const tunnelOpener = mock<TunnelOpener>(async () => {
+      openCount += 1;
+      if (openCount === 1) {
+        throw new Error("Tunnel registration timed out after 15s");
+      }
+      return { closed: new Promise<void>(() => {}), close: () => {} };
+    });
+
+    const result = linkCommand({
+      cwd: cwdDir,
+      dataDir: dir,
+      port: 8787,
+      env: "BASE_URL",
+      runCommand: [],
+      tunnelOpener,
+      portWaiter: async () => "127.0.0.1",
+      copyClipboard: async () => false,
+      ensureSession: async () => null,
+      reconnectDelayMs: 5,
+    });
+
+    await new Promise((r) => setTimeout(r, 50));
+    expect(openCount).toBeGreaterThanOrEqual(2);
+    expect(
+      errMessages.some((m) =>
+        m.includes(
+          "Tunnel connect failed, retrying: Tunnel registration timed out",
+        ),
+      ),
+    ).toBe(true);
+    await result.cancel();
+    errSpy.mockRestore();
+  });
+
+  it("returns non-zero when package.json is missing a name", async () => {
+    cwdDir = await mkdtemp(join(tmpdir(), "deco-link-noname-"));
+    await writeFile(join(cwdDir, "package.json"), "{}");
+    await writeSession(dir, {
+      target: "https://studio.decocms.com",
+      clientId: "client_x",
+      user: { sub: "u", email: "u@x" },
+      accessToken: "tok",
+      createdAt: "2026-05-04T00:00:00.000Z",
+    });
+
+    const tunnelOpener = mock<TunnelOpener>(async () => ({
+      closed: new Promise<void>(() => {}),
+      close: () => {},
+    }));
+    const result = linkCommand({
+      cwd: cwdDir,
+      dataDir: dir,
+      port: 8787,
+      env: "BASE_URL",
+      runCommand: [],
+      tunnelOpener,
+      portWaiter: async () => "127.0.0.1",
+      copyClipboard: async () => false,
+      ensureSession: async () => null,
+    });
+    expect(await result.exit).not.toBe(0);
+    expect(tunnelOpener).toHaveBeenCalledTimes(0);
+  });
+
+  it("uses BASE_URL by default and respects the -e flag", async () => {
+    cwdDir = await makeProject("my-app");
+    await writeSession(dir, {
+      target: "https://studio.decocms.com",
+      clientId: "client_x",
+      user: { sub: "u", email: "u@x" },
+      accessToken: "tok",
+      createdAt: "2026-05-04T00:00:00.000Z",
+    });
+
+    let envSeen: NodeJS.ProcessEnv | undefined;
+    const childSpawn = mock<SpawnFn>((_cmd, _args, opts) => {
+      envSeen = opts.env;
+      return {
+        on: () => {},
+        kill: () => {},
+        exitCode: null,
+      } as unknown as import("node:child_process").ChildProcess;
+    });
+
+    const tunnelOpener = mock<TunnelOpener>(async () => ({
+      closed: new Promise<void>(() => {}),
+      close: () => {},
+    }));
+
+    const result = linkCommand({
+      cwd: cwdDir,
+      dataDir: dir,
+      port: 8787,
+      env: "MY_PUBLIC_URL",
+      runCommand: ["node", "server.js"],
+      tunnelOpener,
+      portWaiter: async () => "127.0.0.1",
+      copyClipboard: async () => false,
+      ensureSession: async () => null,
+      spawn: childSpawn,
+    });
+
+    await new Promise((r) => setTimeout(r, 30));
+    expect(childSpawn).toHaveBeenCalledTimes(1);
+    expect(envSeen?.MY_PUBLIC_URL).toMatch(
+      /^https:\/\/localhost-[0-9a-f]{8}\.deco\.host$/,
+    );
+    expect(envSeen?.BASE_URL).toBeUndefined();
+    await result.cancel();
+  });
+
+  it("stops reconnecting when the spawned child exits", async () => {
+    cwdDir = await makeProject("my-app");
+    await writeSession(dir, {
+      target: "https://studio.decocms.com",
+      clientId: "client_x",
+      user: { sub: "u", email: "u@x" },
+      accessToken: "tok",
+      createdAt: "2026-05-04T00:00:00.000Z",
+    });
+
+    const childExitHandlers: Array<(code: number | null) => void> = [];
+    const childSpawn: SpawnFn = mock(() => {
+      const fakeChild = {
+        on: (event: string, handler: (code: number | null) => void) => {
+          if (event === "exit") childExitHandlers.push(handler);
+        },
+        kill: () => {},
+        exitCode: null,
+      };
+      return fakeChild as unknown as import("node:child_process").ChildProcess;
+    });
+
+    let openCount = 0;
+    const tunnelOpener: TunnelOpener = mock(async () => {
+      openCount += 1;
+      let resolveClosed!: () => void;
+      const closed = new Promise<void>((r) => {
+        resolveClosed = r;
+      });
+      return { closed, close: () => resolveClosed() };
+    });
+
+    const result = linkCommand({
+      cwd: cwdDir,
+      dataDir: dir,
+      port: 8787,
+      env: "BASE_URL",
+      runCommand: ["node", "server.js"],
+      tunnelOpener,
+      portWaiter: async () => "127.0.0.1",
+      copyClipboard: async () => false,
+      ensureSession: async () => null,
+      spawn: childSpawn,
+      reconnectDelayMs: 5,
+    });
+
+    // Wait for the first tunnel to open.
+    await new Promise((r) => setTimeout(r, 30));
+    expect(openCount).toBe(1);
+    expect(childExitHandlers.length).toBe(1);
+
+    // Simulate child crash.
+    childExitHandlers[0]?.(42);
+
+    // The tunnel should close, the reconnect loop should NOT iterate again,
+    // and the exit code should be the child's exit code.
+    expect(await result.exit).toBe(42);
+    // Confirm we did not re-open after the child died.
+    expect(openCount).toBe(1);
+  });
+});
diff --git a/apps/mesh/src/cli/commands/link.ts b/apps/mesh/src/cli/commands/link.ts
new file mode 100644
index 0000000000..48e8234d7a
--- /dev/null
+++ b/apps/mesh/src/cli/commands/link.ts
@@ -0,0 +1,252 @@
+import { spawn as nodeSpawn, type ChildProcess } from "node:child_process";
+import { readFile } from "node:fs/promises";
+import { join } from "node:path";
+import { computeAppDomain } from "../lib/app-domain";
+import { copyToClipboard } from "../lib/clipboard";
+import { waitForPort } from "../lib/port-wait";
+import { readSession, type Session } from "../lib/session";
+import { loginCommand } from "./auth/login";
+
+export interface TunnelHandle {
+  closed: Promise<void>;
+  close: () => void;
+  // TODO: surface auth failure separately so the caller can show the
+  // "session may be expired" hint described in the spec.
+}
+
+export type TunnelOpener = (params: {
+  domain: string;
+  localAddr: string;
+  apiKey: string;
+  server: string;
+}) => Promise<TunnelHandle>;
+
+/** Minimal spawn signature used by linkCommand — compatible with node:child_process spawn. */
+export type SpawnFn = (
+  command: string,
+  args: string[],
+  options: { stdio: "inherit"; shell: boolean; env: NodeJS.ProcessEnv },
+) => ChildProcess;
+
+export interface LinkOptions {
+  cwd: string;
+  dataDir: string;
+  port: number;
+  env: string;
+  runCommand: string[];
+  /** Injectable: defaults to defaultTunnelOpener (dynamic import of @deco-cx/warp-node). */
+  tunnelOpener?: TunnelOpener;
+  /** Injectable: defaults to waitForPort. */
+  portWaiter?: (port: number) => Promise<string>;
+  /** Injectable: defaults to copyToClipboard. */
+  copyClipboard?: (text: string) => Promise<boolean>;
+  /** Called when no session is present. Returns the new session or null on failure. */
+  ensureSession?: () => Promise<Session | null>;
+  /** Injectable: defaults to node:child_process spawn. */
+  spawn?: SpawnFn;
+  /** Reconnect delay after a tunnel disconnect (default 500ms, matches legacy). */
+  reconnectDelayMs?: number;
+}
+
+export interface LinkRunResult {
+  exit: Promise<number>;
+  cancel: () => Promise<void>;
+}
+
+export function linkCommand(options: LinkOptions): LinkRunResult {
+  let resolveExit!: (n: number) => void;
+  const exit = new Promise<number>((r) => {
+    resolveExit = r;
+  });
+
+  let child: ChildProcess | undefined;
+  let tunnel: TunnelHandle | undefined;
+  let cancelled = false;
+
+  const cancel = async () => {
+    cancelled = true;
+    try {
+      child?.kill("SIGTERM");
+    } catch {}
+    try {
+      tunnel?.close();
+    } catch {}
+    resolveExit(0);
+  };
+
+  void (async () => {
+    try {
+      let session = await readSession(options.dataDir);
+      if (!session) {
+        const ensure =
+          options.ensureSession ?? defaultEnsureSession(options.dataDir);
+        console.log("No session found — opening login...");
+        session = await ensure();
+        if (!session) {
+          console.error("Login failed; cannot open tunnel.");
+          resolveExit(1);
+          return;
+        }
+      }
+
+      const appName = await readPackageName(options.cwd);
+      if (!appName) {
+        console.error(
+          "Could not read `name` from package.json. Run `decocms link` from a project directory.",
+        );
+        resolveExit(1);
+        return;
+      }
+
+      const domain = computeAppDomain(session.user.sub, appName);
+      const publicUrl = `https://${domain}`;
+
+      const spawnImpl: SpawnFn = options.spawn ?? nodeSpawn;
+      if (options.runCommand.length > 0) {
+        const [cmd, ...args] = options.runCommand;
+        if (!cmd) {
+          console.error("runCommand must not be empty");
+          resolveExit(1);
+          return;
+        }
+        console.log(`Starting: ${cmd} ${args.join(" ")}`);
+        const spawned = spawnImpl(cmd, args, {
+          stdio: "inherit",
+          shell: true,
+          env: { ...process.env, [options.env]: publicUrl },
+        });
+        child = spawned;
+        spawned.on("exit", (code) => {
+          if (cancelled) return;
+          cancelled = true;
+          try {
+            tunnel?.close();
+          } catch {}
+          resolveExit(code ?? 0);
+        });
+      } else {
+        console.log(
+          `Tunnel will connect to existing service on port ${options.port}.`,
+        );
+      }
+
+      const wait = options.portWaiter ?? ((p: number) => waitForPort(p));
+      const opener = options.tunnelOpener ?? defaultTunnelOpener;
+      const copy = options.copyClipboard ?? copyToClipboard;
+      const reconnectDelay = options.reconnectDelayMs ?? 500;
+
+      // Loop: open tunnel, wait for it to close, reconnect after a small delay.
+      // Matches legacy behavior — exits only when the user cancels.
+      let firstOpen = true;
+      while (!cancelled) {
+        const host = await wait(options.port);
+        try {
+          tunnel = await opener({
+            domain,
+            localAddr: `http://${host}:${options.port}`,
+            apiKey: session.accessToken,
+            server: `wss://${domain}`,
+          });
+        } catch (err) {
+          console.error(
+            `Tunnel connect failed, retrying: ${err instanceof Error ? err.message : String(err)}`,
+          );
+          await sleep(reconnectDelay);
+          continue;
+        }
+
+        if (firstOpen) {
+          console.log(`Tunnel open: ${publicUrl}`);
+          if (await copy(publicUrl)) {
+            console.log("(URL copied to clipboard)");
+          }
+          firstOpen = false;
+        } else {
+          console.log("Tunnel reconnected.");
+        }
+
+        await tunnel.closed;
+        if (cancelled) break;
+        console.log("Tunnel closed, reconnecting...");
+        await sleep(reconnectDelay);
+      }
+
+      if (!cancelled) resolveExit(0);
+    } catch (err) {
+      console.error(
+        `Link failed: ${err instanceof Error ? err.message : String(err)}`,
+      );
+      resolveExit(1);
+    }
+  })();
+
+  return { exit, cancel };
+}
+
+function sleep(ms: number): Promise<void> {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+async function readPackageName(cwd: string): Promise<string | null> {
+  try {
+    const raw = await readFile(join(cwd, "package.json"), "utf8");
+    const parsed = JSON.parse(raw) as { name?: unknown };
+    return typeof parsed.name === "string" && parsed.name.length > 0
+      ? parsed.name
+      : null;
+  } catch {
+    return null;
+  }
+}
+
+function defaultEnsureSession(dataDir: string): () => Promise<Session | null> {
+  return async () => {
+    const code = await loginCommand({ dataDir });
+    if (code !== 0) return null;
+    return readSession(dataDir);
+  };
+}
+
+// The Warp tunnel server still expects the legacy shared key — it does not
+// yet verify OAuth bearer tokens. Until that lands, fall back to this
+// hardcoded value (overridable via DECO_TUNNEL_SERVER_TOKEN) so `link`
+// works end-to-end. The session's OAuth access token from `params.apiKey`
+// is intentionally ignored here for now; we keep storing it on the
+// session so we can flip the source back in one line once Warp is ready.
+const LEGACY_TUNNEL_TOKEN = "c309424a-2dc4-46fe-bfc7-a7c10df59477";
+
+// If `tunnel.registered` doesn't resolve within this window, the Warp
+// server most likely silently rejected the auth. Surface that as an
+// error instead of hanging indefinitely.
+const REGISTRATION_TIMEOUT_MS = 15_000;
+
+const defaultTunnelOpener: TunnelOpener = async (params) => {
+  const { connect } = await import("@deco-cx/warp-node");
+  const tunnel = await connect({
+    domain: params.domain,
+    localAddr: params.localAddr,
+    server: params.server,
+    apiKey: process.env.DECO_TUNNEL_SERVER_TOKEN ?? LEGACY_TUNNEL_TOKEN,
+  });
+  await Promise.race([
+    tunnel.registered,
+    new Promise<never>((_, reject) => {
+      setTimeout(() => {
+        reject(
+          new Error(
+            `Tunnel registration timed out after ${REGISTRATION_TIMEOUT_MS / 1000}s — Warp server may have rejected the auth. Try upgrading the CLI.`,
+          ),
+        );
+      }, REGISTRATION_TIMEOUT_MS);
+    }),
+  ]);
+  return {
+    // Connected.closed resolves with Error | undefined; we discard the value
+    // to satisfy TunnelHandle.closed: Promise<void>.
+    closed: tunnel.closed.then(() => undefined),
+    close: () => {
+      // @deco-cx/warp-node Connected has no close() method; the connection
+      // closes on its own when the server drops it.
+    },
+  };
+};
diff --git a/apps/mesh/src/cli/commands/serve.ts b/apps/mesh/src/cli/commands/serve.ts
index fdafe313bb..d0f1a38270 100644
--- a/apps/mesh/src/cli/commands/serve.ts
+++ b/apps/mesh/src/cli/commands/serve.ts
@@ -142,7 +142,6 @@ export async function startServer(options: ServeOptions): Promise<void> {
     localMode: options.localMode,
     skipMigrations: options.skipMigrations,
     noTui: options.noTui,
-    nodeEnv: "production",
   });
 
   for (const s of services) {
diff --git a/apps/mesh/src/cli/config-view.tsx b/apps/mesh/src/cli/config-view.tsx
index cd7da15a4c..db6c9b684d 100644
--- a/apps/mesh/src/cli/config-view.tsx
+++ b/apps/mesh/src/cli/config-view.tsx
@@ -123,6 +123,10 @@ function getConfigSections(e: Settings): ConfigSection[] {
           key: "AUTH_SSO_MS_CLIENT_ID",
           value: !!process.env.AUTH_SSO_MS_CLIENT_ID,
         },
+        {
+          key: "AUTH_SSO_GOOGLE_CLIENT_ID",
+          value: !!process.env.AUTH_SSO_GOOGLE_CLIENT_ID,
+        },
         {
           key: "AUTH_MAGIC_LINK_ENABLED",
           value: process.env.AUTH_MAGIC_LINK_ENABLED === "true",
@@ -148,15 +152,6 @@ function getConfigSections(e: Settings): ConfigSection[] {
       title: "Config Files",
       entries: [{ key: "CONFIG_PATH", value: e.configPath }],
     },
-    {
-      title: "Transport",
-      entries: [
-        {
-          key: "UNSAFE_ALLOW_STDIO_TRANSPORT",
-          value: e.unsafeAllowStdioTransport,
-        },
-      ],
-    },
     {
       title: "AI Gateway",
       entries: [
diff --git a/apps/mesh/src/cli/lib/app-domain.test.ts b/apps/mesh/src/cli/lib/app-domain.test.ts
new file mode 100644
index 0000000000..691d30da12
--- /dev/null
+++ b/apps/mesh/src/cli/lib/app-domain.test.ts
@@ -0,0 +1,29 @@
+import { describe, expect, it } from "bun:test";
+import { computeAppDomain, computeAppHash } from "./app-domain";
+
+describe("computeAppHash", () => {
+  it("is the first 8 hex chars of sha1(`${principal}-${app}`)", () => {
+    // Golden value computed once with: echo -n "user-123-my-app" | shasum -a 1
+    expect(computeAppHash("user-123", "my-app")).toBe("e54ab40b");
+  });
+
+  it("is stable across calls", () => {
+    expect(computeAppHash("ws", "app")).toBe(computeAppHash("ws", "app"));
+  });
+
+  it("differs for different principals", () => {
+    expect(computeAppHash("a", "x")).not.toBe(computeAppHash("b", "x"));
+  });
+
+  it("differs for different apps", () => {
+    expect(computeAppHash("a", "x")).not.toBe(computeAppHash("a", "y"));
+  });
+});
+
+describe("computeAppDomain", () => {
+  it("returns localhost-<hash>.deco.host", () => {
+    expect(computeAppDomain("user-123", "my-app")).toBe(
+      "localhost-e54ab40b.deco.host",
+    );
+  });
+});
diff --git a/apps/mesh/src/cli/lib/app-domain.ts b/apps/mesh/src/cli/lib/app-domain.ts
new file mode 100644
index 0000000000..3a8ce96b79
--- /dev/null
+++ b/apps/mesh/src/cli/lib/app-domain.ts
@@ -0,0 +1,18 @@
+import { createHash } from "node:crypto";
+
+/**
+ * Stable subdomain for a user's tunnel of a given app.
+ * `principal` is typically the OAuth `sub`; `app` the project name.
+ * Algorithm matches the legacy `getAppUUID` (sha1, despite its name)
+ * so existing tunnel registrations remain valid.
+ */
+export function computeAppHash(principal: string, app: string): string {
+  return createHash("sha1")
+    .update(`${principal}-${app}`)
+    .digest("hex")
+    .slice(0, 8);
+}
+
+export function computeAppDomain(principal: string, app: string): string {
+  return `localhost-${computeAppHash(principal, app)}.deco.host`;
+}
diff --git a/apps/mesh/src/cli/lib/clipboard.ts b/apps/mesh/src/cli/lib/clipboard.ts
new file mode 100644
index 0000000000..379fab5ecc
--- /dev/null
+++ b/apps/mesh/src/cli/lib/clipboard.ts
@@ -0,0 +1,36 @@
+import { spawn } from "node:child_process";
+
+/**
+ * Best-effort copy of `text` to the system clipboard. Returns true on success,
+ * false if the platform tool is missing or fails. Never throws.
+ */
+export function copyToClipboard(text: string): Promise<boolean> {
+  let command: string;
+  let args: string[] = [];
+  switch (process.platform) {
+    case "darwin":
+      command = "pbcopy";
+      break;
+    case "win32":
+      command = "clip";
+      break;
+    case "linux":
+      command = "xclip";
+      args = ["-selection", "clipboard"];
+      break;
+    default:
+      return Promise.resolve(false);
+  }
+
+  return new Promise((resolve) => {
+    try {
+      const child = spawn(command, args, { stdio: "pipe" });
+      child.on("error", () => resolve(false));
+      child.on("close", (code) => resolve(code === 0));
+      child.stdin.write(text);
+      child.stdin.end();
+    } catch {
+      resolve(false);
+    }
+  });
+}
diff --git a/apps/mesh/src/cli/lib/oauth-callback.test.ts b/apps/mesh/src/cli/lib/oauth-callback.test.ts
new file mode 100644
index 0000000000..eec1de4fad
--- /dev/null
+++ b/apps/mesh/src/cli/lib/oauth-callback.test.ts
@@ -0,0 +1,54 @@
+import { describe, expect, it } from "bun:test";
+import { startOAuthCallbackServer } from "./oauth-callback";
+
+describe("startOAuthCallbackServer", () => {
+  it("resolves with code + state when the browser hits the callback URL", async () => {
+    const server = await startOAuthCallbackServer({ expectedState: "nonce-1" });
+    try {
+      const result = fetch(`${server.url}/?code=abc&state=nonce-1`).then((r) =>
+        r.text(),
+      );
+      const callback = await server.waitForCallback();
+      expect(callback).toEqual({ code: "abc" });
+      const body = await result;
+      expect(body).toContain("You can return to your terminal");
+    } finally {
+      server.close();
+    }
+  });
+
+  it("rejects waitForCallback when state does not match", async () => {
+    const server = await startOAuthCallbackServer({ expectedState: "nonce-1" });
+    try {
+      await fetch(`${server.url}/?code=abc&state=wrong`);
+      await expect(server.waitForCallback()).rejects.toThrow(/state mismatch/i);
+    } finally {
+      server.close();
+    }
+  });
+
+  it("rejects waitForCallback when code is missing", async () => {
+    const server = await startOAuthCallbackServer({ expectedState: "nonce-1" });
+    try {
+      await fetch(`${server.url}/?state=nonce-1`);
+      await expect(server.waitForCallback()).rejects.toThrow(/missing code/i);
+    } finally {
+      server.close();
+    }
+  });
+
+  it("returns 204 to follow-up requests after the promise has settled", async () => {
+    const server = await startOAuthCallbackServer({ expectedState: "nonce-1" });
+    try {
+      await fetch(`${server.url}/?code=abc&state=nonce-1`);
+      const callback = await server.waitForCallback();
+      expect(callback).toEqual({ code: "abc" });
+
+      // A second request (e.g. browser favicon prefetch) should be ignored.
+      const followUp = await fetch(`${server.url}/?code=other&state=nonce-1`);
+      expect(followUp.status).toBe(204);
+    } finally {
+      server.close();
+    }
+  });
+});
diff --git a/apps/mesh/src/cli/lib/oauth-callback.ts b/apps/mesh/src/cli/lib/oauth-callback.ts
new file mode 100644
index 0000000000..41b898f33b
--- /dev/null
+++ b/apps/mesh/src/cli/lib/oauth-callback.ts
@@ -0,0 +1,71 @@
+export interface OAuthCallback {
+  code: string;
+}
+
+export interface OAuthCallbackServer {
+  url: string;
+  waitForCallback: () => Promise<OAuthCallback>;
+  /** Always call this after waitForCallback resolves or rejects (e.g., via try/finally). */
+  close: () => void;
+}
+
+export interface StartOptions {
+  expectedState: string;
+  /** If provided, bind to this port. Defaults to 0 (OS-chosen). */
+  port?: number;
+}
+
+export async function startOAuthCallbackServer(
+  options: StartOptions,
+): Promise<OAuthCallbackServer> {
+  let resolveCallback!: (value: OAuthCallback) => void;
+  let rejectCallback!: (err: Error) => void;
+  const callbackPromise = new Promise<OAuthCallback>((resolve, reject) => {
+    resolveCallback = resolve;
+    rejectCallback = reject;
+  });
+  // Suppress unhandled-rejection warnings; callers consume via waitForCallback().
+  callbackPromise.catch(() => {});
+
+  let settled = false;
+  const server = Bun.serve({
+    port: options.port ?? 0,
+    hostname: "127.0.0.1",
+    fetch(req) {
+      if (settled) {
+        return new Response("", { status: 204 });
+      }
+      const url = new URL(req.url);
+      const code = url.searchParams.get("code");
+      const state = url.searchParams.get("state");
+      if (state !== options.expectedState) {
+        settled = true;
+        rejectCallback(new Error("OAuth state mismatch"));
+        return new Response("State mismatch — close this tab.", {
+          status: 400,
+        });
+      }
+      if (!code) {
+        settled = true;
+        rejectCallback(new Error("OAuth callback missing code"));
+        return new Response("Missing code — close this tab.", { status: 400 });
+      }
+      settled = true;
+      resolveCallback({ code });
+      return new Response(SUCCESS_PAGE, {
+        headers: { "content-type": "text/html; charset=utf-8" },
+      });
+    },
+  });
+
+  return {
+    url: `http://127.0.0.1:${server.port}`,
+    waitForCallback: () => callbackPromise,
+    close: () => server.stop(true),
+  };
+}
+
+const SUCCESS_PAGE = `<!doctype html>
+<html><head><meta charset="utf-8"><title>Login complete</title>
+<style>body{font-family:system-ui;display:flex;align-items:center;justify-content:center;height:100vh;margin:0;background:#0b0b0b;color:#0f0}</style>
+</head><body><div><h1>You're logged in.</h1><p>You can return to your terminal.</p></div></body></html>`;
diff --git a/apps/mesh/src/cli/lib/pkce.test.ts b/apps/mesh/src/cli/lib/pkce.test.ts
new file mode 100644
index 0000000000..0ae085e3a0
--- /dev/null
+++ b/apps/mesh/src/cli/lib/pkce.test.ts
@@ -0,0 +1,29 @@
+import { describe, expect, it } from "bun:test";
+import { createHash } from "node:crypto";
+import { generatePkcePair } from "./pkce";
+
+describe("generatePkcePair", () => {
+  it("returns a verifier between 43 and 128 base64url chars (RFC 7636)", () => {
+    const { verifier } = generatePkcePair();
+    expect(verifier.length).toBeGreaterThanOrEqual(43);
+    expect(verifier.length).toBeLessThanOrEqual(128);
+    expect(verifier).toMatch(/^[A-Za-z0-9_-]+$/);
+  });
+
+  it("derives the challenge as base64url(sha256(verifier))", () => {
+    const { verifier, challenge } = generatePkcePair();
+    const expected = createHash("sha256")
+      .update(verifier)
+      .digest("base64")
+      .replace(/\+/g, "-")
+      .replace(/\//g, "_")
+      .replace(/=+$/, "");
+    expect(challenge).toBe(expected);
+  });
+
+  it("produces different pairs on each call", () => {
+    const a = generatePkcePair();
+    const b = generatePkcePair();
+    expect(a.verifier).not.toBe(b.verifier);
+  });
+});
diff --git a/apps/mesh/src/cli/lib/pkce.ts b/apps/mesh/src/cli/lib/pkce.ts
new file mode 100644
index 0000000000..409b168a5f
--- /dev/null
+++ b/apps/mesh/src/cli/lib/pkce.ts
@@ -0,0 +1,24 @@
+import { createHash, randomBytes } from "node:crypto";
+
+/**
+ * Generate an OAuth 2.1 PKCE pair (RFC 7636).
+ *
+ * Returns a high-entropy code_verifier and its derived S256 code_challenge.
+ * The verifier is sent to the token endpoint to prove possession; the
+ * challenge is sent up-front to the authorize endpoint.
+ */
+export function generatePkcePair(): { verifier: string; challenge: string } {
+  const verifier = base64UrlEncode(randomBytes(32));
+  const challenge = base64UrlEncode(
+    createHash("sha256").update(verifier).digest(),
+  );
+  return { verifier, challenge };
+}
+
+function base64UrlEncode(buf: Buffer): string {
+  return buf
+    .toString("base64")
+    .replace(/\+/g, "-")
+    .replace(/\//g, "_")
+    .replace(/=+$/, "");
+}
diff --git a/apps/mesh/src/cli/lib/port-wait.test.ts b/apps/mesh/src/cli/lib/port-wait.test.ts
new file mode 100644
index 0000000000..db85d672c2
--- /dev/null
+++ b/apps/mesh/src/cli/lib/port-wait.test.ts
@@ -0,0 +1,89 @@
+import { afterEach, describe, expect, it } from "bun:test";
+import { type Server, createServer } from "node:net";
+import { findRunningAddr, waitForPort } from "./port-wait";
+
+const openServers: Server[] = [];
+
+async function listenOn(host: string, port: number): Promise<void> {
+  const srv = createServer();
+  await new Promise<void>((resolve, reject) => {
+    srv.once("error", reject);
+    srv.listen(port, host, () => resolve());
+  });
+  openServers.push(srv);
+}
+
+async function ephemeralPort(): Promise<number> {
+  const srv = createServer();
+  return new Promise<number>((resolve, reject) => {
+    srv.once("error", reject);
+    srv.listen(0, "127.0.0.1", () => {
+      const addr = srv.address();
+      const port = typeof addr === "object" && addr ? addr.port : 0;
+      srv.close(() => resolve(port));
+    });
+  });
+}
+
+afterEach(() => {
+  while (openServers.length) {
+    const srv = openServers.pop();
+    srv?.close();
+  }
+});
+
+describe("findRunningAddr", () => {
+  it("returns null when the port is unused", async () => {
+    const port = await ephemeralPort();
+    expect(await findRunningAddr(port)).toBeNull();
+  });
+
+  it("returns the host when something is listening", async () => {
+    const port = await ephemeralPort();
+    await listenOn("127.0.0.1", port);
+    expect(await findRunningAddr(port)).toBe("127.0.0.1");
+  });
+
+  it("returns null when bind fails for a non-EADDRINUSE reason", async () => {
+    // Privileged port < 1024 returns EACCES for non-root users on POSIX.
+    // On platforms where this somehow succeeds (e.g., macOS recent versions
+    // allow port 80 in some configs), skip the test.
+    if (process.platform === "win32" || process.getuid?.() === 0) {
+      return; // skip on Windows or when running as root
+    }
+    // Probe all localhost-flavoured addresses that findRunningAddr probes.
+    // If ANY of them allow binding port 80 without EACCES, this environment
+    // doesn't restrict privileged ports — skip to avoid false failures.
+    const hosts = ["localhost", "127.0.0.1", "0.0.0.0"];
+    for (const host of hosts) {
+      const code = await new Promise<string | undefined>((resolve) => {
+        const probe = createServer();
+        probe.once("error", (err: NodeJS.ErrnoException) => {
+          resolve(err.code);
+        });
+        probe.listen(80, host, () => {
+          probe.close(() => resolve(undefined));
+        });
+      });
+      if (code !== "EACCES") return; // platform allows binding or different error; skip
+    }
+    expect(await findRunningAddr(80)).toBeNull();
+  });
+});
+
+describe("waitForPort", () => {
+  it("resolves immediately when the port is already in use", async () => {
+    const port = await ephemeralPort();
+    await listenOn("127.0.0.1", port);
+    expect(await waitForPort(port, { intervalMs: 10 })).toBe("127.0.0.1");
+  });
+
+  it("waits until the port becomes available, then resolves", async () => {
+    const port = await ephemeralPort();
+    const promise = waitForPort(port, { intervalMs: 20 });
+    setTimeout(() => {
+      void listenOn("127.0.0.1", port);
+    }, 60);
+    expect(await promise).toBe("127.0.0.1");
+  });
+});
diff --git a/apps/mesh/src/cli/lib/port-wait.ts b/apps/mesh/src/cli/lib/port-wait.ts
new file mode 100644
index 0000000000..3cb98841ba
--- /dev/null
+++ b/apps/mesh/src/cli/lib/port-wait.ts
@@ -0,0 +1,46 @@
+import { createServer } from "node:net";
+
+const LOCALHOST_ENDPOINTS = ["localhost", "127.0.0.1", "0.0.0.0"];
+
+/**
+ * Probe each localhost-flavoured endpoint and return the first one where
+ * binding `port` fails — i.e. something is already listening there.
+ * Returns null if the port is free everywhere.
+ */
+export async function findRunningAddr(port: number): Promise<string | null> {
+  for (const host of LOCALHOST_ENDPOINTS) {
+    const inUse = await isInUse(host, port);
+    if (inUse) return host;
+  }
+  return null;
+}
+
+export interface WaitForPortOptions {
+  intervalMs?: number;
+}
+
+/**
+ * Resolve when something is listening on `port`. Polls every `intervalMs`.
+ */
+export async function waitForPort(
+  port: number,
+  { intervalMs = 1000 }: WaitForPortOptions = {},
+): Promise<string> {
+  for (;;) {
+    const addr = await findRunningAddr(port);
+    if (addr) return addr;
+    await new Promise((resolve) => setTimeout(resolve, intervalMs));
+  }
+}
+
+function isInUse(host: string, port: number): Promise<boolean> {
+  return new Promise((resolve) => {
+    const srv = createServer();
+    srv.once("error", (err: NodeJS.ErrnoException) => {
+      resolve(err.code === "EADDRINUSE");
+    });
+    srv.listen(port, host, () => {
+      srv.close(() => resolve(false));
+    });
+  });
+}
diff --git a/apps/mesh/src/cli/lib/session.test.ts b/apps/mesh/src/cli/lib/session.test.ts
new file mode 100644
index 0000000000..af3be05be0
--- /dev/null
+++ b/apps/mesh/src/cli/lib/session.test.ts
@@ -0,0 +1,101 @@
+import { describe, it, expect, beforeEach, afterEach } from "bun:test";
+import { chmod, mkdtemp, rm, writeFile, stat } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import {
+  type Session,
+  readSession,
+  writeSession,
+  clearSession,
+  sessionPath,
+} from "./session";
+
+let dir: string;
+
+beforeEach(async () => {
+  dir = await mkdtemp(join(tmpdir(), "deco-session-"));
+});
+
+afterEach(async () => {
+  await rm(dir, { recursive: true, force: true });
+});
+
+const sample: Session = {
+  target: "https://studio.decocms.com",
+  clientId: "client_abc",
+  user: { sub: "u_1", email: "tlgimenes@gmail.com" },
+  accessToken: "tok_abc",
+  createdAt: "2026-05-04T12:00:00.000Z",
+};
+
+describe("sessionPath", () => {
+  it("places session.json directly in the given data dir", () => {
+    expect(sessionPath("/tmp/x")).toBe("/tmp/x/session.json");
+  });
+});
+
+describe("writeSession + readSession", () => {
+  it("round-trips a session object", async () => {
+    await writeSession(dir, sample);
+    expect(await readSession(dir)).toEqual(sample);
+  });
+
+  it("creates the data dir if it does not exist", async () => {
+    const nested = join(dir, "nested", "deeper");
+    await writeSession(nested, sample);
+    expect(await readSession(nested)).toEqual(sample);
+  });
+
+  it("writes the file with mode 0600", async () => {
+    await writeSession(dir, sample);
+    const s = await stat(sessionPath(dir));
+    // Mask off the file-type bits and compare permission bits.
+    expect(s.mode & 0o777).toBe(0o600);
+  });
+
+  it("forces mode 0600 even when overwriting an existing file with looser permissions", async () => {
+    const path = sessionPath(dir);
+    // Pre-create the file with mode 0644 to simulate a broken prior state.
+    await writeFile(path, "{}", { mode: 0o644 });
+    await chmod(path, 0o644); // ensure 0644 even if writeFile honored mode
+    const before = await stat(path);
+    expect(before.mode & 0o777).toBe(0o644);
+
+    await writeSession(dir, sample);
+
+    const after = await stat(path);
+    expect(after.mode & 0o777).toBe(0o600);
+    expect(await readSession(dir)).toEqual(sample);
+  });
+});
+
+describe("readSession", () => {
+  it("returns null when the file does not exist", async () => {
+    expect(await readSession(dir)).toBeNull();
+  });
+
+  it("returns null and does not throw when the file is malformed JSON", async () => {
+    await writeFile(sessionPath(dir), "not-json", { mode: 0o600 });
+    expect(await readSession(dir)).toBeNull();
+  });
+
+  it("returns null when the file is missing required fields", async () => {
+    await writeFile(sessionPath(dir), JSON.stringify({ target: "x" }), {
+      mode: 0o600,
+    });
+    expect(await readSession(dir)).toBeNull();
+  });
+});
+
+describe("clearSession", () => {
+  it("removes the session file", async () => {
+    await writeSession(dir, sample);
+    await clearSession(dir);
+    expect(await readSession(dir)).toBeNull();
+  });
+
+  it("is a no-op when the file does not exist", async () => {
+    await clearSession(dir);
+    expect(await readSession(dir)).toBeNull();
+  });
+});
diff --git a/apps/mesh/src/cli/lib/session.ts b/apps/mesh/src/cli/lib/session.ts
new file mode 100644
index 0000000000..98bd4fdc56
--- /dev/null
+++ b/apps/mesh/src/cli/lib/session.ts
@@ -0,0 +1,76 @@
+import {
+  chmod,
+  mkdir,
+  readFile,
+  rename,
+  rm,
+  writeFile,
+} from "node:fs/promises";
+import { dirname, join } from "node:path";
+
+export interface Session {
+  /** OAuth issuer / decocms target (e.g. https://studio.decocms.com). */
+  target: string;
+  /** Dynamically-registered OAuth client id for this CLI install. */
+  clientId: string;
+  /** OIDC subject identifier (stable per user). */
+  user: { sub: string; email?: string; name?: string };
+  /** Bearer token used for API + Warp tunnel auth. */
+  accessToken: string;
+  /** Refresh token for renewing the access token (when granted). */
+  refreshToken?: string;
+  /** Unix epoch (seconds) when accessToken expires, when known. */
+  expiresAt?: number;
+  /** ISO timestamp when this session was minted. */
+  createdAt: string;
+}
+
+export function sessionPath(dataDir: string): string {
+  return join(dataDir, "session.json");
+}
+
+export async function readSession(dataDir: string): Promise<Session | null> {
+  try {
+    const raw = await readFile(sessionPath(dataDir), "utf8");
+    const parsed = JSON.parse(raw) as unknown;
+    if (!isSession(parsed)) return null;
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+
+export async function writeSession(
+  dataDir: string,
+  session: Session,
+): Promise<void> {
+  const path = sessionPath(dataDir);
+  await mkdir(dirname(path), { recursive: true });
+  // Write to a temp path, force mode 0600 (writeFile's `mode` is ignored when
+  // overwriting an existing file), then atomically rename into place.
+  const tmp = `${path}.tmp`;
+  await writeFile(tmp, JSON.stringify(session, null, 2), { mode: 0o600 });
+  await chmod(tmp, 0o600);
+  await rename(tmp, path);
+}
+
+export async function clearSession(dataDir: string): Promise<void> {
+  await rm(sessionPath(dataDir), { force: true });
+}
+
+function isSession(value: unknown): value is Session {
+  if (!value || typeof value !== "object") return false;
+  const v = value as Record<string, unknown>;
+  if (
+    typeof v.target !== "string" ||
+    typeof v.clientId !== "string" ||
+    typeof v.accessToken !== "string" ||
+    typeof v.createdAt !== "string"
+  ) {
+    return false;
+  }
+  if (!v.user || typeof v.user !== "object") return false;
+  const u = v.user as Record<string, unknown>;
+  if (typeof u.sub !== "string") return false;
+  return true;
+}
diff --git a/apps/mesh/src/core/access-control.test.ts b/apps/mesh/src/core/access-control.test.ts
index c729f45c64..97e54fa10d 100644
--- a/apps/mesh/src/core/access-control.test.ts
+++ b/apps/mesh/src/core/access-control.test.ts
@@ -338,9 +338,10 @@ describe("AccessControl", () => {
 
       await ac.check();
 
-      expect(mockBoundAuth.hasPermission).toHaveBeenCalledWith({
-        self: ["TEST_TOOL"],
-      });
+      expect(mockBoundAuth.hasPermission).toHaveBeenCalledWith(
+        { self: ["TEST_TOOL"] },
+        undefined, // No path-resolved org passed, so options is undefined
+      );
       expect(ac.granted()).toBe(true);
     });
 
diff --git a/apps/mesh/src/core/access-control.ts b/apps/mesh/src/core/access-control.ts
index ea11293fd4..c8a3a5d484 100644
--- a/apps/mesh/src/core/access-control.ts
+++ b/apps/mesh/src/core/access-control.ts
@@ -67,6 +67,7 @@ export class AccessControl implements Disposable {
     private role?: string, // From user session (for built-in role bypass)
     private connectionId: string = "self", // For connection-specific checks (matches permission resource key)
     private getToolMeta?: GetToolMetaFn, // Optional callback for public tool check
+    private organizationId?: string, // Path-resolved org (overrides session active org)
   ) {}
 
   [Symbol.dispose](): void {
@@ -77,6 +78,35 @@ export class AccessControl implements Disposable {
     this.toolName = toolName;
   }
 
+  /**
+   * Set the organization id used for permission checks.
+   * Called by `resolveOrgFromPath` middleware after looking up the org from
+   * the URL slug, so subsequent `check()` calls forward the path-resolved org
+   * to Better Auth instead of relying on the session's active org.
+   */
+  setOrganizationId(organizationId: string | undefined): void {
+    this.organizationId = organizationId;
+  }
+
+  getOrganizationId(): string | undefined {
+    return this.organizationId;
+  }
+
+  /**
+   * Set the user's role within the path-resolved organization.
+   * Without this, `checkResource` would use the role baked in at construction
+   * time, which was derived from the session's active org. When the path
+   * targets a different org (or when the session has no active org), the
+   * built-in admin/owner bypass would silently fail and tools would 403.
+   */
+  setRole(role: string | undefined): void {
+    this.role = role;
+  }
+
+  getRole(): string | undefined {
+    return this.role;
+  }
+
   /**
    * Grant access unconditionally
    * Use for manual overrides, admin actions, or custom validation
@@ -176,8 +206,13 @@ export class AccessControl implements Disposable {
       permissionToCheck[this.connectionId] = [resource];
     }
 
-    // Delegate to Better Auth's hasPermission API
-    return this.boundAuth.hasPermission(permissionToCheck);
+    // Delegate to Better Auth's hasPermission API. When an organizationId is
+    // set (path-resolved org), pass it through so Better Auth uses it instead
+    // of the session's active org.
+    return this.boundAuth.hasPermission(
+      permissionToCheck,
+      this.organizationId ? { organizationId: this.organizationId } : undefined,
+    );
   }
 
   /**
diff --git a/apps/mesh/src/core/context-factory.test.ts b/apps/mesh/src/core/context-factory.test.ts
index c67c881f00..d5c7c580f1 100644
--- a/apps/mesh/src/core/context-factory.test.ts
+++ b/apps/mesh/src/core/context-factory.test.ts
@@ -1,6 +1,6 @@
 /* oxlint-disable no-explicit-any */
 import { afterAll, beforeAll, describe, expect, it, vi } from "bun:test";
-import type { Meter, Tracer } from "@opentelemetry/api";
+import { type Meter, trace } from "@opentelemetry/api";
 import {
   createTestDatabase,
   closeTestDatabase,
@@ -90,7 +90,7 @@ describe("createMeshContextFactory", () => {
         auth: createMockAuth() as unknown as BetterAuthInstance,
         encryption: { key: "test_key" },
         observability: {
-          tracer: {} as unknown as Tracer,
+          tracer: trace.getTracer("test"),
           meter: {} as unknown as Meter,
         },
         eventBus: createMockEventBus(),
@@ -117,7 +117,7 @@ describe("createMeshContextFactory", () => {
         auth: createMinimalMockAuth() as unknown as BetterAuthInstance,
         encryption: { key: "test_key" },
         observability: {
-          tracer: {} as unknown as Tracer,
+          tracer: trace.getTracer("test"),
           meter: {} as unknown as Meter,
         },
         eventBus: createMockEventBus(),
@@ -145,7 +145,7 @@ describe("createMeshContextFactory", () => {
         auth: createMinimalMockAuth() as unknown as BetterAuthInstance,
         encryption: { key: "test_key" },
         observability: {
-          tracer: {} as unknown as Tracer,
+          tracer: trace.getTracer("test"),
           meter: {} as unknown as Meter,
         },
         eventBus: createMockEventBus(),
@@ -168,7 +168,7 @@ describe("createMeshContextFactory", () => {
         auth: createMinimalMockAuth() as unknown as BetterAuthInstance,
         encryption: { key: "test_key" },
         observability: {
-          tracer: {} as unknown as Tracer,
+          tracer: trace.getTracer("test"),
           meter: {} as unknown as Meter,
         },
         eventBus: createMockEventBus(),
@@ -198,7 +198,7 @@ describe("createMeshContextFactory", () => {
         auth: createMockAuth() as unknown as BetterAuthInstance,
         encryption: { key: "test_key" },
         observability: {
-          tracer: {} as unknown as Tracer,
+          tracer: trace.getTracer("test"),
           meter: {} as unknown as Meter,
         },
         eventBus: createMockEventBus(),
@@ -236,7 +236,7 @@ describe("createMeshContextFactory", () => {
         auth: authWithoutOrg as unknown as BetterAuthInstance,
         encryption: { key: "test_key" },
         observability: {
-          tracer: {} as unknown as Tracer,
+          tracer: trace.getTracer("test"),
           meter: {} as unknown as Meter,
         },
         eventBus: createMockEventBus(),
@@ -257,7 +257,7 @@ describe("createMeshContextFactory", () => {
         auth: createMinimalMockAuth() as unknown as BetterAuthInstance,
         encryption: { key: "test_key" },
         observability: {
-          tracer: {} as unknown as Tracer,
+          tracer: trace.getTracer("test"),
           meter: {} as unknown as Meter,
         },
         eventBus: createMockEventBus(),
@@ -283,7 +283,7 @@ describe("createMeshContextFactory", () => {
         auth: createMinimalMockAuth() as unknown as BetterAuthInstance,
         encryption: { key: "test_key" },
         observability: {
-          tracer: {} as unknown as Tracer,
+          tracer: trace.getTracer("test"),
           meter: {} as unknown as Meter,
         },
         eventBus: createMockEventBus(),
@@ -334,7 +334,7 @@ describe("createMeshContextFactory", () => {
         auth: mockAuthWithOrgInApiKey as unknown as BetterAuthInstance,
         encryption: { key: "test_key" },
         observability: {
-          tracer: {} as unknown as Tracer,
+          tracer: trace.getTracer("test"),
           meter: {} as unknown as Meter,
         },
         eventBus: createMockEventBus(),
@@ -376,7 +376,7 @@ describe("createMeshContextFactory", () => {
         auth: mockAuthWithoutOrg as unknown as BetterAuthInstance,
         encryption: { key: "test_key" },
         observability: {
-          tracer: {} as unknown as Tracer,
+          tracer: trace.getTracer("test"),
           meter: {} as unknown as Meter,
         },
         eventBus: createMockEventBus(),
@@ -418,7 +418,7 @@ describe("createMeshContextFactory", () => {
         auth: mockAuthOrgA as unknown as BetterAuthInstance,
         encryption: { key: "test_key" },
         observability: {
-          tracer: {} as unknown as Tracer,
+          tracer: trace.getTracer("test"),
           meter: {} as unknown as Meter,
         },
         eventBus: createMockEventBus(),
@@ -456,7 +456,7 @@ describe("createMeshContextFactory", () => {
         auth: mockAuthOrgB as unknown as BetterAuthInstance,
         encryption: { key: "test_key" },
         observability: {
-          tracer: {} as unknown as Tracer,
+          tracer: trace.getTracer("test"),
           meter: {} as unknown as Meter,
         },
         eventBus: createMockEventBus(),
diff --git a/apps/mesh/src/core/context-factory.ts b/apps/mesh/src/core/context-factory.ts
index af1c6754b0..057542d2ca 100644
--- a/apps/mesh/src/core/context-factory.ts
+++ b/apps/mesh/src/core/context-factory.ts
@@ -9,7 +9,7 @@
  * - Base URL derivation
  */
 
-import type { Meter, Tracer } from "@opentelemetry/api";
+import { SpanStatusCode, type Meter, type Tracer } from "@opentelemetry/api";
 import type { Kysely } from "kysely";
 import { verifyMeshToken } from "../auth/jwt";
 import { CredentialVault } from "../encryption/credential-vault";
@@ -155,13 +155,14 @@ interface AuthenticatedUser {
   email?: string;
   emailVerified?: boolean;
   name?: string;
+  image?: string;
   role?: string;
 }
 
 // Type for the hasPermission API (from @decocms/better-auth organization plugin)
 type HasPermissionAPI = (params: {
   headers: Headers;
-  body: { permission: Permission };
+  body: { permission: Permission; organizationId?: string };
 }) => Promise<{ success?: boolean; error?: unknown } | null>;
 
 /**
@@ -244,6 +245,7 @@ export function createBoundAuthClient(ctx: AuthContext): BoundAuthClient {
   return {
     hasPermission: async (
       requestedPermission: Permission,
+      options?: { organizationId?: string },
     ): Promise<boolean> => {
       // Built-in roles bypass all permission checks
       if (
@@ -264,11 +266,19 @@ export function createBoundAuthClient(ctx: AuthContext): BoundAuthClient {
         return false;
       }
 
+      // When organizationId is provided (e.g. via path-resolved org middleware),
+      // pass it to Better Auth so it overrides the session-based active org.
+      // Without this, signup races in CI cause "No active organization" 403s
+      // even when the path slug points at a valid org the user belongs to.
+      const orgIdOverride = options?.organizationId
+        ? { organizationId: options.organizationId }
+        : {};
+
       try {
         // Check exact permission first: { resource: [tool] }
         const exactResult = await hasPermissionApi({
           headers,
-          body: { permission: requestedPermission },
+          body: { permission: requestedPermission, ...orgIdOverride },
         });
 
         if (exactResult?.success === true) {
@@ -284,7 +294,7 @@ export function createBoundAuthClient(ctx: AuthContext): BoundAuthClient {
 
         const wildcardResult = await hasPermissionApi({
           headers,
-          body: { permission: wildcardPermission },
+          body: { permission: wildcardPermission, ...orgIdOverride },
         });
 
         return wildcardResult?.success === true;
@@ -499,11 +509,18 @@ async function authenticateRequest(
     if (session) {
       const userId = session.userId;
 
-      // For MCP OAuth sessions, we need to query the database directly
-      // because getFullOrganization requires a browser session (cookies)
-      // Query user's first organization membership
-      const membership = await timings.measure("auth_query_membership", () =>
-        db
+      // For MCP OAuth sessions we need to query the database directly because
+      // getFullOrganization requires a browser session (cookies). The OAuth
+      // grant doesn't carry org context, so prefer an explicit hint from the
+      // request (x-org-id / x-org-slug) and fall back to the user's first
+      // membership only when no hint is given. Without the hint, multi-org
+      // users get a non-deterministic pick and end up with the wrong
+      // ctx.organization on every request that doesn't target their first org.
+      const orgIdHint = req.headers.get("x-org-id");
+      const orgSlugHint = req.headers.get("x-org-slug");
+
+      const membership = await timings.measure("auth_query_membership", () => {
+        const base = db
           .selectFrom("member")
           .innerJoin("organization", "organization.id", "member.organizationId")
           .select([
@@ -513,9 +530,20 @@ async function authenticateRequest(
             "organization.slug as orgSlug",
             "organization.name as orgName",
           ])
-          .where("member.userId", "=", userId)
-          .executeTakeFirst(),
-      );
+          .where("member.userId", "=", userId);
+
+        if (orgIdHint) {
+          return base
+            .where("organization.id", "=", orgIdHint)
+            .executeTakeFirst();
+        }
+        if (orgSlugHint) {
+          return base
+            .where("organization.slug", "=", orgSlugHint)
+            .executeTakeFirst();
+        }
+        return base.executeTakeFirst();
+      });
 
       const role = membership?.role;
       const organization = membership
@@ -710,7 +738,13 @@ async function authenticateRequest(
     const session = (await timings.measure("auth_get_session", () =>
       auth.api.getSession({ headers: sessionHeaders }),
     )) as {
-      user: { id: string; email: string; emailVerified: boolean };
+      user: {
+        id: string;
+        email: string;
+        emailVerified: boolean;
+        name?: string;
+        image?: string | null;
+      };
       session: { activeOrganizationId?: string };
     } | null;
 
@@ -718,7 +752,72 @@ async function authenticateRequest(
       let organization: OrganizationContext | undefined;
       let role: string | undefined;
 
-      if (session.session.activeOrganizationId) {
+      // Prefer per-request org header (x-org-id / x-org-slug) over
+      // session.activeOrganizationId. The session row stores a single active
+      // org shared across all browser tabs, so switching orgs in one tab
+      // would otherwise leak into requests from other tabs. The frontend
+      // sends x-org-id derived from the URL (/$org) on every MCP call.
+      //
+      // Fall back to query params on GET requests for SSE endpoints —
+      // `EventSource` can't set custom headers, so SSE callers append
+      // `?x-org-id=...` instead. GET-only restricts the surface to read paths
+      // (mutations always have a body and never go through EventSource).
+      // Membership is still verified below.
+      let requestedOrgId = req.headers.get("x-org-id");
+      let requestedOrgSlug = req.headers.get("x-org-slug");
+      if (
+        !requestedOrgId &&
+        !requestedOrgSlug &&
+        req.method.toUpperCase() === "GET"
+      ) {
+        try {
+          const params = new URL(req.url).searchParams;
+          requestedOrgId = params.get("x-org-id");
+          requestedOrgSlug = params.get("x-org-slug");
+        } catch {
+          // Malformed URL — leave both null and fall through to session state
+        }
+      }
+
+      if (requestedOrgId || requestedOrgSlug) {
+        const membership = await timings.measure(
+          "auth_query_membership_from_header",
+          () => {
+            let q = db
+              .selectFrom("member")
+              .innerJoin(
+                "organization",
+                "organization.id",
+                "member.organizationId",
+              )
+              .select([
+                "member.role",
+                "organization.id as orgId",
+                "organization.slug as orgSlug",
+                "organization.name as orgName",
+              ])
+              .where("member.userId", "=", session.user.id);
+            if (requestedOrgId) {
+              q = q.where("organization.id", "=", requestedOrgId);
+            } else if (requestedOrgSlug) {
+              q = q.where("organization.slug", "=", requestedOrgSlug);
+            }
+            return q.executeTakeFirst();
+          },
+        );
+
+        if (membership) {
+          organization = {
+            id: membership.orgId,
+            slug: membership.orgSlug,
+            name: membership.orgName,
+          };
+          role = membership.role;
+        }
+        // If header was provided but no membership matched, leave
+        // organization undefined so downstream access checks fail closed
+        // (403) rather than silently falling back to session state.
+      } else if (session.session.activeOrganizationId) {
         // Get full organization data (includes members with roles)
 
         const orgData = (await timings.measure(
@@ -768,6 +867,8 @@ async function authenticateRequest(
           id: session.user.id,
           email: session.user.email,
           emailVerified: !!session.user.emailVerified,
+          name: session.user.name,
+          image: session.user.image ?? undefined,
           role,
         },
         role,
@@ -926,12 +1027,30 @@ export async function createMeshContextFactory(
     const clientPool = createClientPool();
     // Authenticate request (OAuth session or API key)
     const authResult = req
-      ? await authenticateRequest(
-          req,
-          config.auth,
-          config.db,
-          timings,
-          config.memberRoleCache,
+      ? await config.observability.tracer.startActiveSpan(
+          "mesh.auth",
+          async (span) => {
+            try {
+              const result = await authenticateRequest(
+                req,
+                config.auth,
+                config.db,
+                timings,
+                config.memberRoleCache,
+              );
+              span.setStatus({ code: SpanStatusCode.OK });
+              return result;
+            } catch (err) {
+              span.setStatus({
+                code: SpanStatusCode.ERROR,
+                message: (err as Error).message,
+              });
+              span.recordException(err as Error);
+              throw err;
+            } finally {
+              span.end();
+            }
+          },
         )
       : { user: undefined };
 
@@ -982,6 +1101,8 @@ export async function createMeshContextFactory(
       boundAuth, // Bound auth client for permission checks
       authResult.role, // Role from session (for built-in role bypass)
       "self", // Default connectionId for management APIs (matches permission resource key)
+      undefined, // getToolMeta set later by defineTool
+      organization?.id, // Path-resolved/auth-resolved org for permission checks
     );
 
     const storage = {
@@ -994,15 +1115,15 @@ export async function createMeshContextFactory(
       config.modelListCache,
     );
 
-    // Create org-scoped object storage if S3 is configured and org is available.
-    // In development without S3, fall back to DevObjectStorage (local filesystem).
+    // Create org-scoped object storage. Use S3 when configured, otherwise fall
+    // back to DevObjectStorage (local filesystem) so the OBJECT_STORAGE binding
+    // still resolves on self-host setups without S3.
     const s3Service = getObjectStorageS3Service();
-    const objectStorage =
-      s3Service && organization
+    const objectStorage = !organization
+      ? null
+      : s3Service
         ? createBoundObjectStorage(s3Service, organization.id)
-        : getSettings().nodeEnv === "development" && organization
-          ? new DevObjectStorage(organization.id, baseUrl)
-          : null;
+        : new DevObjectStorage(organization.id, baseUrl);
 
     const ctx: MeshContext = {
       timings,
diff --git a/apps/mesh/src/core/mesh-context.ts b/apps/mesh/src/core/mesh-context.ts
index 67bc70846d..a21c82d5e8 100644
--- a/apps/mesh/src/core/mesh-context.ts
+++ b/apps/mesh/src/core/mesh-context.ts
@@ -72,8 +72,16 @@ export interface BoundAuthClient {
   /**
    * Check if the authenticated user has the specified permission
    * Delegates to Better Auth's Organization plugin hasPermission API
+   *
+   * @param permission - Permission to check
+   * @param options.organizationId - Override the session-based active org.
+   *   When set, Better Auth uses this org for the permission check instead
+   *   of the user's session-active org. Used by path-resolved org middleware.
    */
-  hasPermission(permission: Permission): Promise<boolean>;
+  hasPermission(
+    permission: Permission,
+    options?: { organizationId?: string },
+  ): Promise<boolean>;
 
   // Organization APIs (bound with headers)
   organization: {
@@ -172,6 +180,7 @@ export interface MeshAuth {
     email?: string;
     emailVerified?: boolean;
     name?: string;
+    image?: string;
     role?: string; // From Better Auth organization plugin
   };
 
@@ -197,6 +206,14 @@ export interface OrganizationScope {
   id: string;
   slug?: string;
   name?: string;
+  /**
+   * Caller's role within this organization (e.g. "owner", "admin", "member").
+   * Set by `resolveOrgFromPath` when the org is resolved from the URL slug,
+   * so downstream code (notably AuthTransport, which constructs a fresh
+   * AccessControl per proxied tool call) can use the path-resolved role
+   * instead of the session's active-org role — they may differ.
+   */
+  role?: string;
 }
 
 // ============================================================================
@@ -211,6 +228,7 @@ export interface RequestMetadata {
   timestamp: Date;
   userAgent?: string;
   ipAddress?: string;
+  threadId?: string;
   /** Custom properties from x-mesh-properties header (string key-value pairs) */
   properties?: Record<string, string>;
   wellKnownForwardableHeaders?: Record<string, string | null>;
diff --git a/apps/mesh/src/fmt.ts b/apps/mesh/src/fmt.ts
index 33f8bb8231..c759299d5c 100644
--- a/apps/mesh/src/fmt.ts
+++ b/apps/mesh/src/fmt.ts
@@ -6,7 +6,6 @@
  */
 
 export const dim = (s: string) => `\x1b[2m${s}\x1b[22m`;
-export const red = (s: string) => `\x1b[31m${s}\x1b[39m`;
 
 const rgb = (r: number, g: number, b: number, s: string) =>
   `\x1b[38;2;${r};${g};${b}m${s}\x1b[39m`;
diff --git a/apps/mesh/src/index.ts b/apps/mesh/src/index.ts
index 48e31a3bfd..3e5d028139 100644
--- a/apps/mesh/src/index.ts
+++ b/apps/mesh/src/index.ts
@@ -24,27 +24,9 @@ const { isServerPath } = await import("./api/utils/paths");
 const { createAssetHandler, resolveClientDir } = await import(
   "@decocms/runtime/asset-server"
 );
-const { red } = await import("./fmt");
 
 const port = settings.port;
 
-// Refuse local mode in production — it disables authentication
-if (
-  settings.localMode &&
-  settings.nodeEnv === "production" &&
-  !settings.allowLocalProd
-) {
-  console.error(
-    red(
-      "Error: Local mode is not allowed in production (NODE_ENV=production).",
-    ),
-  );
-  console.error(
-    "Set DECOCMS_ALLOW_LOCAL_PROD=true to override (not recommended).",
-  );
-  process.exit(1);
-}
-
 // Create asset handler - handles both dev proxy and production static files
 // When running from source (src/index.ts), the "../client" relative path
 // doesn't resolve to dist/client/. Fall back to dist/client/ relative to CWD.
@@ -75,6 +57,89 @@ function withSecurityHeaders(res: Response): Response {
   });
 }
 
+// Closed early in gracefulShutdown so the port frees before the Hono drain.
+let ingressServers: import("node:net").Server[] = [];
+
+// Sandbox preview reverse-proxy (agent-sandbox only). The base domain is parsed at
+// boot from STUDIO_SANDBOX_PREVIEW_URL_PATTERN; null disables the proxy and
+// preview-host requests fall through to the normal mesh routing (which 404s
+// because nothing matches). The Bun-level WS handler is registered
+// unconditionally — when previewBaseDomain is null, no upgrade path runs it.
+const {
+  parsePreviewBaseDomain,
+  tryHandlePreviewHttp,
+  tryUpgradePreviewWs,
+  previewWebSocketHandler,
+  isPreviewWsData,
+} = await import("./sandbox/preview-proxy");
+const { getOrInitSharedRunner: getOrInitRunnerForPreview } = await import(
+  "./sandbox/lifecycle"
+);
+const previewBaseDomain = parsePreviewBaseDomain(
+  process.env.STUDIO_SANDBOX_PREVIEW_URL_PATTERN,
+);
+const previewProxyDeps = {
+  baseDomain: previewBaseDomain ?? "",
+  getRunner: async () => {
+    const runner = await getOrInitRunnerForPreview();
+    if (!runner || runner.kind !== "agent-sandbox") return null;
+    // The agent-sandbox runner is the only one that exposes proxyPreviewRequest /
+    // resolvePreviewUpstreamUrl; cast is safe after the kind check.
+    return runner as unknown as import("@decocms/sandbox/runner/agent-sandbox").AgentSandboxRunner;
+  },
+};
+
+// Boot/dev wiring for local runners (docker + host). The boot sweep is
+// Docker-only — host runner's rehydrate() probes /health and discards dead
+// state on its own. The local ingress is shared by both runners.
+const { resolveRunnerKindFromEnv } = await import("@decocms/sandbox/runner");
+const sandboxRunnerKind = resolveRunnerKindFromEnv();
+const ingressEligible =
+  sandboxRunnerKind === "docker" || sandboxRunnerKind === "host";
+
+if (ingressEligible) {
+  const { startLocalSandboxIngress } = await import("@decocms/sandbox/runner");
+  const { getSharedRunnerIfInit, getOrInitSharedRunner } = await import(
+    "./sandbox/lifecycle"
+  );
+
+  // Boot sweep (best-effort). Shutdown cleanup can't cover crashes —
+  // SIGTERM races with the parent killing postgres — so the boot sweep is
+  // what actually keeps `docker ps` empty between sessions.
+  // Host runner's rehydrate() probes /health and discards dead state on its own.
+  if (sandboxRunnerKind === "docker") {
+    const { sweepDockerOrphansOnBoot } = await import(
+      "@decocms/sandbox/runner"
+    );
+    await sweepDockerOrphansOnBoot();
+  }
+
+  // Port 7070 default: macOS AirPlay Receiver owns `*:7000` on v4+v6, so a
+  // Chrome Happy-Eyeballs race would hit Apple. The ingress is part of the
+  // host/docker runner contract — those runners only expose user dev servers
+  // through `<handle>.localhost:7070`, so the gate is the runner kind, not
+  // NODE_ENV. Set `SANDBOX_INGRESS_PORT=0` to skip binding entirely.
+  const ingressPort = Number(process.env.SANDBOX_INGRESS_PORT ?? 7070);
+  if (ingressPort > 0) {
+    ingressServers = startLocalSandboxIngress(() => {
+      const r = getSharedRunnerIfInit();
+      if (!r) return null;
+      if (r.kind !== "docker" && r.kind !== "host") return null;
+      // Both DockerSandboxRunner and HostSandboxRunner expose
+      // resolveDaemonPort; the structural cast is safe after the kind check.
+      return r as unknown as {
+        resolveDaemonPort(handle: string): Promise<number | null>;
+      };
+    }, ingressPort);
+
+    // Construct the runner up-front. The first preview-iframe request
+    // typically arrives on a page reload with a warm vmMap, before either
+    // VM_START or `/api/vm-events` has touched the runner — without this
+    // eager init the ingress would 503 with "Sandbox Runner Not Initialized".
+    await getOrInitSharedRunner();
+  }
+}
+
 // Create the Hono app
 const app = await createApp();
 
@@ -88,11 +153,11 @@ if (!settings.isCli) {
 }
 
 // REUSE_PORT is an internal coordination signal set by serve.ts when
-// numThreads > 1 on Linux. It intentionally bypasses the Settings pipeline
-// because it is not a user-facing config — it is set programmatically by the
-// CLI layer immediately before importing this module.
-const reusePort =
-  process.platform === "linux" && process.env.REUSE_PORT === "true";
+// --num-threads > 1. It intentionally bypasses the Settings pipeline because
+// it is not a user-facing config — it is set programmatically by the CLI
+// layer immediately before importing this module. serve.ts owns the
+// platform-eligibility decision; we trust the signal here.
+const reusePort = process.env.REUSE_PORT === "true";
 
 // DECOCMS_IS_WORKER is set by serve.ts on spawned worker processes.
 // Workers skip local-mode seeding to avoid concurrent DB races.
@@ -105,13 +170,49 @@ const server = Bun.serve({
   hostname: "0.0.0.0", // Listen on all network interfaces (required for K8s)
   reusePort,
   fetch: async (request, server) => {
+    // Sandbox preview proxy: matched by Host header. Runs *before* assets
+    // and the Hono app so a `<handle>.preview.<base>` request never hits
+    // mesh's static-file handler (which would 404 on the dev server's
+    // bundle paths). WS upgrades short-circuit Bun.serve's fetch by
+    // returning undefined; HTTP returns a Response.
+    if (previewBaseDomain) {
+      // Bun's Server type defaults T=undefined for upgrade<T>(); cast widens
+      // to our PreviewWsData carrier so the WS handler can stash it. Bun
+      // doesn't enforce data-type consistency at runtime, only via generics.
+      const upgradeRes = await tryUpgradePreviewWs(
+        request,
+        server as unknown as Parameters<typeof tryUpgradePreviewWs>[1],
+        previewProxyDeps,
+      );
+      if (upgradeRes === undefined) return; // upgraded
+      if (upgradeRes) return upgradeRes; // pre-upgrade error
+      const httpRes = await tryHandlePreviewHttp(request, previewProxyDeps);
+      if (httpRes) return httpRes;
+    }
+
     // Try assets first (static files or dev proxy), then API
     // Pass server as env so Hono's getConnInfo can access requestIP
     const assetRes = await handleAssets(request);
     if (assetRes) return withSecurityHeaders(assetRes);
     return app.fetch(request, { server });
   },
-  development: settings.nodeEnv !== "production",
+  // Multiplexed WebSocket handler. `ws.data.kind` discriminates which
+  // upgrader stashed the payload — preview is the only producer today; new
+  // upgraders should add a tagged `kind` and a branch here.
+  websocket: {
+    open(ws) {
+      if (isPreviewWsData(ws.data)) previewWebSocketHandler.open(ws);
+    },
+    message(ws, message) {
+      if (isPreviewWsData(ws.data)) {
+        previewWebSocketHandler.message(ws, message);
+      }
+    },
+    close(ws) {
+      if (isPreviewWsData(ws.data)) previewWebSocketHandler.close(ws);
+    },
+  },
+  development: false,
 });
 
 // Local mode: seed admin user + organization after server is listening
@@ -166,15 +267,17 @@ async function gracefulShutdown(signal: string) {
     // 1. Mark as shutting down — readiness returns 503 immediately
     app.markShuttingDown();
 
-    // 2. Give K8s time to notice the 503 and stop routing traffic before
-    //    we close connections (~2s is enough for most configurations)
+    // 2. Close ingress first so port 7070 frees immediately — next `bun dev`
+    //    shouldn't have to wait out our drain.
+    for (const s of ingressServers) s.close();
+
+    // 3. Let K8s notice the 503 before we close connections.
     await new Promise((r) => setTimeout(r, 2_000));
 
-    // 3. Stop accepting new connections, force-close active ones
-    //    (SSE streams are long-lived and would block graceful drain indefinitely)
+    // 4. Force-close connections (SSE streams are long-lived and would block
+    //    graceful drain indefinitely).
     await server.stop(true);
 
-    // 4. Stop workers, flush telemetry, close DB
     await app.shutdown();
   } catch (err) {
     console.error("[shutdown] Error during shutdown:", err);
@@ -187,3 +290,15 @@ async function gracefulShutdown(signal: string) {
 
 process.on("SIGTERM", () => gracefulShutdown("SIGTERM"));
 process.on("SIGINT", () => gracefulShutdown("SIGINT"));
+// Bun keeps the process alive after terminal close — without SIGHUP we
+// accumulate zombies still holding port 7070.
+process.on("SIGHUP", () => gracefulShutdown("SIGHUP"));
+
+process.on("unhandledRejection", (reason) => {
+  console.error("[process] Unhandled rejection:", reason);
+});
+
+process.on("uncaughtException", (err) => {
+  console.error("[process] Uncaught exception:", err);
+  gracefulShutdown("uncaughtException");
+});
diff --git a/apps/mesh/src/mcp-apps/mcp-app-renderer.tsx b/apps/mesh/src/mcp-apps/mcp-app-renderer.tsx
index 4dedacf0a0..5c9a61cddf 100644
--- a/apps/mesh/src/mcp-apps/mcp-app-renderer.tsx
+++ b/apps/mesh/src/mcp-apps/mcp-app-renderer.tsx
@@ -11,6 +11,11 @@ import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
 import { injectCSP } from "./csp-injector.ts";
 import type { McpUiResourceCsp } from "./types.ts";
 import { useAppBridge } from "./use-app-bridge.ts";
+import { track } from "../web/lib/posthog-client";
+
+// Module-level dedup so a given MCP app resource fires `mcp_app_opened` at
+// most once per page session. Different resources still fire their own events.
+const openedMcpApps = new Set<string>();
 
 // ---------------------------------------------------------------------------
 // useResourceHtml
@@ -52,6 +57,9 @@ interface MCPAppRendererProps {
     params: McpUiUpdateModelContextRequest["params"],
   ) => void;
   onTeardown?: () => void;
+  onRequestDisplayMode?: (
+    mode: McpUiDisplayMode,
+  ) => McpUiDisplayMode | Promise<McpUiDisplayMode>;
   className?: string;
 }
 
@@ -72,11 +80,24 @@ export function MCPAppRenderer({
   onMessage,
   onUpdateModelContext,
   onTeardown,
+  onRequestDisplayMode,
   className,
 }: MCPAppRendererProps) {
   const { data } = useMCPReadResource({ client, uri, staleTime: 30_000 });
   const html = useResourceHtml(data);
 
+  // Fire mcp_app_opened once per (page session × resource URI) — render-time
+  // dedupe via module Set. Display mode distinguishes inline (shown inside
+  // chat messages) from fullscreen (opened as a view panel).
+  if (uri && !openedMcpApps.has(uri)) {
+    openedMcpApps.add(uri);
+    track("mcp_app_opened", {
+      resource_uri: uri,
+      display_mode: displayMode,
+      tool_name: toolInfo?.tool?.name ?? null,
+    });
+  }
+
   const { height, isLoading, error, iframeRef } = useAppBridge({
     client,
     displayMode,
@@ -89,6 +110,7 @@ export function MCPAppRenderer({
     onMessage,
     onUpdateModelContext,
     onTeardown,
+    onRequestDisplayMode,
   });
 
   if (!html) return null;
diff --git a/apps/mesh/src/mcp-apps/use-app-bridge.ts b/apps/mesh/src/mcp-apps/use-app-bridge.ts
index e3526e9727..49148a3186 100644
--- a/apps/mesh/src/mcp-apps/use-app-bridge.ts
+++ b/apps/mesh/src/mcp-apps/use-app-bridge.ts
@@ -138,6 +138,9 @@ interface BridgeStoreConfig {
     params: McpUiUpdateModelContextRequest["params"],
   ) => void;
   onTeardown?: () => void;
+  onRequestDisplayMode?: (
+    mode: McpUiDisplayMode,
+  ) => McpUiDisplayMode | Promise<McpUiDisplayMode>;
 }
 
 class BridgeStore {
@@ -186,6 +189,9 @@ class BridgeStore {
 
     if (!this.bridge || this.disposed) return;
 
+    if (config.displayMode !== prev.displayMode) {
+      this.pushHostContext();
+    }
     if (config.toolInput !== prev.toolInput && config.toolInput != null) {
       this.bridge.sendToolInput({ arguments: config.toolInput });
     }
@@ -338,6 +344,13 @@ class BridgeStore {
       );
     };
 
+    bridge.onrequestdisplaymode = async ({ mode }) => {
+      const actualMode = this.config.onRequestDisplayMode
+        ? await this.config.onRequestDisplayMode(mode)
+        : this.config.displayMode;
+      return { mode: actualMode };
+    };
+
     bridge.ondownloadfile = async ({ contents }) => {
       for (const item of contents) {
         if (item.type === "resource") {
@@ -433,6 +446,9 @@ interface UseAppBridgeOptions {
     params: McpUiUpdateModelContextRequest["params"],
   ) => void;
   onTeardown?: () => void;
+  onRequestDisplayMode?: (
+    mode: McpUiDisplayMode,
+  ) => McpUiDisplayMode | Promise<McpUiDisplayMode>;
 }
 
 interface UseAppBridgeReturn {
diff --git a/apps/mesh/src/mcp-clients/outbound/headers.ts b/apps/mesh/src/mcp-clients/outbound/headers.ts
index 0d1dc8d26d..d6ec55fe82 100644
--- a/apps/mesh/src/mcp-clients/outbound/headers.ts
+++ b/apps/mesh/src/mcp-clients/outbound/headers.ts
@@ -8,6 +8,7 @@
 import { extractConnectionPermissions } from "@/auth/configuration-scopes";
 import { issueMeshToken } from "@/auth/jwt";
 import type { MeshContext } from "@/core/mesh-context";
+import { SpanStatusCode } from "@opentelemetry/api";
 import { refreshAccessToken } from "@/oauth/token-refresh";
 import { resolveOriginTokenEndpoint } from "@/oauth/resolve-token-endpoint";
 import { DownstreamTokenStorage } from "@/storage/downstream-token";
@@ -52,6 +53,33 @@ export async function buildRequestHeaders(
   connection: ConnectionEntity,
   ctx: MeshContext,
   superUser: boolean,
+): Promise<Record<string, string>> {
+  return ctx.tracer.startActiveSpan(
+    "mesh.connection.build_headers",
+    { attributes: { "connection.id": connection.id } },
+    async (span) => {
+      try {
+        const result = await _buildRequestHeaders(connection, ctx, superUser);
+        span.setStatus({ code: SpanStatusCode.OK });
+        return result;
+      } catch (err) {
+        span.setStatus({
+          code: SpanStatusCode.ERROR,
+          message: (err as Error).message,
+        });
+        span.recordException(err as Error);
+        throw err;
+      } finally {
+        span.end();
+      }
+    },
+  );
+}
+
+async function _buildRequestHeaders(
+  connection: ConnectionEntity,
+  ctx: MeshContext,
+  superUser: boolean,
 ): Promise<Record<string, string>> {
   const connectionId = connection.id;
 
@@ -65,8 +93,9 @@ export async function buildRequestHeaders(
     connection.configuration_scopes,
   );
 
+  const ctxUser = ctx.auth.user;
   const userId =
-    ctx.auth.user?.id ??
+    ctxUser?.id ??
     ctx.auth.apiKey?.userId ??
     (superUser ? connection.created_by : undefined);
 
@@ -80,7 +109,13 @@ export async function buildRequestHeaders(
   const [configurationToken, error] = userId
     ? await issueMeshToken({
         sub: userId,
-        user: { id: userId },
+        user: {
+          id: userId,
+          email: ctxUser?.email,
+          name: ctxUser?.name,
+          image: ctxUser?.image,
+          role: ctxUser?.role,
+        },
         metadata: {
           state: stripBindingMetadata(
             connection.configuration_state as Record<string, unknown> | null,
@@ -167,12 +202,20 @@ export async function buildRequestHeaders(
 
           accessToken = refreshResult.accessToken;
         } else {
-          // Refresh failed - token is invalid
-          // Delete the cached token so user gets prompted to re-auth
-          await tokenStorage.delete(connectionId);
-          console.error(
-            `[Proxy] Token refresh failed for ${connectionId}: ${refreshResult.error}`,
-          );
+          // Only delete on a definitive `400 invalid_grant`. Transient
+          // failures (5xx, network, non-spec status codes) leave the cached
+          // row intact so the next request retries instead of forcing a
+          // manual reconnect.
+          if (refreshResult.permanent === true) {
+            await tokenStorage.delete(connectionId);
+          }
+          console.error("[Proxy] token refresh failed", {
+            connectionId,
+            status: refreshResult.status,
+            errorCode: refreshResult.errorCode,
+            permanent: refreshResult.permanent === true,
+            deleted: refreshResult.permanent === true,
+          });
         }
       } else {
         // Token expired but no refresh capability - delete it
diff --git a/apps/mesh/src/mcp-clients/outbound/index.ts b/apps/mesh/src/mcp-clients/outbound/index.ts
index 455c8d4e3b..b2f20bd2ca 100644
--- a/apps/mesh/src/mcp-clients/outbound/index.ts
+++ b/apps/mesh/src/mcp-clients/outbound/index.ts
@@ -51,13 +51,11 @@ export async function createOutboundClient(
 
   switch (connection.connection_type) {
     case "STDIO": {
-      // Block STDIO connections in production unless explicitly allowed
-      if (
-        getSettings().nodeEnv === "production" &&
-        !getSettings().unsafeAllowStdioTransport
-      ) {
+      // STDIO transports spawn arbitrary local commands, so they're only
+      // available in single-tenant local mode (`mesh dev`/`mesh serve --local-mode`).
+      if (!getSettings().localMode) {
         throw new Error(
-          "STDIO connections are disabled in production. Set UNSAFE_ALLOW_STDIO_TRANSPORT=true to enable.",
+          "STDIO connections are only available in local mode (--local-mode).",
         );
       }
 
diff --git a/apps/mesh/src/mcp-clients/outbound/transports/auth.ts b/apps/mesh/src/mcp-clients/outbound/transports/auth.ts
index f49d9bbfcf..f43d693ff0 100644
--- a/apps/mesh/src/mcp-clients/outbound/transports/auth.ts
+++ b/apps/mesh/src/mcp-clients/outbound/transports/auth.ts
@@ -159,14 +159,20 @@ export class AuthTransport extends WrapperTransport {
 
     // Create AccessControl with connectionId set
     // This checks: does user have permission for this TOOL on this CONNECTION?
+    //
+    // Prefer the path-resolved org+role (set by resolveOrgFromPath) over the
+    // session-derived ones. The session's active-org role may not match the
+    // org in the URL — e.g. owner of /api/foo with no/different active org
+    // would otherwise lose the admin/owner bypass and 403 on every tool call.
     const connectionAccessControl = new AccessControl(
       ctx.authInstance,
       ctx.auth.user?.id ?? ctx.auth.apiKey?.userId,
       toolName, // Tool being called
       ctx.boundAuth, // Bound auth client (encapsulates headers)
-      ctx.auth.user?.role, // Role for built-in role bypass
+      ctx.organization?.role ?? ctx.auth.user?.role, // Role for built-in role bypass
       connection.id, // Connection ID for permission check
       getToolMeta, // Callback for public tool check
+      ctx.organization?.id, // Path-resolved org for permission checks
     );
 
     await connectionAccessControl.check(toolName);
diff --git a/apps/mesh/src/mcp-clients/outbound/transports/monitoring.ts b/apps/mesh/src/mcp-clients/outbound/transports/monitoring.ts
index b31823e6ec..2606b288a6 100644
--- a/apps/mesh/src/mcp-clients/outbound/transports/monitoring.ts
+++ b/apps/mesh/src/mcp-clients/outbound/transports/monitoring.ts
@@ -6,7 +6,7 @@
  */
 
 import type { MeshContext } from "@/core/mesh-context";
-import { trace, context } from "@opentelemetry/api";
+import { trace, context, type Context } from "@opentelemetry/api";
 import type { Span } from "@opentelemetry/api";
 import type {
   JSONRPCMessage,
@@ -41,12 +41,16 @@ interface InflightRequest {
 
 export class MonitoringTransport extends WrapperTransport {
   private inflightRequests = new Map<string | number, InflightRequest>();
+  private requestContext: Context;
 
   constructor(
     innerTransport: Transport,
     private options: MonitoringTransportOptions,
   ) {
     super(innerTransport);
+    // Capture the active OTel context at construction time so spans created
+    // during async message handling are correctly parented to the HTTP request.
+    this.requestContext = context.active();
   }
 
   protected override async handleOutgoingMessage(
@@ -82,18 +86,23 @@ export class MonitoringTransport extends WrapperTransport {
       toolArguments = params.arguments as Record<string, unknown> | undefined;
     }
 
-    // Start OpenTelemetry span for tool calls
+    // Start OpenTelemetry span for tool calls, explicitly parented to the
+    // context captured at construction time to survive async context loss.
     let span: Span | undefined;
     if (request.method === "tools/call" && toolName) {
-      span = ctx.tracer.startSpan("mcp.proxy.callTool", {
-        attributes: {
-          "connection.id": connectionId,
-          "tool.name": toolName,
-          "request.id": ctx.metadata.requestId,
-          "jsonrpc.id": request.id,
-          "jsonrpc.method": request.method,
+      span = ctx.tracer.startSpan(
+        "mcp.proxy.callTool",
+        {
+          attributes: {
+            "connection.id": connectionId,
+            "tool.name": toolName,
+            "request.id": ctx.metadata.requestId,
+            "jsonrpc.id": request.id,
+            "jsonrpc.method": request.method,
+          },
         },
-      });
+        this.requestContext,
+      );
     }
 
     // Only track if request has an ID
diff --git a/apps/mesh/src/mcp-clients/virtual-mcp/index.ts b/apps/mesh/src/mcp-clients/virtual-mcp/index.ts
index c0d2c603d0..d6806cf67b 100644
--- a/apps/mesh/src/mcp-clients/virtual-mcp/index.ts
+++ b/apps/mesh/src/mcp-clients/virtual-mcp/index.ts
@@ -7,6 +7,7 @@
 
 import { Client } from "@modelcontextprotocol/sdk/client/index.js";
 import { isDecopilot } from "@decocms/mesh-sdk";
+import { SpanStatusCode } from "@opentelemetry/api";
 import { getMcpListCache } from "../mcp-list-cache";
 import type { MeshContext } from "../../core/mesh-context";
 import type { ConnectionEntity } from "../../tools/connection/schema";
@@ -69,17 +70,41 @@ export async function createVirtualClientFrom(
   _strategy: "passthrough",
   superUser = false,
   options?: { listTimeoutMs?: number },
-): Promise<Client> {
+): Promise<PassthroughClient> {
   // Inclusion mode: use only the connections specified in virtual MCP
   const connectionIds = virtualMcp.connections.map((c) => c.connection_id);
 
   // Load all connections in parallel
-  const connectionPromises = connectionIds.map((connId) =>
-    ctx.storage.connections.findById(connId),
+  const allConnections = await ctx.tracer.startActiveSpan(
+    "mesh.virtual_mcp.load_connections",
+    {
+      attributes: {
+        "virtual_mcp.id": virtualMcp.id ?? "decopilot",
+        "virtual_mcp.connection_count": connectionIds.length,
+      },
+    },
+    async (span) => {
+      try {
+        const result = await Promise.all(
+          connectionIds.map((connId) =>
+            ctx.storage.connections.findById(connId),
+          ),
+        );
+        span.setStatus({ code: SpanStatusCode.OK });
+        return result;
+      } catch (err) {
+        span.setStatus({
+          code: SpanStatusCode.ERROR,
+          message: (err as Error).message,
+        });
+        span.recordException(err as Error);
+        throw err;
+      } finally {
+        span.end();
+      }
+    },
   );
 
-  const allConnections = await Promise.all(connectionPromises);
-
   // Filter out inactive connections and self-referencing VIRTUAL connections
   const loadedConnections = allConnections.filter(
     (conn): conn is ConnectionEntity =>
diff --git a/apps/mesh/src/mcp-clients/virtual-mcp/passthrough-client.ts b/apps/mesh/src/mcp-clients/virtual-mcp/passthrough-client.ts
index 039152cd2d..984753e82c 100644
--- a/apps/mesh/src/mcp-clients/virtual-mcp/passthrough-client.ts
+++ b/apps/mesh/src/mcp-clients/virtual-mcp/passthrough-client.ts
@@ -73,4 +73,8 @@ export class PassthroughClient extends GatewayClient {
   override getInstructions(): string | undefined {
     return this.options.virtualMcp.metadata?.instructions ?? undefined;
   }
+
+  getConnectionTitleMap(): Map<string, string> {
+    return new Map(this.options.connections.map((c) => [c.id, c.title]));
+  }
 }
diff --git a/apps/mesh/src/monitoring/query-engine.test.ts b/apps/mesh/src/monitoring/query-engine.test.ts
index 977050b878..0c82773828 100644
--- a/apps/mesh/src/monitoring/query-engine.test.ts
+++ b/apps/mesh/src/monitoring/query-engine.test.ts
@@ -95,10 +95,17 @@ describe("createMonitoringEngine", () => {
     },
   );
 
-  it("should use DEFAULT_LOGS_DIR when no basePath", async () => {
-    const { source } = await createMonitoringEngine({});
-    expect(source).toContain("deco/logs");
-  });
+  it.skipIf(!duckdbAvailable)(
+    "should use DEFAULT_LOGS_DIR when no basePath",
+    async () => {
+      const { engine, source } = await createMonitoringEngine({});
+      try {
+        expect(source).toContain("deco/logs");
+      } finally {
+        await engine.destroy?.();
+      }
+    },
+  );
 
   it("should create ClickHouseClientEngine when clickhouseUrl is set", async () => {
     const { engine, source } = await createMonitoringEngine({
diff --git a/apps/mesh/src/monitoring/query-engine.ts b/apps/mesh/src/monitoring/query-engine.ts
index e18943e3bb..b25527acde 100644
--- a/apps/mesh/src/monitoring/query-engine.ts
+++ b/apps/mesh/src/monitoring/query-engine.ts
@@ -29,7 +29,9 @@ export class DuckDBEngine implements QueryEngine {
   constructor() {
     this.connectionPromise = import("@duckdb/node-api").then(
       async ({ DuckDBInstance }) => {
-        const instance = await DuckDBInstance.create();
+        const { cpus } = await import("node:os");
+        const threads = String(Math.max(1, cpus().length));
+        const instance = await DuckDBInstance.create("", { threads });
         return instance.connect();
       },
     );
diff --git a/apps/mesh/src/oauth/refresh-access-token.test.ts b/apps/mesh/src/oauth/refresh-access-token.test.ts
new file mode 100644
index 0000000000..27c7e538bc
--- /dev/null
+++ b/apps/mesh/src/oauth/refresh-access-token.test.ts
@@ -0,0 +1,128 @@
+import { describe, it, expect, beforeEach, afterAll } from "bun:test";
+import { refreshAccessToken } from "./refresh-access-token";
+import type { DownstreamToken } from "../storage/types";
+
+const baseToken: DownstreamToken = {
+  id: "dtok_test",
+  connectionId: "conn_test",
+  accessToken: "stale",
+  refreshToken: "rt",
+  scope: "repo",
+  expiresAt: new Date(Date.now() - 1000),
+  createdAt: new Date(),
+  updatedAt: new Date(),
+  clientId: "cid",
+  clientSecret: null,
+  tokenEndpoint: "https://example.com/token",
+};
+
+const originalFetch = globalThis.fetch;
+
+const installFetch = (responder: () => Response | Promise<Response>): void => {
+  globalThis.fetch = (async () =>
+    await responder()) as unknown as typeof globalThis.fetch;
+};
+
+describe("refreshAccessToken", () => {
+  beforeEach(() => {
+    globalThis.fetch = originalFetch;
+  });
+
+  afterAll(() => {
+    globalThis.fetch = originalFetch;
+  });
+
+  it("flags 400 invalid_grant as permanent so callers can delete the token", async () => {
+    installFetch(
+      () =>
+        new Response(
+          JSON.stringify({
+            error: "invalid_grant",
+            error_description: "refresh token revoked",
+          }),
+          { status: 400, headers: { "Content-Type": "application/json" } },
+        ),
+    );
+
+    const result = await refreshAccessToken(baseToken);
+
+    expect(result.success).toBe(false);
+    expect(result.permanent).toBe(true);
+    expect(result.error).toContain("revoked");
+  });
+
+  it("flags other 4xx errors as transient (could be config issue, retry-worthy)", async () => {
+    installFetch(
+      () =>
+        new Response(
+          JSON.stringify({
+            error: "invalid_request",
+            error_description: "missing parameter",
+          }),
+          { status: 400, headers: { "Content-Type": "application/json" } },
+        ),
+    );
+
+    const result = await refreshAccessToken(baseToken);
+
+    expect(result.success).toBe(false);
+    expect(result.permanent).toBe(false);
+  });
+
+  it("flags 5xx as transient — the OAuth server is broken, the token might still be valid", async () => {
+    installFetch(
+      () =>
+        new Response(
+          JSON.stringify({
+            error: "server_error",
+            error_description: "Failed to process token request",
+          }),
+          { status: 500, headers: { "Content-Type": "application/json" } },
+        ),
+    );
+
+    const result = await refreshAccessToken(baseToken);
+
+    expect(result.success).toBe(false);
+    expect(result.permanent).toBe(false);
+  });
+
+  it("flags network errors as transient", async () => {
+    installFetch(() => {
+      throw new Error("network down");
+    });
+
+    const result = await refreshAccessToken(baseToken);
+
+    expect(result.success).toBe(false);
+    expect(result.permanent).toBe(false);
+  });
+
+  it("flags missing prerequisites as transient (config bug, not a bad refresh_token)", async () => {
+    const noRefreshToken = { ...baseToken, refreshToken: null };
+    const result = await refreshAccessToken(noRefreshToken);
+
+    expect(result.success).toBe(false);
+    expect(result.permanent).toBe(false);
+  });
+
+  it("does not flag success results as permanent", async () => {
+    installFetch(
+      () =>
+        new Response(
+          JSON.stringify({
+            access_token: "new",
+            token_type: "Bearer",
+            expires_in: 3600,
+          }),
+          { status: 200, headers: { "Content-Type": "application/json" } },
+        ),
+    );
+
+    const result = await refreshAccessToken(baseToken);
+
+    expect(result.success).toBe(true);
+    expect(result.permanent).toBeUndefined();
+    expect(result.accessToken).toBe("new");
+  });
+});
diff --git a/apps/mesh/src/oauth/refresh-access-token.ts b/apps/mesh/src/oauth/refresh-access-token.ts
new file mode 100644
index 0000000000..0e5a711797
--- /dev/null
+++ b/apps/mesh/src/oauth/refresh-access-token.ts
@@ -0,0 +1,151 @@
+/**
+ * OAuth Token Refresh Primitive
+ *
+ * Pure fetch-based refresh of an OAuth access token via the refresh_token
+ * grant. Kept in its own module so tests can mock the primitive — callers
+ * that route through `refreshAndStore` (in `./token-refresh`) pick up the
+ * mock through the module resolver, unlike same-module references which
+ * `mock.module` cannot intercept.
+ */
+
+import type { DownstreamToken } from "../storage/types";
+
+export interface TokenRefreshResult {
+  success: boolean;
+  /**
+   * `true` only when the OAuth server told us the refresh_token itself is
+   * permanently invalid (RFC 6749 §5.2: `400 invalid_grant`). Callers use
+   * this to decide whether to delete the cached token: deleting on transient
+   * failures (5xx, network blips, non-spec status codes) silently logs users
+   * out and forces a manual reconnect, so we only delete when we're certain.
+   */
+  permanent?: boolean;
+  accessToken?: string;
+  refreshToken?: string;
+  expiresIn?: number;
+  scope?: string;
+  error?: string;
+  /** HTTP status of the OAuth response, when there was one. */
+  status?: number;
+  /** OAuth error code from the response body, when present. */
+  errorCode?: string;
+}
+
+export async function refreshAccessToken(
+  token: DownstreamToken,
+): Promise<TokenRefreshResult> {
+  if (!token.refreshToken) {
+    return {
+      success: false,
+      permanent: false,
+      error: "No refresh token available",
+    };
+  }
+
+  if (!token.tokenEndpoint) {
+    return {
+      success: false,
+      permanent: false,
+      error: "No token endpoint available",
+    };
+  }
+
+  if (!token.clientId) {
+    return {
+      success: false,
+      permanent: false,
+      error: "No client ID available",
+    };
+  }
+
+  try {
+    const params = new URLSearchParams({
+      grant_type: "refresh_token",
+      refresh_token: token.refreshToken,
+      client_id: token.clientId,
+    });
+
+    if (token.clientSecret) {
+      params.set("client_secret", token.clientSecret);
+    }
+
+    if (token.scope) {
+      params.set("scope", token.scope);
+    }
+
+    const response = await fetch(token.tokenEndpoint, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        Accept: "application/json",
+      },
+      body: params.toString(),
+    });
+
+    if (!response.ok) {
+      const errorBody = await response.text();
+      let errorCode: string | undefined;
+      let errorDescription: string | undefined;
+      try {
+        const errorJson = JSON.parse(errorBody);
+        errorCode = errorJson.error;
+        errorDescription = errorJson.error_description;
+      } catch {
+        // body wasn't JSON — fall through with undefined codes
+      }
+
+      // Only `400 invalid_grant` means the refresh_token is permanently dead.
+      // Everything else (5xx, network blips, non-spec status codes) is treated
+      // as transient — the cached token should not be deleted.
+      const permanent =
+        response.status === 400 && errorCode === "invalid_grant";
+
+      console.error("[TokenRefresh] refresh failed", {
+        connectionId: token.connectionId,
+        tokenEndpoint: token.tokenEndpoint,
+        status: response.status,
+        errorCode,
+        errorDescription,
+        permanent,
+      });
+
+      return {
+        success: false,
+        permanent,
+        status: response.status,
+        errorCode,
+        error:
+          errorDescription ||
+          errorCode ||
+          `Token refresh failed: ${response.status}`,
+      };
+    }
+
+    const data = (await response.json()) as {
+      access_token: string;
+      refresh_token?: string;
+      expires_in?: number;
+      token_type?: string;
+      scope?: string;
+    };
+
+    return {
+      success: true,
+      accessToken: data.access_token,
+      refreshToken: data.refresh_token || token.refreshToken,
+      expiresIn: data.expires_in,
+      scope: data.scope,
+    };
+  } catch (error) {
+    console.error("[TokenRefresh] network/parse error", {
+      connectionId: token.connectionId,
+      tokenEndpoint: token.tokenEndpoint,
+      message: error instanceof Error ? error.message : String(error),
+    });
+    return {
+      success: false,
+      permanent: false,
+      error: error instanceof Error ? error.message : "Token refresh failed",
+    };
+  }
+}
diff --git a/apps/mesh/src/oauth/token-refresh.test.ts b/apps/mesh/src/oauth/token-refresh.test.ts
new file mode 100644
index 0000000000..fbe325c6a3
--- /dev/null
+++ b/apps/mesh/src/oauth/token-refresh.test.ts
@@ -0,0 +1,147 @@
+import {
+  describe,
+  it,
+  expect,
+  vi,
+  mock,
+  beforeAll,
+  afterAll,
+  beforeEach,
+} from "bun:test";
+import {
+  createTestDatabase,
+  closeTestDatabase,
+  type TestDatabase,
+} from "../database/test-db";
+import {
+  createTestSchema,
+  seedCommonTestFixtures,
+} from "../storage/test-helpers";
+import { CredentialVault } from "../encryption/credential-vault";
+import { DownstreamTokenStorage } from "../storage/downstream-token";
+import { ConnectionStorage } from "../storage/connection";
+import type { TokenRefreshResult } from "./refresh-access-token";
+
+const mockRefreshAccessToken =
+  vi.fn<(...args: unknown[]) => Promise<TokenRefreshResult>>();
+mock.module("./refresh-access-token", () => ({
+  refreshAccessToken: mockRefreshAccessToken,
+}));
+
+const { refreshAndStore } = await import("./token-refresh");
+
+describe("refreshAndStore", () => {
+  let database: TestDatabase;
+  let vault: CredentialVault;
+  let tokenStorage: DownstreamTokenStorage;
+  const connectionId = "conn_refresh_test";
+
+  beforeAll(async () => {
+    database = await createTestDatabase();
+    await createTestSchema(database.db);
+    await seedCommonTestFixtures(database.db);
+    vault = new CredentialVault(CredentialVault.generateKey());
+    tokenStorage = new DownstreamTokenStorage(database.db, vault);
+
+    const connectionStorage = new ConnectionStorage(database.db, vault);
+    await connectionStorage.create({
+      id: connectionId,
+      organization_id: "org_123",
+      created_by: "user_1",
+      title: "GitHub",
+      connection_type: "HTTP",
+      connection_url: "https://mcp.example.com/github",
+      connection_token: null,
+      tools: null,
+    });
+  });
+
+  afterAll(async () => {
+    await closeTestDatabase(database);
+  });
+
+  beforeEach(async () => {
+    mockRefreshAccessToken.mockReset();
+    await tokenStorage.delete(connectionId);
+    await tokenStorage.upsert({
+      connectionId,
+      accessToken: "stale",
+      refreshToken: "rt",
+      scope: "repo",
+      expiresAt: new Date(Date.now() - 1000),
+      clientId: "cid",
+      clientSecret: null,
+      tokenEndpoint: "https://example.com/token",
+    });
+  });
+
+  it("preserves the cached token on transient (5xx) failures", async () => {
+    mockRefreshAccessToken.mockResolvedValueOnce({
+      success: false,
+      permanent: false,
+      status: 500,
+      errorCode: "server_error",
+      error: "Failed to process token request",
+    });
+
+    const token = await tokenStorage.get(connectionId);
+    expect(token).not.toBeNull();
+    const result = await refreshAndStore(token!, tokenStorage);
+
+    expect(result).toBeNull();
+    const after = await tokenStorage.get(connectionId);
+    expect(after).not.toBeNull();
+    expect(after?.refreshToken).toBe("rt");
+  });
+
+  it("deletes the cached token on permanent (400 invalid_grant) failure", async () => {
+    mockRefreshAccessToken.mockResolvedValueOnce({
+      success: false,
+      permanent: true,
+      status: 400,
+      errorCode: "invalid_grant",
+      error: "refresh token revoked",
+    });
+
+    const token = await tokenStorage.get(connectionId);
+    expect(token).not.toBeNull();
+    const result = await refreshAndStore(token!, tokenStorage);
+
+    expect(result).toBeNull();
+    expect(await tokenStorage.get(connectionId)).toBeNull();
+  });
+
+  it("preserves the cached token when refresh result lacks the permanent flag (defensive: legacy callers)", async () => {
+    // Older code paths or unmocked-in-prod callers might forget to set
+    // `permanent`. Default behavior must be "preserve" so we don't
+    // regress to the old delete-on-anything bug.
+    mockRefreshAccessToken.mockResolvedValueOnce({
+      success: false,
+      error: "something broke",
+    });
+
+    const token = await tokenStorage.get(connectionId);
+    const result = await refreshAndStore(token!, tokenStorage);
+
+    expect(result).toBeNull();
+    expect(await tokenStorage.get(connectionId)).not.toBeNull();
+  });
+
+  it("stores the refreshed token on success", async () => {
+    mockRefreshAccessToken.mockResolvedValueOnce({
+      success: true,
+      accessToken: "fresh",
+      refreshToken: "rt2",
+      expiresIn: 3600,
+      scope: "repo",
+    });
+
+    const token = await tokenStorage.get(connectionId);
+    const result = await refreshAndStore(token!, tokenStorage);
+
+    expect(result).toBe("fresh");
+    const after = await tokenStorage.get(connectionId);
+    expect(after?.accessToken).toBe("fresh");
+    expect(after?.refreshToken).toBe("rt2");
+  });
+});
diff --git a/apps/mesh/src/oauth/token-refresh.ts b/apps/mesh/src/oauth/token-refresh.ts
index 9ec8d6ea4f..e17a9e519d 100644
--- a/apps/mesh/src/oauth/token-refresh.ts
+++ b/apps/mesh/src/oauth/token-refresh.ts
@@ -1,129 +1,59 @@
 /**
- * OAuth Token Refresh Utility
+ * OAuth Token Refresh — storage-aware helpers.
  *
- * Handles automatic token refresh for downstream MCP connections.
- * Uses the refresh_token grant to obtain new access tokens.
- */
-
-import type { DownstreamToken } from "../storage/types";
-
-/**
- * Result of a token refresh attempt
- */
-export interface TokenRefreshResult {
-  success: boolean;
-  accessToken?: string;
-  refreshToken?: string;
-  expiresIn?: number;
-  scope?: string;
-  error?: string;
-}
-
-/**
- * Refresh an OAuth access token using the refresh_token grant
+ * Wraps `refreshAccessToken` (from `./refresh-access-token`) with policy: a
+ * proactive-refresh time buffer, a user-facing reconnect error string, a
+ * "can this token even be refreshed" predicate, and a helper that refreshes
+ * then persists (or deletes on failure).
  *
- * @param token - The downstream token containing refresh info
- * @returns TokenRefreshResult with new tokens or error
+ * The primitive lives in a sibling file so that `mock.module` on
+ * `./refresh-access-token` intercepts calls made from inside
+ * `refreshAndStore` here — same-module references cannot be mocked.
  */
-export async function refreshAccessToken(
-  token: DownstreamToken,
-): Promise<TokenRefreshResult> {
-  // Check if we have the required info for refresh
-  if (!token.refreshToken) {
-    return {
-      success: false,
-      error: "No refresh token available",
-    };
-  }
 
-  if (!token.tokenEndpoint) {
-    return {
-      success: false,
-      error: "No token endpoint available",
-    };
-  }
-
-  if (!token.clientId) {
-    return {
-      success: false,
-      error: "No client ID available",
-    };
-  }
+import type { DownstreamToken } from "../storage/types";
+import type { DownstreamTokenStorage } from "../storage/downstream-token";
+import { refreshAccessToken } from "./refresh-access-token";
 
-  try {
-    // Build the token request
-    const params = new URLSearchParams({
-      grant_type: "refresh_token",
-      refresh_token: token.refreshToken,
-      client_id: token.clientId,
-    });
+export { refreshAccessToken } from "./refresh-access-token";
+export type { TokenRefreshResult } from "./refresh-access-token";
 
-    // Add client_secret if we have it (some servers require it)
-    if (token.clientSecret) {
-      params.set("client_secret", token.clientSecret);
-    }
+export const PROACTIVE_REFRESH_BUFFER_MS = 5 * 60 * 1000;
 
-    // Add scope if we have it
-    if (token.scope) {
-      params.set("scope", token.scope);
-    }
+export const RECONNECT_ERROR =
+  "GitHub token refresh failed — reconnect the mcp-github integration.";
 
-    // Make the token request
-    const response = await fetch(token.tokenEndpoint, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded",
-        Accept: "application/json",
-      },
-      body: params.toString(),
-    });
-
-    if (!response.ok) {
-      const errorBody = await response.text();
-      console.error(
-        `[TokenRefresh] Failed to refresh token: ${response.status}`,
-        errorBody,
-      );
+export function canRefresh(token: DownstreamToken): boolean {
+  return !!token.refreshToken && !!token.tokenEndpoint && !!token.clientId;
+}
 
-      // Try to parse error response
-      try {
-        const errorJson = JSON.parse(errorBody);
-        return {
-          success: false,
-          error:
-            errorJson.error_description ||
-            errorJson.error ||
-            `Token refresh failed: ${response.status}`,
-        };
-      } catch {
-        return {
-          success: false,
-          error: `Token refresh failed: ${response.status}`,
-        };
-      }
+export async function refreshAndStore(
+  token: DownstreamToken,
+  tokenStorage: DownstreamTokenStorage,
+): Promise<string | null> {
+  const result = await refreshAccessToken(token);
+  if (!result.success || !result.accessToken) {
+    // Only delete the cached row when the OAuth server told us the
+    // refresh_token is permanently invalid (RFC 6749: 400 invalid_grant).
+    // Transient failures (5xx, network, parse errors, non-spec status codes)
+    // must not nuke the user's auth — that turns every blip in the upstream
+    // OAuth server into a forced manual reconnect.
+    if (result.permanent === true) {
+      await tokenStorage.delete(token.connectionId);
     }
-
-    const data = (await response.json()) as {
-      access_token: string;
-      refresh_token?: string;
-      expires_in?: number;
-      token_type?: string;
-      scope?: string;
-    };
-
-    return {
-      success: true,
-      accessToken: data.access_token,
-      // Some servers return a new refresh token, some don't
-      refreshToken: data.refresh_token || token.refreshToken,
-      expiresIn: data.expires_in,
-      scope: data.scope,
-    };
-  } catch (error) {
-    console.error("[TokenRefresh] Error refreshing token:", error);
-    return {
-      success: false,
-      error: error instanceof Error ? error.message : "Token refresh failed",
-    };
+    return null;
   }
+  await tokenStorage.upsert({
+    connectionId: token.connectionId,
+    accessToken: result.accessToken,
+    refreshToken: result.refreshToken ?? token.refreshToken,
+    scope: result.scope ?? token.scope,
+    expiresAt: result.expiresIn
+      ? new Date(Date.now() + result.expiresIn * 1000)
+      : null,
+    clientId: token.clientId,
+    clientSecret: token.clientSecret,
+    tokenEndpoint: token.tokenEndpoint,
+  });
+  return result.accessToken;
 }
diff --git a/apps/mesh/src/observability/index.ts b/apps/mesh/src/observability/index.ts
index 7860063bfe..2e593f6dcb 100644
--- a/apps/mesh/src/observability/index.ts
+++ b/apps/mesh/src/observability/index.ts
@@ -27,10 +27,20 @@ import { enableFetchInstrumentation } from "./instrumentations/fetch";
 import { NDJSONLogExporter } from "../monitoring/ndjson-log-exporter";
 import { NDJSONMetricExporter } from "../monitoring/ndjson-metric-exporter";
 import { NDJSONTraceExporter } from "../monitoring/ndjson-trace-exporter";
-import { getLogsDir, getMetricsDir, getTracesDir } from "../monitoring/schema";
+import {
+  getLogsDir,
+  getMetricsDir,
+  getTracesDir,
+  MONITORING_LOG_ATTR,
+} from "../monitoring/schema";
+import { truncateString } from "../monitoring/truncate-string";
 import { getSettings } from "../settings";
 
-import { BatchLogRecordProcessor } from "@opentelemetry/sdk-logs";
+import {
+  BatchLogRecordProcessor,
+  type LogRecordProcessor,
+  type SdkLogRecord,
+} from "@opentelemetry/sdk-logs";
 import { PeriodicExportingMetricReader } from "@opentelemetry/sdk-metrics";
 import { NodeSDK } from "@opentelemetry/sdk-node";
 import {
@@ -42,7 +52,74 @@ import {
 // Constants
 const DEBUG_QS = "__d";
 const REQUEST_CONTEXT_KEY = createContextKey("Current request");
-const HEAD_SAMPLER_RATIO = 0.1; // 10% sampling by default
+const HEAD_SAMPLER_RATIO = 1.0; // 100% sampling — all errors must reach HyperDX
+
+// Wraps a LogRecordProcessor and samples non-error records at `ratio`.
+// ERROR/FATAL severity always passes through regardless of ratio.
+class SampledLogRecordProcessor implements LogRecordProcessor {
+  constructor(
+    private inner: LogRecordProcessor,
+    private ratio: number,
+  ) {}
+
+  onEmit(
+    record: SdkLogRecord,
+    context?: import("@opentelemetry/api").Context,
+  ): void {
+    const isError =
+      record.severityNumber !== undefined &&
+      record.severityNumber >= SeverityNumber.ERROR;
+    if (isError || Math.random() < this.ratio) {
+      this.inner.onEmit(record, context);
+    }
+  }
+
+  forceFlush(): Promise<void> {
+    return this.inner.forceFlush();
+  }
+
+  shutdown(): Promise<void> {
+    return this.inner.shutdown();
+  }
+}
+
+// Truncates mesh.monitoring.output to 500 bytes before forwarding to the
+// wrapped exporter (OTLP/HyperDX). The NDJSON local exporter receives the
+// full value because it wraps a different inner processor.
+class TruncateMonitoringOutputProcessor implements LogRecordProcessor {
+  constructor(
+    private inner: LogRecordProcessor,
+    private maxBytes: number,
+  ) {}
+
+  onEmit(
+    record: SdkLogRecord,
+    context?: import("@opentelemetry/api").Context,
+  ): void {
+    const outputKey = MONITORING_LOG_ATTR.OUTPUT;
+    const output = record.attributes?.[outputKey];
+    if (typeof output === "string" && output.length > this.maxBytes) {
+      const truncated = truncateString(output, this.maxBytes);
+      this.inner.onEmit(
+        {
+          ...record,
+          attributes: { ...record.attributes, [outputKey]: truncated },
+        } as SdkLogRecord,
+        context,
+      );
+    } else {
+      this.inner.onEmit(record, context);
+    }
+  }
+
+  forceFlush(): Promise<void> {
+    return this.inner.forceFlush();
+  }
+
+  shutdown(): Promise<void> {
+    return this.inner.shutdown();
+  }
+}
 
 // Sampler types - inline to avoid module resolution issues
 interface Sampler {
@@ -244,6 +321,15 @@ export function initObservability(): void {
       })
     : null;
 
+  if (
+    !process.env.OTEL_RESOURCE_ATTRIBUTES?.includes("deployment.environment")
+  ) {
+    const env = process.env.STUDIO_ENV ?? process.env.NODE_ENV ?? "unknown";
+    process.env.OTEL_RESOURCE_ATTRIBUTES = process.env.OTEL_RESOURCE_ATTRIBUTES
+      ? `${process.env.OTEL_RESOURCE_ATTRIBUTES},deployment.environment=${env}`
+      : `deployment.environment=${env}`;
+  }
+
   const sdk = new NodeSDK({
     serviceName: _settings.otelServiceName,
     traceExporter,
@@ -265,7 +351,18 @@ export function initObservability(): void {
     ],
     logRecordProcessors: [
       ...(_settings.clickhouseUrl
-        ? [new BatchLogRecordProcessor(new OTLPLogExporter())]
+        ? (() => {
+            const isProd =
+              (process.env.STUDIO_ENV ?? process.env.NODE_ENV) === "prod" ||
+              process.env.NODE_ENV === "production";
+            const logSampleRatio = isProd ? 1.0 : 0.1;
+            const batch = new BatchLogRecordProcessor(new OTLPLogExporter());
+            const truncated = new TruncateMonitoringOutputProcessor(
+              batch,
+              8_000,
+            );
+            return [new SampledLogRecordProcessor(truncated, logSampleRatio)];
+          })()
         : []),
       ...(monitoringLogExporter
         ? [
@@ -286,8 +383,8 @@ export function initObservability(): void {
   // The module-level `meter` and `tracer` were evaluated before sdk.start()
   // and point to NoopMeter/NoopTracer. Reassigning ensures all callers that
   // import these get working instruments.
-  meter = metrics.getMeter("mesh", "1.0.0");
-  tracer = trace.getTracer("mesh", "1.0.0");
+  meter = metrics.getMeter("studio", "1.0.0");
+  tracer = trace.getTracer("studio", "1.0.0");
 
   // Enable custom Bun fetch instrumentation (must be after SDK start)
   // This wraps global fetch with tracing since Bun's fetch doesn't use undici
@@ -299,7 +396,7 @@ export function initObservability(): void {
 /**
  * Get tracer instance
  */
-export let tracer = trace.getTracer("mesh", "1.0.0");
+export let tracer = trace.getTracer("studio", "1.0.0");
 
 /**
  * Get meter instance.
@@ -308,12 +405,12 @@ export let tracer = trace.getTracer("mesh", "1.0.0");
  * The module-level call returns a NoopMeter when evaluated before the SDK
  * starts; the reassignment ensures all subsequent callers get a real meter.
  */
-export let meter = metrics.getMeter("mesh", "1.0.0");
+export let meter = metrics.getMeter("studio", "1.0.0");
 
 /**
  * Get logger instance
  */
-const logger = logs.getLogger("mesh", "1.0.0");
+const logger = logs.getLogger("studio", "1.0.0");
 
 /**
  * Helper to emit a log record with current trace context
diff --git a/apps/mesh/src/posthog.ts b/apps/mesh/src/posthog.ts
new file mode 100644
index 0000000000..713708c893
--- /dev/null
+++ b/apps/mesh/src/posthog.ts
@@ -0,0 +1,51 @@
+/**
+ * PostHog analytics client (server-side singleton).
+ *
+ * Enabled only when POSTHOG_KEY is set. On self-hosted / open-source
+ * deployments without the env var, all methods are no-ops so the rest of
+ * the app can call `posthog.capture(...)` unconditionally.
+ *
+ * Host defaults to PostHog US cloud and can be overridden with
+ * POSTHOG_HOST (e.g. https://eu.i.posthog.com for EU region or a
+ * self-hosted instance). The same env vars are read by the
+ * /api/config handler and exposed to the browser at runtime.
+ */
+
+import { PostHog } from "posthog-node";
+
+const apiKey = process.env.POSTHOG_KEY;
+const host = process.env.POSTHOG_HOST;
+
+type PostHogLike = Pick<
+  PostHog,
+  "capture" | "identify" | "captureException" | "groupIdentify" | "shutdown"
+>;
+
+function createNoopClient(): PostHogLike {
+  return {
+    capture: () => {},
+    identify: () => {},
+    captureException: () => {},
+    groupIdentify: () => {},
+    shutdown: async () => {},
+  } as unknown as PostHogLike;
+}
+
+export const posthog: PostHogLike = apiKey
+  ? new PostHog(apiKey, {
+      ...(host ? { host } : {}),
+      enableExceptionAutocapture: true,
+      // Flush every event immediately. Short-lived request contexts
+      // otherwise drop batched events before shutdown runs.
+      flushAt: 1,
+      flushInterval: 0,
+    })
+  : createNoopClient();
+
+if (apiKey) {
+  const shutdown = () => {
+    posthog.shutdown().catch(() => {});
+  };
+  process.on("SIGTERM", shutdown);
+  process.on("SIGINT", shutdown);
+}
diff --git a/apps/mesh/src/sandbox/claim-handle.ts b/apps/mesh/src/sandbox/claim-handle.ts
new file mode 100644
index 0000000000..fb5ebc4ba7
--- /dev/null
+++ b/apps/mesh/src/sandbox/claim-handle.ts
@@ -0,0 +1,23 @@
+import {
+  computeHandle,
+  resolveRunnerKindFromEnv,
+  type SandboxId,
+} from "@decocms/sandbox/runner";
+
+/**
+ * Compute the claim handle for a sandbox using the correct hashLen for the
+ * current runner kind. agent-sandbox uses hashLen=16 (preview URLs are
+ * public hostnames; shorter hashes are brute-forceable). All other runners
+ * use the default hashLen=5.
+ *
+ * Single source of truth — import this everywhere a claimName must match
+ * what a runner stored (vm-events, vm-exec, etc.).
+ */
+export function computeClaimHandle(id: SandboxId, branch: string): string {
+  const runnerKind = resolveRunnerKindFromEnv();
+  return computeHandle(
+    id,
+    branch,
+    runnerKind === "agent-sandbox" ? { hashLen: 16 } : {},
+  );
+}
diff --git a/apps/mesh/src/sandbox/lifecycle.test.ts b/apps/mesh/src/sandbox/lifecycle.test.ts
new file mode 100644
index 0000000000..ffe32c3af2
--- /dev/null
+++ b/apps/mesh/src/sandbox/lifecycle.test.ts
@@ -0,0 +1,223 @@
+import { afterEach, beforeEach, describe, expect, it } from "bun:test";
+import {
+  DockerSandboxRunner,
+  type ClaimPhase,
+  type SandboxRunner,
+} from "@decocms/sandbox/runner";
+import type { MeshContext } from "@/core/mesh-context";
+import {
+  __resetSharedLifecyclesForTesting,
+  asDockerRunner,
+  getRunnerByKind,
+  subscribeLifecycle,
+} from "./lifecycle";
+
+// Minimal MeshContext stub — lifecycle only reads ctx.db, and only to hand
+// it to the KyselySandboxRunnerStateStore constructor (no queries run until
+// an actual ensure/delete call).
+const stubCtx = { db: {} } as unknown as MeshContext;
+
+describe("asDockerRunner", () => {
+  it("returns null for null input", () => {
+    expect(asDockerRunner(null)).toBeNull();
+  });
+
+  it("returns the instance unchanged for a DockerSandboxRunner", () => {
+    const runner = new DockerSandboxRunner();
+    expect(asDockerRunner(runner)).toBe(runner);
+  });
+
+  it("returns null for a non-Docker runner", () => {
+    // Duck-typed non-Docker runner — satisfies the SandboxRunner shape but
+    // isn't a DockerSandboxRunner instance, so instanceof narrows to null.
+    const fake = {
+      kind: "freestyle" as const,
+      ensure: async () => ({ handle: "h", workdir: "/app", previewUrl: null }),
+      exec: async () => ({
+        stdout: "",
+        stderr: "",
+        exitCode: 0,
+        timedOut: false,
+      }),
+      delete: async () => {},
+      alive: async () => false,
+      getPreviewUrl: async () => null,
+      proxyDaemonRequest: async () => new Response(null, { status: 204 }),
+    };
+    // biome-ignore lint/suspicious/noExplicitAny: intentional duck-type
+    expect(asDockerRunner(fake as any)).toBeNull();
+  });
+});
+
+describe("getRunnerByKind caching", () => {
+  // The `runners` cache lives at module scope, so a kind cached by one test
+  // leaks into later tests. Isolate by claiming a kind once per suite and
+  // asserting identity within the same test only.
+
+  beforeEach(() => {
+    // No-op: we can't reset module state without dynamic re-import, so each
+    // test must use independent observations (see below).
+  });
+
+  afterEach(() => {});
+
+  it("returns the same DockerSandboxRunner instance across calls", async () => {
+    const a = await getRunnerByKind(stubCtx, "docker");
+    const b = await getRunnerByKind(stubCtx, "docker");
+    expect(a).toBe(b);
+    expect(a).toBeInstanceOf(DockerSandboxRunner);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// subscribeLifecycle — multi-tab dedup
+// ---------------------------------------------------------------------------
+
+interface FakeWatchableHandle {
+  runner: SandboxRunner;
+  /** How many times the source generator has been started. */
+  starts: () => number;
+  /** Push a phase to the active source generator. */
+  emit: (phase: ClaimPhase) => Promise<void>;
+  /** Resolve when all listeners attached to the source unsubscribe. */
+  endedSignal: () => AbortSignal;
+}
+
+/**
+ * Synthesize a `SandboxRunner` whose `watchClaimLifecycle` is an async
+ * generator we can drive frame-by-frame from the test. The other interface
+ * methods are no-ops; only the watcher is exercised here. Tracks how many
+ * times the generator has been instantiated (so we can prove dedup).
+ */
+function makeFakeWatchable(): FakeWatchableHandle {
+  let starts = 0;
+  let pushNext: ((phase: ClaimPhase | null) => void) | null = null;
+  let endedAbort = new AbortController();
+
+  async function* gen(
+    _claim: string,
+    signal?: AbortSignal,
+  ): AsyncGenerator<ClaimPhase, void, unknown> {
+    starts += 1;
+    endedAbort = new AbortController();
+    while (true) {
+      const phase = await new Promise<ClaimPhase | null>((resolve) => {
+        pushNext = resolve;
+        if (signal?.aborted) resolve(null);
+        signal?.addEventListener("abort", () => resolve(null), { once: true });
+      });
+      if (phase === null) {
+        endedAbort.abort();
+        return;
+      }
+      yield phase;
+      if (phase.kind === "ready" || phase.kind === "failed") {
+        endedAbort.abort();
+        return;
+      }
+    }
+  }
+
+  const runner: SandboxRunner = {
+    kind: "agent-sandbox",
+    ensure: async () => ({ handle: "h", workdir: "/app", previewUrl: null }),
+    exec: async () => ({
+      stdout: "",
+      stderr: "",
+      exitCode: 0,
+      timedOut: false,
+    }),
+    delete: async () => {},
+    alive: async () => true,
+    getPreviewUrl: async () => null,
+    proxyDaemonRequest: async () => new Response(null, { status: 204 }),
+    watchClaimLifecycle: gen,
+  };
+
+  return {
+    runner,
+    starts: () => starts,
+    emit: async (phase: ClaimPhase) => {
+      pushNext?.(phase);
+      // let the generator's microtask drain (yield then emit to listeners)
+      await Promise.resolve();
+      await Promise.resolve();
+    },
+    endedSignal: () => endedAbort.signal,
+  };
+}
+
+describe("subscribeLifecycle", () => {
+  beforeEach(() => {
+    __resetSharedLifecyclesForTesting();
+  });
+
+  it("fans out one source to multiple listeners", async () => {
+    const fake = makeFakeWatchable();
+    const seenA: ClaimPhase[] = [];
+    const seenB: ClaimPhase[] = [];
+
+    const a = subscribeLifecycle(fake.runner, "claim-x", (p) => seenA.push(p));
+    const b = subscribeLifecycle(fake.runner, "claim-x", (p) => seenB.push(p));
+
+    expect(fake.starts()).toBe(1); // dedup: one source for two listeners
+
+    await fake.emit({ kind: "claiming", since: 1 });
+    await fake.emit({ kind: "pulling-image", since: 1 });
+
+    expect(seenA.map((p) => p.kind)).toEqual(["claiming", "pulling-image"]);
+    expect(seenB.map((p) => p.kind)).toEqual(["claiming", "pulling-image"]);
+
+    a.unsubscribe();
+    b.unsubscribe();
+  });
+
+  it("replays the most recent phase to a late joiner", async () => {
+    const fake = makeFakeWatchable();
+    const seenA: ClaimPhase[] = [];
+    const a = subscribeLifecycle(fake.runner, "claim-y", (p) => seenA.push(p));
+    await fake.emit({ kind: "claiming", since: 1 });
+    await fake.emit({ kind: "pulling-image", since: 1 });
+
+    const seenB: ClaimPhase[] = [];
+    const b = subscribeLifecycle(fake.runner, "claim-y", (p) => seenB.push(p));
+
+    // Late joiner immediately gets the cached `pulling-image`.
+    expect(seenB.map((p) => p.kind)).toEqual(["pulling-image"]);
+    expect(fake.starts()).toBe(1); // still one source
+
+    a.unsubscribe();
+    b.unsubscribe();
+  });
+
+  it("aborts the source when the last listener unsubscribes", async () => {
+    const fake = makeFakeWatchable();
+    const a = subscribeLifecycle(fake.runner, "claim-z", () => {});
+    await fake.emit({ kind: "claiming", since: 1 });
+    expect(fake.endedSignal().aborted).toBe(false);
+
+    a.unsubscribe();
+    // Drain microtasks so the generator's abort listener runs.
+    await Promise.resolve();
+    await Promise.resolve();
+    expect(fake.endedSignal().aborted).toBe(true);
+  });
+
+  it("rebuilds the source after a terminal phase clears the entry", async () => {
+    const fake = makeFakeWatchable();
+    const a = subscribeLifecycle(fake.runner, "claim-t", () => {});
+    await fake.emit({ kind: "ready" });
+    expect(fake.starts()).toBe(1);
+
+    // Ready already terminated and the cache entry was deleted in the
+    // generator's finally — the next subscribe must spin up a fresh source.
+    // Drain microtasks to let the generator's finally run.
+    await Promise.resolve();
+    await Promise.resolve();
+    const b = subscribeLifecycle(fake.runner, "claim-t", () => {});
+    expect(fake.starts()).toBe(2);
+
+    a.unsubscribe();
+    b.unsubscribe();
+  });
+});
diff --git a/apps/mesh/src/sandbox/lifecycle.ts b/apps/mesh/src/sandbox/lifecycle.ts
new file mode 100644
index 0000000000..e697d5fbb1
--- /dev/null
+++ b/apps/mesh/src/sandbox/lifecycle.ts
@@ -0,0 +1,451 @@
+/**
+ * Runner singletons, one per kind. VM_DELETE dispatches on the entry's
+ * recorded runnerKind (not env), so a pod that flipped STUDIO_SANDBOX_RUNNER
+ * between start and stop still tears down the right kind of VM.
+ * Boot/shutdown sweeps are Docker-only — other runners' sandboxes outlive
+ * mesh by design, so a generic sweep would nuke active user VMs.
+ */
+
+import type { MeshContext } from "@/core/mesh-context";
+import {
+  DockerSandboxRunner,
+  resolveRunnerKindFromEnv,
+  type RunnerKind,
+  type SandboxRunner,
+} from "@decocms/sandbox/runner";
+import type { ClaimPhase } from "@decocms/sandbox/runner/agent-sandbox";
+import { getDb } from "@/database";
+import type { Kysely } from "kysely";
+import { meter } from "@/observability";
+import type { Database as DatabaseSchema } from "@/storage/types";
+import { KyselySandboxRunnerStateStore } from "@/storage/sandbox-runner-state";
+
+// Stashed on globalThis so they survive Bun's `--hot` reload. The local
+// sandbox ingress is a long-lived `net.Server` registered at the top of
+// `apps/mesh/src/index.ts`; it isn't torn down when the entry point
+// re-evaluates, and its closure captures `getSharedRunnerIfInit` from
+// whichever instance of this module was active at boot. Without the
+// global anchor, post-reload requests to `<handle>.localhost:7070` would
+// look up runners in a stale module's empty map → 503 "Sandbox Runner
+// Not Initialized". Symbol.for keeps the same key across module instances.
+const RUNNERS_KEY = Symbol.for("decocms.sandbox.lifecycle.runners");
+const INFLIGHT_KEY = Symbol.for("decocms.sandbox.lifecycle.inflight");
+type LifecycleGlobal = {
+  [RUNNERS_KEY]?: Partial<Record<RunnerKind, SandboxRunner>>;
+  [INFLIGHT_KEY]?: Partial<Record<RunnerKind, Promise<SandboxRunner>>>;
+};
+const lifecycleGlobal = globalThis as unknown as LifecycleGlobal;
+
+const runners: Partial<Record<RunnerKind, SandboxRunner>> = (lifecycleGlobal[
+  RUNNERS_KEY
+] ??= {});
+// In-flight instantiate() promises, memoized per kind. Two concurrent
+// callers on a cold mesh would otherwise both miss the resolved-runner
+// cache and both call instantiate(); memoizing the promise (and only
+// promoting to `runners` once it resolves) collapses them to a single
+// build. Cleared on failure so a retry can take a fresh swing.
+const inflight: Partial<Record<RunnerKind, Promise<SandboxRunner>>> =
+  (lifecycleGlobal[INFLIGHT_KEY] ??= {});
+
+function resolveOnce(
+  kind: RunnerKind,
+  build: () => Promise<SandboxRunner>,
+): Promise<SandboxRunner> {
+  const cached = runners[kind];
+  if (cached) return Promise.resolve(cached);
+  const pending = inflight[kind];
+  if (pending) return pending;
+  const promise = build()
+    .then((runner) => {
+      runners[kind] = runner;
+      return runner;
+    })
+    .finally(() => {
+      delete inflight[kind];
+    });
+  inflight[kind] = promise;
+  return promise;
+}
+
+// Set in prod (k8s/docker behind ingress) so the runner skips the local
+// 127.0.0.1 port-forward path and emits a URL the user's browser can
+// actually reach. Empty/unset = local forwarder fallback (dev).
+function readPreviewUrlPattern(): string | undefined {
+  const raw = process.env.STUDIO_SANDBOX_PREVIEW_URL_PATTERN;
+  return raw && raw.trim() !== "" ? raw : undefined;
+}
+
+// Per-env SandboxTemplate name. The sandbox-env Helm chart suffixes the
+// template name with envName so multiple envs share `agent-sandbox-system`
+// without collisions; mesh in this env must point its claims at the
+// matching suffixed name. Empty/unset → AgentSandboxRunner's built-in
+// default ("studio-sandbox") so single-env installs that didn't suffix
+// keep working.
+function readSandboxTemplateName(): string | undefined {
+  const raw = process.env.STUDIO_SANDBOX_TEMPLATE_NAME;
+  return raw && raw.trim() !== "" ? raw : undefined;
+}
+
+function readEnvName(): string | undefined {
+  const raw = process.env.STUDIO_ENV;
+  return raw && raw.trim() !== "" ? raw : undefined;
+}
+
+// Shared bearer baked into the SandboxTemplate's pod env via the
+// sandbox-env helm chart's Secret. Set on the mesh side from the same
+// Secret so both ends agree on what the warm-pool sentinel is.
+//
+// Presence flips AgentSandboxRunner into warm-pool mode (claims with
+// `warmpool: "default"` + empty env; per-claim token rotated post-bind).
+// Empty/unset → legacy cold-start path with per-claim env injection.
+function readSandboxSentinelToken(): string | undefined {
+  const raw = process.env.STUDIO_SANDBOX_SENTINEL_TOKEN;
+  return raw && raw.trim() !== "" ? raw : undefined;
+}
+
+// Per-claim HTTPRoute attaches to this Gateway. When NAME + NAMESPACE are
+// set alongside STUDIO_SANDBOX_PREVIEW_URL_PATTERN, mesh mints one
+// HTTPRoute per SandboxClaim so the wildcard Gateway can route directly
+// to each sandbox's Service:9000 (mesh leaves the data path).
+//
+// Both required — no default — because the runner is Gateway-API-generic
+// (Istio, Envoy Gateway, Cilium, Kong, ...) and there's no portable
+// "default gateway namespace": Istio classic uses istio-system, Istio
+// ambient prefers a separate `istio-ingress`/`gateway` ns, and other
+// implementations vary. A wrong default would silently write routes that
+// fail to attach (parentRef → non-existent Gateway) and the failure mode
+// is a 404 from the gateway with no log on the mesh side.
+//
+// Both unset → runner falls back to in-process preview proxying (legacy).
+// Half-configured (one set, the other not) → fail fast at boot rather
+// than silently choose a behavior the operator didn't ask for.
+function readPreviewGateway(): { name: string; namespace: string } | undefined {
+  const name = process.env.STUDIO_SANDBOX_PREVIEW_GATEWAY_NAME?.trim();
+  const namespace =
+    process.env.STUDIO_SANDBOX_PREVIEW_GATEWAY_NAMESPACE?.trim();
+  if (!name && !namespace) return undefined;
+  if (!name || !namespace) {
+    throw new Error(
+      "STUDIO_SANDBOX_PREVIEW_GATEWAY_NAME and STUDIO_SANDBOX_PREVIEW_GATEWAY_NAMESPACE must both be set, or both unset. Half-configured per-claim HTTPRoute routing would silently fail to attach.",
+    );
+  }
+  return { name, namespace };
+}
+
+async function instantiate(
+  kind: RunnerKind,
+  db: Kysely<DatabaseSchema>,
+): Promise<SandboxRunner> {
+  const stateStore = new KyselySandboxRunnerStateStore(db);
+  const previewUrlPattern = readPreviewUrlPattern();
+  switch (kind) {
+    case "host": {
+      const { HostSandboxRunner } = await import("@decocms/sandbox/runner");
+      const { getSettings } = await import("@/settings");
+      return new HostSandboxRunner({
+        homeDir: getSettings().dataDir,
+        stateStore,
+        previewUrlPattern,
+      });
+    }
+    case "docker":
+      return new DockerSandboxRunner({ stateStore, previewUrlPattern });
+    case "freestyle": {
+      // Dynamic import — freestyle SDK is an optionalDependency so
+      // docker-only deploys don't need it installed.
+      const { FreestyleSandboxRunner } = await import(
+        "@decocms/sandbox/runner/freestyle"
+      );
+      return new FreestyleSandboxRunner({ stateStore });
+    }
+    case "agent-sandbox": {
+      // Dynamic import — @kubernetes/client-node is heavy and only needed
+      // when STUDIO_SANDBOX_RUNNER=agent-sandbox. Docker/Freestyle deploys never
+      // load it.
+      const { AgentSandboxRunner } = await import(
+        "@decocms/sandbox/runner/agent-sandbox"
+      );
+      // `meter` is reassigned by initObservability() after sdk.start(); read
+      // it at runner construction (post-init) so we get the real instruments
+      // not the no-op evaluated at module load.
+      return new AgentSandboxRunner({
+        stateStore,
+        previewUrlPattern,
+        sandboxTemplateName: readSandboxTemplateName(),
+        envName: readEnvName(),
+        previewGateway: readPreviewGateway(),
+        sentinelToken: readSandboxSentinelToken(),
+        meter,
+      });
+    }
+    default: {
+      const exhaustive: never = kind;
+      throw new Error(`Unknown runner kind: ${String(exhaustive)}`);
+    }
+  }
+}
+
+export function getSharedRunner(ctx: MeshContext): Promise<SandboxRunner> {
+  return getRunnerByKind(ctx, resolveRunnerKindFromEnv());
+}
+
+/** VM_DELETE uses this so teardown follows the entry's recorded runnerKind. */
+export function getRunnerByKind(
+  ctx: MeshContext,
+  kind: RunnerKind,
+): Promise<SandboxRunner> {
+  return resolveOnce(kind, () => instantiate(kind, ctx.db));
+}
+
+/**
+ * Eager runner accessor for paths that need the runner before any user
+ * request — preview-host proxying at the Bun.serve layer is the only caller
+ * today. Reads the runner kind from env and constructs without a
+ * MeshContext (the state store only needs a Kysely instance). Returns null
+ * when no runner kind is configured.
+ */
+export async function getOrInitSharedRunner(): Promise<SandboxRunner | null> {
+  let kind: RunnerKind;
+  try {
+    kind = resolveRunnerKindFromEnv();
+  } catch (err) {
+    console.warn(
+      "[lifecycle] cannot resolve sandbox runner:",
+      err instanceof Error ? err.message : String(err),
+    );
+    return null;
+  }
+  return resolveOnce(kind, () => instantiate(kind, getDb().db));
+}
+
+/**
+ * Return the active runner iff already constructed — avoids forcing a
+ * MeshContext (and DB connection) before any request touches a sandbox.
+ * Returns null if env is unresolved.
+ */
+export function getSharedRunnerIfInit(): SandboxRunner | null {
+  let kind: RunnerKind;
+  try {
+    kind = resolveRunnerKindFromEnv();
+  } catch {
+    return null;
+  }
+  return runners[kind] ?? null;
+}
+
+/** Narrow to Docker for Docker-only methods (resolveDevPort / resolveDaemonPort). */
+export function asDockerRunner(
+  runner: SandboxRunner | null,
+): DockerSandboxRunner | null {
+  return runner instanceof DockerSandboxRunner ? runner : null;
+}
+
+// ---------------------------------------------------------------------------
+// Shared lifecycle subscriptions (multi-tab dedup)
+//
+// Each browser tab opening `/api/vm-events` for the same `(orgId, virtualMcpId,
+// branch, callerUserId)` produces the same `claimName` — so without dedup,
+// every tab opening on agent-sandbox would open its own set of K8s watches
+// (Pod / Sandbox CR / Events = 3 long-lived API streams per tab). Real users
+// keep 2–3 tabs of the same project open while iterating.
+//
+// `subscribeLifecycle` collapses those onto a single source generator per
+// claim, ref-counted by listener. Last unsubscribe aborts the source and
+// removes the cache entry. New subscribers get the most recent phase replayed
+// synchronously so they don't appear stuck on `claiming` while waiting for
+// the next watch event.
+//
+// For host/docker/freestyle the source generator yields a single `ready` and
+// returns; the dedup machinery still works (each subscriber gets the phase
+// replayed) at near-zero cost.
+// ---------------------------------------------------------------------------
+
+interface SharedLifecycleEntry {
+  /** Last phase emitted by the source. Replayed to late joiners. */
+  lastPhase: ClaimPhase | null;
+  /** True after the source emitted a terminal (`ready`/`failed`) phase. */
+  terminated: boolean;
+  /** Active subscriber callbacks. Source is torn down when this hits zero. */
+  listeners: Set<(phase: ClaimPhase) => void>;
+  /** Aborted when listeners drains; closes the underlying watches. */
+  abort: AbortController;
+}
+
+// Same `--hot` reload concern as `runners`/`inflight` above: an in-flight
+// lifecycle subscription must not be orphaned when the module re-evaluates,
+// or two SSE clients on the same claim would each open their own watch.
+const SHARED_LIFECYCLES_KEY = Symbol.for(
+  "decocms.sandbox.lifecycle.shared-lifecycles",
+);
+const sharedLifecyclesGlobal = globalThis as unknown as {
+  [SHARED_LIFECYCLES_KEY]?: Map<string, SharedLifecycleEntry>;
+};
+const sharedLifecycles: Map<string, SharedLifecycleEntry> =
+  (sharedLifecyclesGlobal[SHARED_LIFECYCLES_KEY] ??= new Map<
+    string,
+    SharedLifecycleEntry
+  >());
+
+export interface LifecycleHandle {
+  unsubscribe(): void;
+}
+
+/**
+ * Subscribe to a SandboxClaim's lifecycle phase stream. Multiple subscribers
+ * for the same `claimName` share one underlying watcher; `onPhase` is called
+ * for every phase transition observed, plus an immediate replay of the last
+ * known phase if the entry already exists.
+ *
+ * The returned handle's `unsubscribe()` is idempotent. The source watcher is
+ * aborted when the last listener drops or when a terminal phase has been
+ * observed (whichever comes first).
+ */
+export function subscribeLifecycle(
+  runner: SandboxRunner,
+  claimName: string,
+  onPhase: (phase: ClaimPhase) => void,
+): LifecycleHandle {
+  let entry = sharedLifecycles.get(claimName);
+
+  if (entry) {
+    // Already terminated entries are kept around only briefly (until the
+    // generator's finally clears them) — replay the terminal phase to the
+    // new subscriber and skip the listener add. Caller doesn't need more
+    // events from a finished lifecycle.
+    if (entry.terminated) {
+      if (entry.lastPhase) {
+        try {
+          onPhase(entry.lastPhase);
+        } catch {
+          /* swallow */
+        }
+      }
+      return { unsubscribe: noopUnsubscribe };
+    }
+    entry.listeners.add(onPhase);
+    if (entry.lastPhase) {
+      try {
+        onPhase(entry.lastPhase);
+      } catch {
+        /* swallow */
+      }
+    }
+    return makeUnsubscribeHandle(claimName, entry, onPhase);
+  }
+
+  // First subscriber for this claim — create the entry and pump the source.
+  const abort = new AbortController();
+  const newEntry: SharedLifecycleEntry = {
+    lastPhase: null,
+    terminated: false,
+    listeners: new Set([onPhase]),
+    abort,
+  };
+  sharedLifecycles.set(claimName, newEntry);
+
+  void pumpLifecycleSource(runner, claimName, newEntry);
+
+  return makeUnsubscribeHandle(claimName, newEntry, onPhase);
+}
+
+function noopUnsubscribe() {
+  /* no-op */
+}
+
+function makeUnsubscribeHandle(
+  claimName: string,
+  entry: SharedLifecycleEntry,
+  onPhase: (phase: ClaimPhase) => void,
+): LifecycleHandle {
+  return {
+    unsubscribe() {
+      // Guard against the entry having been recycled — only mutate the entry
+      // we attached to.
+      if (sharedLifecycles.get(claimName) !== entry) return;
+      entry.listeners.delete(onPhase);
+      if (entry.listeners.size === 0) {
+        // Synchronous cleanup avoids a window where a fresh subscribe would
+        // attach to a soon-to-be-aborted entry. The source's finally clause
+        // only deletes if the map still points at this entry.
+        sharedLifecycles.delete(claimName);
+        entry.abort.abort();
+      }
+    },
+  };
+}
+
+async function pumpLifecycleSource(
+  runner: SandboxRunner,
+  claimName: string,
+  entry: SharedLifecycleEntry,
+): Promise<void> {
+  let sourceError: unknown = null;
+  try {
+    for await (const phase of runner.watchClaimLifecycle(
+      claimName,
+      entry.abort.signal,
+    )) {
+      if (entry.abort.signal.aborted) break;
+      entry.lastPhase = phase;
+      const isTerminal = phase.kind === "ready" || phase.kind === "failed";
+      if (isTerminal) entry.terminated = true;
+      // Snapshot the listener set — a callback may unsubscribe synchronously
+      // and we don't want to skip subsequent listeners or re-iterate.
+      const snapshot = Array.from(entry.listeners);
+      for (const listener of snapshot) {
+        try {
+          listener(phase);
+        } catch {
+          /* swallow — one bad subscriber shouldn't break the others */
+        }
+      }
+      if (isTerminal) break;
+    }
+  } catch (err) {
+    sourceError = err;
+  } finally {
+    // Source ended without a terminal phase (kube client gave up, generator
+    // threw, etc) and listeners are still attached — surface a synthetic
+    // `failed: unknown` so they don't hang. Listeners that already saw a
+    // terminal phase won't trigger this branch (entry.terminated short-
+    // circuits the loop earlier).
+    if (
+      !entry.terminated &&
+      !entry.abort.signal.aborted &&
+      entry.listeners.size > 0
+    ) {
+      const synthetic: ClaimPhase = {
+        kind: "failed",
+        reason: "unknown",
+        message:
+          sourceError instanceof Error
+            ? sourceError.message
+            : "Lifecycle watcher ended unexpectedly",
+      };
+      entry.lastPhase = synthetic;
+      entry.terminated = true;
+      for (const listener of Array.from(entry.listeners)) {
+        try {
+          listener(synthetic);
+        } catch {
+          /* swallow */
+        }
+      }
+    }
+    if (sharedLifecycles.get(claimName) === entry) {
+      sharedLifecycles.delete(claimName);
+    }
+  }
+}
+
+/**
+ * Test-only escape hatch: the in-memory shared-lifecycle cache is pod-local
+ * and survives across requests. Tests that exercise the dedup flow need to
+ * reset it between runs.
+ *
+ * @internal
+ */
+export function __resetSharedLifecyclesForTesting(): void {
+  for (const entry of sharedLifecycles.values()) entry.abort.abort();
+  sharedLifecycles.clear();
+}
diff --git a/apps/mesh/src/sandbox/preview-proxy.test.ts b/apps/mesh/src/sandbox/preview-proxy.test.ts
new file mode 100644
index 0000000000..eacb9f9566
--- /dev/null
+++ b/apps/mesh/src/sandbox/preview-proxy.test.ts
@@ -0,0 +1,289 @@
+import { describe, expect, it } from "bun:test";
+import {
+  extractHandleFromHost,
+  parsePreviewBaseDomain,
+  tryHandlePreviewHttp,
+  tryUpgradePreviewWs,
+} from "./preview-proxy";
+
+/**
+ * Inline mirror of `applyPreviewPattern` from
+ * `packages/sandbox/server/runner/shared/preview-url.ts` — kept here as a
+ * fixture so the round-trip test below has no cross-package coupling. If the
+ * real implementation drifts, the round-trip test will fail and force this
+ * mirror to update too.
+ */
+function applyPreviewPatternFixture(pattern: string, handle: string): string {
+  const base = pattern.replace(/\/+$/, "");
+  if (base.includes("{handle}")) {
+    return `${base.replace("{handle}", handle)}/`;
+  }
+  try {
+    const u = new URL(base);
+    u.hostname = `${handle}.${u.hostname}`;
+    return `${u.toString()}/`;
+  } catch {
+    return `${base}/${handle}/`;
+  }
+}
+
+describe("parsePreviewBaseDomain", () => {
+  it("extracts the base from {handle}-templated patterns", () => {
+    expect(parsePreviewBaseDomain("https://{handle}.preview.decocms.com")).toBe(
+      "preview.decocms.com",
+    );
+  });
+
+  it("extracts from the bare-pattern form (no template)", () => {
+    expect(parsePreviewBaseDomain("https://preview.example.com")).toBe(
+      "preview.example.com",
+    );
+  });
+
+  it("returns null for empty/unset patterns", () => {
+    expect(parsePreviewBaseDomain(null)).toBeNull();
+    expect(parsePreviewBaseDomain(undefined)).toBeNull();
+    expect(parsePreviewBaseDomain("")).toBeNull();
+    expect(parsePreviewBaseDomain("   ")).toBeNull();
+  });
+
+  it("returns null for malformed URLs", () => {
+    expect(parsePreviewBaseDomain("not-a-url")).toBeNull();
+  });
+
+  it("returns null when the templated form has no base", () => {
+    // `{handle}.localhost` — strip leading subdomain leaves "localhost",
+    // which is technically valid, but `{handle}` alone (no dot) isn't.
+    expect(parsePreviewBaseDomain("https://{handle}")).toBeNull();
+  });
+});
+
+describe("extractHandleFromHost", () => {
+  const base = "preview.decocms.com";
+
+  it("extracts bare handles from the matching subdomain", () => {
+    expect(extractHandleFromHost("abc123.preview.decocms.com", base)).toBe(
+      "abc123",
+    );
+  });
+
+  it("ignores port suffix in Host header", () => {
+    expect(
+      extractHandleFromHost("myproj-a1b2c.preview.decocms.com:8080", base),
+    ).toBe("myproj-a1b2c");
+  });
+
+  it("is case-insensitive on host + base", () => {
+    expect(extractHandleFromHost("MyProj-ABC.Preview.DecocMs.com", base)).toBe(
+      "myproj-abc",
+    );
+  });
+
+  it("returns null when the base domain doesn't match", () => {
+    expect(
+      extractHandleFromHost("myproj-a1b2c.preview.example.org", base),
+    ).toBeNull();
+  });
+
+  it("rejects nested subdomains", () => {
+    // foo.myproj-a1b2c.preview.decocms.com → strip suffix yields
+    // "foo.myproj-a1b2c" which has a dot → null.
+    expect(
+      extractHandleFromHost("foo.myproj-a1b2c.preview.decocms.com", base),
+    ).toBeNull();
+  });
+
+  it("returns null for missing host or base", () => {
+    expect(extractHandleFromHost(null, base)).toBeNull();
+    expect(extractHandleFromHost(undefined, base)).toBeNull();
+    expect(
+      extractHandleFromHost("myproj-a1b2c.preview.decocms.com", ""),
+    ).toBeNull();
+  });
+});
+
+describe("applyPreviewPattern <-> parse/extract round-trip", () => {
+  // Walks the contract that applyPreviewPattern (runner) and
+  // parsePreviewBaseDomain + extractHandleFromHost (preview proxy) are
+  // inverses. If either side ever supports a pattern shape the other doesn't
+  // recognize, this test catches the mismatch before it silently misroutes
+  // production traffic.
+  const handle = "abc123";
+
+  const patterns = [
+    "https://{handle}.preview.decocms.com",
+    "https://preview.example.com",
+    "https://{handle}.preview.example.com/",
+    "https://stage.example.com",
+  ];
+
+  for (const pattern of patterns) {
+    it(`round-trips: ${pattern}`, () => {
+      const previewUrl = applyPreviewPatternFixture(pattern, handle);
+      const url = new URL(previewUrl);
+      const baseDomain = parsePreviewBaseDomain(pattern);
+      expect(baseDomain).not.toBeNull();
+      const recovered = extractHandleFromHost(url.host, baseDomain!);
+      expect(recovered).toBe(handle);
+    });
+  }
+});
+
+describe("tryHandlePreviewHttp", () => {
+  const baseDomain = "preview.example.com";
+
+  it("returns null when the host doesn't match a preview URL", async () => {
+    const req = new Request("https://api.example.com/foo", {
+      headers: { host: "api.example.com" },
+    });
+    const res = await tryHandlePreviewHttp(req, {
+      baseDomain,
+      getRunner: async () => null,
+    });
+    expect(res).toBeNull();
+  });
+
+  it("returns 503 when the runner isn't configured for K8s", async () => {
+    const req = new Request("https://myproj-a1b2c.preview.example.com/", {
+      headers: { host: "myproj-a1b2c.preview.example.com" },
+    });
+    const res = await tryHandlePreviewHttp(req, {
+      baseDomain,
+      getRunner: async () => null,
+    });
+    expect(res).not.toBeNull();
+    expect(res!.status).toBe(503);
+  });
+
+  it("delegates to runner.proxyPreviewRequest with the parsed handle", async () => {
+    let received: { handle: string; req: Request } | null = null;
+    const fakeRunner = {
+      proxyPreviewRequest: async (handle: string, req: Request) => {
+        received = { handle, req };
+        return new Response("ok", { status: 200 });
+      },
+    };
+    const req = new Request("https://myproj-deadbeef.preview.example.com/foo", {
+      headers: { host: "myproj-deadbeef.preview.example.com" },
+    });
+    const res = await tryHandlePreviewHttp(req, {
+      baseDomain,
+      // biome-ignore lint/suspicious/noExplicitAny: structural duck-type
+      getRunner: async () => fakeRunner as any,
+    });
+    expect(res).not.toBeNull();
+    expect(res!.status).toBe(200);
+    expect(received).not.toBeNull();
+    expect(received!.handle).toBe("myproj-deadbeef");
+  });
+});
+
+describe("tryUpgradePreviewWs", () => {
+  const baseDomain = "preview.example.com";
+  const previewHost = "myproj-a1b2c.preview.example.com";
+
+  function wsRequest(path: string, host: string = previewHost): Request {
+    return new Request(`https://${host}${path}`, {
+      headers: {
+        host,
+        upgrade: "websocket",
+        connection: "upgrade",
+        "sec-websocket-key": "x3JJHMbDL1EzLkh9GBhXDw==",
+        "sec-websocket-version": "13",
+      },
+    });
+  }
+
+  it("returns null when not a WS upgrade", async () => {
+    const req = new Request(`https://${previewHost}/`, {
+      headers: { host: previewHost },
+    });
+    const res = await tryUpgradePreviewWs(
+      req,
+      { upgrade: () => true },
+      { baseDomain, getRunner: async () => null },
+    );
+    expect(res).toBeNull();
+  });
+
+  it("returns null when host doesn't match a preview", async () => {
+    const req = wsRequest("/", "api.example.com");
+    const res = await tryUpgradePreviewWs(
+      req,
+      { upgrade: () => true },
+      { baseDomain, getRunner: async () => null },
+    );
+    expect(res).toBeNull();
+  });
+
+  it("returns 503 when the runner isn't ready", async () => {
+    const req = wsRequest("/");
+    const res = await tryUpgradePreviewWs(
+      req,
+      { upgrade: () => true },
+      { baseDomain, getRunner: async () => null },
+    );
+    expect(res).not.toBeNull();
+    expect((res as Response).status).toBe(503);
+  });
+
+  it("returns 404 when sandbox lookup misses", async () => {
+    const fakeRunner = {
+      resolvePreviewUpstreamUrl: async () => null,
+    };
+    const req = wsRequest("/");
+    const res = await tryUpgradePreviewWs(
+      req,
+      { upgrade: () => true },
+      {
+        baseDomain,
+        // biome-ignore lint/suspicious/noExplicitAny: structural duck-type
+        getRunner: async () => fakeRunner as any,
+      },
+    );
+    expect(res).not.toBeNull();
+    expect((res as Response).status).toBe(404);
+  });
+
+  it("rejects /_decopilot_vm/* paths even on WS", async () => {
+    const fakeRunner = {
+      resolvePreviewUpstreamUrl: async () => "http://x:9000",
+    };
+    const req = wsRequest("/_decopilot_vm/bash");
+    const res = await tryUpgradePreviewWs(
+      req,
+      { upgrade: () => true },
+      {
+        baseDomain,
+        // biome-ignore lint/suspicious/noExplicitAny: structural duck-type
+        getRunner: async () => fakeRunner as any,
+      },
+    );
+    expect(res).not.toBeNull();
+    expect((res as Response).status).toBe(404);
+  });
+
+  it("calls server.upgrade and returns undefined when upgrade succeeds", async () => {
+    const fakeRunner = {
+      resolvePreviewUpstreamUrl: async () => "http://upstream:9000",
+    };
+    let upgradeArgs: { req: Request; data: unknown } | null = null;
+    const server = {
+      upgrade: (req: Request, opts?: { data?: unknown }) => {
+        upgradeArgs = { req, data: opts?.data };
+        return true;
+      },
+    };
+    const req = wsRequest("/__vite-hmr");
+    const res = await tryUpgradePreviewWs(req, server, {
+      baseDomain,
+      // biome-ignore lint/suspicious/noExplicitAny: structural duck-type
+      getRunner: async () => fakeRunner as any,
+    });
+    expect(res).toBeUndefined();
+    expect(upgradeArgs).not.toBeNull();
+    const data = upgradeArgs!.data as { upstreamUrl: string; kind: string };
+    expect(data.kind).toBe("preview");
+    expect(data.upstreamUrl).toBe("ws://upstream:9000/__vite-hmr");
+  });
+});
diff --git a/apps/mesh/src/sandbox/preview-proxy.ts b/apps/mesh/src/sandbox/preview-proxy.ts
new file mode 100644
index 0000000000..430ead220b
--- /dev/null
+++ b/apps/mesh/src/sandbox/preview-proxy.ts
@@ -0,0 +1,335 @@
+/**
+ * Sandbox preview reverse-proxy.
+ *
+ * Inbound requests to `<handle>.preview.<base-domain>` are routed to the
+ * matching sandbox's daemon at port 9000. Mesh stays in the request path
+ * for the first ship; long-term plan is per-claim HTTPRoute objects (see
+ * the K8s sandbox plan), but this keeps DNS + RBAC simple while we ship.
+ *
+ * Why preview must terminate on port 9000 and never on the in-pod dev port
+ * (3000): the daemon's reverse proxy strips CSP/X-Frame headers and injects
+ * the HMR bootstrap that vite needs to function inside the studio iframe.
+ * Routing browsers straight at the dev port breaks SSE + iframe embedding.
+ *
+ * Auth model: preview URLs are open-by-handle, the same way Vercel preview
+ * URLs are. The handle is the secret. /_decopilot_vm/* is rejected here
+ * (defense-in-depth — the daemon's bearer-token check rejects it too) so
+ * the admin surface stays uncallable from preview hosts.
+ */
+
+import type { AgentSandboxRunner } from "@decocms/sandbox/runner/agent-sandbox";
+
+/**
+ * Cap on frames buffered between client upgrade and upstream WS open. Vite
+ * HMR sends ~1 frame per file event, so 256 covers a normal cold start with
+ * room to spare while preventing a slow/blackholed upstream from exhausting
+ * mesh memory.
+ */
+const MAX_PENDING_FRAMES = 256;
+
+/**
+ * Parses the base preview hostname (e.g. `preview.decocms.com`) out of the
+ * `STUDIO_SANDBOX_PREVIEW_URL_PATTERN` value. The pattern has the form
+ * `https://{handle}.preview.example.com` (or `https://{handle}.<base>`),
+ * matching what the K8s runner's `applyPreviewPattern` produces. Returns
+ * null when the pattern is empty/missing/malformed — preview proxying is
+ * disabled in that case.
+ */
+export function parsePreviewBaseDomain(
+  pattern: string | null | undefined,
+): string | null {
+  if (!pattern || pattern.trim() === "") return null;
+  // Substituting a placeholder before parsing handles the `{handle}` form.
+  // For the non-templated form we still get a valid URL whose hostname is
+  // the base.
+  const probe = pattern.includes("{handle}")
+    ? pattern.replace("{handle}", "__handle__")
+    : pattern;
+  let url: URL;
+  try {
+    url = new URL(probe);
+  } catch {
+    return null;
+  }
+  // `__handle__.preview.example.com` → strip the leading subdomain to get the
+  // base. If there's no leading subdomain segment, the pattern was bad.
+  const host = url.hostname;
+  if (pattern.includes("{handle}")) {
+    const dot = host.indexOf(".");
+    if (dot <= 0 || dot === host.length - 1) return null;
+    return host.slice(dot + 1);
+  }
+  // Bare-pattern form (no `{handle}`): `https://preview.example.com` — the
+  // hostname *is* the base. The runner's applyPreviewPattern in this case
+  // emits `https://<handle>.preview.example.com`.
+  return host;
+}
+
+/**
+ * Pulls the sandbox handle out of a request Host header. Returns null when
+ * the host doesn't match `<handle>.<baseDomain>` (meaning the request isn't
+ * for a mesh sandbox preview and should fall through to the rest of the
+ * mesh API).
+ */
+export function extractHandleFromHost(
+  host: string | null | undefined,
+  baseDomain: string,
+): string | null {
+  if (!host || !baseDomain) return null;
+  const colon = host.indexOf(":");
+  const cleanHost = (colon >= 0 ? host.slice(0, colon) : host).toLowerCase();
+  const cleanBase = baseDomain.toLowerCase().replace(/^\.+|\.+$/g, "");
+  const suffix = `.${cleanBase}`;
+  if (!cleanHost.endsWith(suffix)) return null;
+  const handle = cleanHost.slice(0, cleanHost.length - suffix.length);
+  // Reject empty / nested subdomains: `foo.bar.preview.example.com` would be
+  // `foo.bar`, which is not a valid handle.
+  if (!handle || handle.includes(".")) return null;
+  return handle;
+}
+
+export interface PreviewProxyDeps {
+  /**
+   * Lazy runner accessor. Returns null when the mesh isn't configured for
+   * the agent-sandbox runner — the caller treats null as "not a preview
+   * deployment" and falls through.
+   */
+  getRunner: () => Promise<AgentSandboxRunner | null>;
+  baseDomain: string;
+}
+
+/**
+ * Returns a Response if the request was a preview request (handled here),
+ * otherwise null (caller should fall through to its normal routing).
+ *
+ * 503 is returned when the runner isn't ready yet — preview traffic hit the
+ * mesh before any sandbox tool initialized the runner. The browser will
+ * retry; by then the runner should be up.
+ */
+export async function tryHandlePreviewHttp(
+  request: Request,
+  deps: PreviewProxyDeps,
+): Promise<Response | null> {
+  const handle = extractHandleFromHost(
+    request.headers.get("host"),
+    deps.baseDomain,
+  );
+  if (!handle) return null;
+
+  const runner = await deps.getRunner();
+  if (!runner) {
+    return errorResponse(503, "preview proxy not configured");
+  }
+  return runner.proxyPreviewRequest(handle, request);
+}
+
+// Cross-origin error envelope. Studio runs under its own origin and reads
+// these via fetch (EventSource probeMissing, SSE error frames); without ACAO
+// the browser hides the status and devtools surfaces an opaque CORS failure.
+function errorResponse(status: number, message: string): Response {
+  return new Response(JSON.stringify({ error: message }), {
+    status,
+    headers: {
+      "content-type": "application/json",
+      "access-control-allow-origin": "*",
+    },
+  });
+}
+
+/**
+ * WebSocket upgrade payload — Bun's `server.upgrade()` stashes this under
+ * `ws.data` for the websocket handler to use. Keeping the upstream URL +
+ * subprotocols here means the handler doesn't need to re-parse the host.
+ */
+export interface PreviewWsData {
+  kind: "preview";
+  upstreamUrl: string;
+  upstreamProtocols: string[];
+  /** Buffer messages received before the upstream WS finishes opening. */
+  pending: Array<string | Uint8Array | ArrayBuffer>;
+  upstream: WebSocket | null;
+  closed: boolean;
+}
+
+export function isPreviewWsData(data: unknown): data is PreviewWsData {
+  return (
+    typeof data === "object" &&
+    data !== null &&
+    (data as { kind?: unknown }).kind === "preview"
+  );
+}
+
+/**
+ * Bun-specific upgrade interceptor: consumed by the top-level Bun.serve
+ * fetch handler. Returns:
+ *   - undefined when the request was upgraded (Bun.serve treats this as
+ *     "the response will come from the WS handler later")
+ *   - a Response when the request matched preview but couldn't be upgraded
+ *     (404/502/503), letting the caller return it directly
+ *   - null when the request isn't a preview WS request (caller falls through)
+ *
+ * Only handles `Upgrade: websocket` requests. Plain HTTP/SSE goes through
+ * `tryHandlePreviewHttp` instead.
+ */
+export async function tryUpgradePreviewWs(
+  request: Request,
+  server: BunServerLike,
+  deps: PreviewProxyDeps,
+): Promise<Response | undefined | null> {
+  if ((request.headers.get("upgrade") ?? "").toLowerCase() !== "websocket") {
+    return null;
+  }
+  const handle = extractHandleFromHost(
+    request.headers.get("host"),
+    deps.baseDomain,
+  );
+  if (!handle) return null;
+
+  const runner = await deps.getRunner();
+  if (!runner) {
+    return errorResponse(503, "preview proxy not configured");
+  }
+
+  const upstreamHttp = await runner.resolvePreviewUpstreamUrl(handle);
+  if (!upstreamHttp) {
+    return errorResponse(404, "sandbox not found");
+  }
+
+  const reqUrl = new URL(request.url);
+  if (reqUrl.pathname.startsWith("/_decopilot_vm")) {
+    return errorResponse(404, "not found");
+  }
+
+  const upstreamUrl = `${upstreamHttp.replace(/^http/, "ws")}${reqUrl.pathname}${reqUrl.search}`;
+  const protocolHeader = request.headers.get("sec-websocket-protocol");
+  const upstreamProtocols = protocolHeader
+    ? protocolHeader
+        .split(",")
+        .map((s) => s.trim())
+        .filter(Boolean)
+    : [];
+
+  const data: PreviewWsData = {
+    kind: "preview",
+    upstreamUrl,
+    upstreamProtocols,
+    pending: [],
+    upstream: null,
+    closed: false,
+  };
+
+  const upgraded = server.upgrade(request, { data });
+  if (!upgraded) {
+    return errorResponse(426, "upgrade failed");
+  }
+  return undefined;
+}
+
+/**
+ * Idempotent shutdown for one side of the preview WS bridge. Marks the
+ * connection as closed (so other event listeners stop forwarding), then
+ * closes both client and upstream sockets — `try/catch` around each because
+ * Bun + the WebSocket constructor both throw on close-after-close.
+ */
+function closePreviewBridge(
+  ws: PreviewServerWebSocket,
+  data: PreviewWsData,
+  code: number,
+  reason: string,
+): void {
+  if (data.closed) return;
+  data.closed = true;
+  try {
+    ws.close(code, reason);
+  } catch {}
+  try {
+    data.upstream?.close();
+  } catch {}
+}
+
+/**
+ * Bun WebSocket handler for the upgraded preview connection. Pumps frames
+ * between the browser side (`ws`) and the upstream daemon (`ws.data.upstream`)
+ * in both directions. Buffers inbound frames received before the upstream
+ * dial completes — Bun delivers messages on `ws` immediately after upgrade,
+ * and the upstream WebSocket handshake takes a non-zero number of ticks.
+ */
+export const previewWebSocketHandler = {
+  open(ws: PreviewServerWebSocket) {
+    const data = ws.data;
+    if (!isPreviewWsData(data)) return;
+    let upstream: WebSocket;
+    try {
+      upstream =
+        data.upstreamProtocols.length > 0
+          ? new WebSocket(data.upstreamUrl, data.upstreamProtocols)
+          : new WebSocket(data.upstreamUrl);
+    } catch (err) {
+      console.warn(
+        `[preview-ws] failed to dial upstream ${data.upstreamUrl}: ${err instanceof Error ? err.message : String(err)}`,
+      );
+      closePreviewBridge(ws, data, 1011, "upstream connect failed");
+      return;
+    }
+    upstream.binaryType = "arraybuffer";
+    data.upstream = upstream;
+
+    upstream.addEventListener("open", () => {
+      while (data.pending.length > 0) {
+        const msg = data.pending.shift();
+        if (msg !== undefined) upstream.send(msg);
+      }
+    });
+    upstream.addEventListener("message", (ev: MessageEvent) => {
+      if (data.closed) return;
+      ws.send(ev.data as string | Uint8Array | ArrayBuffer);
+    });
+    upstream.addEventListener("close", (ev: CloseEvent) => {
+      closePreviewBridge(ws, data, ev.code || 1000, ev.reason || "");
+    });
+    upstream.addEventListener("error", () => {
+      closePreviewBridge(ws, data, 1011, "upstream error");
+    });
+  },
+  message(
+    ws: PreviewServerWebSocket,
+    message: string | Uint8Array | ArrayBuffer,
+  ) {
+    const data = ws.data;
+    if (!isPreviewWsData(data)) return;
+    const upstream = data.upstream;
+    if (upstream && upstream.readyState === WebSocket.OPEN) {
+      upstream.send(message);
+      return;
+    }
+    // Cap the pre-handshake buffer. A blackholed upstream + a chatty client
+    // (e.g. vite HMR firing while the daemon is still booting) would otherwise
+    // grow this without bound. 1011 = "internal error" per RFC 6455.
+    if (data.pending.length >= MAX_PENDING_FRAMES) {
+      closePreviewBridge(ws, data, 1011, "preview ws backlog overflow");
+      return;
+    }
+    data.pending.push(message);
+  },
+  close(ws: PreviewServerWebSocket) {
+    const data = ws.data;
+    if (!isPreviewWsData(data)) return;
+    closePreviewBridge(ws, data, 1000, "");
+  },
+};
+
+// Minimal structural types to avoid taking a hard dependency on `bun-types`
+// in this module. The real Bun.ServerWebSocket / Bun.Server are wider but
+// we only touch these members.
+export interface PreviewServerWebSocket {
+  data: PreviewWsData | unknown;
+  send(data: string | Uint8Array | ArrayBuffer): number;
+  close(code?: number, reason?: string): void;
+}
+
+export interface BunServerLike {
+  upgrade(
+    request: Request,
+    options?: { data?: unknown; headers?: HeadersInit },
+  ): boolean;
+}
diff --git a/apps/mesh/src/settings/resolve-config.ts b/apps/mesh/src/settings/resolve-config.ts
index c33ac8636c..e27c58a156 100644
--- a/apps/mesh/src/settings/resolve-config.ts
+++ b/apps/mesh/src/settings/resolve-config.ts
@@ -68,20 +68,16 @@ export function resolveConfig(
     encryptionKey: envVars.ENCRYPTION_KEY || "",
     meshJwtSecret: envVars.MESH_JWT_SECRET,
     localMode,
-    allowLocalProd: localMode || toBool(envVars.DECOCMS_ALLOW_LOCAL_PROD),
     disableRateLimit: toBool(envVars.DISABLE_RATE_LIMIT),
     studioProvisionSecretKey: envVars.STUDIO_PROVISION_SECRET_KEY,
 
     // Observability
     clickhouseUrl: envVars.CLICKHOUSE_URL,
-    otelServiceName: envVars.OTEL_SERVICE_NAME || "mesh",
+    otelServiceName: envVars.OTEL_SERVICE_NAME || "studio",
 
     // Config files
     configPath: envVars.CONFIG_PATH || "./config.json",
 
-    // Transport
-    unsafeAllowStdioTransport: toBool(envVars.UNSAFE_ALLOW_STDIO_TRANSPORT),
-
     // AI Gateway
     aiGatewayEnabled: toBool(envVars.DECO_AI_GATEWAY_ENABLED),
     aiGatewayUrl:
diff --git a/apps/mesh/src/settings/types.ts b/apps/mesh/src/settings/types.ts
index 31ca855ed6..c7311a1a27 100644
--- a/apps/mesh/src/settings/types.ts
+++ b/apps/mesh/src/settings/types.ts
@@ -22,7 +22,6 @@ export interface Settings {
   encryptionKey: string;
   meshJwtSecret: string | undefined;
   localMode: boolean;
-  allowLocalProd: boolean;
   disableRateLimit: boolean;
   studioProvisionSecretKey: string | undefined; // Secret key to call the Deco AI Gateway API to provision keys
 
@@ -36,9 +35,6 @@ export interface Settings {
   // Config files
   configPath: string;
 
-  // Transport
-  unsafeAllowStdioTransport: boolean;
-
   // AI Gateway
   aiGatewayEnabled: boolean;
   aiGatewayUrl: string;
diff --git a/apps/mesh/src/shared/branch-name.test.ts b/apps/mesh/src/shared/branch-name.test.ts
new file mode 100644
index 0000000000..0f8833249b
--- /dev/null
+++ b/apps/mesh/src/shared/branch-name.test.ts
@@ -0,0 +1,28 @@
+import { describe, expect, test } from "bun:test";
+
+import { generateBranchName } from "./branch-name";
+
+describe("generateBranchName", () => {
+  test("returns a string with the deco/ prefix", () => {
+    const name = generateBranchName();
+    expect(name.startsWith("deco/")).toBe(true);
+  });
+
+  test("returns a hyphenated two-word body after the prefix", () => {
+    const name = generateBranchName();
+    const body = name.slice("deco/".length);
+    const parts = body.split("-");
+    expect(parts.length).toBe(2);
+    expect(parts[0]!.length).toBeGreaterThan(0);
+    expect(parts[1]!.length).toBeGreaterThan(0);
+  });
+
+  test("is valid for git ref syntax", () => {
+    const pattern = /^[A-Za-z0-9._/-]+$/;
+    for (let i = 0; i < 10; i++) {
+      const name = generateBranchName();
+      expect(pattern.test(name)).toBe(true);
+      expect(name.startsWith("-")).toBe(false);
+    }
+  });
+});
diff --git a/apps/mesh/src/shared/branch-name.ts b/apps/mesh/src/shared/branch-name.ts
new file mode 100644
index 0000000000..29cb357778
--- /dev/null
+++ b/apps/mesh/src/shared/branch-name.ts
@@ -0,0 +1,120 @@
+/**
+ * Branch-name generator used as a fallback when VM_START is invoked without
+ * an explicit branch. The word lists were lifted out of daemon.ts so the
+ * orchestrator — not the sandbox — decides the branch name and can persist
+ * it to vmMap before the daemon ever sees it.
+ *
+ * Format: `deco/<adjective>-<noun>`
+ */
+
+const ADJECTIVES: readonly string[] = [
+  "amber",
+  "bold",
+  "bright",
+  "calm",
+  "crimson",
+  "coral",
+  "daring",
+  "deep",
+  "dusty",
+  "eager",
+  "faint",
+  "fierce",
+  "frozen",
+  "gentle",
+  "golden",
+  "grand",
+  "green",
+  "hollow",
+  "iron",
+  "ivory",
+  "keen",
+  "lasting",
+  "lunar",
+  "mellow",
+  "misty",
+  "noble",
+  "olive",
+  "pale",
+  "prime",
+  "quiet",
+  "rapid",
+  "rustic",
+  "serene",
+  "sharp",
+  "silver",
+  "sleek",
+  "solar",
+  "stark",
+  "still",
+  "swift",
+  "tawny",
+  "tender",
+  "thin",
+  "true",
+  "vast",
+  "velvet",
+  "warm",
+  "wild",
+  "young",
+  "zen",
+];
+
+const NOUNS: readonly string[] = [
+  "anchor",
+  "birch",
+  "brook",
+  "cedar",
+  "cliff",
+  "cove",
+  "crane",
+  "dune",
+  "echo",
+  "ember",
+  "falcon",
+  "fern",
+  "flint",
+  "forge",
+  "frost",
+  "glade",
+  "grove",
+  "harbor",
+  "hawk",
+  "iris",
+  "jade",
+  "lark",
+  "maple",
+  "marsh",
+  "mesa",
+  "opal",
+  "orbit",
+  "peak",
+  "pine",
+  "plume",
+  "quartz",
+  "rapids",
+  "reef",
+  "ridge",
+  "river",
+  "sage",
+  "shore",
+  "slate",
+  "spruce",
+  "stone",
+  "summit",
+  "thorn",
+  "tide",
+  "trail",
+  "vale",
+  "wren",
+  "aspen",
+  "delta",
+  "crest",
+  "spark",
+];
+
+export function generateBranchName(): string {
+  const adj = ADJECTIVES[Math.floor(Math.random() * ADJECTIVES.length)];
+  const noun = NOUNS[Math.floor(Math.random() * NOUNS.length)];
+  return `deco/${adj}-${noun}`;
+}
diff --git a/apps/mesh/src/shared/github-clone-info.ts b/apps/mesh/src/shared/github-clone-info.ts
new file mode 100644
index 0000000000..ebc4c3b8a3
--- /dev/null
+++ b/apps/mesh/src/shared/github-clone-info.ts
@@ -0,0 +1,84 @@
+/**
+ * Authenticated clone URL + git identity from a connection's OAuth token.
+ * The token is baked into the URL — `git clone` then stores it on the
+ * remote so subsequent fetch/pull/push from inside the sandbox keep
+ * working with no further plumbing.
+ *
+ * The token is set once per sandbox. If it expires or is revoked, the
+ * sandbox must be destroyed and recreated — studio does not push token
+ * updates to running daemons. Falls back to generic identity defaults on
+ * /user failure so callers never block on a flaky upstream.
+ */
+
+import type { Kysely } from "kysely";
+import { DownstreamTokenStorage } from "../storage/downstream-token";
+import type { Database } from "../storage/types";
+import type { CredentialVault } from "../encryption/credential-vault";
+import {
+  canRefresh,
+  PROACTIVE_REFRESH_BUFFER_MS,
+  RECONNECT_ERROR,
+  refreshAndStore,
+} from "../oauth/token-refresh";
+
+export interface GitHubCloneInfo {
+  cloneUrl: string;
+  gitUserName: string;
+  gitUserEmail: string;
+}
+
+export async function buildCloneInfo(
+  connectionId: string,
+  owner: string,
+  name: string,
+  db: Kysely<Database>,
+  vault: CredentialVault,
+): Promise<GitHubCloneInfo> {
+  const tokenStorage = new DownstreamTokenStorage(db, vault);
+  const token = await tokenStorage.get(connectionId);
+  if (!token) {
+    throw new Error(
+      "No GitHub token found. Ensure the mcp-github connection is authenticated.",
+    );
+  }
+
+  let accessToken = token.accessToken;
+
+  // Proactive refresh before baking into the clone URL. Mirrors GITHUB_LIST_USER_ORGS.
+  if (
+    canRefresh(token) &&
+    tokenStorage.isExpired(token, PROACTIVE_REFRESH_BUFFER_MS)
+  ) {
+    const refreshed = await refreshAndStore(token, tokenStorage);
+    if (!refreshed) {
+      throw new Error(RECONNECT_ERROR);
+    }
+    accessToken = refreshed;
+  }
+
+  const cloneUrl = `https://x-access-token:${accessToken}@github.com/${owner}/${name}.git`;
+
+  let gitUserName = "Deco Studio";
+  let gitUserEmail = "studio@deco.cx";
+  try {
+    const res = await fetch("https://api.github.com/user", {
+      headers: {
+        Authorization: `token ${accessToken}`,
+        Accept: "application/vnd.github+json",
+      },
+    });
+    if (res.ok) {
+      const user = (await res.json()) as {
+        name?: string | null;
+        login: string;
+        email?: string | null;
+      };
+      gitUserName = user.name || user.login;
+      gitUserEmail = user.email || `${user.login}@users.noreply.github.com`;
+    }
+  } catch {
+    // Fallback to defaults — don't block the caller.
+  }
+
+  return { cloneUrl, gitUserName, gitUserEmail };
+}
diff --git a/apps/mesh/src/shared/github-runtime-detect.ts b/apps/mesh/src/shared/github-runtime-detect.ts
new file mode 100644
index 0000000000..265f6ccca3
--- /dev/null
+++ b/apps/mesh/src/shared/github-runtime-detect.ts
@@ -0,0 +1,136 @@
+/**
+ * Server-side lockfile probe that mirrors the client picker's detection.
+ * Moved off the browser so VM_START can't race runtime resolution — the
+ * caller used to fire VM_START before the client-side detection wrote
+ * `runtime` back, baking a clone-only daemon whose dev server never
+ * starts. Running here keeps it on the same request-lifetime as the VM
+ * provision. On any failure we return null and the caller falls back to
+ * clone-only (same behaviour as a repo with no lockfile).
+ */
+
+import type { Kysely } from "kysely";
+import type { CredentialVault } from "../encryption/credential-vault";
+import { DownstreamTokenStorage } from "../storage/downstream-token";
+import type { Database } from "../storage/types";
+import type { PackageManager } from "./runtime-defaults";
+
+/** Ordered: first match wins. Mirrors github-repo-picker.tsx's runtimeFiles. */
+const LOCKFILES: Array<{ path: string; pm: PackageManager }> = [
+  { path: "deno.json", pm: "deno" },
+  { path: "deno.jsonc", pm: "deno" },
+  { path: "bun.lock", pm: "bun" },
+  { path: "bunfig.toml", pm: "bun" },
+  { path: "pnpm-lock.yaml", pm: "pnpm" },
+  { path: "yarn.lock", pm: "yarn" },
+  { path: "package-lock.json", pm: "npm" },
+  { path: "package.json", pm: "bun" },
+];
+
+const PORT_SOURCES: Partial<Record<PackageManager, string[]>> = {
+  deno: ["deno.json", "deno.jsonc"],
+  bun: ["package.json"],
+  pnpm: ["package.json"],
+  yarn: ["package.json"],
+  npm: ["package.json"],
+};
+
+const PORT_RE = /(?:--port|PORT=|:)(\d{4,5})/;
+
+export interface DetectedRuntime {
+  packageManager: PackageManager;
+  devPort: string | null;
+}
+
+export async function detectRepoRuntime(
+  connectionId: string,
+  owner: string,
+  name: string,
+  db: Kysely<Database>,
+  vault: CredentialVault,
+): Promise<DetectedRuntime | null> {
+  const token = await new DownstreamTokenStorage(db, vault).get(connectionId);
+  if (!token) return null;
+
+  // Detection runs against the repo's default branch, not the caller's VM
+  // branch. The VM branch is typically a fresh name generated by VM_START
+  // (e.g. `deco/keen-trail`) that hasn't been pushed yet — asking GitHub
+  // for that ref 404s on every file and we'd fall back to clone-only even
+  // on a valid repo. Omitting `ref` makes Contents API use HEAD.
+
+  // Fetch only what we might need for detection + port extraction. Parallel
+  // because GitHub serves these on separate CDN paths and sequential would
+  // add ~1s per file inside VM_START's critical section.
+  const cache = new Map<string, string | null>();
+  const relevantPaths = new Set(LOCKFILES.map((f) => f.path));
+  for (const sources of Object.values(PORT_SOURCES)) {
+    for (const p of sources ?? []) relevantPaths.add(p);
+  }
+  await Promise.all(
+    Array.from(relevantPaths).map(async (path) => {
+      cache.set(
+        path,
+        await fetchGithubFile(owner, name, path, token.accessToken),
+      );
+    }),
+  );
+
+  const hit = LOCKFILES.find(({ path }) => cache.get(path) !== null);
+  if (!hit) return null;
+
+  const portSources = PORT_SOURCES[hit.pm] ?? [];
+  let devPort: string | null = null;
+  for (const path of portSources) {
+    devPort = extractDevPort(cache.get(path) ?? null);
+    if (devPort) break;
+  }
+  return { packageManager: hit.pm, devPort };
+}
+
+/**
+ * 404 → null (expected: most repos won't have every lockfile). Any other
+ * failure also null — a half-detected runtime is worse than clone-only,
+ * since the wrong PM would hang setup.
+ */
+async function fetchGithubFile(
+  owner: string,
+  repo: string,
+  path: string,
+  accessToken: string,
+): Promise<string | null> {
+  const url = `https://api.github.com/repos/${owner}/${repo}/contents/${encodeURIComponent(path)}`;
+  try {
+    const res = await fetch(url, {
+      headers: {
+        Authorization: `token ${accessToken}`,
+        Accept: "application/vnd.github+json",
+        "User-Agent": "mesh-runtime-detect",
+      },
+      signal: AbortSignal.timeout(5_000),
+    });
+    if (!res.ok) return null;
+    const body = (await res.json()) as {
+      content?: string;
+      encoding?: string;
+    };
+    if (!body.content || body.encoding !== "base64") return null;
+    return Buffer.from(body.content, "base64").toString("utf8");
+  } catch {
+    return null;
+  }
+}
+
+function extractDevPort(content: string | null): string | null {
+  if (!content) return null;
+  try {
+    const parsed = JSON.parse(content) as {
+      tasks?: Record<string, string>;
+      scripts?: Record<string, string>;
+    };
+    const cmds = parsed.tasks ?? parsed.scripts ?? {};
+    const cmd = cmds.dev ?? cmds.start ?? "";
+    const match = cmd.match(PORT_RE);
+    return match?.[1] ?? null;
+  } catch {
+    return null;
+  }
+}
diff --git a/apps/mesh/src/shared/runtime-defaults.ts b/apps/mesh/src/shared/runtime-defaults.ts
index 1723794d13..9244a5f7ec 100644
--- a/apps/mesh/src/shared/runtime-defaults.ts
+++ b/apps/mesh/src/shared/runtime-defaults.ts
@@ -36,18 +36,3 @@ export const PACKAGE_MANAGER_CONFIG: Record<
     runtime: "deno",
   },
 };
-
-/**
- * Serializable version of PACKAGE_MANAGER_CONFIG for the in-VM daemon script.
- * Uses `runPrefix` (string) instead of `run` (function) so it can be JSON.stringified.
- */
-export const PACKAGE_MANAGER_DAEMON_CONFIG: Record<
-  PackageManager,
-  { install: string; runPrefix: string }
-> = {
-  npm: { install: "npm install", runPrefix: "npm run" },
-  pnpm: { install: "pnpm install", runPrefix: "pnpm run" },
-  yarn: { install: "yarn install", runPrefix: "yarn run" },
-  bun: { install: "bun install", runPrefix: "bun run" },
-  deno: { install: "deno install", runPrefix: "deno task" },
-};
diff --git a/apps/mesh/src/storage/ai-provider-keys.ts b/apps/mesh/src/storage/ai-provider-keys.ts
index fa29172566..49865ed98b 100644
--- a/apps/mesh/src/storage/ai-provider-keys.ts
+++ b/apps/mesh/src/storage/ai-provider-keys.ts
@@ -19,6 +19,7 @@ export class AIProviderKeyStorage {
     id: string;
     provider_id: string;
     label: string;
+    preset_id: string | null;
     organization_id: string;
     created_by: string;
     created_at: Date | string;
@@ -27,6 +28,7 @@ export class AIProviderKeyStorage {
       id: row.id,
       providerId: row.provider_id as ProviderId,
       label: row.label,
+      presetId: row.preset_id,
       organizationId: row.organization_id,
       createdBy: row.created_by,
       createdAt:
@@ -42,11 +44,13 @@ export class AIProviderKeyStorage {
     apiKey: string; // plaintext — will be encrypted before storage
     organizationId: string;
     createdBy: string;
+    presetId?: string | null;
   }): Promise<ProviderKeyInfo> {
     const id = generatePrefixedId("aik");
     const encryptedApiKey = await this.vault.encrypt(params.apiKey);
     const keyHash = hashApiKey(params.apiKey);
     const createdAt = new Date();
+    const presetId = params.presetId ?? null;
 
     await this.db
       .insertInto("ai_provider_keys")
@@ -55,6 +59,7 @@ export class AIProviderKeyStorage {
         organization_id: params.organizationId,
         provider_id: params.providerId,
         label: params.label,
+        preset_id: presetId,
         encrypted_api_key: encryptedApiKey,
         key_hash: keyHash,
         created_by: params.createdBy,
@@ -66,6 +71,7 @@ export class AIProviderKeyStorage {
       id,
       provider_id: params.providerId,
       label: params.label,
+      preset_id: presetId,
       organization_id: params.organizationId,
       created_by: params.createdBy,
       created_at: createdAt,
@@ -85,11 +91,13 @@ export class AIProviderKeyStorage {
     apiKey: string; // plaintext — will be encrypted before storage
     organizationId: string;
     createdBy: string;
+    presetId?: string | null;
   }): Promise<ProviderKeyInfo> {
     const id = generatePrefixedId("aik");
     const encryptedApiKey = await this.vault.encrypt(params.apiKey);
     const keyHash = hashApiKey(params.apiKey);
     const createdAt = new Date();
+    const presetId = params.presetId ?? null;
 
     const row = await this.db
       .insertInto("ai_provider_keys")
@@ -98,6 +106,7 @@ export class AIProviderKeyStorage {
         organization_id: params.organizationId,
         provider_id: params.providerId,
         label: params.label,
+        preset_id: presetId,
         encrypted_api_key: encryptedApiKey,
         key_hash: keyHash,
         created_by: params.createdBy,
@@ -106,12 +115,14 @@ export class AIProviderKeyStorage {
       .onConflict((oc) =>
         oc.columns(["organization_id", "provider_id", "key_hash"]).doUpdateSet({
           label: params.label,
+          preset_id: presetId,
         }),
       )
       .returning([
         "id",
         "provider_id",
         "label",
+        "preset_id",
         "organization_id",
         "created_by",
         "created_at",
@@ -132,6 +143,7 @@ export class AIProviderKeyStorage {
         "id",
         "provider_id",
         "label",
+        "preset_id",
         "organization_id",
         "created_by",
         "created_at",
@@ -166,6 +178,33 @@ export class AIProviderKeyStorage {
     };
   }
 
+  async updateLabel(
+    keyId: string,
+    organizationId: string,
+    label: string,
+  ): Promise<ProviderKeyInfo> {
+    const row = await this.db
+      .updateTable("ai_provider_keys")
+      .set({ label })
+      .where("id", "=", keyId)
+      .where("organization_id", "=", organizationId)
+      .returning([
+        "id",
+        "provider_id",
+        "label",
+        "preset_id",
+        "organization_id",
+        "created_by",
+        "created_at",
+      ])
+      .executeTakeFirst();
+
+    if (!row) {
+      throw new Error(`AI provider key ${keyId} not found`);
+    }
+    return this.rowToKeyInfo(row);
+  }
+
   async delete(keyId: string, organizationId: string): Promise<void> {
     const result = await this.db
       .deleteFrom("ai_provider_keys")
@@ -190,6 +229,7 @@ export class AIProviderKeyStorage {
         "id",
         "provider_id",
         "label",
+        "preset_id",
         "organization_id",
         "created_by",
         "created_at",
diff --git a/apps/mesh/src/storage/automations.ts b/apps/mesh/src/storage/automations.ts
index f1e4ab261f..839027c210 100644
--- a/apps/mesh/src/storage/automations.ts
+++ b/apps/mesh/src/storage/automations.ts
@@ -21,17 +21,15 @@ export interface CreateAutomationInput {
   name: string;
   active?: boolean;
   created_by: string;
-  agent: string; // JSON
   messages: string; // JSON
   models: string; // JSON
   temperature?: number;
-  virtual_mcp_id?: string | null;
+  virtual_mcp_id: string;
 }
 
 export interface UpdateAutomationInput {
   name?: string;
   active?: boolean;
-  agent?: string;
   messages?: string;
   models?: string;
   temperature?: number;
@@ -66,6 +64,7 @@ export interface AutomationsStorage {
   listWithTriggerCounts(
     organizationId: string,
     virtualMcpId?: string | null,
+    search?: string | null,
   ): Promise<AutomationWithTriggerInfo[]>;
   update(
     id: string,
@@ -131,11 +130,10 @@ function automationFromDbRow(row: {
   name: string;
   active: boolean | number;
   created_by: string;
-  agent: string;
   messages: string;
   models: string;
   temperature: number;
-  virtual_mcp_id?: string | null;
+  virtual_mcp_id: string;
   created_at: Date | string;
   updated_at: Date | string;
 }): Automation {
@@ -145,11 +143,10 @@ function automationFromDbRow(row: {
     name: row.name,
     active: !!row.active,
     created_by: row.created_by,
-    agent: row.agent,
     messages: row.messages,
     models: row.models,
     temperature: row.temperature,
-    virtual_mcp_id: row.virtual_mcp_id ?? null,
+    virtual_mcp_id: row.virtual_mcp_id,
     created_at: toIsoString(row.created_at),
     updated_at: toIsoString(row.updated_at),
   };
@@ -198,11 +195,10 @@ class KyselyAutomationsStorage implements AutomationsStorage {
       name: input.name,
       active: input.active ?? true,
       created_by: input.created_by,
-      agent: input.agent,
       messages: input.messages,
       models: input.models,
       temperature: input.temperature ?? 0.5,
-      virtual_mcp_id: input.virtual_mcp_id ?? null,
+      virtual_mcp_id: input.virtual_mcp_id,
       created_at: now,
       updated_at: now,
     };
@@ -244,6 +240,7 @@ class KyselyAutomationsStorage implements AutomationsStorage {
   async listWithTriggerCounts(
     organizationId: string,
     virtualMcpId?: string | null,
+    search?: string | null,
   ): Promise<AutomationWithTriggerInfo[]> {
     let query = this.db
       .selectFrom("automations as a")
@@ -254,7 +251,6 @@ class KyselyAutomationsStorage implements AutomationsStorage {
         "a.name",
         "a.active",
         "a.created_by",
-        "a.agent",
         "a.messages",
         "a.models",
         "a.temperature",
@@ -266,10 +262,12 @@ class KyselyAutomationsStorage implements AutomationsStorage {
       .select((eb) => eb.fn.min("t.next_run_at").as("nearest_next_run_at"))
       .where("a.organization_id", "=", organizationId);
 
-    if (virtualMcpId !== undefined) {
-      query = virtualMcpId
-        ? query.where("a.virtual_mcp_id", "=", virtualMcpId)
-        : query.where("a.virtual_mcp_id", "is", null);
+    if (virtualMcpId) {
+      query = query.where("a.virtual_mcp_id", "=", virtualMcpId);
+    }
+
+    if (search) {
+      query = query.where("a.name", "ilike", `%${search}%`);
     }
 
     const rows = await query
@@ -279,7 +277,6 @@ class KyselyAutomationsStorage implements AutomationsStorage {
         "a.name",
         "a.active",
         "a.created_by",
-        "a.agent",
         "a.messages",
         "a.models",
         "a.temperature",
@@ -309,7 +306,6 @@ class KyselyAutomationsStorage implements AutomationsStorage {
 
     if (input.name !== undefined) updateData.name = input.name;
     if (input.active !== undefined) updateData.active = input.active;
-    if (input.agent !== undefined) updateData.agent = input.agent;
     if (input.messages !== undefined) updateData.messages = input.messages;
     if (input.models !== undefined) updateData.models = input.models;
     if (input.temperature !== undefined)
@@ -426,10 +422,10 @@ class KyselyAutomationsStorage implements AutomationsStorage {
         "a.name as a_name",
         "a.active as a_active",
         "a.created_by as a_created_by",
-        "a.agent as a_agent",
         "a.messages as a_messages",
         "a.models as a_models",
         "a.temperature as a_temperature",
+        "a.virtual_mcp_id as a_virtual_mcp_id",
         "a.created_at as a_created_at",
         "a.updated_at as a_updated_at",
       ])
@@ -448,10 +444,10 @@ class KyselyAutomationsStorage implements AutomationsStorage {
         name: row.a_name,
         active: row.a_active,
         created_by: row.a_created_by,
-        agent: row.a_agent,
         messages: row.a_messages,
         models: row.a_models,
         temperature: row.a_temperature,
+        virtual_mcp_id: row.a_virtual_mcp_id,
         created_at: row.a_created_at,
         updated_at: row.a_updated_at,
       }),
@@ -479,10 +475,10 @@ class KyselyAutomationsStorage implements AutomationsStorage {
         "a.name as a_name",
         "a.active as a_active",
         "a.created_by as a_created_by",
-        "a.agent as a_agent",
         "a.messages as a_messages",
         "a.models as a_models",
         "a.temperature as a_temperature",
+        "a.virtual_mcp_id as a_virtual_mcp_id",
         "a.created_at as a_created_at",
         "a.updated_at as a_updated_at",
       ])
@@ -498,10 +494,10 @@ class KyselyAutomationsStorage implements AutomationsStorage {
         name: row.a_name,
         active: row.a_active,
         created_by: row.a_created_by,
-        agent: row.a_agent,
         messages: row.a_messages,
         models: row.a_models,
         temperature: row.a_temperature,
+        virtual_mcp_id: row.a_virtual_mcp_id,
         created_at: row.a_created_at,
         updated_at: row.a_updated_at,
       }),
@@ -532,10 +528,10 @@ class KyselyAutomationsStorage implements AutomationsStorage {
           "a.name as a_name",
           "a.active as a_active",
           "a.created_by as a_created_by",
-          "a.agent as a_agent",
           "a.messages as a_messages",
           "a.models as a_models",
           "a.temperature as a_temperature",
+          "a.virtual_mcp_id as a_virtual_mcp_id",
           "a.created_at as a_created_at",
           "a.updated_at as a_updated_at",
         ])
@@ -555,10 +551,10 @@ class KyselyAutomationsStorage implements AutomationsStorage {
           name: row.a_name,
           active: row.a_active,
           created_by: row.a_created_by,
-          agent: row.a_agent,
           messages: row.a_messages,
           models: row.a_models,
           temperature: row.a_temperature,
+          virtual_mcp_id: row.a_virtual_mcp_id,
           created_at: row.a_created_at,
           updated_at: row.a_updated_at,
         }),
@@ -653,7 +649,7 @@ class KyselyAutomationsStorage implements AutomationsStorage {
           description: null,
           status: "in_progress",
           trigger_id: triggerId,
-          virtual_mcp_id: automation.virtual_mcp_id ?? "",
+          virtual_mcp_id: automation.virtual_mcp_id,
           hidden: false,
           created_at: now,
           updated_at: now,
diff --git a/apps/mesh/src/storage/organization-settings.ts b/apps/mesh/src/storage/organization-settings.ts
index 076a2a3e28..0dcc4e2c1e 100644
--- a/apps/mesh/src/storage/organization-settings.ts
+++ b/apps/mesh/src/storage/organization-settings.ts
@@ -35,6 +35,16 @@ export class OrganizationSettingsStorage
           ? JSON.parse(record.registry_config)
           : record.registry_config
         : null,
+      simple_mode: record.simple_mode
+        ? typeof record.simple_mode === "string"
+          ? JSON.parse(record.simple_mode)
+          : record.simple_mode
+        : null,
+      default_home_agents: record.default_home_agents
+        ? typeof record.default_home_agents === "string"
+          ? JSON.parse(record.default_home_agents)
+          : record.default_home_agents
+        : null,
       createdAt: record.createdAt,
       updatedAt: record.updatedAt,
     };
@@ -45,7 +55,11 @@ export class OrganizationSettingsStorage
     data?: Partial<
       Pick<
         OrganizationSettings,
-        "sidebar_items" | "enabled_plugins" | "registry_config"
+        | "sidebar_items"
+        | "enabled_plugins"
+        | "registry_config"
+        | "simple_mode"
+        | "default_home_agents"
       >
     >,
   ): Promise<OrganizationSettings> {
@@ -59,6 +73,12 @@ export class OrganizationSettingsStorage
     const registryConfigJson = data?.registry_config
       ? JSON.stringify(data.registry_config)
       : null;
+    const simpleModeJson = data?.simple_mode
+      ? JSON.stringify(data.simple_mode)
+      : null;
+    const defaultHomeAgentsJson = data?.default_home_agents
+      ? JSON.stringify(data.default_home_agents)
+      : null;
 
     await this.db
       .insertInto("organization_settings")
@@ -67,6 +87,8 @@ export class OrganizationSettingsStorage
         sidebar_items: sidebarItemsJson,
         enabled_plugins: enabledPluginsJson,
         registry_config: registryConfigJson,
+        simple_mode: simpleModeJson,
+        default_home_agents: defaultHomeAgentsJson,
         createdAt: now,
         updatedAt: now,
       })
@@ -75,6 +97,10 @@ export class OrganizationSettingsStorage
           sidebar_items: sidebarItemsJson ? sidebarItemsJson : undefined,
           enabled_plugins: enabledPluginsJson ? enabledPluginsJson : undefined,
           registry_config: registryConfigJson ? registryConfigJson : undefined,
+          simple_mode: simpleModeJson ? simpleModeJson : undefined,
+          default_home_agents: defaultHomeAgentsJson
+            ? defaultHomeAgentsJson
+            : undefined,
           updatedAt: now,
         }),
       )
@@ -88,6 +114,8 @@ export class OrganizationSettingsStorage
         sidebar_items: data?.sidebar_items ?? null,
         enabled_plugins: data?.enabled_plugins ?? null,
         registry_config: data?.registry_config ?? null,
+        simple_mode: data?.simple_mode ?? null,
+        default_home_agents: data?.default_home_agents ?? null,
         createdAt: now,
         updatedAt: now,
       };
diff --git a/apps/mesh/src/storage/ports.ts b/apps/mesh/src/storage/ports.ts
index 77ac4a7186..ee140f2fb4 100644
--- a/apps/mesh/src/storage/ports.ts
+++ b/apps/mesh/src/storage/ports.ts
@@ -17,6 +17,7 @@ import type {
 } from "../tools/virtual/schema";
 import type {
   BrandContext,
+  InflightAsyncJob,
   MonitoringLog,
   OrganizationDomain,
   OrganizationSettings,
@@ -91,6 +92,34 @@ export interface ThreadStoragePort {
   /** Release ownership for all runs owned by this pod (graceful shutdown). */
   orphanRunsByPod(podId: string): Promise<string[]>;
 
+  /** Append an entry to threads.inflight_async_jobs. Atomic via jsonb concat. */
+  addInflightAsyncJob(
+    taskId: string,
+    organizationId: string,
+    entry: InflightAsyncJob,
+  ): Promise<void>;
+
+  /**
+   * Find an in-flight async job for this thread matching provider + modelId + query.
+   * Returns the most recently submitted match, or null.
+   */
+  findInflightAsyncJob(
+    taskId: string,
+    organizationId: string,
+    provider: string,
+    modelId: string,
+    query: string,
+  ): Promise<InflightAsyncJob | null>;
+
+  /** Remove all entries matching provider + modelId + query from threads.inflight_async_jobs. */
+  removeInflightAsyncJob(
+    taskId: string,
+    organizationId: string,
+    provider: string,
+    modelId: string,
+    query: string,
+  ): Promise<void>;
+
   // Message operations - upserts by id (updates existing rows)
   saveMessages(data: ThreadMessage[], organizationId: string): Promise<void>;
   listMessages(
@@ -144,7 +173,11 @@ export interface OrganizationSettingsStoragePort {
     data?: Partial<
       Pick<
         OrganizationSettings,
-        "sidebar_items" | "enabled_plugins" | "registry_config"
+        | "sidebar_items"
+        | "enabled_plugins"
+        | "registry_config"
+        | "simple_mode"
+        | "default_home_agents"
       >
     >,
   ): Promise<OrganizationSettings>;
diff --git a/apps/mesh/src/storage/sandbox-runner-state.test.ts b/apps/mesh/src/storage/sandbox-runner-state.test.ts
new file mode 100644
index 0000000000..58d822c48f
--- /dev/null
+++ b/apps/mesh/src/storage/sandbox-runner-state.test.ts
@@ -0,0 +1,215 @@
+import { afterAll, beforeAll, describe, expect, it } from "bun:test";
+import type { SandboxId } from "@decocms/sandbox/runner";
+import {
+  closeTestDatabase,
+  createTestDatabase,
+  type TestDatabase,
+} from "../database/test-db";
+import { KyselySandboxRunnerStateStore } from "./sandbox-runner-state";
+import { createTestSchema } from "./test-helpers";
+
+describe("KyselySandboxRunnerStateStore", () => {
+  let database: TestDatabase;
+  let store: KyselySandboxRunnerStateStore;
+
+  beforeAll(async () => {
+    database = await createTestDatabase();
+    await createTestSchema(database.db);
+    store = new KyselySandboxRunnerStateStore(database.db);
+  });
+
+  afterAll(async () => {
+    await closeTestDatabase(database);
+  });
+
+  // Each test uses a unique id to avoid cross-test pollution.
+  const mkId = (tag: string): SandboxId => ({
+    userId: `user-${tag}`,
+    projectRef: `proj-${tag}`,
+  });
+
+  it("put + get round-trips all fields", async () => {
+    const id = mkId("round-trip");
+    const before = Date.now();
+    await store.put(id, "docker", {
+      handle: "handle-round-trip",
+      state: { token: "abc", hostPort: 1234, nested: { k: "v" } },
+    });
+
+    const row = await store.get(id, "docker");
+    expect(row).not.toBeNull();
+    expect(row!.handle).toBe("handle-round-trip");
+    expect(row!.state).toEqual({
+      token: "abc",
+      hostPort: 1234,
+      nested: { k: "v" },
+    });
+    expect(row!.updatedAt).toBeInstanceOf(Date);
+    // updatedAt should be recent (within a reasonable window).
+    expect(row!.updatedAt.getTime()).toBeGreaterThanOrEqual(before - 1000);
+    expect(row!.updatedAt.getTime()).toBeLessThanOrEqual(Date.now() + 1000);
+  });
+
+  it("put UPSERTs on same (user_id, project_ref, runner_kind)", async () => {
+    const id = mkId("upsert");
+    await store.put(id, "docker", {
+      handle: "upsert-handle-1",
+      state: { version: 1 },
+    });
+    await store.put(id, "docker", {
+      handle: "upsert-handle-2",
+      state: { version: 2 },
+    });
+
+    const row = await store.get(id, "docker");
+    expect(row).not.toBeNull();
+    expect(row!.handle).toBe("upsert-handle-2");
+    expect(row!.state).toEqual({ version: 2 });
+
+    // Verify only one row exists for this (user, project, kind).
+    const { rows } = await database.pglite.query<{ count: string }>(
+      `SELECT COUNT(*)::text AS count FROM sandbox_runner_state
+         WHERE user_id = $1 AND project_ref = $2 AND runner_kind = $3`,
+      [id.userId, id.projectRef, "docker"],
+    );
+    expect(rows[0]!.count).toBe("1");
+  });
+
+  it("put allows duplicate handle across different (user, project, kind)", async () => {
+    const id1 = mkId("dup-handle-a");
+    const id2 = mkId("dup-handle-b");
+    const sharedHandle = "shared-handle-conflict";
+
+    await store.put(id1, "docker", {
+      handle: sharedHandle,
+      state: { which: "a" },
+    });
+
+    // Migration 074 dropped the unique constraint on handle — different
+    // runners can legitimately share a handle (hash entropy collisions).
+    await expect(
+      store.put(id2, "freestyle", {
+        handle: sharedHandle,
+        state: { which: "b" },
+      }),
+    ).resolves.toBeUndefined();
+  });
+
+  it("delete removes the row", async () => {
+    const id = mkId("delete");
+    await store.put(id, "docker", {
+      handle: "delete-handle",
+      state: { x: 1 },
+    });
+    expect(await store.get(id, "docker")).not.toBeNull();
+
+    await store.delete(id, "docker");
+    expect(await store.get(id, "docker")).toBeNull();
+  });
+
+  it("deleteByHandle removes the row", async () => {
+    const id = mkId("delete-by-handle");
+    const handle = "delete-by-handle-h";
+    await store.put(id, "docker", { handle, state: { x: 1 } });
+    expect(await store.get(id, "docker")).not.toBeNull();
+
+    await store.deleteByHandle("docker", handle);
+    expect(await store.get(id, "docker")).toBeNull();
+  });
+
+  it("getByHandle returns populated row with id", async () => {
+    const id = mkId("get-by-handle");
+    const handle = "get-by-handle-h";
+    await store.put(id, "docker", { handle, state: { token: "t" } });
+
+    const row = await store.getByHandle("docker", handle);
+    expect(row).not.toBeNull();
+    expect(row!.handle).toBe(handle);
+    expect(row!.id).toEqual(id);
+    expect(row!.state).toEqual({ token: "t" });
+    expect(row!.updatedAt).toBeInstanceOf(Date);
+  });
+
+  it("getByHandle returns null when kind does not match", async () => {
+    const id = mkId("kind-mismatch");
+    const handle = "kind-mismatch-handle";
+    await store.put(id, "docker", { handle, state: {} });
+
+    const row = await store.getByHandle("freestyle", handle);
+    expect(row).toBeNull();
+  });
+
+  it("withLock returns the callback's result and persists writes", async () => {
+    const id = mkId("withlock-happy");
+    const result = await store.withLock(id, "docker", async (scoped) => {
+      await scoped.put(id, "docker", {
+        handle: "withlock-happy-handle",
+        state: { ok: true },
+      });
+      return 42;
+    });
+    expect(result).toBe(42);
+
+    const row = await store.get(id, "docker");
+    expect(row).not.toBeNull();
+    expect(row!.handle).toBe("withlock-happy-handle");
+    expect(row!.state).toEqual({ ok: true });
+  });
+
+  it("withLock rolls back on throw", async () => {
+    const id = mkId("withlock-throw");
+    const boom = new Error("boom");
+
+    await expect(
+      store.withLock(id, "docker", async (scoped) => {
+        await scoped.put(id, "docker", {
+          handle: "withlock-throw-handle",
+          state: { bad: true },
+        });
+        throw boom;
+      }),
+    ).rejects.toThrow("boom");
+
+    // The put inside the throwing txn must not be visible.
+    const row = await store.get(id, "docker");
+    expect(row).toBeNull();
+  });
+
+  // PGlite does not serialize on pg_advisory_xact_lock: empirically two
+  // concurrent transactions that both call pg_advisory_xact_lock(sameKey)
+  // proceed in parallel rather than queueing. PGlite is a single-process
+  // WASM Postgres without multi-connection lock contention, so this path
+  // can only be verified against real Postgres. Real-Postgres coverage is
+  // out of scope for this unit test file.
+  it.skip("withLock serializes concurrent calls for the same (id, kind) [PGlite does not support pg_advisory_xact_lock]", async () => {
+    const id = mkId("withlock-serialize");
+    const firstStarted = Promise.withResolvers<void>();
+    let secondSawHandle: string | undefined;
+
+    const first = store.withLock(id, "docker", async (scoped) => {
+      firstStarted.resolve();
+      await scoped.put(id, "docker", {
+        handle: "serialize-handleA",
+        state: { step: "A" },
+      });
+      await new Promise((r) => setTimeout(r, 50));
+      await scoped.put(id, "docker", {
+        handle: "serialize-handleB",
+        state: { step: "B" },
+      });
+      return "first-done";
+    });
+
+    const second = (async () => {
+      await firstStarted.promise;
+      return store.withLock(id, "docker", async (scoped) => {
+        const row = await scoped.get(id, "docker");
+        secondSawHandle = row?.handle;
+        return "second-done";
+      });
+    })();
+
+    await Promise.all([first, second]);
+    expect(secondSawHandle).toBe("serialize-handleB");
+  });
+});
diff --git a/apps/mesh/src/storage/sandbox-runner-state.ts b/apps/mesh/src/storage/sandbox-runner-state.ts
new file mode 100644
index 0000000000..0ca69bf95c
--- /dev/null
+++ b/apps/mesh/src/storage/sandbox-runner-state.ts
@@ -0,0 +1,218 @@
+/**
+ * Kysely-backed RunnerStateStore. `state` jsonb is opaque — each runner
+ * serialises its own fields. See
+ * packages/@decocms/sandbox/server/runner/.
+ *
+ * Method implementations take an explicit executor (db or trx) so the scoped
+ * store handed to `withLock` callbacks can reuse the lock's connection. If
+ * nested reads/writes went through `this.db` instead, each would race the
+ * main pool for a separate slot while the lock txn pins one — classic
+ * nested-query pool deadlock at `databasePoolMax` concurrent provisionings.
+ */
+
+import { createHash } from "node:crypto";
+import { sql, type Kysely } from "kysely";
+import type {
+  RunnerStatePut,
+  RunnerStateRecord,
+  RunnerStateRecordWithId,
+  RunnerStateStore,
+  RunnerStateStoreOps,
+  SandboxId,
+} from "@decocms/sandbox/runner";
+import type { Database } from "./types";
+
+type Executor = Kysely<Database>;
+
+/**
+ * Hash `(userId, projectRef, kind)` to a signed int64 for
+ * `pg_advisory_xact_lock` — cast so the range fits pg's `bigint`.
+ */
+function lockKey(id: SandboxId, kind: string): bigint {
+  const h = createHash("sha256")
+    .update(id.userId)
+    .update("\x00")
+    .update(id.projectRef)
+    .update("\x00")
+    .update(kind)
+    .digest();
+  return h.readBigInt64BE(0);
+}
+
+async function getRow(
+  exec: Executor,
+  id: SandboxId,
+  kind: string,
+): Promise<RunnerStateRecord | null> {
+  const row = await exec
+    .selectFrom("sandbox_runner_state")
+    .select(["handle", "state", "updated_at"])
+    .where("user_id", "=", id.userId)
+    .where("project_ref", "=", id.projectRef)
+    .where("runner_kind", "=", kind)
+    .executeTakeFirst();
+  if (!row) return null;
+  return {
+    handle: row.handle,
+    state: row.state as Record<string, unknown>,
+    updatedAt: row.updated_at as Date,
+  };
+}
+
+async function getByHandleRow(
+  exec: Executor,
+  kind: string,
+  handle: string,
+): Promise<RunnerStateRecordWithId | null> {
+  const row = await exec
+    .selectFrom("sandbox_runner_state")
+    .select(["user_id", "project_ref", "handle", "state", "updated_at"])
+    .where("runner_kind", "=", kind)
+    .where("handle", "=", handle)
+    .executeTakeFirst();
+  if (!row) return null;
+  return {
+    id: { userId: row.user_id, projectRef: row.project_ref },
+    handle: row.handle,
+    state: row.state as Record<string, unknown>,
+    updatedAt: row.updated_at as Date,
+  };
+}
+
+async function putRow(
+  exec: Executor,
+  id: SandboxId,
+  kind: string,
+  entry: RunnerStatePut,
+): Promise<void> {
+  const stateJson = JSON.stringify(entry.state);
+  const now = new Date().toISOString();
+  await exec
+    .insertInto("sandbox_runner_state")
+    .values({
+      user_id: id.userId,
+      project_ref: id.projectRef,
+      runner_kind: kind,
+      handle: entry.handle,
+      state: stateJson,
+      updated_at: now,
+    })
+    .onConflict((oc) =>
+      oc.columns(["user_id", "project_ref", "runner_kind"]).doUpdateSet({
+        handle: entry.handle,
+        state: stateJson,
+        updated_at: now,
+      }),
+    )
+    .execute();
+}
+
+async function deleteRow(
+  exec: Executor,
+  id: SandboxId,
+  kind: string,
+): Promise<void> {
+  await exec
+    .deleteFrom("sandbox_runner_state")
+    .where("user_id", "=", id.userId)
+    .where("project_ref", "=", id.projectRef)
+    .where("runner_kind", "=", kind)
+    .execute();
+}
+
+async function deleteByHandleRow(
+  exec: Executor,
+  kind: string,
+  handle: string,
+): Promise<void> {
+  await exec
+    .deleteFrom("sandbox_runner_state")
+    .where("runner_kind", "=", kind)
+    .where("handle", "=", handle)
+    .execute();
+}
+
+function scopedStore(exec: Executor): RunnerStateStoreOps {
+  return {
+    get: (id, kind) => getRow(exec, id, kind),
+    getByHandle: (kind, handle) => getByHandleRow(exec, kind, handle),
+    put: (id, kind, entry) => putRow(exec, id, kind, entry),
+    delete: (id, kind) => deleteRow(exec, id, kind),
+    deleteByHandle: (kind, handle) => deleteByHandleRow(exec, kind, handle),
+  };
+}
+
+export class KyselySandboxRunnerStateStore implements RunnerStateStore {
+  constructor(private db: Kysely<Database>) {}
+
+  get(id: SandboxId, kind: string): Promise<RunnerStateRecord | null> {
+    return getRow(this.db, id, kind);
+  }
+
+  getByHandle(
+    kind: string,
+    handle: string,
+  ): Promise<RunnerStateRecordWithId | null> {
+    return getByHandleRow(this.db, kind, handle);
+  }
+
+  put(id: SandboxId, kind: string, entry: RunnerStatePut): Promise<void> {
+    return putRow(this.db, id, kind, entry);
+  }
+
+  delete(id: SandboxId, kind: string): Promise<void> {
+    return deleteRow(this.db, id, kind);
+  }
+
+  deleteByHandle(kind: string, handle: string): Promise<void> {
+    return deleteByHandleRow(this.db, kind, handle);
+  }
+
+  /**
+   * Serialize ensure() across pods. pg_advisory_xact_lock is transactional
+   * — released on COMMIT / ROLLBACK / connection drop, so a crashed pod
+   * never strands a sandbox. The callback receives a scoped ops view whose
+   * methods reuse the transaction's connection; using it instead of the
+   * outer store is what keeps the main pool free during long provisioning.
+   *
+   * The lock wait is bounded via `SET LOCAL statement_timeout`: the holder
+   * runs slow provisioning (freestyle.vms.create ≈ 30–60s) inside its lock,
+   * and an unbounded wait lets one stalled holder wedge every concurrent
+   * ensure (observed: 132s). Timeout clears before the callback runs so
+   * nested reads/writes aren't capped by the lock-wait budget.
+   */
+  async withLock<T>(
+    id: SandboxId,
+    kind: string,
+    fn: (store: RunnerStateStoreOps) => Promise<T>,
+  ): Promise<T> {
+    const key = lockKey(id, kind);
+    return this.db.transaction().execute(async (trx) => {
+      try {
+        await sql`set local statement_timeout = ${sql.lit(LOCK_WAIT_MS)}`.execute(
+          trx,
+        );
+        await sql`select pg_advisory_xact_lock(${key}::bigint)`.execute(trx);
+      } catch (err) {
+        if (isStatementTimeoutError(err)) {
+          throw new Error(
+            `sandbox advisory lock busy >${LOCK_WAIT_MS}ms for user=${id.userId} projectRef=${id.projectRef} kind=${kind} — provisioner is slow or stuck; retry shortly`,
+          );
+        }
+        throw err;
+      }
+      await sql`set local statement_timeout = 0`.execute(trx);
+      return fn(scopedStore(trx));
+    });
+  }
+}
+
+/** Generous enough to cover agent-sandbox waitForSandboxReady (180s) + buffer; short enough that a stuck holder isn't invisible. */
+const LOCK_WAIT_MS = 90_000;
+
+/** pg SQLSTATE 57014 = query_canceled — what `statement_timeout` raises. */
+function isStatementTimeoutError(err: unknown): boolean {
+  if (!(err instanceof Error)) return false;
+  const code = (err as { code?: unknown }).code;
+  return code === "57014" || /statement timeout/i.test(err.message);
+}
diff --git a/apps/mesh/src/storage/test-helpers.ts b/apps/mesh/src/storage/test-helpers.ts
index c74cc292b1..39b471255f 100644
--- a/apps/mesh/src/storage/test-helpers.ts
+++ b/apps/mesh/src/storage/test-helpers.ts
@@ -128,6 +128,31 @@ export async function createBetterAuthTables(
     .addColumn("createdAt", "text", (col) => col.notNull())
     .execute();
 
+  // organizationRole / organizationResource (Better Auth organization plugin
+  // with dynamicAccessControl enabled). Mirrors the schema produced by
+  // `getMigrations()` so tests can query custom roles like prod.
+  await db.schema
+    .createTable("organizationRole")
+    .ifNotExists()
+    .addColumn("id", "text", (col) => col.primaryKey())
+    .addColumn("organizationId", "text", (col) => col.notNull())
+    .addColumn("role", "text", (col) => col.notNull())
+    .addColumn("permission", "text", (col) => col.notNull())
+    .addColumn("createdAt", "text", (col) => col.notNull())
+    .addColumn("updatedAt", "text")
+    .execute();
+
+  await db.schema
+    .createTable("organizationResource")
+    .ifNotExists()
+    .addColumn("id", "text", (col) => col.primaryKey())
+    .addColumn("organizationId", "text", (col) => col.notNull())
+    .addColumn("resource", "text", (col) => col.notNull())
+    .addColumn("permissions", "text", (col) => col.notNull())
+    .addColumn("createdAt", "text", (col) => col.notNull())
+    .addColumn("updatedAt", "text")
+    .execute();
+
   // API Key table (Better Auth API key plugin)
   await db.schema
     .createTable("apiKey")
diff --git a/apps/mesh/src/storage/threads.ts b/apps/mesh/src/storage/threads.ts
index ec68cb6d77..c2dc2c9b30 100644
--- a/apps/mesh/src/storage/threads.ts
+++ b/apps/mesh/src/storage/threads.ts
@@ -5,22 +5,43 @@
  * Threads are organization-scoped, messages are thread-scoped.
  */
 
-import type { Kysely } from "kysely";
+import { sql, type Kysely } from "kysely";
 import { generatePrefixedId } from "@/shared/utils/generate-id";
 import { DEFAULT_THREAD_TITLE } from "@/api/routes/decopilot/constants";
 import type { ThreadStoragePort } from "./ports";
 import type {
   Database,
+  InflightAsyncJob,
   Thread,
   ThreadMessage,
   ThreadMetadata,
   ThreadStatus,
 } from "./types";
 
+/**
+ * After this much time, a persisted async-job handle is considered too old
+ * to safely resume against the provider. Gemini Deep Research worst-case is
+ * ~20min; 1h leaves plenty of margin for slow runs while keeping abandoned
+ * rows from being silently re-attached to.
+ */
+const INFLIGHT_ASYNC_JOB_MAX_AGE_MS = 60 * 60 * 1000;
+
 function toIsoString(v: Date | string): string {
   return typeof v === "string" ? v : v.toISOString();
 }
 
+function parseInflightJobs(
+  raw: InflightAsyncJob[] | string | null | undefined,
+): InflightAsyncJob[] | null {
+  if (raw == null) return null;
+  if (typeof raw !== "string") return raw;
+  try {
+    return JSON.parse(raw) as InflightAsyncJob[];
+  } catch {
+    return null;
+  }
+}
+
 // ============================================================================
 // Org-Scoped Thread Storage (repository pattern)
 // ============================================================================
@@ -50,6 +71,25 @@ export class OrgScopedThreadStorage {
     return this.organizationId;
   }
 
+  /**
+   * Rebind this storage to a different org id.
+   * Called by `resolveOrgFromPath` middleware after the org is resolved from
+   * the URL slug — meshContext is constructed eagerly, so when no `x-org-id`
+   * header is present the storage starts with `organizationId = undefined`
+   * and must be updated in-place once the path-resolved org is known.
+   */
+  setOrganizationId(organizationId: string | undefined): void {
+    this.organizationId = organizationId;
+  }
+
+  /**
+   * Currently bound organization id (or undefined). Exposed primarily for
+   * tests that assert middleware rebinds the storage correctly.
+   */
+  getOrganizationId(): string | undefined {
+    return this.organizationId;
+  }
+
   create(data: Partial<Thread>): Promise<Thread> {
     const orgId = this.requireOrg();
     return this.inner.create({ ...data, organization_id: orgId });
@@ -96,6 +136,40 @@ export class OrgScopedThreadStorage {
     return this.inner.listByTriggerIds(this.requireOrg(), triggerIds, options);
   }
 
+  addInflightAsyncJob(taskId: string, entry: InflightAsyncJob): Promise<void> {
+    return this.inner.addInflightAsyncJob(taskId, this.requireOrg(), entry);
+  }
+
+  findInflightAsyncJob(
+    taskId: string,
+    provider: string,
+    modelId: string,
+    query: string,
+  ): Promise<InflightAsyncJob | null> {
+    return this.inner.findInflightAsyncJob(
+      taskId,
+      this.requireOrg(),
+      provider,
+      modelId,
+      query,
+    );
+  }
+
+  removeInflightAsyncJob(
+    taskId: string,
+    provider: string,
+    modelId: string,
+    query: string,
+  ): Promise<void> {
+    return this.inner.removeInflightAsyncJob(
+      taskId,
+      this.requireOrg(),
+      provider,
+      modelId,
+      query,
+    );
+  }
+
   saveMessages(data: ThreadMessage[]): Promise<void> {
     return this.inner.saveMessages(data, this.requireOrg());
   }
@@ -145,6 +219,7 @@ export class SqlThreadStorage implements ThreadStoragePort {
       status: data.status ?? "completed",
       trigger_id: data.trigger_id ?? null,
       virtual_mcp_id: data.virtual_mcp_id ?? "",
+      branch: data.branch ?? null,
       created_at: now,
       updated_at: now,
       created_by: data.created_by,
@@ -154,13 +229,26 @@ export class SqlThreadStorage implements ThreadStoragePort {
         : {}),
     };
 
-    const result = await this.db
+    const inserted = await this.db
       .insertInto("threads")
       .values(row)
+      .onConflict((oc) => oc.column("id").doNothing())
       .returningAll()
+      .executeTakeFirst();
+
+    if (inserted) {
+      return this.threadFromDbRow(inserted);
+    }
+
+    // Conflict — another caller already inserted this id. Return the row that won.
+    const existing = await this.db
+      .selectFrom("threads")
+      .selectAll()
+      .where("id", "=", id)
+      .where("organization_id", "=", data.organization_id)
       .executeTakeFirstOrThrow();
 
-    return this.threadFromDbRow(result);
+    return this.threadFromDbRow(existing);
   }
 
   async get(id: string, organizationId: string): Promise<Thread | null> {
@@ -217,6 +305,9 @@ export class SqlThreadStorage implements ThreadStoragePort {
     if (data.metadata !== undefined) {
       updateData.metadata = JSON.stringify(data.metadata);
     }
+    if (data.branch !== undefined) {
+      updateData.branch = data.branch;
+    }
 
     await this.db
       .updateTable("threads")
@@ -643,6 +734,85 @@ export class SqlThreadStorage implements ThreadStoragePort {
     return rows.map((r) => r.id);
   }
 
+  async addInflightAsyncJob(
+    taskId: string,
+    organizationId: string,
+    entry: InflightAsyncJob,
+  ): Promise<void> {
+    // jsonb concat: append the entry to whatever's there (or to []).
+    await this.db
+      .updateTable("threads")
+      .set({
+        inflight_async_jobs: sql`COALESCE(inflight_async_jobs, '[]'::jsonb) || ${JSON.stringify([entry])}::jsonb`,
+        updated_at: new Date().toISOString(),
+      })
+      .where("id", "=", taskId)
+      .where("organization_id", "=", organizationId)
+      .execute();
+  }
+
+  async findInflightAsyncJob(
+    taskId: string,
+    organizationId: string,
+    provider: string,
+    modelId: string,
+    query: string,
+  ): Promise<InflightAsyncJob | null> {
+    const row = await this.db
+      .selectFrom("threads")
+      .select("inflight_async_jobs")
+      .where("id", "=", taskId)
+      .where("organization_id", "=", organizationId)
+      .executeTakeFirst();
+    const list = parseInflightJobs(row?.inflight_async_jobs);
+    if (!list) return null;
+    // Stale entries are ignored at read time — protects callers from
+    // reconnecting to a long-dead provider job. Storage rows still need a
+    // separate sweep to be GC'd, but read-side filtering is enough to keep
+    // them from causing visible misbehaviour.
+    const cutoff = Date.now() - INFLIGHT_ASYNC_JOB_MAX_AGE_MS;
+    // Most recently submitted first → reverse so we prefer the freshest match.
+    for (let i = list.length - 1; i >= 0; i--) {
+      const e = list[i];
+      if (
+        e &&
+        e.provider === provider &&
+        e.modelId === modelId &&
+        e.query === query &&
+        new Date(e.startedAt).getTime() >= cutoff
+      ) {
+        return e;
+      }
+    }
+    return null;
+  }
+
+  async removeInflightAsyncJob(
+    taskId: string,
+    organizationId: string,
+    provider: string,
+    modelId: string,
+    query: string,
+  ): Promise<void> {
+    await this.db
+      .updateTable("threads")
+      .set({
+        inflight_async_jobs: sql`(
+          SELECT COALESCE(jsonb_agg(elem), '[]'::jsonb)
+          FROM jsonb_array_elements(COALESCE(inflight_async_jobs, '[]'::jsonb)) elem
+          WHERE NOT (
+            elem->>'provider' = ${provider}
+            AND elem->>'modelId' = ${modelId}
+            AND elem->>'query' = ${query}
+          )
+        )`,
+        updated_at: new Date().toISOString(),
+      })
+      .where("id", "=", taskId)
+      .where("organization_id", "=", organizationId)
+      .execute();
+  }
+
   // ==========================================================================
   // Private Helper Methods
   // ==========================================================================
@@ -658,7 +828,9 @@ export class SqlThreadStorage implements ThreadStoragePort {
     run_owner_pod?: string | null;
     run_config?: Record<string, unknown> | null;
     run_started_at?: Date | string | null;
+    inflight_async_jobs?: InflightAsyncJob[] | string | null;
     virtual_mcp_id?: string | null;
+    branch?: string | null;
     metadata?: ThreadMetadata | string | null;
     created_at: Date | string;
     updated_at: Date | string;
@@ -696,12 +868,14 @@ export class SqlThreadStorage implements ThreadStoragePort {
       run_started_at: row.run_started_at
         ? toIsoString(row.run_started_at)
         : null,
+      inflight_async_jobs: parseInflightJobs(row.inflight_async_jobs),
       virtual_mcp_id: row.virtual_mcp_id ?? "",
+      branch: row.branch ?? null,
       metadata,
       created_at: toIsoString(row.created_at),
       updated_at: toIsoString(row.updated_at),
       created_by: row.created_by,
-      updated_by: row.updated_by,
+      updated_by: row.updated_by ?? undefined,
       hidden: !!row.hidden,
     };
   }
diff --git a/apps/mesh/src/storage/types.ts b/apps/mesh/src/storage/types.ts
index 1de5fdda34..5a8c3c1ee2 100644
--- a/apps/mesh/src/storage/types.ts
+++ b/apps/mesh/src/storage/types.ts
@@ -131,11 +131,34 @@ export interface RegistryConfig {
   blockedMcps: string[];
 }
 
+export interface SimpleModeModelSlot {
+  keyId: string;
+  modelId: string;
+  title?: string;
+}
+
+export interface SimpleModeConfig {
+  enabled: boolean;
+  chat: {
+    fast: SimpleModeModelSlot | null;
+    smart: SimpleModeModelSlot | null;
+    thinking: SimpleModeModelSlot | null;
+  };
+  image: SimpleModeModelSlot | null;
+  webResearch: SimpleModeModelSlot | null;
+}
+
+export interface DefaultHomeAgentsConfig {
+  ids: string[];
+}
+
 export interface OrganizationSettingsTable {
   organizationId: string;
   sidebar_items: JsonArray<SidebarItem[]> | null;
   enabled_plugins: JsonArray<string[]> | null;
   registry_config: JsonObject<RegistryConfig> | null;
+  simple_mode: JsonObject<SimpleModeConfig> | null;
+  default_home_agents: JsonObject<DefaultHomeAgentsConfig> | null;
   createdAt: ColumnType<Date, Date | string, never>;
   updatedAt: ColumnType<Date, Date | string, Date | string>;
 }
@@ -145,6 +168,8 @@ export interface OrganizationSettings {
   sidebar_items: SidebarItem[] | null;
   enabled_plugins: string[] | null;
   registry_config: RegistryConfig | null;
+  simple_mode: SimpleModeConfig | null;
+  default_home_agents: DefaultHomeAgentsConfig | null;
   createdAt: Date | string;
   updatedAt: Date | string;
 }
@@ -230,6 +255,12 @@ export interface AIProviderKeyTable {
   label: string;
   encrypted_api_key: string;
   key_hash: string | null; // SHA-256 of the plaintext key; null for legacy rows
+  /**
+   * Frontend-controlled subtype for grouping keys under branded preset cards
+   * (e.g. "litellm", "ollama" all map to provider_id = "openai-compatible").
+   * Null for non-preset keys.
+   */
+  preset_id: string | null;
   created_by: string;
   created_at: ColumnType<Date, Date | string, never>;
 }
@@ -239,6 +270,7 @@ export interface ProviderKeyInfo {
   id: string;
   providerId: ProviderId;
   label: string;
+  presetId: string | null;
   organizationId: string;
   createdBy: string;
   createdAt: string;
@@ -704,6 +736,21 @@ export {
   type ThreadStatus,
 } from "@decocms/mesh-sdk";
 
+export interface InflightAsyncJob {
+  /** Tool call that submitted this job (for diagnostics; not the resume key). */
+  toolCallId: string;
+  /** Adapter id that owns this job — must equal `MeshProvider.info.id`. */
+  provider: string;
+  /** Provider-side model id, e.g. `deep-research-preview-04-2026`. */
+  modelId: string;
+  /** Original query text — used together with provider+modelId to deduplicate on resume. */
+  query: string;
+  /** Adapter-opaque handle (e.g. Gemini interaction id) — passed back to `resume()`. */
+  jobId: string;
+  /** ISO timestamp set when the job was submitted. */
+  startedAt: string;
+}
+
 export interface ThreadTable {
   id: string;
   organization_id: string;
@@ -724,8 +771,21 @@ export interface ThreadTable {
     Date | string | null,
     Date | string | null
   >;
+  /**
+   * Long-running provider jobs (`AsyncResearchProvider`) still in flight for
+   * this thread. Each entry is removed when the underlying job reaches a
+   * terminal state. Surviving entries are how a fresh pod re-attaches to a
+   * job after a crash.
+   */
+  inflight_async_jobs: ColumnType<
+    InflightAsyncJob[] | null,
+    string | null,
+    string | null
+  >;
   /** Virtual MCP (agent) this thread was initiated with */
   virtual_mcp_id: string;
+  /** Git branch this thread is pinned to (GitHub-linked virtualmcps only) */
+  branch: string | null;
   /** Per-task UI state (e.g., expanded_tools for right-panel tabs) */
   metadata: ColumnType<ThreadMetadata, string | undefined, string>;
   created_at: ColumnType<Date, Date | string, never>;
@@ -754,7 +814,7 @@ export interface Thread {
   created_at: string;
   updated_at: string;
   created_by: string;
-  updated_by: string | null;
+  updated_by: string | undefined;
   hidden: boolean | null;
   status: ThreadStatus;
   trigger_id: string | null;
@@ -762,8 +822,11 @@ export interface Thread {
   run_owner_pod: string | null;
   run_config: Record<string, unknown> | null;
   run_started_at: string | null;
+  inflight_async_jobs: InflightAsyncJob[] | null;
   /** Virtual MCP (agent) this thread was initiated with */
   virtual_mcp_id: string;
+  /** Git branch this thread is pinned to (GitHub-linked virtualmcps only) */
+  branch: string | null;
   metadata: ThreadMetadata;
 }
 
@@ -860,11 +923,10 @@ export interface AutomationTable {
   name: string;
   active: boolean;
   created_by: string;
-  agent: string; // JSON string: { id, mode }
   messages: string; // JSON string: UIMessage[]
   models: string; // JSON string: { connectionId, thinking, coding?, fast? }
   temperature: number;
-  virtual_mcp_id: string | null;
+  virtual_mcp_id: string;
   created_at: ColumnType<Date, Date | string, never>;
   updated_at: ColumnType<Date, Date | string, Date | string>;
 }
@@ -878,11 +940,10 @@ export interface Automation {
   name: string;
   active: boolean;
   created_by: string;
-  agent: string;
   messages: string;
   models: string;
   temperature: number;
-  virtual_mcp_id: string | null;
+  virtual_mcp_id: string;
   created_at: string;
   updated_at: string;
 }
@@ -946,6 +1007,15 @@ export interface KVTable {
   updated_at: ColumnType<Date, Date | string, Date | string>;
 }
 
+export interface SandboxRunnerStateTable {
+  user_id: string;
+  project_ref: string;
+  runner_kind: string;
+  handle: string;
+  state: ColumnType<Record<string, unknown>, string, string>;
+  updated_at: ColumnType<Date, Date | string, Date | string>;
+}
+
 // ============================================================================
 // Organization Domain Table Definition
 // ============================================================================
@@ -1091,4 +1161,6 @@ export interface Database {
 
   // Organization domain claims (for auto-join)
   organization_domains: OrganizationDomainTable;
+
+  sandbox_runner_state: SandboxRunnerStateTable;
 }
diff --git a/apps/mesh/src/tools/ai-providers/index.ts b/apps/mesh/src/tools/ai-providers/index.ts
index 586244fda8..ced74755a9 100644
--- a/apps/mesh/src/tools/ai-providers/index.ts
+++ b/apps/mesh/src/tools/ai-providers/index.ts
@@ -3,6 +3,7 @@ export { AI_PROVIDERS_LIST_MODELS } from "./list-models";
 export { AI_PROVIDERS_ACTIVE } from "./list-active";
 export { AI_PROVIDER_KEY_CREATE } from "./key-create";
 export { AI_PROVIDER_KEY_DELETE } from "./key-delete";
+export { AI_PROVIDER_KEY_UPDATE } from "./key-update";
 export { AI_PROVIDER_KEY_LIST } from "./key-list";
 export { AI_PROVIDER_OAUTH_URL } from "./oauth-url";
 export { AI_PROVIDER_OAUTH_EXCHANGE } from "./oauth-exchange";
diff --git a/apps/mesh/src/tools/ai-providers/key-create.ts b/apps/mesh/src/tools/ai-providers/key-create.ts
index 18705f6f5f..3f76dabc91 100644
--- a/apps/mesh/src/tools/ai-providers/key-create.ts
+++ b/apps/mesh/src/tools/ai-providers/key-create.ts
@@ -1,4 +1,5 @@
 import z from "zod";
+import { posthog } from "../../posthog";
 import { defineTool } from "../../core/define-tool";
 import { requireAuth, requireOrganization } from "../../core/mesh-context";
 import { PROVIDER_IDS } from "../../ai-providers/provider-ids";
@@ -7,6 +8,7 @@ export const providerKeyOutputSchema = z.object({
   id: z.string(),
   providerId: z.string(),
   label: z.string(),
+  presetId: z.string().nullable(),
   createdAt: z.string(),
 });
 
@@ -18,6 +20,7 @@ export const AI_PROVIDER_KEY_CREATE = defineTool({
     providerId: z.enum(PROVIDER_IDS),
     label: z.string().min(1).max(100),
     apiKey: z.string().min(1),
+    presetId: z.string().min(1).max(64).optional(),
   }),
   outputSchema: providerKeyOutputSchema,
   handler: async (input, ctx) => {
@@ -31,12 +34,27 @@ export const AI_PROVIDER_KEY_CREATE = defineTool({
       apiKey: input.apiKey,
       organizationId: org.id,
       createdBy: ctx.auth.user!.id,
+      presetId: input.presetId ?? null,
+    });
+
+    posthog.capture({
+      distinctId: ctx.auth.user!.id,
+      event: "ai_provider_key_created",
+      groups: { organization: org.id },
+      properties: {
+        organization_id: org.id,
+        provider_id: key.providerId,
+        preset_id: key.presetId,
+        key_id: key.id,
+        label: key.label,
+      },
     });
 
     return {
       id: key.id,
       providerId: key.providerId,
       label: key.label,
+      presetId: key.presetId,
       createdAt: key.createdAt,
     };
   },
diff --git a/apps/mesh/src/tools/ai-providers/key-delete.ts b/apps/mesh/src/tools/ai-providers/key-delete.ts
index 2b49e009df..86fc8bd686 100644
--- a/apps/mesh/src/tools/ai-providers/key-delete.ts
+++ b/apps/mesh/src/tools/ai-providers/key-delete.ts
@@ -1,6 +1,39 @@
 import z from "zod";
+import { posthog } from "../../posthog";
 import { defineTool } from "../../core/define-tool";
 import { requireAuth, requireOrganization } from "../../core/mesh-context";
+import type {
+  SimpleModeConfig,
+  SimpleModeModelSlot,
+} from "../../storage/types";
+
+const clearSlotIfMatches = (
+  slot: SimpleModeModelSlot | null,
+  keyId: string,
+): SimpleModeModelSlot | null => (slot && slot.keyId === keyId ? null : slot);
+
+const clearSlotsForKey = (
+  config: SimpleModeConfig,
+  keyId: string,
+): { config: SimpleModeConfig; changed: boolean } => {
+  const next: SimpleModeConfig = {
+    enabled: config.enabled,
+    chat: {
+      fast: clearSlotIfMatches(config.chat.fast, keyId),
+      smart: clearSlotIfMatches(config.chat.smart, keyId),
+      thinking: clearSlotIfMatches(config.chat.thinking, keyId),
+    },
+    image: clearSlotIfMatches(config.image, keyId),
+    webResearch: clearSlotIfMatches(config.webResearch, keyId),
+  };
+  const changed =
+    next.chat.fast !== config.chat.fast ||
+    next.chat.smart !== config.chat.smart ||
+    next.chat.thinking !== config.chat.thinking ||
+    next.image !== config.image ||
+    next.webResearch !== config.webResearch;
+  return { config: next, changed };
+};
 
 export const AI_PROVIDER_KEY_DELETE = defineTool({
   name: "AI_PROVIDER_KEY_DELETE",
@@ -18,6 +51,29 @@ export const AI_PROVIDER_KEY_DELETE = defineTool({
 
     await ctx.storage.aiProviderKeys.delete(input.keyId, org.id);
 
+    const settings = await ctx.storage.organizationSettings.get(org.id);
+    if (settings?.simple_mode) {
+      const { config, changed } = clearSlotsForKey(
+        settings.simple_mode,
+        input.keyId,
+      );
+      if (changed) {
+        await ctx.storage.organizationSettings.upsert(org.id, {
+          simple_mode: config,
+        });
+      }
+    }
+
+    posthog.capture({
+      distinctId: ctx.auth.user!.id,
+      event: "ai_provider_key_deleted",
+      groups: { organization: org.id },
+      properties: {
+        organization_id: org.id,
+        key_id: input.keyId,
+      },
+    });
+
     return { success: true };
   },
 });
diff --git a/apps/mesh/src/tools/ai-providers/key-list.ts b/apps/mesh/src/tools/ai-providers/key-list.ts
index 559d92a7a9..acef9bf208 100644
--- a/apps/mesh/src/tools/ai-providers/key-list.ts
+++ b/apps/mesh/src/tools/ai-providers/key-list.ts
@@ -24,6 +24,7 @@ export const AI_PROVIDER_KEY_LIST = defineTool({
         id: z.string(),
         providerId: z.string(),
         label: z.string(),
+        presetId: z.string().nullable(),
         createdBy: z.string(),
         createdAt: z.string(),
       }),
diff --git a/apps/mesh/src/tools/ai-providers/key-update.ts b/apps/mesh/src/tools/ai-providers/key-update.ts
new file mode 100644
index 0000000000..dd68daa560
--- /dev/null
+++ b/apps/mesh/src/tools/ai-providers/key-update.ts
@@ -0,0 +1,33 @@
+import z from "zod";
+import { defineTool } from "../../core/define-tool";
+import { requireAuth, requireOrganization } from "../../core/mesh-context";
+import { providerKeyOutputSchema } from "./key-create";
+
+export const AI_PROVIDER_KEY_UPDATE = defineTool({
+  name: "AI_PROVIDER_KEY_UPDATE",
+  description: "Update the label of a stored AI provider API key.",
+  inputSchema: z.object({
+    keyId: z.string(),
+    label: z.string().min(1).max(100),
+  }),
+  outputSchema: providerKeyOutputSchema,
+  handler: async (input, ctx) => {
+    requireAuth(ctx);
+    const org = requireOrganization(ctx);
+    await ctx.access.check();
+
+    const key = await ctx.storage.aiProviderKeys.updateLabel(
+      input.keyId,
+      org.id,
+      input.label,
+    );
+
+    return {
+      id: key.id,
+      providerId: key.providerId,
+      label: key.label,
+      presetId: key.presetId,
+      createdAt: key.createdAt,
+    };
+  },
+});
diff --git a/apps/mesh/src/tools/ai-providers/list-models.ts b/apps/mesh/src/tools/ai-providers/list-models.ts
index d6ab205921..665b46719c 100644
--- a/apps/mesh/src/tools/ai-providers/list-models.ts
+++ b/apps/mesh/src/tools/ai-providers/list-models.ts
@@ -40,6 +40,7 @@ export const AI_PROVIDERS_LIST_MODELS = defineTool({
             output: z.coerce.number(),
           })
           .nullish(),
+        asyncResearch: z.boolean().optional(),
       }),
     ),
   }),
diff --git a/apps/mesh/src/tools/ai-providers/oauth-exchange.ts b/apps/mesh/src/tools/ai-providers/oauth-exchange.ts
index 3c27972174..4c11a45045 100644
--- a/apps/mesh/src/tools/ai-providers/oauth-exchange.ts
+++ b/apps/mesh/src/tools/ai-providers/oauth-exchange.ts
@@ -19,7 +19,7 @@ export const AI_PROVIDER_OAUTH_EXCHANGE = defineTool({
     stateToken: z
       .string()
       .describe("The stateToken returned by AI_PROVIDER_OAUTH_URL"),
-    label: z.string().min(1).max(100).default("Connected via OAuth"),
+    label: z.string().min(1).max(100),
   }),
   outputSchema: providerKeyOutputSchema,
   handler: async (input, ctx) => {
@@ -67,6 +67,7 @@ export const AI_PROVIDER_OAUTH_EXCHANGE = defineTool({
       id: key.id,
       providerId: key.providerId,
       label: key.label,
+      presetId: key.presetId,
       createdAt: key.createdAt,
     };
   },
diff --git a/apps/mesh/src/tools/ai-providers/provision-key.ts b/apps/mesh/src/tools/ai-providers/provision-key.ts
index 08caed7b7d..292d42e387 100644
--- a/apps/mesh/src/tools/ai-providers/provision-key.ts
+++ b/apps/mesh/src/tools/ai-providers/provision-key.ts
@@ -51,6 +51,7 @@ export const AI_PROVIDER_PROVISION_KEY = defineTool({
       id: key.id,
       providerId: key.providerId,
       label: key.label,
+      presetId: key.presetId,
       createdAt: key.createdAt,
     };
   },
diff --git a/apps/mesh/src/tools/apiKeys/create.ts b/apps/mesh/src/tools/apiKeys/create.ts
index 3f397a0b07..4b492edde1 100644
--- a/apps/mesh/src/tools/apiKeys/create.ts
+++ b/apps/mesh/src/tools/apiKeys/create.ts
@@ -5,8 +5,9 @@
  * IMPORTANT: The key value is only returned here and cannot be retrieved later.
  */
 
+import { posthog } from "../../posthog";
 import { defineTool } from "../../core/define-tool";
-import { requireAuth } from "../../core/mesh-context";
+import { getUserId, requireAuth } from "../../core/mesh-context";
 import { ApiKeyCreateInputSchema, ApiKeyCreateOutputSchema } from "./schema";
 
 export const API_KEY_CREATE = defineTool({
@@ -55,6 +56,23 @@ export const API_KEY_CREATE = defineTool({
         ? result.createdAt.toISOString()
         : result.createdAt;
 
+    const userId = getUserId(ctx);
+    if (userId) {
+      posthog.capture({
+        distinctId: userId,
+        event: "api_key_created",
+        ...(ctx.organization?.id
+          ? { groups: { organization: ctx.organization.id } }
+          : {}),
+        properties: {
+          key_id: result.id,
+          key_name: result.name ?? input.name,
+          organization_id: ctx.organization?.id,
+          has_expiry: !!expiresAt,
+        },
+      });
+    }
+
     return {
       id: result.id,
       name: result.name ?? input.name, // Fallback to input name if null
diff --git a/apps/mesh/src/tools/apiKeys/delete.ts b/apps/mesh/src/tools/apiKeys/delete.ts
index f561a4893d..5119013460 100644
--- a/apps/mesh/src/tools/apiKeys/delete.ts
+++ b/apps/mesh/src/tools/apiKeys/delete.ts
@@ -5,6 +5,7 @@
  * Only allows deleting keys that belong to the current organization.
  */
 
+import { posthog } from "../../posthog";
 import { defineTool } from "../../core/define-tool";
 import { getUserId, requireAuth } from "../../core/mesh-context";
 import { ApiKeyDeleteInputSchema, ApiKeyDeleteOutputSchema } from "./schema";
@@ -68,6 +69,18 @@ export const API_KEY_DELETE = defineTool({
     // Delete the API key via Better Auth
     await ctx.boundAuth.apiKey.delete(input.keyId);
 
+    if (currentOrgId) {
+      posthog.capture({
+        distinctId: userId,
+        event: "api_key_deleted",
+        groups: { organization: currentOrgId },
+        properties: {
+          key_id: input.keyId,
+          organization_id: currentOrgId,
+        },
+      });
+    }
+
     return {
       success: true,
       keyId: input.keyId,
diff --git a/apps/mesh/src/tools/automations/create.ts b/apps/mesh/src/tools/automations/create.ts
index 035fb83af0..f8e3636122 100644
--- a/apps/mesh/src/tools/automations/create.ts
+++ b/apps/mesh/src/tools/automations/create.ts
@@ -5,6 +5,7 @@
  */
 
 import { z } from "zod";
+import { posthog } from "../../posthog";
 import { defineTool } from "../../core/define-tool";
 import {
   getUserId,
@@ -26,10 +27,7 @@ export const AUTOMATION_CREATE = defineTool({
   },
   inputSchema: z.object({
     name: z.string().min(1).max(255),
-    virtual_mcp_id: z.string().optional().nullable(),
-    agent: z.object({
-      id: z.string(),
-    }),
+    virtual_mcp_id: z.string(),
     messages: z.union([
       z.string(),
       z.array(
@@ -74,6 +72,11 @@ export const AUTOMATION_CREATE = defineTool({
         }),
         coding: z.object({ id: z.string() }).optional(),
         fast: z.object({ id: z.string() }).optional(),
+        // Simple Mode tier intent. When set and Simple Mode is active for
+        // the org, the run path resolves the model from the live tier slot.
+        // credentialId / thinking.id are the fallback used when Simple Mode
+        // is off or the slot is unset.
+        tier: z.enum(["fast", "smart", "thinking"]).optional(),
       })
       .loose()
       .optional(),
@@ -125,12 +128,24 @@ export const AUTOMATION_CREATE = defineTool({
       organization_id: organization.id,
       created_by: userId,
       name: input.name,
-      agent: JSON.stringify(input.agent),
       messages: JSON.stringify(normalizedMessages),
       models: JSON.stringify(models),
       temperature: input.temperature,
       active: input.active,
-      virtual_mcp_id: input.virtual_mcp_id ?? null,
+      virtual_mcp_id: input.virtual_mcp_id,
+    });
+
+    posthog.capture({
+      distinctId: userId,
+      event: "automation_created",
+      groups: { organization: organization.id },
+      properties: {
+        organization_id: organization.id,
+        automation_id: automation.id,
+        virtual_mcp_id: input.virtual_mcp_id,
+        active: automation.active,
+        model_id: models.thinking.id,
+      },
     });
 
     return {
diff --git a/apps/mesh/src/tools/automations/delete.ts b/apps/mesh/src/tools/automations/delete.ts
index 8c2800db2c..06663e3079 100644
--- a/apps/mesh/src/tools/automations/delete.ts
+++ b/apps/mesh/src/tools/automations/delete.ts
@@ -6,8 +6,13 @@
  */
 
 import { z } from "zod";
+import { posthog } from "../../posthog";
 import { defineTool } from "../../core/define-tool";
-import { requireAuth, requireOrganization } from "../../core/mesh-context";
+import {
+  getUserId,
+  requireAuth,
+  requireOrganization,
+} from "../../core/mesh-context";
 import { configureTriggerOnMcp } from "./configure-trigger";
 
 export const AUTOMATION_DELETE = defineTool({
@@ -62,6 +67,20 @@ export const AUTOMATION_DELETE = defineTool({
       organization.id,
     );
 
+    const userId = getUserId(ctx);
+    if (userId) {
+      posthog.capture({
+        distinctId: userId,
+        event: "automation_deleted",
+        groups: { organization: organization.id },
+        properties: {
+          organization_id: organization.id,
+          automation_id: input.id,
+          trigger_count: triggers.length,
+        },
+      });
+    }
+
     return { success };
   },
 });
diff --git a/apps/mesh/src/tools/automations/get.ts b/apps/mesh/src/tools/automations/get.ts
index dfdea04f98..c2c61f7103 100644
--- a/apps/mesh/src/tools/automations/get.ts
+++ b/apps/mesh/src/tools/automations/get.ts
@@ -30,7 +30,7 @@ export const AUTOMATION_GET = defineTool({
         created_by: z.string(),
         created_at: z.string(),
         updated_at: z.string(),
-        agent: z.unknown(),
+        virtual_mcp_id: z.string(),
         messages: z.unknown(),
         models: z.unknown(),
         temperature: z.number(),
@@ -73,7 +73,7 @@ export const AUTOMATION_GET = defineTool({
         created_by: automation.created_by,
         created_at: automation.created_at,
         updated_at: automation.updated_at,
-        agent: JSON.parse(automation.agent),
+        virtual_mcp_id: automation.virtual_mcp_id,
         messages: JSON.parse(automation.messages),
         models: JSON.parse(automation.models),
         temperature: automation.temperature,
diff --git a/apps/mesh/src/tools/automations/list.ts b/apps/mesh/src/tools/automations/list.ts
index ad772b3bb2..099486bafa 100644
--- a/apps/mesh/src/tools/automations/list.ts
+++ b/apps/mesh/src/tools/automations/list.ts
@@ -21,6 +21,7 @@ export const AUTOMATION_LIST = defineTool({
   },
   inputSchema: z.object({
     virtual_mcp_id: z.string().optional().nullable(),
+    search: z.string().optional().nullable(),
   }),
   outputSchema: z.object({
     automations: z.array(
@@ -31,9 +32,8 @@ export const AUTOMATION_LIST = defineTool({
         created_by: z.string(),
         created_at: z.string(),
         trigger_count: z.number(),
-        agent: z.object({ id: z.string() }).nullable(),
         nearest_next_run_at: z.string().nullable(),
-        virtual_mcp_id: z.string().nullable(),
+        virtual_mcp_id: z.string(),
       }),
     ),
   }),
@@ -45,30 +45,19 @@ export const AUTOMATION_LIST = defineTool({
     const automations = await ctx.storage.automations.listWithTriggerCounts(
       organization.id,
       input.virtual_mcp_id,
+      input.search,
     );
 
-    const results = automations.map((automation) => {
-      let agent: { id: string } | null = null;
-      try {
-        if (automation.agent) {
-          agent = JSON.parse(automation.agent);
-        }
-      } catch {
-        agent = null;
-      }
-
-      return {
-        id: automation.id,
-        name: automation.name,
-        active: automation.active,
-        created_by: automation.created_by,
-        created_at: automation.created_at,
-        trigger_count: automation.trigger_count,
-        agent,
-        nearest_next_run_at: automation.nearest_next_run_at,
-        virtual_mcp_id: automation.virtual_mcp_id,
-      };
-    });
+    const results = automations.map((automation) => ({
+      id: automation.id,
+      name: automation.name,
+      active: automation.active,
+      created_by: automation.created_by,
+      created_at: automation.created_at,
+      trigger_count: automation.trigger_count,
+      nearest_next_run_at: automation.nearest_next_run_at,
+      virtual_mcp_id: automation.virtual_mcp_id,
+    }));
 
     return { automations: results };
   },
diff --git a/apps/mesh/src/tools/automations/run.ts b/apps/mesh/src/tools/automations/run.ts
index eb204aec2d..567e35f900 100644
--- a/apps/mesh/src/tools/automations/run.ts
+++ b/apps/mesh/src/tools/automations/run.ts
@@ -5,6 +5,7 @@
  */
 
 import { z } from "zod";
+import { posthog } from "../../posthog";
 import { defineTool } from "../../core/define-tool";
 import {
   requireAuth,
@@ -47,6 +48,25 @@ export const AUTOMATION_RUN = defineTool({
 
     const result = await ctx.automationRunner(input.id, org.id, userId);
 
+    posthog.capture({
+      distinctId: userId,
+      event: "automation_run",
+      groups: { organization: org.id },
+      properties: {
+        organization_id: org.id,
+        automation_id: input.id,
+        thread_id: "taskId" in result ? result.taskId : undefined,
+        status:
+          "skipped" in result
+            ? "skipped"
+            : "error" in result
+              ? "error"
+              : "started",
+        skip_reason: "skipped" in result ? result.skipped : undefined,
+        error_message: "error" in result ? result.error : undefined,
+      },
+    });
+
     if ("skipped" in result) {
       return { skipped: result.skipped };
     }
diff --git a/apps/mesh/src/tools/automations/update.ts b/apps/mesh/src/tools/automations/update.ts
index bbedf4d66a..615427e61f 100644
--- a/apps/mesh/src/tools/automations/update.ts
+++ b/apps/mesh/src/tools/automations/update.ts
@@ -26,11 +26,6 @@ export const AUTOMATION_UPDATE = defineTool({
     id: z.string(),
     name: z.string().min(1).max(255).optional(),
     active: z.boolean().optional(),
-    agent: z
-      .object({
-        id: z.string(),
-      })
-      .optional(),
     messages: z
       .union([
         z.string(),
@@ -77,6 +72,11 @@ export const AUTOMATION_UPDATE = defineTool({
         }),
         coding: z.object({ id: z.string() }).optional(),
         fast: z.object({ id: z.string() }).optional(),
+        // Simple Mode tier intent. When set and Simple Mode is active for
+        // the org, the run path resolves the model from the live tier slot.
+        // credentialId / thinking.id are the fallback used when Simple Mode
+        // is off or the slot is unset.
+        tier: z.enum(["fast", "smart", "thinking"]).optional(),
       })
       .loose()
       .optional(),
@@ -106,8 +106,6 @@ export const AUTOMATION_UPDATE = defineTool({
     const updateData: Record<string, unknown> = {};
     if (input.name !== undefined) updateData.name = input.name;
     if (input.active !== undefined) updateData.active = input.active;
-    if (input.agent !== undefined)
-      updateData.agent = JSON.stringify(input.agent);
     if (input.messages !== undefined) {
       const normalizedMessages = normalizeMessages(input.messages);
       updateData.messages = JSON.stringify(normalizedMessages);
diff --git a/apps/mesh/src/tools/connection/create.ts b/apps/mesh/src/tools/connection/create.ts
index 5faada31b4..e180b9228f 100644
--- a/apps/mesh/src/tools/connection/create.ts
+++ b/apps/mesh/src/tools/connection/create.ts
@@ -7,6 +7,7 @@
 import { WellKnownOrgMCPId } from "@decocms/mesh-sdk";
 import type { Tool } from "@modelcontextprotocol/sdk/types.js";
 import { z } from "zod";
+import { posthog } from "../../posthog";
 import { defineTool } from "../../core/define-tool";
 import {
   getUserId,
@@ -134,6 +135,19 @@ export const COLLECTION_CONNECTIONS_CREATE = defineTool({
       },
     );
 
+    posthog.capture({
+      distinctId: userId,
+      event: "connection_created",
+      groups: { organization: organization.id },
+      properties: {
+        connection_id: connection.id,
+        connection_type: connection.connection_type,
+        app_name: connection.app_name ?? null,
+        organization_id: organization.id,
+        tools_count: tools?.length ?? 0,
+      },
+    });
+
     return {
       item: connection,
     };
diff --git a/apps/mesh/src/tools/connection/delete.ts b/apps/mesh/src/tools/connection/delete.ts
index 1eaeddf3ef..6e0a311fd8 100644
--- a/apps/mesh/src/tools/connection/delete.ts
+++ b/apps/mesh/src/tools/connection/delete.ts
@@ -9,8 +9,13 @@ import {
   createCollectionDeleteOutputSchema,
 } from "@decocms/bindings/collections";
 import { z } from "zod";
+import { posthog } from "../../posthog";
 import { defineTool } from "../../core/define-tool";
-import { requireAuth, requireOrganization } from "../../core/mesh-context";
+import {
+  getUserId,
+  requireAuth,
+  requireOrganization,
+} from "../../core/mesh-context";
 import { getMcpListCache } from "../../mcp-clients/mcp-list-cache";
 import { ConnectionEntitySchema } from "./schema";
 
@@ -108,6 +113,22 @@ export const COLLECTION_CONNECTIONS_DELETE = defineTool({
       ?.invalidate(input.id)
       .catch(() => {});
 
+    const userId = getUserId(ctx);
+    if (userId) {
+      posthog.capture({
+        distinctId: userId,
+        event: "connection_deleted",
+        groups: { organization: organization.id },
+        properties: {
+          connection_id: connection.id,
+          connection_type: connection.connection_type,
+          app_name: connection.app_name ?? null,
+          organization_id: organization.id,
+          forced: input.force ?? false,
+        },
+      });
+    }
+
     return {
       item: connection,
     };
diff --git a/apps/mesh/src/tools/connection/dev-assets.ts b/apps/mesh/src/tools/connection/dev-assets.ts
index a6795cb739..460e2fd1b2 100644
--- a/apps/mesh/src/tools/connection/dev-assets.ts
+++ b/apps/mesh/src/tools/connection/dev-assets.ts
@@ -1,12 +1,11 @@
 /**
  * Dev Assets Connection Utilities
  *
- * Shared utilities for the dev-only local file storage connection.
- * This connection is injected in dev mode to provide object storage
- * functionality without requiring an external S3 bucket.
+ * Shared utilities for the local file storage connection that is injected
+ * whenever no external S3 bucket is configured.
  */
 
-import { getSettings } from "../../settings";
+import { getObjectStorageS3Service } from "../../object-storage/factory";
 import { OBJECT_STORAGE_BINDING } from "@decocms/bindings/object-storage";
 import {
   getWellKnownDevAssetsConnection,
@@ -33,10 +32,13 @@ const DEV_ASSETS_TOOLS: ToolDefinition[] = OBJECT_STORAGE_BINDING.map(
 );
 
 /**
- * Check if we're running in dev mode
+ * True when this mesh instance falls back to DevObjectStorage (local
+ * filesystem) because no external S3 bucket is configured. The dev-assets
+ * pseudo-connection must be visible whenever this is true so that tools
+ * depending on the OBJECT_STORAGE binding still resolve.
  */
-export function isDevMode(): boolean {
-  return getSettings().nodeEnv !== "production";
+export function usesLocalObjectStorage(): boolean {
+  return getObjectStorageS3Service() === null;
 }
 
 /**
@@ -51,8 +53,8 @@ export function isDevAssetsConnection(
 
 /**
  * Create a dev-assets connection entity for local file storage.
- * This is injected in dev mode to provide object storage functionality
- * without requiring an external S3 bucket.
+ * Injected whenever S3 is not configured to provide object storage
+ * functionality without requiring an external bucket.
  */
 export function createDevAssetsConnectionEntity(
   orgId: string,
diff --git a/apps/mesh/src/tools/connection/get.ts b/apps/mesh/src/tools/connection/get.ts
index c76d3fbcfe..ba4c374ba2 100644
--- a/apps/mesh/src/tools/connection/get.ts
+++ b/apps/mesh/src/tools/connection/get.ts
@@ -21,7 +21,7 @@ import { clientFromConnection } from "../../mcp-clients";
 import {
   createDevAssetsConnectionEntity,
   isDevAssetsConnection,
-  isDevMode,
+  usesLocalObjectStorage,
 } from "./dev-assets";
 import { ConnectionEntitySchema } from "./schema";
 
@@ -54,8 +54,11 @@ export const COLLECTION_CONNECTIONS_GET = defineTool({
     // Check authorization
     await ctx.access.check();
 
-    // In dev mode, check if this is the dev-assets connection
-    if (isDevMode() && isDevAssetsConnection(input.id, organization.id)) {
+    // Resolve the dev-assets pseudo-connection when local object storage is in use
+    if (
+      usesLocalObjectStorage() &&
+      isDevAssetsConnection(input.id, organization.id)
+    ) {
       return {
         item: createDevAssetsConnectionEntity(organization.id, getBaseUrl()),
       };
diff --git a/apps/mesh/src/tools/connection/list.ts b/apps/mesh/src/tools/connection/list.ts
index c4793062c0..b22105cd03 100644
--- a/apps/mesh/src/tools/connection/list.ts
+++ b/apps/mesh/src/tools/connection/list.ts
@@ -36,7 +36,10 @@ import {
   fetchWithCache,
 } from "../../mcp-clients/mcp-list-cache";
 import { clientFromConnection } from "../../mcp-clients";
-import { createDevAssetsConnectionEntity, isDevMode } from "./dev-assets";
+import {
+  createDevAssetsConnectionEntity,
+  usesLocalObjectStorage,
+} from "./dev-assets";
 import { type ConnectionEntity, ConnectionEntitySchema } from "./schema";
 import { getConnectionSlug } from "@/shared/utils/connection-slug";
 
@@ -199,9 +202,10 @@ export const COLLECTION_CONNECTIONS_LIST = defineTool({
       );
     }
 
-    // In dev mode, inject the dev-assets connection for local file storage
-    // This provides object storage functionality without requiring an external S3 bucket
-    if (isDevMode()) {
+    // When no external S3 bucket is configured, inject the dev-assets
+    // connection so the OBJECT_STORAGE binding is satisfied by the local
+    // DevObjectStorage filesystem fallback.
+    if (usesLocalObjectStorage()) {
       const baseUrl = getBaseUrl();
       const devAssetsId = WellKnownOrgMCPId.DEV_ASSETS(organization.id);
 
diff --git a/apps/mesh/src/tools/database/index.ts b/apps/mesh/src/tools/database/index.ts
index 4f85761b9b..5b82643a1a 100644
--- a/apps/mesh/src/tools/database/index.ts
+++ b/apps/mesh/src/tools/database/index.ts
@@ -231,6 +231,15 @@ export const DATABASES_RUN_SQL = defineTool({
       throw new Error("Connection context required for database access");
     }
 
+    // Usage probe — evaluating whether to deprecate this tool. Filter on
+    // `tool.deprecation_probe = "DATABASES_RUN_SQL"` in OTLP logs.
+    console.warn("DATABASES_RUN_SQL invoked", {
+      "tool.deprecation_probe": "DATABASES_RUN_SQL",
+      "connection.id": ctx.connectionId,
+      "organization.id": ctx.organization?.id ?? null,
+      "user.id": ctx.auth.user?.id ?? null,
+    });
+
     const schemaName = getSchemaName(ctx.connectionId);
     const roleName = getRoleName(ctx.connectionId);
 
diff --git a/apps/mesh/src/tools/github/list-user-orgs.test.ts b/apps/mesh/src/tools/github/list-user-orgs.test.ts
index 90d272d02a..e4b05be02f 100644
--- a/apps/mesh/src/tools/github/list-user-orgs.test.ts
+++ b/apps/mesh/src/tools/github/list-user-orgs.test.ts
@@ -23,17 +23,17 @@ import { DownstreamTokenStorage } from "../../storage/downstream-token";
 import { ConnectionStorage } from "../../storage/connection";
 import type { BoundAuthClient, MeshContext } from "../../core/mesh-context";
 import type { EventBus } from "../../event-bus/interface";
-import type { TokenRefreshResult } from "@/oauth/token-refresh";
+import type { TokenRefreshResult } from "@/oauth/refresh-access-token";
 
 const mockRefreshAccessToken =
   vi.fn<
     (
       ...args: Parameters<
-        typeof import("@/oauth/token-refresh").refreshAccessToken
+        typeof import("@/oauth/refresh-access-token").refreshAccessToken
       >
     ) => Promise<TokenRefreshResult>
   >();
-mock.module("@/oauth/token-refresh", () => ({
+mock.module("@/oauth/refresh-access-token", () => ({
   refreshAccessToken: mockRefreshAccessToken,
 }));
 
@@ -275,7 +275,7 @@ describe("GITHUB_LIST_USER_ORGS", () => {
     expect(persisted?.refreshToken).toBe("rt2");
   });
 
-  it("deletes the cached token and throws when proactive refresh fails", async () => {
+  it("deletes the cached token and throws when proactive refresh fails permanently (invalid_grant)", async () => {
     await tokenStorage.upsert({
       connectionId,
       accessToken: "stale-token",
@@ -289,7 +289,10 @@ describe("GITHUB_LIST_USER_ORGS", () => {
 
     mockRefreshAccessToken.mockResolvedValueOnce({
       success: false,
-      error: "invalid_grant",
+      permanent: true,
+      status: 400,
+      errorCode: "invalid_grant",
+      error: "refresh token revoked",
     });
 
     installHandler();
@@ -302,6 +305,40 @@ describe("GITHUB_LIST_USER_ORGS", () => {
     expect(fetchCalls).toHaveLength(0);
   });
 
+  it("preserves the cached token and throws when proactive refresh fails transiently (5xx)", async () => {
+    // The whole point of the fix: a 500 from the OAuth server must not
+    // wipe the user's auth — the refresh_token might still be valid.
+    await tokenStorage.upsert({
+      connectionId,
+      accessToken: "stale-token",
+      refreshToken: "rt",
+      scope: "repo",
+      expiresAt: new Date(Date.now() - 60 * 1000),
+      clientId: "cid",
+      clientSecret: "csecret",
+      tokenEndpoint: "https://github.com/login/oauth/access_token",
+    });
+
+    mockRefreshAccessToken.mockResolvedValueOnce({
+      success: false,
+      permanent: false,
+      status: 500,
+      errorCode: "server_error",
+      error: "Failed to process token request",
+    });
+
+    installHandler();
+
+    await expect(
+      GITHUB_LIST_USER_ORGS.execute({ connectionId }, ctx),
+    ).rejects.toThrow(/reconnect/i);
+
+    const persisted = await tokenStorage.get(connectionId);
+    expect(persisted).not.toBeNull();
+    expect(persisted?.refreshToken).toBe("rt");
+    expect(fetchCalls).toHaveLength(0);
+  });
+
   it("reactively refreshes on 401 from GitHub and retries once", async () => {
     await tokenStorage.upsert({
       connectionId,
@@ -352,7 +389,11 @@ describe("GITHUB_LIST_USER_ORGS", () => {
     expect(persisted?.accessToken).toBe("fresh-token");
   });
 
-  it("deletes the token and throws reconnect error when retry after 401 still fails", async () => {
+  it("throws reconnect error without deleting the row when retry after 401 still 401s", async () => {
+    // The refresh succeeded, so the refresh_token is fine. Even if GitHub
+    // keeps returning 401 with the new access_token, deleting the cached
+    // row would lose the (still-valid) refresh_token. Throw the reconnect
+    // error so the user re-OAuths, which will overwrite the row anyway.
     await tokenStorage.upsert({
       connectionId,
       accessToken: "seemingly-valid-token",
@@ -382,10 +423,12 @@ describe("GITHUB_LIST_USER_ORGS", () => {
     ).rejects.toThrow(/reconnect/i);
 
     expect(fetchCalls).toHaveLength(2);
-    expect(await tokenStorage.get(connectionId)).toBeNull();
+    const persisted = await tokenStorage.get(connectionId);
+    expect(persisted).not.toBeNull();
+    expect(persisted?.accessToken).toBe("fresh-token");
   });
 
-  it("deletes the token and throws when reactive refresh itself fails", async () => {
+  it("deletes the token and throws when reactive refresh fails permanently", async () => {
     await tokenStorage.upsert({
       connectionId,
       accessToken: "seemingly-valid-token",
@@ -399,7 +442,10 @@ describe("GITHUB_LIST_USER_ORGS", () => {
 
     mockRefreshAccessToken.mockResolvedValueOnce({
       success: false,
-      error: "invalid_grant",
+      permanent: true,
+      status: 400,
+      errorCode: "invalid_grant",
+      error: "refresh token revoked",
     });
 
     installHandler(() => github401());
@@ -412,6 +458,41 @@ describe("GITHUB_LIST_USER_ORGS", () => {
     expect(await tokenStorage.get(connectionId)).toBeNull();
   });
 
+  it("preserves the cached token when reactive refresh fails transiently", async () => {
+    // GitHub returned 401 (current access_token is bad), but the OAuth
+    // server's refresh endpoint returned a 5xx. The refresh_token may still
+    // be valid — keep it so the next request can try to refresh again.
+    await tokenStorage.upsert({
+      connectionId,
+      accessToken: "seemingly-valid-token",
+      refreshToken: "rt",
+      scope: "repo",
+      expiresAt: new Date(Date.now() + 60 * 60 * 1000),
+      clientId: "cid",
+      clientSecret: "csecret",
+      tokenEndpoint: "https://github.com/login/oauth/access_token",
+    });
+
+    mockRefreshAccessToken.mockResolvedValueOnce({
+      success: false,
+      permanent: false,
+      status: 500,
+      errorCode: "server_error",
+      error: "Failed to process token request",
+    });
+
+    installHandler(() => github401());
+
+    await expect(
+      GITHUB_LIST_USER_ORGS.execute({ connectionId }, ctx),
+    ).rejects.toThrow(/reconnect/i);
+
+    expect(fetchCalls).toHaveLength(1);
+    const persisted = await tokenStorage.get(connectionId);
+    expect(persisted).not.toBeNull();
+    expect(persisted?.refreshToken).toBe("rt");
+  });
+
   it("throws a clear error when no GitHub token is stored", async () => {
     installHandler();
 
diff --git a/apps/mesh/src/tools/github/list-user-orgs.ts b/apps/mesh/src/tools/github/list-user-orgs.ts
index 8598201a4f..689c317d90 100644
--- a/apps/mesh/src/tools/github/list-user-orgs.ts
+++ b/apps/mesh/src/tools/github/list-user-orgs.ts
@@ -1,42 +1,14 @@
 import { z } from "zod";
 import { defineTool } from "../../core/define-tool";
-import { refreshAccessToken } from "@/oauth/token-refresh";
+import {
+  canRefresh,
+  PROACTIVE_REFRESH_BUFFER_MS,
+  RECONNECT_ERROR,
+  refreshAndStore,
+} from "@/oauth/token-refresh";
 import { DownstreamTokenStorage } from "../../storage/downstream-token";
-import type { DownstreamToken } from "../../storage/types";
 
 const GITHUB_API = "https://api.github.com";
-const PROACTIVE_REFRESH_BUFFER_MS = 5 * 60 * 1000;
-
-const RECONNECT_ERROR =
-  "GitHub token refresh failed — reconnect the mcp-github integration.";
-
-function canRefresh(token: DownstreamToken): boolean {
-  return !!token.refreshToken && !!token.tokenEndpoint && !!token.clientId;
-}
-
-async function refreshAndStore(
-  token: DownstreamToken,
-  tokenStorage: DownstreamTokenStorage,
-): Promise<string | null> {
-  const result = await refreshAccessToken(token);
-  if (!result.success || !result.accessToken) {
-    await tokenStorage.delete(token.connectionId);
-    return null;
-  }
-  await tokenStorage.upsert({
-    connectionId: token.connectionId,
-    accessToken: result.accessToken,
-    refreshToken: result.refreshToken ?? token.refreshToken,
-    scope: result.scope ?? token.scope,
-    expiresAt: result.expiresIn
-      ? new Date(Date.now() + result.expiresIn * 1000)
-      : null,
-    clientId: token.clientId,
-    clientSecret: token.clientSecret,
-    tokenEndpoint: token.tokenEndpoint,
-  });
-  return result.accessToken;
-}
 
 export const GITHUB_LIST_USER_ORGS = defineTool({
   name: "GITHUB_LIST_USER_ORGS",
@@ -121,10 +93,12 @@ export const GITHUB_LIST_USER_ORGS = defineTool({
       // expired before our clock said so). Try one refresh + retry before
       // giving up. Applies to any page — a token can be invalidated
       // between pages of a long installations listing.
+      // Deletion of the cached row is delegated to `refreshAndStore`, which
+      // only deletes on a definitive `400 invalid_grant`. Transient OAuth
+      // failures leave the row intact so a later request can recover.
       if (res.status === 401) {
         const current = await tokenStorage.get(input.connectionId);
         if (!current || !canRefresh(current)) {
-          await tokenStorage.delete(input.connectionId);
           throw new Error(RECONNECT_ERROR);
         }
         const refreshed = await refreshAndStore(current, tokenStorage);
@@ -134,7 +108,6 @@ export const GITHUB_LIST_USER_ORGS = defineTool({
         accessToken = refreshed;
         res = await fetchPage(accessToken);
         if (res.status === 401) {
-          await tokenStorage.delete(input.connectionId);
           throw new Error(RECONNECT_ERROR);
         }
       }
diff --git a/apps/mesh/src/tools/guides/agents.ts b/apps/mesh/src/tools/guides/agents.ts
index 1887c90847..8cd637ea11 100644
--- a/apps/mesh/src/tools/guides/agents.ts
+++ b/apps/mesh/src/tools/guides/agents.ts
@@ -3,6 +3,7 @@ import type { GuidePrompt, GuideResource } from "./index";
 export const prompts: GuidePrompt[] = [
   {
     name: "agents-create",
+    title: "Create Agents",
     description: "Build a new agent for a specific role or workflow.",
     text: `# Create agent
 
@@ -27,6 +28,7 @@ Checks:
   },
   {
     name: "agents-update",
+    title: "Update Agents",
     description:
       "Modify an existing agent's behavior, connections, or instructions.",
     text: `# Update agent
@@ -48,35 +50,6 @@ Checks:
 - If changing connections, verify the new set still matches the agent's purpose.
 - Call out destructive or high-impact changes before applying them.
 - Confirm the final agent definition matches the request.
-`,
-  },
-  {
-    name: "writing-prompts",
-    description: "Improve instructions for an agent or automation.",
-    text: `# Writing instructions
-
-Goal: rewrite or refine instructions for either an agent or an automation so they clearly describe the purpose, constraints, and workflows in a reliable format.
-
-Read docs://agents.md for the instruction-writing pattern, XML-style structure, and workflow guidance. Read docs://automations.md if you are improving automation behavior rather than agent behavior.
-
-Recommended tool order:
-1. Identify whether the target is an agent or an automation.
-2. For agents, use COLLECTION_VIRTUAL_MCP_LIST or COLLECTION_VIRTUAL_MCP_GET to inspect the current instructions.
-3. For automations, use AUTOMATION_LIST or AUTOMATION_GET to inspect the current messages/instructions.
-4. Review the current instructions against docs://agents.md.
-5. If the intended purpose, audience, or boundaries are unclear, use user_ask before rewriting.
-6. Rewrite the instructions with explicit XML-style sections such as <role>, <capabilities>, <constraints>, and <workflows>.
-7. For agents, use COLLECTION_VIRTUAL_MCP_UPDATE to save the improved instructions.
-8. For automations, use AUTOMATION_UPDATE to save the improved messages/instructions.
-9. Re-read the updated entity with COLLECTION_VIRTUAL_MCP_GET or AUTOMATION_GET to verify the final stored version.
-
-Checks:
-- Make the purpose explicit in a <role> section.
-- Detect whether the current instructions already contain a workflow. If they do, improve the workflow to be concrete, ordered, and operational. If they do not, add one.
-- Keep workflows numbered and focused on real execution steps, not vague advice.
-- Add or tighten constraints when the current instructions are too open-ended.
-- Preserve the user's intended domain and responsibilities while improving clarity.
-- If the target is an automation, keep the instructions aligned with the trigger and expected background execution behavior.
 `,
   },
 ];
diff --git a/apps/mesh/src/tools/guides/ai-providers.ts b/apps/mesh/src/tools/guides/ai-providers.ts
index 3f82948695..032eb72ca0 100644
--- a/apps/mesh/src/tools/guides/ai-providers.ts
+++ b/apps/mesh/src/tools/guides/ai-providers.ts
@@ -3,6 +3,7 @@ import type { GuidePrompt, GuideResource } from "./index";
 export const prompts: GuidePrompt[] = [
   {
     name: "ai-providers-setup",
+    title: "Set Up AI Provider",
     description: "Set up an AI provider so the workspace can use its models.",
     text: `# Set up AI provider
 
diff --git a/apps/mesh/src/tools/guides/automations.ts b/apps/mesh/src/tools/guides/automations.ts
index 0184a78e39..4a4760e8f2 100644
--- a/apps/mesh/src/tools/guides/automations.ts
+++ b/apps/mesh/src/tools/guides/automations.ts
@@ -3,6 +3,7 @@ import type { GuidePrompt, GuideResource } from "./index";
 export const prompts: GuidePrompt[] = [
   {
     name: "automations-create",
+    title: "Create Automations",
     description:
       "Set up a background workflow that runs on a schedule, event, or webhook.",
     text: `# Create automation
@@ -12,9 +13,9 @@ Goal: create a background workflow that runs the right agent with the correct tr
 Read docs://automations.md for trigger types and workflow patterns. Read docs://platform.md if you need context on how automations relate to agents.
 
 Recommended tool order:
-1. Use COLLECTION_VIRTUAL_MCP_LIST or COLLECTION_VIRTUAL_MCP_GET to identify the agent that should run.
+1. Use COLLECTION_VIRTUAL_MCP_LIST or COLLECTION_VIRTUAL_MCP_GET to identify the agent that should run — its id is the \`virtual_mcp_id\` for AUTOMATION_CREATE.
 2. If the trigger type or payload is unclear, use user_ask.
-3. Use AUTOMATION_CREATE with a clear title, description, and agent.
+3. Use AUTOMATION_CREATE with a clear title, description, and \`virtual_mcp_id\`.
 4. Use AUTOMATION_TRIGGER_ADD to attach the schedule, event trigger, or webhook.
 5. Use AUTOMATION_GET to verify the saved automation and trigger state.
 6. Optionally use AUTOMATION_RUN to test the automation when appropriate.
@@ -28,6 +29,7 @@ Checks:
   },
   {
     name: "automations-update",
+    title: "Update Automations",
     description: "Change an automation's triggers, agent, or configuration.",
     text: `# Update automation
 
@@ -37,9 +39,9 @@ Read docs://automations.md for trigger semantics and design patterns.
 
 Recommended tool order:
 1. Use AUTOMATION_LIST or AUTOMATION_GET to locate the automation.
-2. Use COLLECTION_VIRTUAL_MCP_GET if you need to confirm the assigned agent context.
+2. Use COLLECTION_VIRTUAL_MCP_GET if you need to confirm the assigned agent context (the automation's \`virtual_mcp_id\`).
 3. Use user_ask if the requested trigger or behavior change is not exact.
-4. Use AUTOMATION_UPDATE for metadata or agent changes.
+4. Use AUTOMATION_UPDATE for metadata changes (the assigned agent is immutable; create a new automation if you need a different one).
 5. Use AUTOMATION_TRIGGER_ADD then AUTOMATION_TRIGGER_REMOVE if the trigger itself must change (add before remove so the automation is never left untriggered if the add fails).
 6. Use AUTOMATION_GET to confirm the final state.
 7. Optionally use AUTOMATION_RUN to validate the updated workflow.
@@ -47,7 +49,6 @@ Recommended tool order:
 Checks:
 - Treat trigger changes as consequential because they alter future executions.
 - Be explicit about whether an old trigger is being replaced or removed.
-- Verify the updated automation still points to the intended agent.
 - If the workflow is testable, validate it after the change.
 `,
   },
diff --git a/apps/mesh/src/tools/guides/connections.ts b/apps/mesh/src/tools/guides/connections.ts
index c3685ab5c9..113887e24f 100644
--- a/apps/mesh/src/tools/guides/connections.ts
+++ b/apps/mesh/src/tools/guides/connections.ts
@@ -3,6 +3,7 @@ import type { GuidePrompt, GuideResource } from "./index";
 export const prompts: GuidePrompt[] = [
   {
     name: "connections-create",
+    title: "Create Connections",
     description: "Add a new MCP server connection to the workspace.",
     text: `# Create connection
 
@@ -27,6 +28,7 @@ Checks:
   },
   {
     name: "connections-update",
+    title: "Update Connections",
     description: "Change an existing connection's settings or credentials.",
     text: `# Update connection
 
@@ -50,6 +52,7 @@ Checks:
   },
   {
     name: "connections-troubleshoot",
+    title: "Troubleshoot Connections",
     description: "Fix a broken or unhealthy connection.",
     text: `# Troubleshoot connection
 
diff --git a/apps/mesh/src/tools/guides/index.ts b/apps/mesh/src/tools/guides/index.ts
index b4adebf9cc..38c9f038dc 100644
--- a/apps/mesh/src/tools/guides/index.ts
+++ b/apps/mesh/src/tools/guides/index.ts
@@ -8,6 +8,7 @@ import * as virtualTools from "./virtual-tools";
 
 export interface GuidePrompt {
   name: string;
+  title: string;
   description: string;
   text: string;
 }
diff --git a/apps/mesh/src/tools/guides/store.ts b/apps/mesh/src/tools/guides/store.ts
index 9ace74be59..7794b240cc 100644
--- a/apps/mesh/src/tools/guides/store.ts
+++ b/apps/mesh/src/tools/guides/store.ts
@@ -3,6 +3,7 @@ import type { GuidePrompt, GuideResource } from "./index";
 export const prompts: GuidePrompt[] = [
   {
     name: "store-search",
+    title: "Search Store",
     description: "Find MCP servers in the Deco Store or a registry.",
     text: `# Search store
 
@@ -30,6 +31,7 @@ Checks:
   },
   {
     name: "store-install",
+    title: "Install from Store",
     description: "Install an MCP server from a store or registry.",
     text: `# Install MCP server from store
 
diff --git a/apps/mesh/src/tools/guides/virtual-tools.ts b/apps/mesh/src/tools/guides/virtual-tools.ts
index 5743067377..0bd7ab662e 100644
--- a/apps/mesh/src/tools/guides/virtual-tools.ts
+++ b/apps/mesh/src/tools/guides/virtual-tools.ts
@@ -3,6 +3,7 @@ import type { GuidePrompt, GuideResource } from "./index";
 export const prompts: GuidePrompt[] = [
   {
     name: "virtual-tools-create",
+    title: "Create Virtual Tools",
     description: "Add a sandboxed JavaScript tool to an agent.",
     text: `# Create virtual tool
 
@@ -28,6 +29,7 @@ Checks:
   },
   {
     name: "virtual-tools-update",
+    title: "Update Virtual Tools",
     description: "Modify a virtual tool's code or schema safely.",
     text: `# Update virtual tool
 
diff --git a/apps/mesh/src/tools/index.ts b/apps/mesh/src/tools/index.ts
index ddc62d42e3..4c5fd15b8e 100644
--- a/apps/mesh/src/tools/index.ts
+++ b/apps/mesh/src/tools/index.ts
@@ -139,6 +139,7 @@ const CORE_TOOLS = [
   AiProvidersTools.AI_PROVIDERS_ACTIVE,
   AiProvidersTools.AI_PROVIDER_KEY_CREATE,
   AiProvidersTools.AI_PROVIDER_KEY_DELETE,
+  AiProvidersTools.AI_PROVIDER_KEY_UPDATE,
   AiProvidersTools.AI_PROVIDER_KEY_LIST,
   AiProvidersTools.AI_PROVIDER_OAUTH_URL,
   AiProvidersTools.AI_PROVIDER_OAUTH_EXCHANGE,
@@ -274,14 +275,18 @@ export const managementMCP = async (ctx: MeshContext) => {
   // Register action prompts
   const prompts = getPrompts();
   for (const prompt of prompts) {
-    server.prompt(prompt.name, prompt.description, () => ({
-      messages: [
-        {
-          role: "user" as const,
-          content: { type: "text" as const, text: prompt.text },
-        },
-      ],
-    }));
+    server.registerPrompt(
+      prompt.name,
+      { title: prompt.title, description: prompt.description },
+      () => ({
+        messages: [
+          {
+            role: "user" as const,
+            content: { type: "text" as const, text: prompt.text },
+          },
+        ],
+      }),
+    );
   }
 
   // Register one prompt per brand context (e.g. /brand-acme-corp)
diff --git a/apps/mesh/src/tools/organization/member-add.ts b/apps/mesh/src/tools/organization/member-add.ts
index c49e4b053d..fe2c9302a0 100644
--- a/apps/mesh/src/tools/organization/member-add.ts
+++ b/apps/mesh/src/tools/organization/member-add.ts
@@ -5,8 +5,9 @@
  */
 
 import { z } from "zod";
+import { posthog } from "../../posthog";
 import { defineTool } from "../../core/define-tool";
-import { requireAuth } from "../../core/mesh-context";
+import { getUserId, requireAuth } from "../../core/mesh-context";
 
 export const ORGANIZATION_MEMBER_ADD = defineTool({
   name: "ORGANIZATION_MEMBER_ADD",
@@ -66,6 +67,20 @@ export const ORGANIZATION_MEMBER_ADD = defineTool({
       throw new Error("Failed to add member");
     }
 
+    const actorId = getUserId(ctx);
+    if (actorId) {
+      posthog.capture({
+        distinctId: actorId,
+        event: "organization_member_added",
+        groups: { organization: organizationId },
+        properties: {
+          organization_id: organizationId,
+          added_user_id: input.userId,
+          role: input.role,
+        },
+      });
+    }
+
     // Better Auth returns role as string, but we accept string or array
     // Convert dates to ISO strings for JSON Schema compatibility
     return {
diff --git a/apps/mesh/src/tools/organization/member-remove.ts b/apps/mesh/src/tools/organization/member-remove.ts
index 66c9dbfd7f..9fa3e7aa4c 100644
--- a/apps/mesh/src/tools/organization/member-remove.ts
+++ b/apps/mesh/src/tools/organization/member-remove.ts
@@ -5,8 +5,9 @@
  */
 
 import { z } from "zod";
+import { posthog } from "../../posthog";
 import { defineTool } from "../../core/define-tool";
-import { requireAuth } from "../../core/mesh-context";
+import { getUserId, requireAuth } from "../../core/mesh-context";
 
 export const ORGANIZATION_MEMBER_REMOVE = defineTool({
   name: "ORGANIZATION_MEMBER_REMOVE",
@@ -54,6 +55,19 @@ export const ORGANIZATION_MEMBER_REMOVE = defineTool({
     // invalidateOrg would be too broad; the TTL will handle cleanup
     // for removed members since the DB row is gone.
 
+    const actorId = getUserId(ctx);
+    if (actorId) {
+      posthog.capture({
+        distinctId: actorId,
+        event: "organization_member_removed",
+        groups: { organization: organizationId },
+        properties: {
+          organization_id: organizationId,
+          member_id_or_email: input.memberIdOrEmail,
+        },
+      });
+    }
+
     return {
       success: true,
       memberIdOrEmail: input.memberIdOrEmail,
diff --git a/apps/mesh/src/tools/organization/member-update-role.ts b/apps/mesh/src/tools/organization/member-update-role.ts
index d668a71193..6597e994ba 100644
--- a/apps/mesh/src/tools/organization/member-update-role.ts
+++ b/apps/mesh/src/tools/organization/member-update-role.ts
@@ -5,8 +5,9 @@
  */
 
 import { z } from "zod";
+import { posthog } from "../../posthog";
 import { defineTool } from "../../core/define-tool";
-import { requireAuth } from "../../core/mesh-context";
+import { getUserId, requireAuth } from "../../core/mesh-context";
 
 export const ORGANIZATION_MEMBER_UPDATE_ROLE = defineTool({
   name: "ORGANIZATION_MEMBER_UPDATE_ROLE",
@@ -71,6 +72,23 @@ export const ORGANIZATION_MEMBER_UPDATE_ROLE = defineTool({
     // Invalidate cached role
     ctx.invalidateMemberRole?.(result.userId, organizationId);
 
+    const actorId = getUserId(ctx);
+    if (actorId) {
+      posthog.capture({
+        distinctId: actorId,
+        event: "organization_member_role_updated",
+        groups: { organization: organizationId },
+        properties: {
+          organization_id: organizationId,
+          member_id: input.memberId,
+          target_user_id: result.userId,
+          new_role: Array.isArray(input.role)
+            ? input.role.join(",")
+            : input.role,
+        },
+      });
+    }
+
     // Convert dates to ISO strings for JSON Schema compatibility
     return {
       ...result,
diff --git a/apps/mesh/src/tools/organization/organization-tools.test.ts b/apps/mesh/src/tools/organization/organization-tools.test.ts
index ac09081486..63dfb62698 100644
--- a/apps/mesh/src/tools/organization/organization-tools.test.ts
+++ b/apps/mesh/src/tools/organization/organization-tools.test.ts
@@ -346,7 +346,7 @@ describe("Organization Tools", () => {
   });
 
   describe("ORGANIZATION_UPDATE", () => {
-    it("should update organization", async () => {
+    it("should update organization name and description", async () => {
       const mockAuth = createMockAuth();
       const ctx = createMockContext(mockAuth);
 
@@ -354,7 +354,7 @@ describe("Organization Tools", () => {
         {
           id: "org_123",
           name: "Updated Name",
-          slug: "updated-slug",
+          description: "Updated description",
         },
         ctx,
       );
@@ -364,7 +364,7 @@ describe("Organization Tools", () => {
           organizationId: "org_123",
           data: expect.objectContaining({
             name: "Updated Name",
-            slug: "updated-slug",
+            metadata: { description: "Updated description" },
           }),
         },
         headers: expect.any(Headers),
@@ -372,6 +372,27 @@ describe("Organization Tools", () => {
 
       expect(result.slug).toBe("updated-org");
     });
+
+    it("should not propagate slug to updateOrganization (slug is immutable)", async () => {
+      const mockAuth = createMockAuth();
+      const ctx = createMockContext(mockAuth);
+
+      await ORGANIZATION_UPDATE.execute(
+        // Cast through unknown because slug is no longer in the input schema
+        // but a misbehaving caller could still pass it at runtime.
+        {
+          id: "org_123",
+          name: "Updated Name",
+          slug: "should-be-ignored",
+        } as unknown as { id: string; name: string },
+        ctx,
+      );
+
+      const call = mockAuth.api.updateOrganization.mock.calls[0]?.[0];
+      expect(call?.body?.data).toBeDefined();
+      expect(call?.body?.data?.slug).toBeUndefined();
+      expect(call?.body?.data?.name).toBe("Updated Name");
+    });
   });
 
   describe("ORGANIZATION_DELETE", () => {
diff --git a/apps/mesh/src/tools/organization/schema.ts b/apps/mesh/src/tools/organization/schema.ts
index 268fd7f2de..5c8fbc6e6e 100644
--- a/apps/mesh/src/tools/organization/schema.ts
+++ b/apps/mesh/src/tools/organization/schema.ts
@@ -37,6 +37,58 @@ export const RegistryConfigSchema = z.object({
 
 export type RegistryConfig = z.infer<typeof RegistryConfigSchema>;
 
+/**
+ * Model slot schema — a concrete model selection (provider key + model).
+ * Matches SimpleModeModelSlot interface from storage/types.ts.
+ */
+const ModelSlotSchema = z
+  .object({
+    keyId: z.string(),
+    modelId: z.string(),
+    title: z.string().optional(),
+  })
+  .nullable();
+
+/**
+ * Simple Model Mode configuration schema.
+ * Matches SimpleModeConfig interface from storage/types.ts.
+ *
+ * When the org enables Simple Mode, members see a Fast/Smart/Thinking
+ * toggle instead of the full model picker, and image/webResearch default
+ * to the models picked here.
+ */
+export const SimpleModeConfigSchema = z.object({
+  enabled: z.boolean(),
+  chat: z.object({
+    fast: ModelSlotSchema,
+    smart: ModelSlotSchema,
+    thinking: ModelSlotSchema,
+  }),
+  image: ModelSlotSchema,
+  webResearch: ModelSlotSchema,
+});
+
+export type SimpleModeConfig = z.infer<typeof SimpleModeConfigSchema>;
+
+/**
+ * Default home agents config schema - matches DefaultHomeAgentsConfig from storage/types.ts.
+ *
+ * Each entry is either a `WELL_KNOWN_AGENT_TEMPLATES` template id (e.g. "site-editor",
+ * "ai-image") or a custom virtual MCP agent id (UUID). The home view renders these
+ * tiles in order, capped at the home view's display limit.
+ */
+export const DefaultHomeAgentsConfigSchema = z.object({
+  ids: z
+    .array(z.string())
+    .describe(
+      "Ordered list of agent ids to show on the home view. Mix of well-known template ids and custom virtual MCP ids.",
+    ),
+});
+
+export type DefaultHomeAgentsConfig = z.infer<
+  typeof DefaultHomeAgentsConfigSchema
+>;
+
 /**
  * Brand context schema - org-scoped company profile
  */
diff --git a/apps/mesh/src/tools/organization/settings-get.ts b/apps/mesh/src/tools/organization/settings-get.ts
index 18393681b2..9141e1d368 100644
--- a/apps/mesh/src/tools/organization/settings-get.ts
+++ b/apps/mesh/src/tools/organization/settings-get.ts
@@ -1,12 +1,17 @@
 import { z } from "zod";
 import { defineTool } from "../../core/define-tool";
 import { requireAuth } from "../../core/mesh-context";
-import { SidebarItemSchema, RegistryConfigSchema } from "./schema.ts";
+import {
+  SidebarItemSchema,
+  RegistryConfigSchema,
+  SimpleModeConfigSchema,
+  DefaultHomeAgentsConfigSchema,
+} from "./schema.ts";
 
 export const ORGANIZATION_SETTINGS_GET = defineTool({
   name: "ORGANIZATION_SETTINGS_GET",
   description:
-    "Get organization-level settings including sidebar configuration and store registry settings.",
+    "Get organization-level settings including sidebar configuration, store registry settings, simple model mode, and default home agents.",
   annotations: {
     title: "Get Organization Settings",
     readOnlyHint: true,
@@ -21,6 +26,8 @@ export const ORGANIZATION_SETTINGS_GET = defineTool({
     sidebar_items: z.array(SidebarItemSchema).nullable().optional(),
     enabled_plugins: z.array(z.string()).nullable().optional(),
     registry_config: RegistryConfigSchema.nullable().optional(),
+    simple_mode: SimpleModeConfigSchema.nullable().optional(),
+    default_home_agents: DefaultHomeAgentsConfigSchema.nullable().optional(),
     createdAt: z.string().datetime().optional().describe("ISO 8601 timestamp"),
     updatedAt: z.string().datetime().optional().describe("ISO 8601 timestamp"),
   }),
diff --git a/apps/mesh/src/tools/organization/settings-tools.test.ts b/apps/mesh/src/tools/organization/settings-tools.test.ts
new file mode 100644
index 0000000000..0ce973186d
--- /dev/null
+++ b/apps/mesh/src/tools/organization/settings-tools.test.ts
@@ -0,0 +1,197 @@
+import { describe, it, expect, vi } from "bun:test";
+import {
+  ORGANIZATION_SETTINGS_GET,
+  ORGANIZATION_SETTINGS_UPDATE,
+} from "./index";
+import type {
+  BetterAuthInstance,
+  BoundAuthClient,
+  MeshContext,
+} from "../../core/mesh-context";
+import type { OrganizationSettings } from "../../storage/types";
+
+const SAMPLE_SIMPLE_MODE = {
+  enabled: true,
+  chat: {
+    fast: { keyId: "key_1", modelId: "gpt-4o-mini", title: "Fast" },
+    smart: { keyId: "key_1", modelId: "gpt-4o", title: "Smart" },
+    thinking: { keyId: "key_1", modelId: "o1-preview", title: "Thinking" },
+  },
+  image: { keyId: "key_2", modelId: "dall-e-3", title: "Image" },
+  webResearch: null,
+};
+
+const SAMPLE_REGISTRY_CONFIG = {
+  registries: { conn_x: { enabled: true } },
+  blockedMcps: ["spam-mcp"],
+};
+
+const buildStoredSettings = (
+  overrides: Partial<OrganizationSettings> = {},
+): OrganizationSettings => ({
+  organizationId: "org_123",
+  sidebar_items: null,
+  enabled_plugins: null,
+  registry_config: null,
+  simple_mode: null,
+  default_home_agents: null,
+  createdAt: "2024-01-01T00:00:00.000Z",
+  updatedAt: "2024-01-01T00:00:00.000Z",
+  ...overrides,
+});
+
+const createMockContext = (
+  storedSettings: OrganizationSettings | null,
+): MeshContext => {
+  const get = vi.fn().mockResolvedValue(storedSettings);
+  const upsert = vi.fn(async (_orgId: string, data) => ({
+    ...buildStoredSettings(storedSettings ?? undefined),
+    ...data,
+  }));
+
+  return {
+    timings: {
+      measure: async <T>(_name: string, cb: () => Promise<T>) => await cb(),
+    },
+    eventBus: vi.fn().mockResolvedValue(undefined) as never,
+    auth: {
+      user: {
+        id: "user_1",
+        email: "[email protected]",
+        name: "Test",
+        role: "admin",
+      },
+    },
+    organization: {
+      id: "org_123",
+      slug: "test-org",
+      name: "Test Organization",
+    },
+    storage: {
+      connections: null as never,
+      organizationSettings: { get, upsert } as never,
+      monitoring: null as never,
+      virtualMcps: null as never,
+      users: null as never,
+      threads: null as never,
+      tags: null as never,
+      virtualMcpPluginConfigs: null as never,
+      aiProviderKeys: null as never,
+      oauthPkceStates: null as never,
+      automations: null as never,
+      orgSsoConfig: null as never,
+      orgSsoSessions: null as never,
+      triggerCallbackTokens: null as never,
+      registry: null as never,
+      brandContext: null as never,
+      organizationDomains: null as never,
+    },
+    vault: null as never,
+    authInstance: {} as unknown as BetterAuthInstance,
+    boundAuth: {} as unknown as BoundAuthClient,
+    access: {
+      granted: () => true,
+      check: vi.fn().mockResolvedValue(undefined),
+      grant: () => {},
+      setToolName: () => {},
+    } as never,
+    db: null as never,
+    tracer: {
+      startActiveSpan: (
+        _name: string,
+        _opts: unknown,
+        fn: (span: unknown) => unknown,
+      ) =>
+        fn({
+          setStatus: () => {},
+          recordException: () => {},
+          end: () => {},
+        }),
+    } as never,
+    meter: {
+      createHistogram: () => ({ record: () => {} }),
+      createCounter: () => ({ add: () => {} }),
+    } as never,
+    baseUrl: "https://mesh.example.com",
+    metadata: { requestId: "req_123", timestamp: new Date() },
+    objectStorage: null as never,
+    aiProviders: null as never,
+    createMCPProxy: vi.fn().mockResolvedValue({}),
+    getOrCreateClient: vi.fn().mockResolvedValue({}),
+    pendingRevalidations: [],
+  };
+};
+
+describe("ORGANIZATION_SETTINGS_GET", () => {
+  it("returns simple_mode from stored settings", async () => {
+    const ctx = createMockContext(
+      buildStoredSettings({ simple_mode: SAMPLE_SIMPLE_MODE }),
+    );
+
+    const result = await ORGANIZATION_SETTINGS_GET.execute({}, ctx);
+
+    expect(result.simple_mode).toEqual(SAMPLE_SIMPLE_MODE);
+  });
+});
+
+describe("ORGANIZATION_SETTINGS_UPDATE", () => {
+  it("forwards simple_mode to the storage upsert", async () => {
+    const ctx = createMockContext(buildStoredSettings());
+
+    await ORGANIZATION_SETTINGS_UPDATE.execute(
+      {
+        organizationId: "org_123",
+        simple_mode: SAMPLE_SIMPLE_MODE,
+      },
+      ctx,
+    );
+
+    expect(ctx.storage.organizationSettings.upsert).toHaveBeenCalledWith(
+      "org_123",
+      expect.objectContaining({ simple_mode: SAMPLE_SIMPLE_MODE }),
+    );
+  });
+
+  it("does not clobber unrelated fields when only simple_mode is passed", async () => {
+    const ctx = createMockContext(buildStoredSettings());
+
+    await ORGANIZATION_SETTINGS_UPDATE.execute(
+      {
+        organizationId: "org_123",
+        simple_mode: SAMPLE_SIMPLE_MODE,
+      },
+      ctx,
+    );
+
+    const calls = (
+      ctx.storage.organizationSettings.upsert as unknown as {
+        mock: { calls: [string, Record<string, unknown>][] };
+      }
+    ).mock.calls;
+    const upsertData = calls[0]?.[1] ?? {};
+    expect(upsertData.sidebar_items).toBeUndefined();
+    expect(upsertData.enabled_plugins).toBeUndefined();
+    expect(upsertData.registry_config).toBeUndefined();
+  });
+
+  it("forwards registry_config without touching simple_mode", async () => {
+    const ctx = createMockContext(buildStoredSettings());
+
+    await ORGANIZATION_SETTINGS_UPDATE.execute(
+      {
+        organizationId: "org_123",
+        registry_config: SAMPLE_REGISTRY_CONFIG,
+      },
+      ctx,
+    );
+
+    const calls = (
+      ctx.storage.organizationSettings.upsert as unknown as {
+        mock: { calls: [string, Record<string, unknown>][] };
+      }
+    ).mock.calls;
+    const upsertData = calls[0]?.[1] ?? {};
+    expect(upsertData.registry_config).toEqual(SAMPLE_REGISTRY_CONFIG);
+    expect(upsertData.simple_mode).toBeUndefined();
+  });
+});
diff --git a/apps/mesh/src/tools/organization/settings-update.ts b/apps/mesh/src/tools/organization/settings-update.ts
index e8edbac3a8..8530bd0a03 100644
--- a/apps/mesh/src/tools/organization/settings-update.ts
+++ b/apps/mesh/src/tools/organization/settings-update.ts
@@ -1,12 +1,17 @@
 import { z } from "zod";
 import { defineTool } from "../../core/define-tool";
 import { requireAuth } from "../../core/mesh-context";
-import { SidebarItemSchema, RegistryConfigSchema } from "./schema.ts";
+import {
+  SidebarItemSchema,
+  RegistryConfigSchema,
+  SimpleModeConfigSchema,
+  DefaultHomeAgentsConfigSchema,
+} from "./schema.ts";
 
 export const ORGANIZATION_SETTINGS_UPDATE = defineTool({
   name: "ORGANIZATION_SETTINGS_UPDATE",
   description:
-    "Update organization-level settings such as sidebar configuration and store registry settings.",
+    "Update organization-level settings such as sidebar configuration, store registry settings, simple model mode, and default home agents.",
   annotations: {
     title: "Update Organization Settings",
     readOnlyHint: false,
@@ -19,6 +24,8 @@ export const ORGANIZATION_SETTINGS_UPDATE = defineTool({
     sidebar_items: z.array(SidebarItemSchema).optional(),
     enabled_plugins: z.array(z.string()).optional(),
     registry_config: RegistryConfigSchema.optional(),
+    simple_mode: SimpleModeConfigSchema.optional(),
+    default_home_agents: DefaultHomeAgentsConfigSchema.optional(),
   }),
 
   outputSchema: z.object({
@@ -26,6 +33,8 @@ export const ORGANIZATION_SETTINGS_UPDATE = defineTool({
     sidebar_items: z.array(SidebarItemSchema).nullable().optional(),
     enabled_plugins: z.array(z.string()).nullable().optional(),
     registry_config: RegistryConfigSchema.nullable().optional(),
+    simple_mode: SimpleModeConfigSchema.nullable().optional(),
+    default_home_agents: DefaultHomeAgentsConfigSchema.nullable().optional(),
     createdAt: z.string().datetime().describe("ISO 8601 timestamp"),
     updatedAt: z.string().datetime().describe("ISO 8601 timestamp"),
   }),
@@ -44,6 +53,8 @@ export const ORGANIZATION_SETTINGS_UPDATE = defineTool({
         sidebar_items: input.sidebar_items,
         enabled_plugins: input.enabled_plugins,
         registry_config: input.registry_config,
+        simple_mode: input.simple_mode,
+        default_home_agents: input.default_home_agents,
       },
     );
 
diff --git a/apps/mesh/src/tools/organization/update.ts b/apps/mesh/src/tools/organization/update.ts
index 66ab5cef7c..81f0f225fe 100644
--- a/apps/mesh/src/tools/organization/update.ts
+++ b/apps/mesh/src/tools/organization/update.ts
@@ -10,7 +10,7 @@ import { requireAuth } from "../../core/mesh-context";
 
 export const ORGANIZATION_UPDATE = defineTool({
   name: "ORGANIZATION_UPDATE",
-  description: "Update an organization's name, slug, or description.",
+  description: "Update an organization's name or description.",
   annotations: {
     title: "Update Organization",
     readOnlyHint: false,
@@ -20,12 +20,6 @@ export const ORGANIZATION_UPDATE = defineTool({
   },
   inputSchema: z.object({
     id: z.string(),
-    slug: z
-      .string()
-      .min(1)
-      .max(50)
-      .regex(/^[a-z0-9-]+$/)
-      .optional(),
     name: z.string().min(1).max(255).optional(),
     description: z.string().optional(),
   }),
@@ -47,9 +41,10 @@ export const ORGANIZATION_UPDATE = defineTool({
     await ctx.access.check();
 
     // Build update data
+    // Slug is intentionally NOT updatable: it anchors org URLs (/api/:org/...)
+    // and renaming would silently invalidate every saved URL.
     const updateData: Record<string, unknown> = {};
     if (input.name) updateData.name = input.name;
-    if (input.slug) updateData.slug = input.slug;
     if (input.description)
       updateData.metadata = { description: input.description };
 
diff --git a/apps/mesh/src/tools/registry-metadata.ts b/apps/mesh/src/tools/registry-metadata.ts
index 7d81179766..817a8f6d5b 100644
--- a/apps/mesh/src/tools/registry-metadata.ts
+++ b/apps/mesh/src/tools/registry-metadata.ts
@@ -131,6 +131,7 @@ const ALL_TOOL_NAMES = [
   "AI_PROVIDER_KEY_CREATE",
   "AI_PROVIDER_KEY_LIST",
   "AI_PROVIDER_KEY_DELETE",
+  "AI_PROVIDER_KEY_UPDATE",
   "AI_PROVIDER_OAUTH_URL",
   "AI_PROVIDER_OAUTH_EXCHANGE",
   "AI_PROVIDER_PROVISION_KEY",
@@ -638,6 +639,11 @@ export const MANAGEMENT_TOOLS: ToolMetadata[] = [
     category: "AI Providers",
     dangerous: true,
   },
+  {
+    name: "AI_PROVIDER_KEY_UPDATE",
+    description: "Update AI provider API key label",
+    category: "AI Providers",
+  },
   {
     name: "AI_PROVIDER_OAUTH_URL",
     description: "Get OAuth URL for provider",
@@ -882,146 +888,339 @@ export const MANAGEMENT_TOOLS: ToolMetadata[] = [
   },
 ];
 
+// ============================================================================
+// Permission Capabilities (high-level, user-facing permissions)
+// ============================================================================
+
+export interface PermissionCapability {
+  id: string;
+  label: string;
+  description: string;
+  section: string;
+  tools: ToolName[];
+  dangerous?: boolean;
+}
+
 /**
- * Human-readable labels for tool names
+ * Capability id for tools all authenticated org members can use by default.
+ * The role editor hides this capability and bakes its tools into every
+ * custom role's saved permission set at submit time.
  */
-const TOOL_LABELS: Record<ToolName, string> = {
-  ORGANIZATION_CREATE: "Create organization",
-  ORGANIZATION_LIST: "List organizations",
-  ORGANIZATION_GET: "View organization details",
-  ORGANIZATION_UPDATE: "Update organization",
-  ORGANIZATION_DELETE: "Delete organization",
-  ORGANIZATION_SETTINGS_GET: "View organization settings",
-  ORGANIZATION_SETTINGS_UPDATE: "Update organization settings",
-  BRAND_CONTEXT_LIST: "List brand contexts",
-  BRAND_CONTEXT_GET: "View brand context",
-  BRAND_CONTEXT_CREATE: "Create brand context",
-  BRAND_CONTEXT_UPDATE: "Update brand context",
-  BRAND_CONTEXT_DELETE: "Delete brand context",
-  BRAND_CONTEXT_EXTRACT: "Extract brand from website",
-  BRAND_GET: "Get brand",
-  BRAND_LIST: "List brands",
-  ORGANIZATION_DOMAIN_GET: "Get domain claim",
-  ORGANIZATION_DOMAIN_SET: "Set domain claim",
-  ORGANIZATION_DOMAIN_UPDATE: "Update domain settings",
-  ORGANIZATION_DOMAIN_CLEAR: "Clear domain claim",
-  ORGANIZATION_MEMBER_LIST: "List members",
-  ORGANIZATION_MEMBER_ADD: "Add members",
-  ORGANIZATION_MEMBER_REMOVE: "Remove members",
-  ORGANIZATION_MEMBER_UPDATE_ROLE: "Update member roles",
-  COLLECTION_CONNECTIONS_LIST: "List connections",
-  COLLECTION_CONNECTIONS_GET: "View connection details",
-  COLLECTION_CONNECTIONS_CREATE: "Create connections",
-  COLLECTION_CONNECTIONS_UPDATE: "Update connections",
-  COLLECTION_CONNECTIONS_DELETE: "Delete connections",
-  CONNECTION_TEST: "Test connections",
-  DATABASES_RUN_SQL: "Run SQL queries",
-  COLLECTION_VIRTUAL_MCP_CREATE: "Create virtual MCPs",
-  COLLECTION_VIRTUAL_MCP_LIST: "List virtual MCPs",
-  COLLECTION_VIRTUAL_MCP_GET: "View virtual MCP details",
-  COLLECTION_VIRTUAL_MCP_UPDATE: "Update virtual MCPs",
-  COLLECTION_VIRTUAL_MCP_DELETE: "Delete virtual MCPs",
-  MONITORING_LOG_GET: "View monitoring log details",
-  MONITORING_LOGS_LIST: "List monitoring logs",
-  MONITORING_STATS: "View monitoring statistics",
-  API_KEY_CREATE: "Create API key",
-  API_KEY_LIST: "List API keys",
-  API_KEY_UPDATE: "Update API key",
-  API_KEY_DELETE: "Delete API key",
-  EVENT_PUBLISH: "Publish events",
-  EVENT_SUBSCRIBE: "Subscribe to events",
-  EVENT_UNSUBSCRIBE: "Unsubscribe from events",
-  EVENT_CANCEL: "Cancel recurring events",
-  EVENT_ACK: "Acknowledge event delivery",
-  EVENT_SUBSCRIPTION_LIST: "List event subscriptions",
-  EVENT_SYNC_SUBSCRIPTIONS: "Sync subscriptions to desired state",
-
-  USER_GET: "Get user by id",
-  COLLECTION_THREADS_CREATE: "Create threads",
-  COLLECTION_THREADS_LIST: "List threads",
-  COLLECTION_THREADS_GET: "View thread details",
-  COLLECTION_THREADS_UPDATE: "Update threads",
-  COLLECTION_THREADS_DELETE: "Delete threads",
-  COLLECTION_THREAD_MESSAGES_LIST: "List thread messages",
-  TAGS_LIST: "List organization tags",
-  TAGS_CREATE: "Create organization tag",
-  TAGS_DELETE: "Delete organization tag",
-  MEMBER_TAGS_GET: "Get member tags",
-  MEMBER_TAGS_SET: "Set member tags",
-  VIRTUAL_MCP_PLUGIN_CONFIG_GET: "View plugin config",
-  VIRTUAL_MCP_PLUGIN_CONFIG_UPDATE: "Update plugin config",
-  VIRTUAL_MCP_PINNED_VIEWS_UPDATE: "Update pinned views",
-  AUTOMATION_CREATE: "Create automation",
-  AUTOMATION_GET: "View automation details",
-  AUTOMATION_LIST: "List automations",
-  AUTOMATION_UPDATE: "Update automation",
-  AUTOMATION_DELETE: "Delete automation",
-  AUTOMATION_TRIGGER_ADD: "Add trigger",
-  AUTOMATION_TRIGGER_REMOVE: "Remove trigger",
-  AUTOMATION_RUN: "Run automation",
+const BASIC_USAGE_CAPABILITY_ID = "basic-usage";
 
-  AI_PROVIDERS_LIST: "List AI providers",
-  AI_PROVIDERS_LIST_MODELS: "List AI models",
-  AI_PROVIDERS_ACTIVE: "List active providers",
-  AI_PROVIDER_KEY_CREATE: "Create provider key",
-  AI_PROVIDER_KEY_LIST: "List provider keys",
-  AI_PROVIDER_KEY_DELETE: "Delete provider key",
-  AI_PROVIDER_OAUTH_URL: "Get OAuth URL",
-  AI_PROVIDER_OAUTH_EXCHANGE: "Connect via OAuth",
-  AI_PROVIDER_PROVISION_KEY: "Auto-provision key",
-  AI_PROVIDER_TOPUP_URL: "Get top-up checkout URL",
-  AI_PROVIDER_CREDITS: "Get credit balance",
-  AI_PROVIDER_CLI_ACTIVATE: "Activate Claude Code CLI",
+const PERMISSION_CAPABILITIES: PermissionCapability[] = [
+  // Basic usage — granted to all org members, hidden from UI
+  {
+    id: BASIC_USAGE_CAPABILITY_ID,
+    label: "Basic Usage",
+    description: "Tools all org members can access by default",
+    section: "Basic Usage",
+    tools: [
+      // View connections
+      "COLLECTION_CONNECTIONS_LIST",
+      "COLLECTION_CONNECTIONS_GET",
+      "CONNECTION_TEST",
+      // View agents
+      "COLLECTION_VIRTUAL_MCP_LIST",
+      "COLLECTION_VIRTUAL_MCP_GET",
+      "VIRTUAL_MCP_PLUGIN_CONFIG_GET",
+      // View automations
+      "AUTOMATION_GET",
+      "AUTOMATION_LIST",
+      // View AI providers
+      "AI_PROVIDERS_LIST",
+      "AI_PROVIDERS_LIST_MODELS",
+      "AI_PROVIDERS_ACTIVE",
+      // Object storage access
+      "LIST_OBJECTS",
+      "GET_OBJECT_METADATA",
+      "GET_PRESIGNED_URL",
+      "PUT_PRESIGNED_URL",
+      // VM previews
+      "VM_START",
+      "VM_DELETE",
+    ],
+  },
+  // Organization
+  {
+    id: "org:manage",
+    label: "Manage organization",
+    description:
+      "Edit organization settings, brand context, and domain configuration",
+    section: "Organization",
+    tools: [
+      "ORGANIZATION_GET",
+      "ORGANIZATION_LIST",
+      "ORGANIZATION_UPDATE",
+      "ORGANIZATION_SETTINGS_GET",
+      "ORGANIZATION_SETTINGS_UPDATE",
+      "BRAND_CONTEXT_LIST",
+      "BRAND_CONTEXT_GET",
+      "BRAND_CONTEXT_CREATE",
+      "BRAND_CONTEXT_UPDATE",
+      "BRAND_CONTEXT_DELETE",
+      "BRAND_CONTEXT_EXTRACT",
+      "BRAND_GET",
+      "BRAND_LIST",
+      "ORGANIZATION_DOMAIN_GET",
+      "ORGANIZATION_DOMAIN_SET",
+      "ORGANIZATION_DOMAIN_UPDATE",
+      "ORGANIZATION_DOMAIN_CLEAR",
+    ],
+  },
+  {
+    id: "members:manage",
+    label: "Manage members",
+    description: "Invite members, remove them, and change their roles",
+    section: "Organization",
+    tools: [
+      "ORGANIZATION_MEMBER_LIST",
+      "ORGANIZATION_MEMBER_ADD",
+      "ORGANIZATION_MEMBER_REMOVE",
+      "ORGANIZATION_MEMBER_UPDATE_ROLE",
+    ],
+    dangerous: true,
+  },
+  // Connections
+  {
+    id: "connections:manage",
+    label: "Manage connections",
+    description: "Create, update, and delete connections",
+    section: "Connections & Agents",
+    tools: [
+      "COLLECTION_CONNECTIONS_CREATE",
+      "COLLECTION_CONNECTIONS_UPDATE",
+      "COLLECTION_CONNECTIONS_DELETE",
+    ],
+    dangerous: true,
+  },
+  {
+    id: "agents:manage",
+    label: "Manage agents",
+    description: "Create, configure, and delete agents",
+    section: "Connections & Agents",
+    tools: [
+      "COLLECTION_VIRTUAL_MCP_CREATE",
+      "COLLECTION_VIRTUAL_MCP_UPDATE",
+      "COLLECTION_VIRTUAL_MCP_DELETE",
+      "VIRTUAL_MCP_PLUGIN_CONFIG_UPDATE",
+      "VIRTUAL_MCP_PINNED_VIEWS_UPDATE",
+    ],
+    dangerous: true,
+  },
+  // Automations
+  {
+    id: "automations:manage",
+    label: "Manage automations",
+    description: "Create, update, run, and delete automations",
+    section: "Automations",
+    tools: [
+      "AUTOMATION_CREATE",
+      "AUTOMATION_UPDATE",
+      "AUTOMATION_DELETE",
+      "AUTOMATION_TRIGGER_ADD",
+      "AUTOMATION_TRIGGER_REMOVE",
+      "AUTOMATION_RUN",
+    ],
+    dangerous: true,
+  },
+  // Monitoring
+  {
+    id: "monitoring:view",
+    label: "View monitoring",
+    description: "Access logs and usage statistics",
+    section: "Monitoring",
+    tools: ["MONITORING_LOG_GET", "MONITORING_LOGS_LIST", "MONITORING_STATS"],
+  },
+  // AI Providers
+  {
+    id: "ai-providers:manage",
+    label: "Manage AI providers",
+    description: "Add or remove API keys and provision provider credentials",
+    section: "AI Providers",
+    tools: [
+      "AI_PROVIDER_KEY_CREATE",
+      "AI_PROVIDER_KEY_LIST",
+      "AI_PROVIDER_KEY_DELETE",
+      "AI_PROVIDER_KEY_UPDATE",
+      "AI_PROVIDER_OAUTH_URL",
+      "AI_PROVIDER_OAUTH_EXCHANGE",
+      "AI_PROVIDER_PROVISION_KEY",
+      "AI_PROVIDER_TOPUP_URL",
+      "AI_PROVIDER_CREDITS",
+      "AI_PROVIDER_CLI_ACTIVATE",
+    ],
+  },
+  // Organization (tags moved here from Developer)
+  {
+    id: "tags:manage",
+    label: "Manage tags",
+    description: "Create, assign, and delete organization tags",
+    section: "Organization",
+    tools: [
+      "TAGS_LIST",
+      "TAGS_CREATE",
+      "TAGS_DELETE",
+      "MEMBER_TAGS_GET",
+      "MEMBER_TAGS_SET",
+    ],
+  },
+  // Store & Registry
+  {
+    id: "registry:manage",
+    label: "Manage registry",
+    description: "Browse, publish, and manage items in the registry",
+    section: "Store & Registry",
+    tools: [
+      "COLLECTION_REGISTRY_APP_LIST",
+      "COLLECTION_REGISTRY_APP_GET",
+      "COLLECTION_REGISTRY_APP_VERSIONS",
+      "COLLECTION_REGISTRY_APP_FILTERS",
+      "REGISTRY_ITEM_LIST",
+      "REGISTRY_ITEM_SEARCH",
+      "REGISTRY_ITEM_GET",
+      "REGISTRY_ITEM_VERSIONS",
+      "REGISTRY_ITEM_FILTERS",
+      "REGISTRY_DISCOVER_TOOLS",
+      "REGISTRY_ITEM_CREATE",
+      "REGISTRY_ITEM_BULK_CREATE",
+      "REGISTRY_ITEM_UPDATE",
+      "REGISTRY_ITEM_DELETE",
+      "REGISTRY_AI_GENERATE",
+      "REGISTRY_PUBLISH_REQUEST_LIST",
+      "REGISTRY_PUBLISH_REQUEST_REVIEW",
+      "REGISTRY_PUBLISH_REQUEST_COUNT",
+      "REGISTRY_PUBLISH_REQUEST_DELETE",
+      "REGISTRY_PUBLISH_API_KEY_GENERATE",
+      "REGISTRY_PUBLISH_API_KEY_LIST",
+      "REGISTRY_PUBLISH_API_KEY_REVOKE",
+    ],
+    dangerous: true,
+  },
+  {
+    id: "registry:monitor",
+    label: "Monitor registry health",
+    description: "Run health checks on registry connections and view results",
+    section: "Store & Registry",
+    tools: [
+      "REGISTRY_MONITOR_RUN_START",
+      "REGISTRY_MONITOR_RUN_LIST",
+      "REGISTRY_MONITOR_RUN_GET",
+      "REGISTRY_MONITOR_RUN_CANCEL",
+      "REGISTRY_MONITOR_RESULT_LIST",
+      "REGISTRY_MONITOR_CONNECTION_LIST",
+      "REGISTRY_MONITOR_CONNECTION_SYNC",
+      "REGISTRY_MONITOR_CONNECTION_UPDATE_AUTH",
+      "REGISTRY_MONITOR_SCHEDULE_SET",
+      "REGISTRY_MONITOR_SCHEDULE_CANCEL",
+    ],
+  },
+  // Developer
+  {
+    id: "api-keys:manage",
+    label: "Manage API keys",
+    description: "Create, update, and revoke API keys",
+    section: "Developer",
+    tools: [
+      "API_KEY_CREATE",
+      "API_KEY_LIST",
+      "API_KEY_UPDATE",
+      "API_KEY_DELETE",
+    ],
+  },
+  {
+    id: "event-bus:use",
+    label: "Use event bus",
+    description: "Publish events and manage subscriptions",
+    section: "Developer",
+    tools: [
+      "EVENT_PUBLISH",
+      "EVENT_SUBSCRIBE",
+      "EVENT_UNSUBSCRIBE",
+      "EVENT_CANCEL",
+      "EVENT_ACK",
+      "EVENT_SUBSCRIPTION_LIST",
+      "EVENT_SYNC_SUBSCRIPTIONS",
+    ],
+  },
+  {
+    id: "storage:delete",
+    label: "Delete from storage",
+    description: "Permanently delete files from object storage",
+    section: "Developer",
+    tools: ["DELETE_OBJECT", "DELETE_OBJECTS"],
+    dangerous: true,
+  },
+  {
+    id: "connections:sql",
+    label: "Run SQL queries",
+    description: "Execute raw SQL against connected databases",
+    section: "Developer",
+    tools: ["DATABASES_RUN_SQL"],
+    dangerous: true,
+  },
+];
 
-  // Object Storage
-  LIST_OBJECTS: "List objects",
-  GET_OBJECT_METADATA: "Get object metadata",
-  GET_PRESIGNED_URL: "Generate download URL",
-  PUT_PRESIGNED_URL: "Generate upload URL",
-  DELETE_OBJECT: "Delete object",
-  DELETE_OBJECTS: "Delete multiple objects",
+/**
+ * Tools every authenticated org member can use by default.
+ *
+ * The role editor (`org-role-detail.tsx`) bakes these into every custom
+ * role's saved `permission.self` array at submit time, so AccessControl
+ * sees them as a normal Better Auth permission — no runtime bypass.
+ *
+ * ⚠️  Adding or removing a tool from the basic-usage capability above?
+ *     You MUST also write a Kysely migration that backfills the change
+ *     into existing custom roles in the `organizationRole` table.
+ *     See `apps/mesh/migrations/073-backfill-basic-usage-roles.ts` for
+ *     the pattern. Snapshot the tools you're adding inside the migration
+ *     — do not import this constant from a migration (migrations are
+ *     immutable history).
+ */
+export const BASIC_USAGE_TOOLS: ReadonlySet<string> = new Set(
+  PERMISSION_CAPABILITIES.find((c) => c.id === BASIC_USAGE_CAPABILITY_ID)
+    ?.tools ?? [],
+);
 
-  // Registry
-  COLLECTION_REGISTRY_APP_LIST: "List registry apps",
-  COLLECTION_REGISTRY_APP_GET: "Get registry app",
-  COLLECTION_REGISTRY_APP_VERSIONS: "List registry app versions",
-  COLLECTION_REGISTRY_APP_FILTERS: "Get registry filters",
-  REGISTRY_ITEM_LIST: "List registry items",
-  REGISTRY_ITEM_SEARCH: "Search registry",
-  REGISTRY_ITEM_GET: "Get registry item",
-  REGISTRY_ITEM_VERSIONS: "List item versions",
-  REGISTRY_ITEM_CREATE: "Create registry item",
-  REGISTRY_ITEM_BULK_CREATE: "Bulk create items",
-  REGISTRY_ITEM_UPDATE: "Update registry item",
-  REGISTRY_ITEM_DELETE: "Delete registry item",
-  REGISTRY_ITEM_FILTERS: "Get item filters",
-  REGISTRY_DISCOVER_TOOLS: "Discover tools",
-  REGISTRY_AI_GENERATE: "AI generate content",
-  REGISTRY_PUBLISH_REQUEST_LIST: "List publish requests",
-  REGISTRY_PUBLISH_REQUEST_REVIEW: "Review publish request",
-  REGISTRY_PUBLISH_REQUEST_COUNT: "Count publish requests",
-  REGISTRY_PUBLISH_REQUEST_DELETE: "Delete publish request",
-  REGISTRY_PUBLISH_API_KEY_GENERATE: "Generate API key",
-  REGISTRY_PUBLISH_API_KEY_LIST: "List API keys",
-  REGISTRY_PUBLISH_API_KEY_REVOKE: "Revoke API key",
-  REGISTRY_MONITOR_RUN_START: "Start monitor run",
-  REGISTRY_MONITOR_RUN_LIST: "List monitor runs",
-  REGISTRY_MONITOR_RUN_GET: "Get monitor run",
-  REGISTRY_MONITOR_RUN_CANCEL: "Cancel monitor run",
-  REGISTRY_MONITOR_RESULT_LIST: "List monitor results",
-  REGISTRY_MONITOR_CONNECTION_LIST: "List monitor connections",
-  REGISTRY_MONITOR_CONNECTION_SYNC: "Sync monitor connections",
-  REGISTRY_MONITOR_CONNECTION_UPDATE_AUTH: "Update connection auth",
-  REGISTRY_MONITOR_SCHEDULE_SET: "Set monitor schedule",
-  REGISTRY_MONITOR_SCHEDULE_CANCEL: "Cancel monitor schedule",
+export function getCapabilitySections(): Array<{
+  section: string;
+  capabilities: PermissionCapability[];
+}> {
+  const map = new Map<string, PermissionCapability[]>();
+  for (const cap of PERMISSION_CAPABILITIES) {
+    if (cap.id === BASIC_USAGE_CAPABILITY_ID) continue;
+    const arr = map.get(cap.section) ?? [];
+    arr.push(cap);
+    map.set(cap.section, arr);
+  }
+  return Array.from(map.entries()).map(([section, capabilities]) => ({
+    section,
+    capabilities,
+  }));
+}
 
-  // GitHub
+export function isCapabilityEnabled(
+  cap: PermissionCapability,
+  enabledTools: string[],
+  allowAll: boolean,
+): boolean {
+  if (allowAll) return true;
+  return cap.tools.every((tool) => enabledTools.includes(tool));
+}
 
-  // VM
-  VM_START: "Start VM preview",
-  VM_DELETE: "Delete VM preview",
-  GITHUB_LIST_USER_ORGS: "List GitHub user orgs",
-};
+export function toggleCapabilityInTools(
+  cap: PermissionCapability,
+  currentTools: string[],
+  enable: boolean,
+): string[] {
+  if (enable) {
+    const toolSet = new Set(currentTools);
+    for (const tool of cap.tools) toolSet.add(tool);
+    return Array.from(toolSet);
+  }
+  const toolSet = new Set(currentTools);
+  for (const tool of cap.tools) toolSet.delete(tool);
+  return Array.from(toolSet);
+}
 
 // ============================================================================
 // Exports
@@ -1055,15 +1254,3 @@ export function getToolsByCategory() {
 
   return grouped;
 }
-
-/**
- * Get permission options for UI components (type-safe)
- * Returns flat array of all static permissions with labels
- */
-export function getPermissionOptions(): PermissionOption[] {
-  return MANAGEMENT_TOOLS.map((tool) => ({
-    value: tool.name,
-    label: TOOL_LABELS[tool.name],
-    dangerous: tool.dangerous,
-  }));
-}
diff --git a/apps/mesh/src/tools/thread/create.test.ts b/apps/mesh/src/tools/thread/create.test.ts
new file mode 100644
index 0000000000..0ea8bb410f
--- /dev/null
+++ b/apps/mesh/src/tools/thread/create.test.ts
@@ -0,0 +1,184 @@
+import { describe, it, expect, beforeAll, afterAll } from "bun:test";
+import { COLLECTION_THREADS_CREATE } from "./create";
+import { buildThreadTestContext, type ThreadTestEnv } from "./test-helpers";
+
+describe("COLLECTION_THREADS_CREATE", () => {
+  let env: ThreadTestEnv;
+
+  beforeAll(async () => {
+    env = await buildThreadTestContext();
+  });
+  afterAll(async () => {
+    await env.close();
+  });
+
+  it("assigns a generated branch when the vMCP has a github repo", async () => {
+    const vmcp = await env.ctx.storage.virtualMcps.create(
+      env.orgId,
+      env.userId,
+      {
+        title: "gh-vmcp",
+        connections: [],
+        status: "active",
+        pinned: false,
+        metadata: {
+          githubRepo: {
+            owner: "acme",
+            name: "repo",
+            url: "https://github.com/acme/repo",
+            installationId: 1,
+            connectionId: "conn_x",
+          },
+        },
+      },
+    );
+
+    const result = await COLLECTION_THREADS_CREATE.handler(
+      { data: { virtual_mcp_id: vmcp.id, title: "t" } },
+      env.ctx,
+    );
+
+    expect(result.item.branch).toMatch(/^deco\/[a-z]+-[a-z]+$/);
+    expect(result.item.virtual_mcp_id).toBe(vmcp.id);
+  });
+
+  it("leaves branch null when the vMCP has no github repo", async () => {
+    const vmcp = await env.ctx.storage.virtualMcps.create(
+      env.orgId,
+      env.userId,
+      { title: "no-gh", connections: [], status: "active", pinned: false },
+    );
+
+    const result = await COLLECTION_THREADS_CREATE.handler(
+      { data: { virtual_mcp_id: vmcp.id, title: "t" } },
+      env.ctx,
+    );
+
+    expect(result.item.branch).toBeNull();
+  });
+
+  it("uses the input branch when the vMCP has a github repo", async () => {
+    const vmcp = await env.ctx.storage.virtualMcps.create(
+      env.orgId,
+      env.userId,
+      {
+        title: "gh-vmcp-explicit",
+        connections: [],
+        status: "active",
+        pinned: false,
+        metadata: {
+          githubRepo: {
+            owner: "acme",
+            name: "repo",
+            url: "https://github.com/acme/repo",
+            installationId: 1,
+            connectionId: "conn_x",
+          },
+        },
+      },
+    );
+
+    const result = await COLLECTION_THREADS_CREATE.handler(
+      {
+        data: {
+          virtual_mcp_id: vmcp.id,
+          title: "t",
+          branch: "deco/custom-branch",
+        },
+      },
+      env.ctx,
+    );
+
+    expect(result.item.branch).toBe("deco/custom-branch");
+  });
+
+  it("ignores the input branch when the vMCP has no github repo", async () => {
+    const vmcp = await env.ctx.storage.virtualMcps.create(
+      env.orgId,
+      env.userId,
+      {
+        title: "no-gh-with-input-branch",
+        connections: [],
+        status: "active",
+        pinned: false,
+      },
+    );
+
+    const result = await COLLECTION_THREADS_CREATE.handler(
+      {
+        data: {
+          virtual_mcp_id: vmcp.id,
+          title: "t",
+          branch: "deco/should-be-ignored",
+        },
+      },
+      env.ctx,
+    );
+
+    expect(result.item.branch).toBeNull();
+  });
+
+  it("picks the most-recently-touched vmMap branch when no input branch + github vMCP", async () => {
+    const vmcp = await env.ctx.storage.virtualMcps.create(
+      env.orgId,
+      env.userId,
+      {
+        title: "gh-vmcp-with-vmmap",
+        connections: [],
+        status: "active",
+        pinned: false,
+        metadata: {
+          githubRepo: {
+            owner: "acme",
+            name: "repo",
+            url: "https://github.com/acme/repo",
+            installationId: 1,
+            connectionId: "conn_x",
+          },
+          vmMap: {
+            [env.userId]: {
+              "deco/old-branch": {
+                vmId: "vm_old",
+                previewUrl: null,
+                createdAt: 1000,
+              },
+              "deco/new-branch": {
+                vmId: "vm_new",
+                previewUrl: null,
+                createdAt: 2000,
+              },
+            },
+          },
+        },
+      },
+    );
+
+    const result = await COLLECTION_THREADS_CREATE.handler(
+      { data: { virtual_mcp_id: vmcp.id, title: "t" } },
+      env.ctx,
+    );
+
+    expect(result.item.branch).toBe("deco/new-branch");
+  });
+
+  it("is idempotent: creating with the same id twice returns the same row", async () => {
+    const vmcp = await env.ctx.storage.virtualMcps.create(
+      env.orgId,
+      env.userId,
+      { title: "x", connections: [], status: "active", pinned: false },
+    );
+
+    const id = "thrd_test_idempotent";
+    const first = await COLLECTION_THREADS_CREATE.handler(
+      { data: { id, virtual_mcp_id: vmcp.id, title: "first" } },
+      env.ctx,
+    );
+    const second = await COLLECTION_THREADS_CREATE.handler(
+      { data: { id, virtual_mcp_id: vmcp.id, title: "second" } },
+      env.ctx,
+    );
+
+    expect(second.item.id).toBe(first.item.id);
+    expect(second.item.title).toBe("first"); // existing row, not overwritten
+  });
+});
diff --git a/apps/mesh/src/tools/thread/create.ts b/apps/mesh/src/tools/thread/create.ts
index 28543a97e2..edc63fc265 100644
--- a/apps/mesh/src/tools/thread/create.ts
+++ b/apps/mesh/src/tools/thread/create.ts
@@ -1,10 +1,22 @@
 /**
  * COLLECTION_THREADS_CREATE Tool
  *
- * Create a new thread (organization-scoped) with collection binding compliance.
+ * Create a new thread for a virtual MCP.
+ *
+ * Branch resolution (only meaningful when the vMCP has a githubRepo):
+ *   1. Honor `data.branch` when provided.
+ *   2. Otherwise pick the most-recently-touched branch from the user's
+ *      `vmMap[userId]` so a new task lands on a warm sandbox.
+ *   3. Fall back to a freshly generated `deco/<adj>-<noun>` name when the
+ *      user has no vmMap entries for this vMCP.
+ *
+ * Threads created on a vMCP without a githubRepo always get `branch = null`.
+ *
+ * Idempotent on `id` collisions (storage uses INSERT … ON CONFLICT DO NOTHING).
  */
 
 import { z } from "zod";
+import { posthog } from "../../posthog";
 import { defineTool } from "../../core/define-tool";
 import {
   getUserId,
@@ -13,10 +25,8 @@ import {
 } from "../../core/mesh-context";
 import { ThreadCreateDataSchema, ThreadEntitySchema } from "./schema";
 import { generatePrefixedId } from "@/shared/utils/generate-id";
+import { generateBranchName } from "@/shared/branch-name";
 
-/**
- * Input schema for creating threads (wrapped in data field for collection compliance)
- */
 const CreateInputSchema = z.object({
   data: ThreadCreateDataSchema.describe(
     "Data for the new thread (id is auto-generated if not provided)",
@@ -25,13 +35,38 @@ const CreateInputSchema = z.object({
 
 export type CreateThreadInput = z.infer<typeof CreateInputSchema>;
 
-/**
- * Output schema for created thread
- */
 const CreateOutputSchema = z.object({
   item: ThreadEntitySchema.describe("The created thread entity"),
 });
 
+type GithubRepoMeta = {
+  githubRepo?: {
+    owner: string;
+    name: string;
+    connectionId?: string;
+  } | null;
+};
+
+type VmMapMeta = {
+  vmMap?: Record<string, Record<string, { createdAt?: number }>>;
+};
+
+/**
+ * Pick the user's most-recently-touched branch from vmMap. Returns undefined
+ * when the user has no entries (caller falls back to generateBranchName).
+ */
+function pickWarmBranchFromVmMap(
+  vmMap: VmMapMeta["vmMap"],
+  userId: string,
+): string | undefined {
+  const entries = vmMap?.[userId];
+  if (!entries) return undefined;
+  const sorted = Object.entries(entries).sort(
+    ([, a], [, b]) => (b.createdAt ?? 0) - (a.createdAt ?? 0),
+  );
+  return sorted[0]?.[0];
+}
+
 export const COLLECTION_THREADS_CREATE = defineTool({
   name: "COLLECTION_THREADS_CREATE",
   description: "Create a new thread for organizing messages and conversations.",
@@ -39,7 +74,7 @@ export const COLLECTION_THREADS_CREATE = defineTool({
     title: "Create Thread",
     readOnlyHint: false,
     destructiveHint: true,
-    idempotentHint: false,
+    idempotentHint: true,
     openWorldHint: false,
   },
   inputSchema: CreateInputSchema,
@@ -48,7 +83,6 @@ export const COLLECTION_THREADS_CREATE = defineTool({
   handler: async (input, ctx) => {
     requireAuth(ctx);
     const organization = requireOrganization(ctx);
-
     await ctx.access.check();
 
     const userId = getUserId(ctx);
@@ -56,16 +90,52 @@ export const COLLECTION_THREADS_CREATE = defineTool({
       throw new Error("User ID required to create thread");
     }
 
-    const taskId = input.data.id ?? generatePrefixedId("thrd");
+    const { data } = input;
+    const taskId = data.id ?? generatePrefixedId("thrd");
+
+    const vmcp = await ctx.storage.virtualMcps.findById(
+      data.virtual_mcp_id,
+      organization.id,
+    );
+    if (!vmcp) {
+      throw new Error(`Virtual MCP not found: ${data.virtual_mcp_id}`);
+    }
+
+    const metadata = vmcp.metadata as
+      | (GithubRepoMeta & VmMapMeta)
+      | null
+      | undefined;
+    const githubRepo = metadata?.githubRepo;
+    let branch: string | null = null;
+    if (githubRepo) {
+      branch =
+        data.branch ??
+        pickWarmBranchFromVmMap(metadata?.vmMap, userId) ??
+        generateBranchName();
+    }
 
     const result = await ctx.storage.threads.create({
       id: taskId,
       organization_id: organization.id,
-      title: input.data.title,
-      description: input.data.description,
+      title: data.title,
+      description: data.description,
+      virtual_mcp_id: data.virtual_mcp_id,
+      branch,
       created_by: userId,
     });
 
+    posthog.capture({
+      distinctId: userId,
+      event: "chat_started",
+      groups: { organization: organization.id },
+      properties: {
+        organization_id: organization.id,
+        thread_id: taskId,
+        has_title: !!input.data.title,
+        created_via: "tool",
+      },
+    });
+
     return {
       item: {
         ...result,
diff --git a/apps/mesh/src/tools/thread/delete.ts b/apps/mesh/src/tools/thread/delete.ts
index d34b529a72..6b98dc1763 100644
--- a/apps/mesh/src/tools/thread/delete.ts
+++ b/apps/mesh/src/tools/thread/delete.ts
@@ -8,8 +8,13 @@ import {
   CollectionDeleteInputSchema,
   createCollectionDeleteOutputSchema,
 } from "@decocms/bindings/collections";
+import { posthog } from "../../posthog";
 import { defineTool } from "../../core/define-tool";
-import { requireAuth, requireOrganization } from "../../core/mesh-context";
+import {
+  getUserId,
+  requireAuth,
+  requireOrganization,
+} from "../../core/mesh-context";
 import { normalizeThreadForResponse } from "./helpers";
 import { ThreadEntitySchema } from "./schema";
 
@@ -28,7 +33,7 @@ export const COLLECTION_THREADS_DELETE = defineTool({
 
   handler: async (input, ctx) => {
     requireAuth(ctx);
-    requireOrganization(ctx);
+    const organization = requireOrganization(ctx);
 
     await ctx.access.check();
 
@@ -39,6 +44,19 @@ export const COLLECTION_THREADS_DELETE = defineTool({
 
     await ctx.storage.threads.delete(input.id);
 
+    const userId = getUserId(ctx);
+    if (userId) {
+      posthog.capture({
+        distinctId: userId,
+        event: "chat_deleted",
+        groups: { organization: organization.id },
+        properties: {
+          organization_id: organization.id,
+          thread_id: input.id,
+        },
+      });
+    }
+
     return {
       item: normalizeThreadForResponse(thread),
     };
diff --git a/apps/mesh/src/tools/thread/helpers.test.ts b/apps/mesh/src/tools/thread/helpers.test.ts
index 1d65f987d8..8234bd2886 100644
--- a/apps/mesh/src/tools/thread/helpers.test.ts
+++ b/apps/mesh/src/tools/thread/helpers.test.ts
@@ -14,7 +14,7 @@ const BASE_THREAD: Thread = {
   created_at: "2025-01-01T00:00:00.000Z",
   updated_at: "2025-01-01T00:00:00.000Z",
   created_by: "user_test",
-  updated_by: null,
+  updated_by: undefined,
   hidden: null,
   status: "completed",
   trigger_id: null,
@@ -22,7 +22,9 @@ const BASE_THREAD: Thread = {
   run_owner_pod: null,
   run_config: null,
   run_started_at: null,
+  inflight_async_jobs: null,
   virtual_mcp_id: "",
+  branch: null,
   metadata: {},
 };
 
diff --git a/apps/mesh/src/tools/thread/schema.ts b/apps/mesh/src/tools/thread/schema.ts
index eafc278662..cf30f15172 100644
--- a/apps/mesh/src/tools/thread/schema.ts
+++ b/apps/mesh/src/tools/thread/schema.ts
@@ -68,12 +68,17 @@ export const ThreadEntitySchema = z.object({
   created_by: z.string().describe("User ID who created the thread"),
   updated_by: z
     .string()
-    .nullable()
+    .optional()
     .describe("User ID who last updated the thread"),
   virtual_mcp_id: z
     .string()
     .optional()
     .describe("Virtual MCP (agent) this thread was initiated with"),
+  branch: z
+    .string()
+    .nullable()
+    .optional()
+    .describe("Git branch this thread is pinned to (GitHub-linked vms only)"),
   metadata: ThreadMetadataSchema.optional().describe(
     "Free-form per-thread UI state (e.g. expanded_tools)",
   ),
@@ -95,8 +100,18 @@ export type ThreadEntity = z.infer<typeof ThreadEntitySchema>;
 
 export const ThreadCreateDataSchema = z.object({
   id: z.string().optional().describe("Optional custom ID for the thread"),
-  title: z.string().describe("Thread title"),
+  title: z.string().optional().describe("Thread title"),
   description: z.string().nullish().describe("Thread description"),
+  virtual_mcp_id: z
+    .string()
+    .describe("Virtual MCP (agent) this thread is bound to"),
+  branch: z
+    .string()
+    .min(1)
+    .optional()
+    .describe(
+      "Preferred branch. Used only when the vMCP has a githubRepo; ignored otherwise. When omitted, the server picks the most-recently-touched branch from the user's vmMap, falling back to a freshly generated name.",
+    ),
 });
 
 export type ThreadCreateData = z.infer<typeof ThreadCreateDataSchema>;
@@ -114,6 +129,7 @@ export const ThreadUpdateDataSchema = z.object({
   metadata: ThreadMetadataSchema.optional().describe(
     "Full replacement of the thread's metadata object",
   ),
+  branch: z.string().nullish().describe("New git branch for this thread"),
 });
 
 export type ThreadUpdateData = z.infer<typeof ThreadUpdateDataSchema>;
diff --git a/apps/mesh/src/tools/thread/test-helpers.ts b/apps/mesh/src/tools/thread/test-helpers.ts
new file mode 100644
index 0000000000..cecc236ce0
--- /dev/null
+++ b/apps/mesh/src/tools/thread/test-helpers.ts
@@ -0,0 +1,144 @@
+/**
+ * Test scaffolding for thread tool tests. Mirrors the manual context
+ * construction in `connection/connection-tools.test.ts`, but only wires the
+ * storage modules the thread tools touch (threads, virtualMcps).
+ */
+
+import { vi } from "bun:test";
+import {
+  createTestDatabase,
+  closeTestDatabase,
+  type TestDatabase,
+} from "../../database/test-db";
+import {
+  createTestSchema,
+  seedCommonTestFixtures,
+} from "../../storage/test-helpers";
+import { CredentialVault } from "../../encryption/credential-vault";
+import {
+  SqlThreadStorage,
+  OrgScopedThreadStorage,
+} from "../../storage/threads";
+import { VirtualMCPStorage } from "../../storage/virtual";
+import type { BoundAuthClient, MeshContext } from "../../core/mesh-context";
+
+const ORG_ID = "org_test";
+const USER_ID = "user_test";
+
+export interface ThreadTestEnv {
+  database: TestDatabase;
+  ctx: MeshContext;
+  orgId: string;
+  userId: string;
+  close: () => Promise<void>;
+}
+
+const createMockBoundAuth = (): BoundAuthClient =>
+  ({
+    hasPermission: vi.fn().mockResolvedValue(true),
+    organization: {
+      create: vi.fn(),
+      update: vi.fn(),
+      delete: vi.fn(),
+      get: vi.fn(),
+      list: vi.fn(),
+      addMember: vi.fn(),
+      removeMember: vi.fn(),
+      listMembers: vi.fn(),
+      updateMemberRole: vi.fn(),
+    },
+    apiKey: {
+      create: vi.fn(),
+      list: vi.fn(),
+      update: vi.fn(),
+      delete: vi.fn(),
+    },
+  }) as unknown as BoundAuthClient;
+
+export async function buildThreadTestContext(): Promise<ThreadTestEnv> {
+  const database = await createTestDatabase();
+  await createTestSchema(database.db);
+  await seedCommonTestFixtures(database.db);
+
+  const vault = new CredentialVault(CredentialVault.generateKey());
+  const sqlThreads = new SqlThreadStorage(database.db);
+  const threads = new OrgScopedThreadStorage(sqlThreads, ORG_ID);
+  const virtualMcps = new VirtualMCPStorage(database.db);
+
+  const ctx = {
+    timings: {
+      measure: async <T>(_name: string, cb: () => Promise<T>) => await cb(),
+    },
+    auth: {
+      user: {
+        id: USER_ID,
+        email: "[email protected]",
+        name: "T",
+        role: "admin",
+      },
+    },
+    organization: { id: ORG_ID, slug: "test-org", name: "Test Org" },
+    storage: {
+      threads,
+      virtualMcps,
+      // Stub the rest — thread tools don't touch these.
+      connections: null as never,
+      organizationSettings: null as never,
+      monitoring: null as never,
+      users: null as never,
+      tags: null as never,
+      virtualMcpPluginConfigs: null as never,
+      aiProviderKeys: null as never,
+      oauthPkceStates: null as never,
+      automations: null as never,
+      orgSsoConfig: null as never,
+      orgSsoSessions: null as never,
+      triggerCallbackTokens: null as never,
+      registry: null as never,
+      brandContext: null as never,
+      organizationDomains: null as never,
+    },
+    vault,
+    authInstance: null as never,
+    boundAuth: createMockBoundAuth(),
+    access: {
+      granted: () => true,
+      check: async () => {},
+      grant: () => {},
+      setToolName: () => {},
+    } as never,
+    db: database.db,
+    tracer: {
+      startActiveSpan: (
+        _name: string,
+        _opts: unknown,
+        fn: (span: unknown) => unknown,
+      ) =>
+        fn({
+          setStatus: () => {},
+          recordException: () => {},
+          end: () => {},
+        }),
+    } as never,
+    meter: {
+      createHistogram: () => ({ record: () => {} }),
+      createCounter: () => ({ add: () => {} }),
+    } as never,
+    baseUrl: "https://mesh.example.com",
+    metadata: { requestId: "req_test", timestamp: new Date() },
+    eventBus: null as never,
+    objectStorage: null as never,
+    aiProviders: null as never,
+    createMCPProxy: vi.fn().mockResolvedValue({}),
+    getOrCreateClient: vi.fn().mockResolvedValue({}),
+    pendingRevalidations: [],
+  } as unknown as MeshContext;
+
+  return {
+    database,
+    ctx,
+    orgId: ORG_ID,
+    userId: USER_ID,
+    close: () => closeTestDatabase(database),
+  };
+}
diff --git a/apps/mesh/src/tools/thread/update.test.ts b/apps/mesh/src/tools/thread/update.test.ts
new file mode 100644
index 0000000000..23b740a4d1
--- /dev/null
+++ b/apps/mesh/src/tools/thread/update.test.ts
@@ -0,0 +1,98 @@
+import { describe, it, expect, beforeAll, afterAll } from "bun:test";
+import { COLLECTION_THREADS_CREATE } from "./create";
+import { COLLECTION_THREADS_UPDATE } from "./update";
+import { buildThreadTestContext, type ThreadTestEnv } from "./test-helpers";
+
+describe("COLLECTION_THREADS_UPDATE", () => {
+  let env: ThreadTestEnv;
+
+  beforeAll(async () => {
+    env = await buildThreadTestContext();
+  });
+  afterAll(async () => {
+    await env.close();
+  });
+
+  it("rejects branch=null for a github-linked thread", async () => {
+    const vmcp = await env.ctx.storage.virtualMcps.create(
+      env.orgId,
+      env.userId,
+      {
+        title: "gh",
+        connections: [],
+        status: "active",
+        pinned: false,
+        metadata: {
+          githubRepo: {
+            owner: "a",
+            name: "b",
+            url: "https://github.com/a/b",
+            installationId: 1,
+            connectionId: "c",
+          },
+        },
+      },
+    );
+    const created = await COLLECTION_THREADS_CREATE.handler(
+      { data: { virtual_mcp_id: vmcp.id, title: "t" } },
+      env.ctx,
+    );
+
+    await expect(
+      COLLECTION_THREADS_UPDATE.handler(
+        { id: created.item.id, data: { branch: null } },
+        env.ctx,
+      ),
+    ).rejects.toThrow(/branch.*null.*github/i);
+  });
+
+  it("allows branch=null for non-github threads", async () => {
+    const vmcp = await env.ctx.storage.virtualMcps.create(
+      env.orgId,
+      env.userId,
+      { title: "no-gh", connections: [], status: "active", pinned: false },
+    );
+    const created = await COLLECTION_THREADS_CREATE.handler(
+      { data: { virtual_mcp_id: vmcp.id, title: "t" } },
+      env.ctx,
+    );
+
+    const updated = await COLLECTION_THREADS_UPDATE.handler(
+      { id: created.item.id, data: { branch: null } },
+      env.ctx,
+    );
+    expect(updated.item.branch).toBeNull();
+  });
+
+  it("allows switching to a different branch on github threads", async () => {
+    const vmcp = await env.ctx.storage.virtualMcps.create(
+      env.orgId,
+      env.userId,
+      {
+        title: "gh",
+        connections: [],
+        status: "active",
+        pinned: false,
+        metadata: {
+          githubRepo: {
+            owner: "a",
+            name: "b",
+            url: "https://github.com/a/b",
+            installationId: 1,
+            connectionId: "c",
+          },
+        },
+      },
+    );
+    const created = await COLLECTION_THREADS_CREATE.handler(
+      { data: { virtual_mcp_id: vmcp.id, title: "t" } },
+      env.ctx,
+    );
+
+    const updated = await COLLECTION_THREADS_UPDATE.handler(
+      { id: created.item.id, data: { branch: "deco/manual-pick" } },
+      env.ctx,
+    );
+    expect(updated.item.branch).toBe("deco/manual-pick");
+  });
+});
diff --git a/apps/mesh/src/tools/thread/update.ts b/apps/mesh/src/tools/thread/update.ts
index cfd3576670..33abf138ed 100644
--- a/apps/mesh/src/tools/thread/update.ts
+++ b/apps/mesh/src/tools/thread/update.ts
@@ -5,6 +5,7 @@
  */
 
 import { z } from "zod";
+import { posthog } from "../../posthog";
 import { defineTool } from "../../core/define-tool";
 import {
   getUserId,
@@ -44,7 +45,7 @@ export const COLLECTION_THREADS_UPDATE = defineTool({
 
   handler: async (input, ctx) => {
     requireAuth(ctx);
-    requireOrganization(ctx);
+    const organization = requireOrganization(ctx);
 
     await ctx.access.check();
 
@@ -60,6 +61,27 @@ export const COLLECTION_THREADS_UPDATE = defineTool({
       throw new Error("Thread not found in organization");
     }
 
+    if (data.branch === null && existing.virtual_mcp_id) {
+      const vmcp = await ctx.storage.virtualMcps.findById(
+        existing.virtual_mcp_id,
+        requireOrganization(ctx).id,
+      );
+      type GithubRepoMeta = {
+        githubRepo?: {
+          owner: string;
+          name: string;
+          connectionId?: string;
+        } | null;
+      };
+      const githubRepo = (vmcp?.metadata as GithubRepoMeta | null | undefined)
+        ?.githubRepo;
+      if (githubRepo) {
+        throw new Error(
+          "Cannot set branch=null on a github-linked thread (vMCP has githubRepo)",
+        );
+      }
+    }
+
     const updateData: Parameters<typeof ctx.storage.threads.update>[1] = {
       title: data.title,
       description: data.description,
@@ -75,8 +97,27 @@ export const COLLECTION_THREADS_UPDATE = defineTool({
       updateData.metadata = data.metadata;
     }
 
+    if (data.branch !== undefined) {
+      updateData.branch = data.branch;
+    }
+
     const thread = await ctx.storage.threads.update(id, updateData);
 
+    // Fire chat_archived / chat_unarchived when the hidden flag flips. Only
+    // fires on the specific transition, not on title/description edits that
+    // happen to include `hidden` unchanged.
+    if (data.hidden !== undefined && data.hidden !== existing.hidden) {
+      posthog.capture({
+        distinctId: userId,
+        event: data.hidden ? "chat_archived" : "chat_unarchived",
+        groups: { organization: organization.id },
+        properties: {
+          organization_id: organization.id,
+          thread_id: id,
+        },
+      });
+    }
+
     return {
       item: normalizeThreadForResponse(thread),
     };
diff --git a/apps/mesh/src/tools/virtual/plugin-config-update.ts b/apps/mesh/src/tools/virtual/plugin-config-update.ts
index 221844972f..d7273243cc 100644
--- a/apps/mesh/src/tools/virtual/plugin-config-update.ts
+++ b/apps/mesh/src/tools/virtual/plugin-config-update.ts
@@ -10,7 +10,7 @@ import { getUserId, requireAuth } from "../../core/mesh-context";
 import {
   createDevAssetsConnectionEntity,
   isDevAssetsConnection,
-  isDevMode,
+  usesLocalObjectStorage,
 } from "../connection/dev-assets";
 import { getBaseUrl } from "../../core/server-constants";
 
@@ -78,7 +78,7 @@ export const VIRTUAL_MCP_PLUGIN_CONFIG_UPDATE = defineTool({
       connectionId &&
       parentConnection.organization_id &&
       !connectionExists &&
-      isDevMode()
+      usesLocalObjectStorage()
     ) {
       if (
         isDevAssetsConnection(connectionId, parentConnection.organization_id)
diff --git a/apps/mesh/src/tools/virtual/studio-pack.ts b/apps/mesh/src/tools/virtual/studio-pack.ts
index 7e29bbad9f..20b4129ab0 100644
--- a/apps/mesh/src/tools/virtual/studio-pack.ts
+++ b/apps/mesh/src/tools/virtual/studio-pack.ts
@@ -39,6 +39,18 @@ You are the Agent Manager. You create, configure, and maintain agents (Virtual M
    a. List all agents with COLLECTION_VIRTUAL_MCP_LIST.
    b. For detailed inspection, use COLLECTION_VIRTUAL_MCP_GET on specific agents.
    c. Cross-reference with COLLECTION_CONNECTIONS_LIST to identify unused or missing connections.
+
+4. Improving an agent's instructions:
+   a. Read docs://agents.md for the instruction-writing pattern (XML-style sections, explicit workflows).
+   b. Get the current instructions with COLLECTION_VIRTUAL_MCP_GET on the supplied agent id.
+   c. If the intended purpose, audience, or boundaries are unclear, use user_ask before rewriting.
+   d. Rewrite the instructions with explicit XML-style sections: <role>, <capabilities>, <constraints>, <workflows>.
+      - Make the purpose explicit in <role>.
+      - If a workflow already exists, sharpen it into concrete, ordered, operational steps. If none exists, add one that reflects how the agent should actually operate.
+      - Tighten <constraints> when the current instructions are too open-ended.
+      - Preserve the user's intended domain and responsibilities.
+   e. Save the rewritten instructions with COLLECTION_VIRTUAL_MCP_UPDATE using the smallest change set (only \`metadata.instructions\`).
+   f. Re-read with COLLECTION_VIRTUAL_MCP_GET to verify the stored result.
 </workflows>`;
 
 const AUTOMATION_MANAGER_INSTRUCTIONS = `<role>
@@ -66,7 +78,7 @@ You are the Automation Manager. You create, configure, and manage automations 
 <workflows>
 1. Creating an automation:
    a. Clarify the automation's purpose, schedule, and expected behavior.
-   b. If the automation targets an agent, list agents with COLLECTION_VIRTUAL_MCP_LIST and confirm the target.
+   b. List agents with COLLECTION_VIRTUAL_MCP_LIST and confirm the target — pass its id as virtual_mcp_id to AUTOMATION_CREATE.
    c. Create the automation with AUTOMATION_CREATE, including clear instructions and model config.
    d. Add triggers with AUTOMATION_TRIGGER_ADD (cron or event-based).
    e. Verify with AUTOMATION_GET.
@@ -81,6 +93,17 @@ You are the Automation Manager. You create, configure, and manage automations 
    a. Get the automation config with AUTOMATION_GET to review its setup.
    b. Run it manually with AUTOMATION_RUN.
    c. Report the result to the user.
+
+4. Improving an automation's instructions:
+   a. Read docs://automations.md for the messages/instructions pattern, then docs://agents.md for the XML-style structure.
+   b. Get the current automation with AUTOMATION_GET on the supplied automation id.
+   c. If the intended purpose, trigger context, or expected output is unclear, use user_ask before rewriting.
+   d. Rewrite the messages with explicit XML-style sections: <role>, <capabilities>, <constraints>, <workflows>.
+      - Keep the rewrite aligned with the automation's trigger and expected background-execution behavior.
+      - If a workflow already exists, sharpen it into concrete, ordered, operational steps. If none exists, add one.
+      - Tighten <constraints> when the current messages are too open-ended.
+   e. Save with AUTOMATION_UPDATE using the smallest change set.
+   f. Re-read with AUTOMATION_GET to verify the stored result.
 </workflows>`;
 
 const CONNECTION_MANAGER_INSTRUCTIONS = `<role>
diff --git a/apps/mesh/src/tools/vm/daemon.ts b/apps/mesh/src/tools/vm/daemon.ts
deleted file mode 100644
index db1aa936e0..0000000000
--- a/apps/mesh/src/tools/vm/daemon.ts
+++ /dev/null
@@ -1,688 +0,0 @@
-/**
- * In-VM Daemon Script Builder
- *
- * Generates the Node.js daemon that runs inside Freestyle VMs.
- * The daemon handles:
- *   1. Reverse proxy: strips X-Frame-Options/CSP for iframe embedding
- *   2. Process spawning: install/dev lifecycle with PTY + SSE streaming
- *   3. Liveness probing: probes upstream dev server
- *   4. File operations: read/write/edit/grep/glob/bash endpoints
- */
-
-import { PACKAGE_MANAGER_DAEMON_CONFIG } from "../../shared/runtime-defaults";
-
-export interface DaemonConfig {
-  upstreamPort: string;
-  packageManager: string | null;
-  pathPrefix: string;
-  port: string;
-  cloneUrl: string;
-  repoName: string;
-  proxyPort: number;
-  bootstrapScript: string;
-  gitUserName: string;
-  gitUserEmail: string;
-}
-
-export function buildDaemonScript(config: DaemonConfig): string {
-  const {
-    upstreamPort,
-    packageManager,
-    pathPrefix,
-    port,
-    cloneUrl,
-    repoName,
-    proxyPort,
-    bootstrapScript,
-    gitUserName,
-    gitUserEmail,
-  } = config;
-
-  if (!/^\d+$/.test(upstreamPort)) {
-    throw new Error(`Invalid upstream port: ${upstreamPort}`);
-  }
-
-  return `const http = require("http");
-const fs = require("fs");
-const path = require("path");
-const { spawn, execSync } = require("child_process");
-const UPSTREAM = "${upstreamPort}";
-const UPSTREAM_HOST = "localhost";
-const PROXY_PORT = ${proxyPort};
-const BOOTSTRAP = ${JSON.stringify(bootstrapScript)};
-const MAX_SSE_CLIENTS = 10;
-const CLONE_URL = ${JSON.stringify(cloneUrl)};
-const REPO_NAME = ${JSON.stringify(repoName)};
-const PM = ${JSON.stringify(packageManager)};
-const PORT = ${JSON.stringify(port)};
-const PATH_PREFIX = ${JSON.stringify(pathPrefix)};
-const GIT_USER_NAME = ${JSON.stringify(gitUserName)};
-const GIT_USER_EMAIL = ${JSON.stringify(gitUserEmail)};
-
-const ADJECTIVES = ["amber","bold","bright","calm","crimson","coral","daring","deep","dusty","eager","faint","fierce","frozen","gentle","golden","grand","green","hollow","iron","ivory","keen","lasting","lunar","mellow","misty","noble","olive","pale","prime","quiet","rapid","rustic","serene","sharp","silver","sleek","solar","stark","still","swift","tawny","tender","thin","true","vast","velvet","warm","wild","young","zen"];
-const NOUNS = ["anchor","birch","brook","cedar","cliff","cove","crane","dune","echo","ember","falcon","fern","flint","forge","frost","glade","grove","harbor","hawk","iris","jade","lark","maple","marsh","mesa","opal","orbit","peak","pine","plume","quartz","rapids","reef","ridge","river","sage","shore","slate","spruce","stone","summit","thorn","tide","trail","vale","wren","aspen","delta","crest","spark"];
-
-function randomBranch() {
-  const adj = ADJECTIVES[Math.floor(Math.random() * ADJECTIVES.length)];
-  const noun = NOUNS[Math.floor(Math.random() * NOUNS.length)];
-  return "decopilot/" + adj + "-" + noun;
-}
-
-const APP_ROOT = "/app";
-const DECO_UID = 1000;
-const DECO_GID = 1000;
-const DECO_ENV = Object.assign({}, process.env, { TERM: "xterm-256color", HOME: "/home/deco", LANG: "en_US.UTF-8", LC_ALL: "en_US.UTF-8" });
-
-const PM_CONFIG = ${JSON.stringify(PACKAGE_MANAGER_DAEMON_CONFIG)};
-
-const WELL_KNOWN_STARTERS = ["dev", "start"];
-
-// --- Process-level error handlers (keep daemon alive on unhandled errors) ---
-process.on("uncaughtException", (err) => {
-  console.error("[daemon] uncaughtException:", err.stack || err.message || err);
-});
-process.on("unhandledRejection", (reason) => {
-  console.error("[daemon] unhandledRejection:", reason);
-});
-
-// --- Path safety ---
-function safePath(userPath) {
-  const resolved = path.resolve(APP_ROOT, userPath);
-  if (!resolved.startsWith(APP_ROOT + "/") && resolved !== APP_ROOT) {
-    return null;
-  }
-  return resolved;
-}
-
-// --- JSON body parser (base64-encoded payloads) ---
-function parseJsonBody(req) {
-  return new Promise((resolve, reject) => {
-    const chunks = [];
-    req.on("data", (c) => chunks.push(c));
-    req.on("end", () => {
-      const raw = Buffer.concat(chunks).toString("utf-8");
-      log("parseJsonBody", "url=" + req.url, "rawLength=" + raw.length);
-      try {
-        // Decode base64 → percent-encoded UTF-8 → original JSON string
-        const decoded = decodeURIComponent(
-          atob(raw).split("").map(function(c) {
-            return "%" + ("00" + c.charCodeAt(0).toString(16)).slice(-2);
-          }).join("")
-        );
-        const parsed = JSON.parse(decoded);
-        log("parseJsonBody", "parsed OK, keys=" + Object.keys(parsed).join(","));
-        resolve(parsed);
-      } catch (e) {
-        log("parseJsonBody", "FAILED to parse", "error=" + e.message, "raw=" + raw.slice(0, 1000));
-        reject(new Error("Failed to parse body: " + e.message + " | raw=" + raw.slice(0, 200)));
-      }
-    });
-    req.on("error", reject);
-  });
-}
-
-function jsonResponse(res, statusCode, body) {
-  if (res.writableEnded || res.destroyed) {
-    log("jsonResponse: response already closed, dropping", statusCode, JSON.stringify(body).slice(0, 200));
-    return;
-  }
-  res.writeHead(statusCode, { "Content-Type": "application/json", "Access-Control-Allow-Origin": "*" });
-  res.end(JSON.stringify(body));
-}
-
-// --- Logging ---
-function log(...args) {
-  const ts = new Date().toISOString();
-  const msg = "[daemon] " + ts + " " + args.join(" ");
-  console.log(msg);
-  broadcastChunk("daemon", msg + "\\r\\n");
-}
-
-// --- SSE state ---
-const sseClients = new Set();
-let lastStatus = { ready: false, htmlSupport: false };
-
-// --- Process state ---
-const children = {};
-const replayBuffers = { setup: "", daemon: "" };
-const REPLAY_BYTES = 4096;
-let setupDone = false;
-let discoveredScripts = null;
-
-function broadcastChunk(source, data) {
-  if (!data) return;
-  if (!replayBuffers[source]) replayBuffers[source] = "";
-  const buf = replayBuffers[source] + data;
-  replayBuffers[source] = buf.length > REPLAY_BYTES ? buf.slice(buf.length - REPLAY_BYTES) : buf;
-  const payload = JSON.stringify({ source: source, data: data });
-  for (const res of sseClients) {
-    if (res.writable) res.write("event: log\\ndata: " + payload + "\\n\\n");
-  }
-}
-
-function broadcastEvent(eventName, data) {
-  const payload = JSON.stringify(data);
-  for (const res of sseClients) {
-    if (res.writable) res.write("event: " + eventName + "\\ndata: " + payload + "\\n\\n");
-  }
-}
-
-function runProcess(source, cmd, label) {
-  if (children[source]) {
-    log("killing", source, "pid=" + children[source].pid);
-    try { children[source].kill("SIGKILL"); } catch (e) {}
-    children[source] = null;
-  }
-  if (!replayBuffers[source]) replayBuffers[source] = "";
-  broadcastChunk(source, label + "\\r\\n");
-  const child = spawn("script", ["-q", "-c", cmd, "/dev/null"], {
-    stdio: ["ignore", "pipe", "pipe"],
-    uid: DECO_UID,
-    gid: DECO_GID,
-    env: DECO_ENV,
-  });
-  children[source] = child;
-  log("spawned", source, "pid=" + child.pid);
-  broadcastEvent("processes", { type: "processes", active: Object.keys(children).filter(k => children[k] !== null) });
-  child.stdout.on("data", (chunk) => {
-    broadcastChunk(source, chunk.toString("utf-8"));
-  });
-  child.stderr.on("data", (chunk) => {
-    broadcastChunk(source, chunk.toString("utf-8"));
-  });
-  child.on("close", (code) => {
-    log(source, "exited", "pid=" + child.pid, "code=" + code);
-    if (children[source] === child) children[source] = null;
-    broadcastEvent("processes", { type: "processes", active: Object.keys(children).filter(k => children[k] !== null) });
-  });
-  return child;
-}
-
-function discoverScripts() {
-  if (!PM) return;
-  let scripts = {};
-  try {
-    if (PM === "deno") {
-      for (const f of ["deno.json", "deno.jsonc"]) {
-        try {
-          const raw = fs.readFileSync("/app/" + f, "utf-8");
-          const parsed = JSON.parse(raw);
-          scripts = parsed.tasks || {};
-          break;
-        } catch (e) { /* file not found or parse error, try next */ }
-      }
-    } else {
-      try {
-        const raw = fs.readFileSync("/app/package.json", "utf-8");
-        const parsed = JSON.parse(raw);
-        scripts = parsed.scripts || {};
-      } catch (e) { /* no package.json */ }
-    }
-  } catch (e) {
-    log("script discovery failed:", e.message);
-  }
-  const scriptNames = Object.keys(scripts);
-  discoveredScripts = scriptNames;
-  log("discovered scripts:", scriptNames.join(", ") || "(none)");
-  broadcastEvent("scripts", { type: "scripts", scripts: scriptNames });
-}
-
-function runSetup() {
-  const cloneCmd = "git clone --depth 1 --single-branch " + CLONE_URL + " /app";
-  const cloneLabel = "$ git clone --depth 1 --single-branch " + REPO_NAME + " /app";
-  broadcastChunk("setup", cloneLabel + "\\r\\n");
-
-  const child = spawn("script", ["-q", "-c", cloneCmd, "/dev/null"], {
-    stdio: ["ignore", "pipe", "pipe"],
-    uid: DECO_UID,
-    gid: DECO_GID,
-    env: DECO_ENV,
-  });
-  log("spawned setup (clone) pid=" + child.pid);
-  child.stdout.on("data", (chunk) => broadcastChunk("setup", chunk.toString("utf-8")));
-  child.stderr.on("data", (chunk) => broadcastChunk("setup", chunk.toString("utf-8")));
-  child.on("close", (code) => {
-    log("clone exited code=" + code);
-    if (code !== 0) {
-      broadcastChunk("setup", "\\r\\nClone failed with exit code " + code + "\\r\\n");
-      return;
-    }
-
-    // Configure git identity and create branch
-    try {
-      execSync("git config user.name " + JSON.stringify(GIT_USER_NAME), { cwd: "/app", uid: DECO_UID, gid: DECO_GID, env: DECO_ENV });
-      execSync("git config user.email " + JSON.stringify(GIT_USER_EMAIL), { cwd: "/app", uid: DECO_UID, gid: DECO_GID, env: DECO_ENV });
-      const branch = randomBranch();
-      execSync("git checkout -b " + branch, { cwd: "/app", uid: DECO_UID, gid: DECO_GID, env: DECO_ENV });
-      broadcastChunk("setup", "\\r\\n$ git checkout -b " + branch + "\\r\\n");
-      log("created branch " + branch);
-    } catch (e) {
-      log("git branch setup failed:", e.message);
-      broadcastChunk("setup", "\\r\\nWarning: could not create branch\\r\\n");
-    }
-
-    if (!PM) {
-      setupDone = true;
-      log("setup complete (clone only, no package manager)");
-      return;
-    }
-    // Run install in the same "setup" stream
-    const pmConfig = PM_CONFIG[PM];
-    if (!pmConfig) { setupDone = true; return; }
-    const corepackSetup = "export COREPACK_ENABLE_DOWNLOAD_PROMPT=0 && corepack enable && ";
-    const installCmd = PATH_PREFIX + "cd /app && " + corepackSetup + pmConfig.install;
-    const installLabel = "$ " + pmConfig.install;
-    broadcastChunk("setup", "\\r\\n" + installLabel + "\\r\\n");
-
-    const installChild = spawn("script", ["-q", "-c", installCmd, "/dev/null"], {
-      stdio: ["ignore", "pipe", "pipe"],
-      uid: DECO_UID,
-      gid: DECO_GID,
-      env: DECO_ENV,
-    });
-    log("spawned setup (install) pid=" + installChild.pid);
-    installChild.stdout.on("data", (chunk) => broadcastChunk("setup", chunk.toString("utf-8")));
-    installChild.stderr.on("data", (chunk) => broadcastChunk("setup", chunk.toString("utf-8")));
-    installChild.on("close", (installCode) => {
-      log("install exited code=" + installCode);
-      setupDone = true;
-      if (installCode === 0) {
-        log("setup complete, discovering scripts");
-        discoverScripts();
-      } else {
-        broadcastChunk("setup", "\\r\\nInstall failed with exit code " + installCode + "\\r\\n");
-      }
-    });
-  });
-}
-
-// --- Liveness probe ---
-let probeCount = 0;
-const FAST_PROBE_MS = 3000;
-const SLOW_PROBE_MS = 30000;
-const FAST_PROBE_LIMIT = 20;
-
-function probeUpstream() {
-  const prevReady = lastStatus.ready;
-  const req = http.request(
-    { hostname: UPSTREAM_HOST, port: UPSTREAM, path: "/", method: "HEAD", timeout: 5000 },
-    (res) => {
-      const ct = (res.headers["content-type"] || "").toLowerCase();
-      lastStatus = {
-        ready: res.statusCode >= 200 && res.statusCode < 400,
-        htmlSupport: ct.includes("text/html"),
-      };
-      if (lastStatus.ready !== prevReady) {
-        log("upstream", lastStatus.ready ? "UP" : "DOWN", "status=" + res.statusCode);
-      }
-    }
-  );
-  req.on("error", () => {
-    if (prevReady) log("upstream DOWN (error)");
-    lastStatus = { ready: false, htmlSupport: false };
-  });
-  req.on("timeout", () => { req.destroy(); });
-  req.end();
-
-  probeCount++;
-  const nextDelay = probeCount < FAST_PROBE_LIMIT ? FAST_PROBE_MS : SLOW_PROBE_MS;
-  setTimeout(probeUpstream, nextDelay);
-}
-
-setTimeout(probeUpstream, 1000);
-
-// --- File operation handlers ---
-
-async function handleRead(req, res) {
-  try {
-    const body = await parseJsonBody(req);
-    const filePath = safePath(body.path || "");
-    if (!filePath) return jsonResponse(res, 400, { error: "Path escapes /app" });
-
-    let stat;
-    try { stat = fs.statSync(filePath); } catch { return jsonResponse(res, 400, { error: "File not found: " + body.path }); }
-    if (stat.isDirectory()) return jsonResponse(res, 400, { error: "Path is a directory" });
-
-    // Binary detection: check first 8KB for null bytes
-    const fd = fs.openSync(filePath, "r");
-    const probe = Buffer.alloc(Math.min(8192, stat.size));
-    fs.readSync(fd, probe, 0, probe.length, 0);
-    fs.closeSync(fd);
-    if (probe.includes(0)) return jsonResponse(res, 400, { error: "File appears to be binary" });
-
-    const raw = fs.readFileSync(filePath, "utf-8");
-    const lines = raw.split("\\n");
-    const offset = Math.max(1, body.offset || 1);
-    const limit = body.limit || 2000;
-    const slice = lines.slice(offset - 1, offset - 1 + limit);
-    const numbered = slice.map((line, i) => (offset + i) + "\\t" + line).join("\\n");
-    jsonResponse(res, 200, { content: numbered, lineCount: lines.length });
-  } catch (e) {
-    jsonResponse(res, 500, { error: e.message });
-  }
-}
-
-async function handleWrite(req, res) {
-  try {
-    const body = await parseJsonBody(req);
-    if (typeof body.content !== "string") return jsonResponse(res, 400, { error: "content is required" });
-    const filePath = safePath(body.path || "");
-    if (!filePath) return jsonResponse(res, 400, { error: "Path escapes /app" });
-
-    const dir = path.dirname(filePath);
-    fs.mkdirSync(dir, { recursive: true });
-    fs.writeFileSync(filePath, body.content, "utf-8");
-    jsonResponse(res, 200, { ok: true, bytesWritten: Buffer.byteLength(body.content, "utf-8") });
-  } catch (e) {
-    jsonResponse(res, 500, { error: e.message });
-  }
-}
-
-async function handleEdit(req, res) {
-  try {
-    const body = await parseJsonBody(req);
-    const filePath = safePath(body.path || "");
-    if (!filePath) return jsonResponse(res, 400, { error: "Path escapes /app" });
-    if (!body.old_string || typeof body.old_string !== "string") return jsonResponse(res, 400, { error: "old_string is required" });
-    if (typeof body.new_string !== "string") return jsonResponse(res, 400, { error: "new_string is required" });
-    if (body.old_string === body.new_string) return jsonResponse(res, 400, { error: "old_string and new_string must differ" });
-
-    let content;
-    try { content = fs.readFileSync(filePath, "utf-8"); } catch { return jsonResponse(res, 400, { error: "File not found: " + body.path }); }
-
-    const replaceAll = body.replace_all === true;
-    const count = content.split(body.old_string).length - 1;
-    if (count === 0) return jsonResponse(res, 400, { error: "old_string not found in file" });
-    if (!replaceAll && count > 1) return jsonResponse(res, 400, { error: "old_string found " + count + " times. Use replace_all or provide more context to make it unique." });
-
-    const updated = replaceAll ? content.replaceAll(body.old_string, body.new_string) : content.replace(body.old_string, body.new_string);
-    fs.writeFileSync(filePath, updated, "utf-8");
-    jsonResponse(res, 200, { ok: true, replacements: replaceAll ? count : 1 });
-  } catch (e) {
-    jsonResponse(res, 500, { error: e.message });
-  }
-}
-
-async function handleGrep(req, res) {
-  try {
-    const body = await parseJsonBody(req);
-    if (!body.pattern) return jsonResponse(res, 400, { error: "pattern is required" });
-
-    const searchPath = body.path ? safePath(body.path) : APP_ROOT;
-    if (!searchPath) return jsonResponse(res, 400, { error: "Path escapes /app" });
-
-    const args = [];
-    const mode = body.output_mode || "files";
-    if (mode === "files") args.push("--files-with-matches");
-    else if (mode === "count") args.push("--count");
-    else args.push("--line-number");
-
-    if (body.ignore_case) args.push("-i");
-    if (body.context && mode === "content") args.push("-C", String(body.context));
-    if (body.glob) args.push("--glob", body.glob);
-    args.push("--", body.pattern, searchPath);
-
-    const limit = body.limit || 250;
-    const child = spawn("rg", args, { cwd: APP_ROOT, stdio: ["ignore", "pipe", "pipe"], uid: DECO_UID, gid: DECO_GID });
-    let stdout = "";
-    let lineCount = 0;
-    child.stdout.on("data", (chunk) => {
-      const text = chunk.toString("utf-8");
-      const lines = text.split("\\n");
-      for (const line of lines) {
-        if (lineCount >= limit) break;
-        if (line) { stdout += (stdout ? "\\n" : "") + line; lineCount++; }
-      }
-    });
-    let stderr = "";
-    child.stderr.on("data", (chunk) => { stderr += chunk.toString("utf-8"); });
-    child.on("close", (code) => {
-      // rg exits 1 when no matches found — not an error
-      if (code > 1) return jsonResponse(res, 500, { error: stderr || "rg failed with code " + code });
-      jsonResponse(res, 200, { results: stdout, matchCount: lineCount });
-    });
-  } catch (e) {
-    jsonResponse(res, 500, { error: e.message });
-  }
-}
-
-async function handleGlob(req, res) {
-  try {
-    const body = await parseJsonBody(req);
-    if (!body.pattern) return jsonResponse(res, 400, { error: "pattern is required" });
-
-    const searchPath = body.path ? safePath(body.path) : APP_ROOT;
-    if (!searchPath) return jsonResponse(res, 400, { error: "Path escapes /app" });
-
-    const child = spawn("rg", ["--files", "--glob", body.pattern, searchPath], { cwd: APP_ROOT, stdio: ["ignore", "pipe", "pipe"], uid: DECO_UID, gid: DECO_GID });
-    let stdout = "";
-    child.stdout.on("data", (chunk) => { stdout += chunk.toString("utf-8"); });
-    let stderr = "";
-    child.stderr.on("data", (chunk) => { stderr += chunk.toString("utf-8"); });
-    child.on("close", (code) => {
-      if (code > 1) return jsonResponse(res, 500, { error: stderr || "rg failed with code " + code });
-      const files = stdout.split("\\n").filter(Boolean).slice(0, 1000).map(f => {
-        return f.startsWith(APP_ROOT + "/") ? f.slice(APP_ROOT.length + 1) : f;
-      });
-      jsonResponse(res, 200, { files: files });
-    });
-  } catch (e) {
-    jsonResponse(res, 500, { error: e.message });
-  }
-}
-
-async function handleBash(req, res) {
-  try {
-    const body = await parseJsonBody(req);
-    if (!body.command || typeof body.command !== "string") return jsonResponse(res, 400, { error: "command is required" });
-
-    const timeout = Math.min(body.timeout || 30000, 120000);
-    const child = spawn("bash", ["-c", body.command], {
-      cwd: APP_ROOT,
-      stdio: ["ignore", "pipe", "pipe"],
-      uid: DECO_UID,
-      gid: DECO_GID,
-      env: DECO_ENV,
-    });
-
-    let stdout = "";
-    let stderr = "";
-    let killed = false;
-    child.stdout.on("data", (chunk) => { stdout += chunk.toString("utf-8"); });
-    child.stderr.on("data", (chunk) => { stderr += chunk.toString("utf-8"); });
-
-    const timer = setTimeout(() => {
-      killed = true;
-      try { child.kill("SIGKILL"); } catch (e) {}
-    }, timeout);
-
-    child.on("close", (code) => {
-      clearTimeout(timer);
-      jsonResponse(res, 200, { stdout: stdout, stderr: stderr, exitCode: killed ? -1 : (code ?? 1) });
-    });
-  } catch (e) {
-    jsonResponse(res, 500, { error: e.message });
-  }
-}
-
-// --- HTTP server ---
-http.createServer(async (req, res) => {
-  if (!req.url.startsWith("/_decopilot_vm/")) {
-    log("proxy", req.method, req.url);
-  }
-
-  // SSE endpoint
-  if (req.url === "/_decopilot_vm/events" && req.method === "GET") {
-    if (sseClients.size >= MAX_SSE_CLIENTS) {
-      log("SSE rejected (max clients)");
-      res.writeHead(429, { "Access-Control-Allow-Origin": "*" });
-      res.end("Too many connections");
-      return;
-    }
-    res.writeHead(200, {
-      "Content-Type": "text/event-stream",
-      "Cache-Control": "no-cache",
-      "Connection": "keep-alive",
-      "Access-Control-Allow-Origin": "*",
-    });
-    // 1. Replay status
-    res.write("event: status\\ndata: " + JSON.stringify({ type: "status", ...lastStatus }) + "\\n\\n");
-    // 2. Replay log buffers
-    for (const source of Object.keys(replayBuffers)) {
-      const buf = replayBuffers[source];
-      if (buf && buf.length > 0) {
-        const payload = JSON.stringify({ source: source, data: buf });
-        res.write("event: log\\ndata: " + payload + "\\n\\n");
-      }
-    }
-    // 3. Replay discovered scripts
-    if (discoveredScripts) {
-      res.write("event: scripts\\ndata: " + JSON.stringify({ type: "scripts", scripts: discoveredScripts }) + "\\n\\n");
-    }
-    // 4. Replay active processes
-    const active = Object.keys(children).filter(k => children[k] !== null);
-    res.write("event: processes\\ndata: " + JSON.stringify({ type: "processes", active: active }) + "\\n\\n");
-
-    sseClients.add(res);
-    log("SSE connect, clients=" + sseClients.size);
-    req.on("close", () => { sseClients.delete(res); log("SSE disconnect, clients=" + sseClients.size); });
-    const ka = setInterval(() => {
-      if (!res.writable) { clearInterval(ka); sseClients.delete(res); return; }
-      res.write("event: status\\ndata: " + JSON.stringify({ type: "status", ...lastStatus }) + "\\n\\n");
-    }, 15000);
-    req.on("close", () => { clearInterval(ka); });
-    return;
-  }
-
-  // File operation endpoints
-  if (req.method === "POST" && req.url === "/_decopilot_vm/read") return handleRead(req, res);
-  if (req.method === "POST" && req.url === "/_decopilot_vm/write") return handleWrite(req, res);
-  if (req.method === "POST" && req.url === "/_decopilot_vm/edit") return handleEdit(req, res);
-  if (req.method === "POST" && req.url === "/_decopilot_vm/grep") return handleGrep(req, res);
-  if (req.method === "POST" && req.url === "/_decopilot_vm/glob") return handleGlob(req, res);
-  if (req.method === "POST" && req.url === "/_decopilot_vm/bash") return handleBash(req, res);
-
-  // Exec endpoint — run any script by name
-  if (req.method === "POST" && req.url.startsWith("/_decopilot_vm/exec/")) {
-    const name = req.url.slice("/_decopilot_vm/exec/".length);
-    if (!name) {
-      res.writeHead(400, { "Content-Type": "application/json", "Access-Control-Allow-Origin": "*" });
-      res.end(JSON.stringify({ error: "missing script name" }));
-      return;
-    }
-    if (name === "setup") {
-      log("exec setup");
-      runSetup();
-      res.writeHead(200, { "Content-Type": "application/json", "Access-Control-Allow-Origin": "*" });
-      res.end(JSON.stringify({ ok: true }));
-      return;
-    }
-    if (!PM || !setupDone) {
-      log("exec rejected: setup not done or no package manager");
-      res.writeHead(400, { "Content-Type": "application/json", "Access-Control-Allow-Origin": "*" });
-      res.end(JSON.stringify({ error: "setup not complete" }));
-      return;
-    }
-    const pmConfig = PM_CONFIG[PM];
-    if (!pmConfig) {
-      res.writeHead(400, { "Content-Type": "application/json", "Access-Control-Allow-Origin": "*" });
-      res.end(JSON.stringify({ error: "unknown package manager" }));
-      return;
-    }
-    const cmd = PATH_PREFIX + "cd /app && HOST=0.0.0.0 HOSTNAME=0.0.0.0 PORT=" + PORT + " " + pmConfig.runPrefix + " " + name;
-    const label = "$ " + pmConfig.runPrefix + " " + name;
-    log("exec", name);
-    runProcess(name, cmd, label);
-    res.writeHead(200, { "Content-Type": "application/json", "Access-Control-Allow-Origin": "*" });
-    res.end(JSON.stringify({ ok: true }));
-    return;
-  }
-
-  // Kill endpoint
-  if (req.method === "POST" && req.url.startsWith("/_decopilot_vm/kill/")) {
-    const name = req.url.slice("/_decopilot_vm/kill/".length);
-    if (children[name]) {
-      log("kill", name, "pid=" + children[name].pid);
-      try { children[name].kill("SIGKILL"); } catch (e) {}
-      children[name] = null;
-      broadcastEvent("processes", { type: "processes", active: Object.keys(children).filter(k => children[k] !== null) });
-    } else {
-      log("kill", name, "(no process running)");
-    }
-    res.writeHead(200, { "Content-Type": "application/json", "Access-Control-Allow-Origin": "*" });
-    res.end(JSON.stringify({ ok: true }));
-    return;
-  }
-
-  // Scripts endpoint (fallback for missed SSE)
-  if (req.method === "GET" && req.url === "/_decopilot_vm/scripts") {
-    res.writeHead(200, { "Content-Type": "application/json", "Access-Control-Allow-Origin": "*" });
-    res.end(JSON.stringify({ scripts: discoveredScripts || [] }));
-    return;
-  }
-
-  // CORS preflight
-  if (req.method === "OPTIONS" && req.url.startsWith("/_decopilot_vm/")) {
-    res.writeHead(204, {
-      "Access-Control-Allow-Origin": "*",
-      "Access-Control-Allow-Methods": "GET, POST",
-      "Access-Control-Allow-Headers": "Content-Type",
-    });
-    res.end();
-    return;
-  }
-
-  // Catch-all for unmatched /_decopilot_vm/ routes — return 404 with CORS
-  if (req.url.startsWith("/_decopilot_vm/")) {
-    log("unmatched daemon route", req.method, req.url);
-    jsonResponse(res, 404, { error: "Not found: " + req.url });
-    return;
-  }
-
-  // Reverse proxy to upstream
-  const hdrs = Object.assign({}, req.headers);
-  delete hdrs["accept-encoding"];
-  const opts = { hostname: UPSTREAM_HOST, port: UPSTREAM, path: req.url, method: req.method, headers: hdrs };
-  const p = http.request(opts, (upstream) => {
-    delete upstream.headers["x-frame-options"];
-    delete upstream.headers["content-security-policy"];
-    delete upstream.headers["content-encoding"];
-    const ct = (upstream.headers["content-type"] || "").toLowerCase();
-    if (ct.includes("text/html")) {
-      delete upstream.headers["content-length"];
-      res.writeHead(upstream.statusCode, upstream.headers);
-      const chunks = [];
-      upstream.on("data", (c) => chunks.push(c));
-      upstream.on("end", () => {
-        let html = Buffer.concat(chunks).toString("utf-8");
-        const idx = html.lastIndexOf("</body>");
-        if (idx !== -1) {
-          html = html.slice(0, idx) + BOOTSTRAP + html.slice(idx);
-        } else {
-          html += BOOTSTRAP;
-        }
-        res.end(html);
-      });
-    } else {
-      res.writeHead(upstream.statusCode, upstream.headers);
-      upstream.pipe(res);
-    }
-  });
-  p.on("error", (e) => {
-    log("proxy error", req.method, req.url, e.message);
-    const connErr = ["ECONNREFUSED", "ECONNRESET", "ECONNABORTED"].includes(e.code);
-    if (req.url === "/" && connErr) {
-      res.writeHead(503, { "Content-Type": "text/html; charset=utf-8", "Retry-After": "1", "Access-Control-Allow-Origin": "*" });
-      res.end('<!DOCTYPE html><html><head><meta charset="utf-8"><title>Starting...</title><style>body{font-family:system-ui,sans-serif;display:flex;align-items:center;justify-content:center;min-height:100vh;margin:0;background:#fafafa;color:#555}div{text-align:center}p{margin-top:8px;font-size:14px;color:#999}</style></head><body><div><h3>Server is starting\\u2026</h3><p>This page will refresh automatically.</p></div><script>setTimeout(function(){window.location.reload()},1000)</script></body></html>');
-      return;
-    }
-    jsonResponse(res, 502, { error: "proxy error: " + e.message });
-  });
-  req.pipe(p);
-}).listen(PROXY_PORT, "0.0.0.0");
-
-// Auto-start setup on daemon boot
-log("starting setup: cloning " + REPO_NAME);
-runSetup();
-`;
-}
diff --git a/apps/mesh/src/tools/vm/helpers.test.ts b/apps/mesh/src/tools/vm/helpers.test.ts
index 5a4502208d..7022dc82cc 100644
--- a/apps/mesh/src/tools/vm/helpers.test.ts
+++ b/apps/mesh/src/tools/vm/helpers.test.ts
@@ -1,6 +1,6 @@
 import { describe, it, expect } from "bun:test";
 import { resolveRuntimeConfig } from "./helpers";
-import type { VmMetadata } from "./types";
+type VmMetadata = Record<string, unknown>;
 
 describe("resolveRuntimeConfig", () => {
   it("returns null packageManager when no runtime config is set", () => {
@@ -9,7 +9,7 @@ describe("resolveRuntimeConfig", () => {
 
     expect(result.packageManager).toBeNull();
     expect(result.runtime).toBeNull();
-    expect(result.port).toBe("3000");
+    expect(result.port).toBeNull();
     expect(result.runtimeBinPath).toBeNull();
   });
 
@@ -80,9 +80,9 @@ describe("resolveRuntimeConfig", () => {
     expect(result.runtimeBinPath).toBe("/opt/deno/bin");
   });
 
-  it("defaults port to 3000", () => {
+  it("port is null when not explicitly set", () => {
     const metadata: VmMetadata = { runtime: { selected: "npm" } };
     const result = resolveRuntimeConfig(metadata);
-    expect(result.port).toBe("3000");
+    expect(result.port).toBeNull();
   });
 });
diff --git a/apps/mesh/src/tools/vm/helpers.ts b/apps/mesh/src/tools/vm/helpers.ts
index fc616b9e67..2f416dfbf1 100644
--- a/apps/mesh/src/tools/vm/helpers.ts
+++ b/apps/mesh/src/tools/vm/helpers.ts
@@ -6,6 +6,8 @@
  * - Runtime detection logic (resolveRuntimeConfig)
  */
 
+import type { VmMapEntry } from "@decocms/mesh-sdk";
+
 import {
   requireAuth,
   requireOrganization,
@@ -14,15 +16,24 @@ import {
 } from "../../core/mesh-context";
 import { PACKAGE_MANAGER_CONFIG } from "../../shared/runtime-defaults";
 import type { PackageManager } from "../../shared/runtime-defaults";
-import type { VmMetadata } from "./types";
+import { readVmMap, resolveVm } from "./vm-map";
+
+type RuntimeConfigMeta = {
+  runtime?: {
+    selected?: string | null;
+    port?: string | null;
+    path?: string | null;
+  } | null;
+};
 
 /**
  * Extracts common auth + lookup boilerplate shared by all VM tools.
  * Validates auth, checks access, fetches and validates the Virtual MCP,
- * and returns the metadata and active VM entry for the current user.
+ * and returns the metadata and vmMap entry for the current user on the
+ * specified branch. `entry` is null when no vm is registered for that pair.
  */
 export async function requireVmEntry(
-  input: { virtualMcpId: string },
+  input: { virtualMcpId: string; branch: string },
   ctx: MeshContext,
 ) {
   requireAuth(ctx);
@@ -34,41 +45,48 @@ export async function requireVmEntry(
   if (!virtualMcp || virtualMcp.organization_id !== organization.id) {
     throw new Error("Virtual MCP not found");
   }
-  const metadata = virtualMcp.metadata as VmMetadata;
-  const entry = metadata.activeVms?.[userId];
+  const metadata = (virtualMcp.metadata ?? {}) as Record<string, unknown>;
+  const vmMap = readVmMap(metadata);
+  const entry: VmMapEntry | null = resolveVm(vmMap, userId, input.branch);
   return { virtualMcp, metadata, userId, entry, organization };
 }
 
 /**
  * Resolves package manager and runtime config from Virtual MCP metadata.
  * Returns null packageManager/runtime when no package manager is selected
- * (clone-only mode for non-JS repos).
+ * (clone-only mode for non-JS repos). `port` is null unless the user
+ * explicitly pinned one — runners free to pick a free port otherwise.
  */
-export function resolveRuntimeConfig(metadata: VmMetadata) {
-  const selected = metadata.runtime?.selected ?? null;
+export function resolveRuntimeConfig(metadata: Record<string, unknown>) {
+  const runtime = (metadata as RuntimeConfigMeta).runtime ?? null;
+  const selected = runtime?.selected ?? null;
   const pm = selected as PackageManager | null;
+  const port = runtime?.port ?? null;
+  const packageManagerPath = runtime?.path ?? null;
 
   if (!pm || !(pm in PACKAGE_MANAGER_CONFIG)) {
     return {
       packageManager: null,
       runtime: null,
-      port: metadata.runtime?.port ?? "3000",
+      port,
+      packageManagerPath,
       runtimeBinPath: null,
     };
   }
 
-  const runtime = PACKAGE_MANAGER_CONFIG[pm].runtime;
+  const pmRuntime = PACKAGE_MANAGER_CONFIG[pm].runtime;
   const runtimeBinPath =
-    runtime === "deno"
+    pmRuntime === "deno"
       ? "/opt/deno/bin"
-      : runtime === "bun"
+      : pmRuntime === "bun"
         ? "/opt/bun/bin"
         : null;
 
   return {
     packageManager: pm,
-    runtime,
-    port: metadata.runtime?.port ?? "3000",
+    runtime: pmRuntime,
+    port,
+    packageManagerPath,
     runtimeBinPath,
   };
 }
diff --git a/apps/mesh/src/tools/vm/index.ts b/apps/mesh/src/tools/vm/index.ts
index 1f67662569..ae506d3813 100644
--- a/apps/mesh/src/tools/vm/index.ts
+++ b/apps/mesh/src/tools/vm/index.ts
@@ -1,7 +1,7 @@
 /**
  * VM Tools
  *
- * Tools for Freestyle VM management (app-only, not visible to AI models).
+ * Tools for VM lifecycle management (app-only, not visible to AI models).
  */
 
 export { VM_START } from "./start";
diff --git a/apps/mesh/src/tools/vm/start.test.ts b/apps/mesh/src/tools/vm/start.test.ts
index b5dfa09e9b..4ce3b62340 100644
--- a/apps/mesh/src/tools/vm/start.test.ts
+++ b/apps/mesh/src/tools/vm/start.test.ts
@@ -1,92 +1,83 @@
-import { createHash } from "node:crypto";
 import { describe, it, expect, mock, beforeEach } from "bun:test";
+import type { VmMap, VmMapEntry } from "@decocms/mesh-sdk";
 import type { MeshContext } from "../../core/mesh-context";
-import type { VmEntry, VmMetadata } from "./types";
-
-// ---------------------------------------------------------------------------
-// Mock freestyle-sandboxes BEFORE importing VM_START (Bun requires this order)
-// ---------------------------------------------------------------------------
-
-const mockRoute = mock((): Promise<void> => Promise.resolve());
-
-const mockVmsCreate = mock(
-  (
-    _input: unknown,
-  ): Promise<{
-    vmId: string;
-    vm: { terminal: { logs: { route: typeof mockRoute } } };
-  }> =>
-    Promise.resolve({
-      vmId: "vm_xyz",
-      vm: { terminal: { logs: { route: mockRoute } } },
-    }),
+import type {
+  EnsureOptions,
+  Sandbox,
+  SandboxId,
+  SandboxRunner,
+} from "@decocms/sandbox/runner";
+import { composeSandboxRef } from "@decocms/sandbox/runner";
+
+// Pin runner kind — the dev env flips STUDIO_SANDBOX_RUNNER and VM_START
+// reads it at handler time. Freestyle resolution also requires
+// FREESTYLE_API_KEY; stub it so resolution doesn't throw under the test runner.
+process.env.STUDIO_SANDBOX_RUNNER = "freestyle";
+process.env.FREESTYLE_API_KEY ??= "test-stub-key";
+
+// Mock runner BEFORE importing VM_START — handler is runner-agnostic
+// and we don't want to pull the real freestyle SDK.
+
+const mockEnsure = mock(
+  async (_id: SandboxId, _opts?: EnsureOptions): Promise<Sandbox> => ({
+    handle: "vm_xyz",
+    workdir: "/app",
+    previewUrl: "https://stub.preview/",
+  }),
 );
 
-const mockVmStart = mock((): Promise<void> => Promise.resolve());
-const mockVmExec = mock((_input: unknown): Promise<void> => Promise.resolve());
-
-class MockVmSpec {
-  builders: Record<string, unknown> = {};
-  _files: unknown = undefined;
-  _services: Record<string, unknown>[] = [];
-
-  with(key: string, builder: unknown): MockVmSpec {
-    const next = Object.assign(new MockVmSpec(), this);
-    next.builders = { ...this.builders, [key]: builder };
-    return next;
-  }
-  additionalFiles(files: unknown): MockVmSpec {
-    const next = Object.assign(new MockVmSpec(), this);
-    next._files = files;
-    return next;
-  }
-  systemdService(svc: Record<string, unknown>): MockVmSpec {
-    const next = Object.assign(new MockVmSpec(), this);
-    next._services = [...this._services, svc];
-    return next;
-  }
+const mockFreestyleDelete = mock(async (_handle: string) => {});
+const mockDockerDelete = mock(async (_handle: string) => {});
+
+async function* readyOnly() {
+  yield { kind: "ready" as const };
 }
 
-mock.module("freestyle-sandboxes", () => ({
-  VmSpec: MockVmSpec,
-  freestyle: {
-    vms: {
-      create: (a: unknown) => mockVmsCreate(a),
-      ref: (_input: unknown) => ({
-        start: () => mockVmStart(),
-        exec: (cmd: unknown) => mockVmExec(cmd),
-      }),
-    },
-  },
-}));
+const mockRunner: SandboxRunner = {
+  kind: "freestyle",
+  ensure: (id, opts) => mockEnsure(id, opts),
+  exec: async () => ({ stdout: "", stderr: "", exitCode: 0, timedOut: false }),
+  delete: (handle) => mockFreestyleDelete(handle),
+  alive: async () => true,
+  getPreviewUrl: async () => "https://stub.preview/",
+  proxyDaemonRequest: async () => new Response(null, { status: 204 }),
+  watchClaimLifecycle: () => readyOnly(),
+};
 
-// Mock Freestyle integration packages
-mock.module("@freestyle-sh/with-nodejs", () => ({
-  VmNodeJs: class VmNodeJs {},
-}));
-mock.module("@freestyle-sh/with-deno", () => ({
-  VmDeno: class VmDeno {},
-}));
-mock.module("@freestyle-sh/with-bun", () => ({
-  VmBun: class VmBun {},
+const mockDockerRunner: SandboxRunner = {
+  kind: "docker",
+  ensure: (id, opts) => mockEnsure(id, opts),
+  exec: async () => ({ stdout: "", stderr: "", exitCode: 0, timedOut: false }),
+  delete: (handle) => mockDockerDelete(handle),
+  alive: async () => true,
+  getPreviewUrl: async () => "https://stub.preview/",
+  proxyDaemonRequest: async () => new Response(null, { status: 204 }),
+  watchClaimLifecycle: () => readyOnly(),
+};
+
+mock.module("../../sandbox/lifecycle", () => ({
+  getSharedRunner: () => mockRunner,
+  getRunnerByKind: (_ctx: unknown, kind: "docker" | "freestyle") =>
+    kind === "docker" ? mockDockerRunner : mockRunner,
+  getSharedRunnerIfInit: () => mockRunner,
+  getOrInitSharedRunner: async () => mockRunner,
+  asDockerRunner: () => null,
+  // Bun's mock.module persists across test files in the same shard. Other
+  // tests in the shard (e.g. oauth-proxy.e2e.test.ts) load app.ts which
+  // imports subscribeLifecycle from this module — keep the export shape
+  // complete so subsequent loads don't hit "Export named ... not found".
+  subscribeLifecycle: () => ({ unsubscribe: () => {} }),
+  __resetSharedLifecyclesForTesting: () => {},
 }));
-// Mock downstream token storage to return a test token
+
+const { DownstreamTokenStorage: RealDownstreamTokenStorage } = await import(
+  "../../storage/downstream-token"
+);
+import type { DownstreamTokenData } from "../../storage/downstream-token";
+import type { DownstreamToken } from "../../storage/types";
+
 const mockTokenGet = mock(
-  async (
-    _connectionId: string,
-  ): Promise<{
-    id: string;
-    connectionId: string;
-    accessToken: string;
-    refreshToken: null;
-    scope: null;
-    expiresAt: null;
-    createdAt: string;
-    updatedAt: string;
-    clientId: null;
-    clientSecret: null;
-    tokenEndpoint: null;
-  } | null> => ({
+  async (_connectionId: string): Promise<DownstreamToken | null> => ({
     id: "dtok_1",
     connectionId: "conn_github_1",
     accessToken: "ghu_test_token_123",
@@ -101,12 +92,8 @@ const mockTokenGet = mock(
   }),
 );
 
-// Load the real class first so our mock can extend it — otherwise this
-// mock.module leaks a class that only has `get()` into every test file that
-// loads after this one.
-const { DownstreamTokenStorage: RealDownstreamTokenStorage } = await import(
-  "../../storage/downstream-token"
-);
+const mockTokenUpsert = mock(async (_data: DownstreamTokenData) => {});
+const mockTokenDelete = mock(async (_connectionId: string) => {});
 
 mock.module("../../storage/downstream-token", () => ({
   DownstreamTokenStorage: class MockDownstreamTokenStorage extends RealDownstreamTokenStorage {
@@ -116,41 +103,83 @@ mock.module("../../storage/downstream-token", () => ({
       }
       return super.get(connectionId);
     }
+    override async upsert(data: DownstreamTokenData) {
+      if (data.connectionId === "conn_github_1") {
+        await mockTokenUpsert(data);
+        return {
+          id: "dtok_1",
+          connectionId: data.connectionId,
+          accessToken: data.accessToken,
+          refreshToken: data.refreshToken,
+          scope: data.scope,
+          expiresAt: data.expiresAt,
+          clientId: data.clientId,
+          clientSecret: data.clientSecret,
+          tokenEndpoint: data.tokenEndpoint,
+          createdAt: new Date().toISOString(),
+          updatedAt: new Date().toISOString(),
+        };
+      }
+      return super.upsert(data);
+    }
+    override async delete(connectionId: string) {
+      if (connectionId === "conn_github_1") {
+        await mockTokenDelete(connectionId);
+        return;
+      }
+      return super.delete(connectionId);
+    }
   },
 }));
 
-// Now import after mocking
+const mockRefreshAccessToken = mock(
+  async (): Promise<{
+    success: boolean;
+    accessToken?: string;
+    refreshToken?: string;
+    expiresIn?: number;
+    scope?: string;
+    error?: string;
+  }> => ({ success: true, accessToken: "ghu_refreshed_token" }),
+);
+mock.module("@/oauth/refresh-access-token", () => ({
+  refreshAccessToken: mockRefreshAccessToken,
+}));
+
 const { VM_START } = await import("./start");
 
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
+const BRANCH = "feat/example";
+const ORG_ID = "org_1";
+const VMCP_ID = "vmcp_1";
+const USER_ID = "user_1";
+
+const EXPECTED_REF = composeSandboxRef({
+  orgId: ORG_ID,
+  virtualMcpId: VMCP_ID,
+  branch: BRANCH,
+});
 
-// Expected domain key for virtualMcpId="vmcp_1", userId="user_1"
-const DOMAIN_KEY = createHash("md5")
-  .update("vmcp_1:user_1")
-  .digest("hex")
-  .slice(0, 16);
+type Metadata = {
+  githubRepo: { owner: string; name: string; connectionId: string };
+  runtime: { selected: string; port: string };
+  vmMap?: VmMap;
+};
 
-const BASE_METADATA: VmMetadata = {
+const BASE_METADATA: Metadata = {
   githubRepo: {
     owner: "acme",
     name: "app",
     connectionId: "conn_github_1",
   },
-  runtime: {
-    selected: "npm",
-    port: "3000",
-  },
+  runtime: { selected: "npm", port: "3000" },
 };
 
-const CACHED_ENTRY: VmEntry = {
+const CACHED_ENTRY: VmMapEntry = {
   vmId: "vm_cached",
-  previewUrl: "https://virtual-mcp-id.deco.studio",
-  terminalUrl: null,
+  previewUrl: "https://cached.preview/",
 };
 
-function makeVirtualMcp(orgId: string, metadata: VmMetadata, id = "vmcp_1") {
+function makeVirtualMcp(orgId: string, metadata: Metadata, id = VMCP_ID) {
   return {
     id,
     organization_id: orgId,
@@ -158,7 +187,7 @@ function makeVirtualMcp(orgId: string, metadata: VmMetadata, id = "vmcp_1") {
     title: "Test Virtual MCP",
     created_at: new Date().toISOString(),
     updated_at: new Date().toISOString(),
-    created_by: "user_1",
+    created_by: USER_ID,
   };
 }
 
@@ -169,8 +198,8 @@ function makeCtx(overrides: {
   updateSpy?: ReturnType<typeof mock>;
 }): MeshContext {
   const {
-    orgId = "org_1",
-    userId = "user_1",
+    orgId = ORG_ID,
+    userId = USER_ID,
     virtualMcp,
     updateSpy = mock(async () => {}),
   } = overrides;
@@ -181,7 +210,7 @@ function makeCtx(overrides: {
     auth: {
       user: {
         id: userId,
-        email: "[email protected]",
+        email: "test@example.com",
         name: "Test",
         role: "user",
       },
@@ -194,10 +223,7 @@ function makeCtx(overrides: {
       setToolName: () => {},
     },
     storage: {
-      virtualMcps: {
-        findById,
-        update: updateSpy,
-      },
+      virtualMcps: { findById, update: updateSpy },
     } as never,
     timings: {
       measure: async <T>(_name: string, cb: () => Promise<T>) => await cb(),
@@ -234,24 +260,19 @@ function makeCtx(overrides: {
   } as unknown as MeshContext;
 }
 
-// ---------------------------------------------------------------------------
-// Tests
-// ---------------------------------------------------------------------------
-
 describe("VM_START", () => {
   beforeEach(() => {
-    mockVmsCreate.mockReset();
-    mockVmStart.mockReset();
-    mockVmExec.mockReset();
-    mockRoute.mockReset();
+    mockEnsure.mockReset();
+    mockFreestyleDelete.mockReset();
+    mockDockerDelete.mockReset();
+    mockFreestyleDelete.mockImplementation(async () => {});
+    mockDockerDelete.mockImplementation(async () => {});
     mockTokenGet.mockReset();
-    mockVmsCreate.mockImplementation(async () => ({
-      vmId: "vm_xyz",
-      vm: { terminal: { logs: { route: mockRoute } } },
+    mockEnsure.mockImplementation(async () => ({
+      handle: "vm_xyz",
+      workdir: "/app",
+      previewUrl: "https://stub.preview/",
     }));
-    mockVmStart.mockImplementation(async () => {});
-    mockVmExec.mockImplementation(async () => {});
-    mockRoute.mockImplementation(async () => {});
     mockTokenGet.mockImplementation(async () => ({
       id: "dtok_1",
       connectionId: "conn_github_1",
@@ -265,189 +286,334 @@ describe("VM_START", () => {
       clientSecret: null,
       tokenEndpoint: null,
     }));
+    mockRefreshAccessToken.mockReset();
+    mockRefreshAccessToken.mockImplementation(async () => ({
+      success: true,
+      accessToken: "ghu_refreshed_token",
+    }));
+    mockTokenUpsert.mockReset();
+    mockTokenUpsert.mockImplementation(async () => {});
+    mockTokenDelete.mockReset();
+    mockTokenDelete.mockImplementation(async () => {});
   });
 
-  it("returns cached entry with isNewVm: false when activeVms[userId] is already set", async () => {
-    const metadata: VmMetadata = {
-      ...BASE_METADATA,
-      activeVms: { user_1: CACHED_ENTRY },
-    };
-    const virtualMcp = makeVirtualMcp("org_1", metadata);
-    const ctx = makeCtx({ virtualMcp });
+  it("calls runner.ensure with composed projectRef + repo + workload", async () => {
+    const virtualMcp = makeVirtualMcp(ORG_ID, BASE_METADATA);
+    const updateSpy = mock(async () => {});
+    const ctx = makeCtx({ virtualMcp, updateSpy });
 
-    const result = await VM_START.handler({ virtualMcpId: "vmcp_1" }, ctx);
+    await VM_START.handler({ virtualMcpId: VMCP_ID, branch: BRANCH }, ctx);
 
-    expect(result).toEqual({ ...CACHED_ENTRY, isNewVm: false });
-    expect(result.isNewVm).toBe(false);
-    expect(mockVmsCreate).not.toHaveBeenCalled();
-    expect(mockVmExec).not.toHaveBeenCalled();
-    expect(mockRoute).not.toHaveBeenCalled();
+    expect(mockTokenGet).toHaveBeenCalledWith("conn_github_1");
+    expect(mockEnsure).toHaveBeenCalledTimes(1);
+    const [id, opts] = mockEnsure.mock.calls[0]! as [SandboxId, EnsureOptions];
+    expect(id).toEqual({ userId: USER_ID, projectRef: EXPECTED_REF });
+    expect(opts.repo?.cloneUrl).toContain("acme/app");
+    expect(opts.repo?.branch).toBe(BRANCH);
+    expect(opts.repo?.displayName).toBe("acme/app");
+    expect(opts.workload).toEqual({
+      runtime: "node",
+      packageManager: "npm",
+      devPort: 3000,
+    });
   });
 
-  it("creates a new VM with isNewVm: true and persists entry when no existing activeVms entry", async () => {
-    const metadata: VmMetadata = {
-      ...BASE_METADATA,
-      activeVms: { other_user: CACHED_ENTRY },
-    };
-    const virtualMcp = makeVirtualMcp("org_1", metadata);
+  it("persists vmMap entry with handle + previewUrl + runnerKind", async () => {
+    mockEnsure.mockImplementation(async () => ({
+      handle: "vm_xyz",
+      workdir: "/app",
+      previewUrl: "https://stub.preview/",
+    }));
+    const virtualMcp = makeVirtualMcp(ORG_ID, BASE_METADATA);
     const updateSpy = mock(async () => {});
     const ctx = makeCtx({ virtualMcp, updateSpy });
 
-    const result = await VM_START.handler({ virtualMcpId: "vmcp_1" }, ctx);
-
-    // Token fetched from downstream_tokens
-    expect(mockTokenGet).toHaveBeenCalledWith("conn_github_1");
-    expect(mockVmsCreate).toHaveBeenCalledTimes(1);
+    const result = await VM_START.handler(
+      { virtualMcpId: VMCP_ID, branch: BRANCH },
+      ctx,
+    );
 
     expect(result.vmId).toBe("vm_xyz");
-    expect(result.previewUrl).toBe(`https://${DOMAIN_KEY}.deco.studio`);
-    expect(result.terminalUrl).toBeNull();
+    expect(result.previewUrl).toBe("https://stub.preview/");
+    expect(result.branch).toBe(BRANCH);
     expect(result.isNewVm).toBe(true);
+    expect(result.runnerKind).toBe("freestyle");
 
-    // storage.update called once: persist new VM entry (patchActiveVms)
     expect(updateSpy).toHaveBeenCalledTimes(1);
-
-    // Update preserves existing entries
     const updateCall = (updateSpy.mock.calls as unknown[][])[0]!;
-    const updatedMetadata = (updateCall[2] as { metadata: VmMetadata })
-      .metadata;
-    expect(updatedMetadata.activeVms?.["other_user"]).toEqual(CACHED_ENTRY);
-    expect(updatedMetadata.activeVms?.["user_1"]).toMatchObject({
+    const updated = (updateCall[2] as { metadata: { vmMap: VmMap } }).metadata;
+    const stored = updated.vmMap[USER_ID]?.[BRANCH];
+    expect(stored).toMatchObject({
       vmId: "vm_xyz",
+      previewUrl: "https://stub.preview/",
+      runnerKind: "freestyle",
     });
+    // Server-stamped; assert recency, not exact value.
+    expect(typeof stored?.createdAt).toBe("number");
+    expect(stored?.createdAt).toBeGreaterThan(Date.now() - 60_000);
   });
 
-  it("only includes daemon in systemd services", async () => {
-    const virtualMcp = makeVirtualMcp("org_1", BASE_METADATA);
+  it("returns isNewVm=false when runner.ensure returns the same handle as the existing entry", async () => {
+    mockEnsure.mockImplementation(async () => ({
+      handle: CACHED_ENTRY.vmId,
+      workdir: "/app",
+      previewUrl: CACHED_ENTRY.previewUrl,
+    }));
+    const metadata: Metadata = {
+      ...BASE_METADATA,
+      vmMap: { [USER_ID]: { [BRANCH]: CACHED_ENTRY } },
+    };
+    const virtualMcp = makeVirtualMcp(ORG_ID, metadata);
     const ctx = makeCtx({ virtualMcp });
 
-    await VM_START.handler({ virtualMcpId: "vmcp_1" }, ctx);
+    const result = await VM_START.handler(
+      { virtualMcpId: VMCP_ID, branch: BRANCH },
+      ctx,
+    );
 
-    const createCall = (mockVmsCreate.mock.calls as unknown[][])[0]![0] as {
-      spec: MockVmSpec;
-    };
+    expect(result.vmId).toBe(CACHED_ENTRY.vmId);
+    expect(result.isNewVm).toBe(false);
+  });
 
-    const serviceNames = createCall.spec._services.map((s) => s.name as string);
-    expect(serviceNames).toEqual([
-      "install-ripgrep",
-      "prepare-app-dir",
-      "daemon",
-    ]);
+  it("generates deco/* branch when input.branch is omitted and threads it into the ref", async () => {
+    const virtualMcp = makeVirtualMcp(ORG_ID, BASE_METADATA);
+    const updateSpy = mock(async () => {});
+    const ctx = makeCtx({ virtualMcp, updateSpy });
+
+    const result = await VM_START.handler({ virtualMcpId: VMCP_ID }, ctx);
+
+    expect(result.branch.startsWith("deco/")).toBe(true);
+    const [id] = mockEnsure.mock.calls[0]! as [SandboxId];
+    expect(id.projectRef).toBe(
+      composeSandboxRef({
+        orgId: ORG_ID,
+        virtualMcpId: VMCP_ID,
+        branch: result.branch,
+      }),
+    );
   });
 
-  it("daemon has no after dependency on dev-server", async () => {
-    const virtualMcp = makeVirtualMcp("org_1", BASE_METADATA);
+  it("propagates runner.ensure failures", async () => {
+    mockEnsure.mockImplementation(async () => {
+      throw new Error("runner blew up");
+    });
+    const virtualMcp = makeVirtualMcp(ORG_ID, BASE_METADATA);
     const ctx = makeCtx({ virtualMcp });
 
-    await VM_START.handler({ virtualMcpId: "vmcp_1" }, ctx);
+    await expect(
+      VM_START.handler({ virtualMcpId: VMCP_ID, branch: BRANCH }, ctx),
+    ).rejects.toThrow("runner blew up");
+  });
+
+  it("throws 'Virtual MCP not found' when findById returns null", async () => {
+    const ctx = makeCtx({ virtualMcp: null });
 
-    const createCall = (mockVmsCreate.mock.calls as unknown[][])[0]![0] as {
-      spec: MockVmSpec;
-    };
+    await expect(
+      VM_START.handler({ virtualMcpId: "vmcp_missing", branch: BRANCH }, ctx),
+    ).rejects.toThrow("Virtual MCP not found");
+  });
 
-    const daemon = createCall.spec._services.find((s) => s.name === "daemon")!;
-    expect((daemon.after as string[] | undefined) ?? []).not.toContain(
-      "dev-server.service",
-    );
+  it("throws 'Virtual MCP not found' when Virtual MCP belongs to a different org", async () => {
+    const virtualMcp = makeVirtualMcp("org_other", BASE_METADATA);
+    const ctx = makeCtx({ orgId: ORG_ID, virtualMcp });
+
+    await expect(
+      VM_START.handler({ virtualMcpId: VMCP_ID, branch: BRANCH }, ctx),
+    ).rejects.toThrow("Virtual MCP not found");
   });
 
-  it("passes idleTimeoutSeconds: 1800 to freestyle.vms.create", async () => {
-    const virtualMcp = makeVirtualMcp("org_1", BASE_METADATA);
+  it("throws when no GitHub token is found", async () => {
+    // Override mock to exercise the missing-token branch.
+    (
+      mockTokenGet as unknown as {
+        mockImplementation: (fn: () => Promise<null>) => void;
+      }
+    ).mockImplementation(async () => null);
+    const virtualMcp = makeVirtualMcp(ORG_ID, BASE_METADATA);
     const ctx = makeCtx({ virtualMcp });
 
-    await VM_START.handler({ virtualMcpId: "vmcp_1" }, ctx);
-
-    const createCall = (mockVmsCreate.mock.calls as unknown[][])[0]![0] as {
-      idleTimeoutSeconds: number;
-    };
-    expect(createCall.idleTimeoutSeconds).toBe(1800);
+    await expect(
+      VM_START.handler({ virtualMcpId: VMCP_ID, branch: BRANCH }, ctx),
+    ).rejects.toThrow("No GitHub token found");
   });
 
-  it("daemon script includes /_decopilot_vm/events SSE endpoint and setup source", async () => {
+  it("refreshes an expired GitHub token before handing it to the runner", async () => {
+    const pastExpiry = new Date(Date.now() - 60_000).toISOString();
+    mockTokenGet.mockImplementation(async () => ({
+      id: "dtok_1",
+      connectionId: "conn_github_1",
+      accessToken: "ghu_stale_token",
+      refreshToken: "ghr_refresh_123",
+      scope: "repo",
+      expiresAt: pastExpiry,
+      createdAt: new Date().toISOString(),
+      updatedAt: new Date().toISOString(),
+      clientId: "Iv1.test_client",
+      clientSecret: "test_secret",
+      tokenEndpoint: "https://github.com/login/oauth/access_token",
+    }));
+    mockRefreshAccessToken.mockImplementation(async () => ({
+      success: true,
+      accessToken: "ghu_refreshed_token",
+      refreshToken: "ghr_refresh_456",
+      expiresIn: 3600,
+      scope: "repo",
+    }));
+
     const virtualMcp = makeVirtualMcp("org_1", BASE_METADATA);
     const ctx = makeCtx({ virtualMcp });
 
-    await VM_START.handler({ virtualMcpId: "vmcp_1" }, ctx);
+    await VM_START.handler({ virtualMcpId: "vmcp_1", branch: BRANCH }, ctx);
 
-    const createCall = (mockVmsCreate.mock.calls as unknown[][])[0]![0] as {
-      spec: MockVmSpec;
+    expect(mockRefreshAccessToken).toHaveBeenCalledTimes(1);
+    expect(mockTokenUpsert).toHaveBeenCalledTimes(1);
+    const upsertArg = (mockTokenUpsert.mock.calls as unknown[][])[0]![0] as {
+      accessToken: string;
     };
+    expect(upsertArg.accessToken).toBe("ghu_refreshed_token");
 
-    const files = createCall.spec._files as Record<string, { content: string }>;
-    const daemonJs = files["/opt/daemon.js"];
-    expect(daemonJs).toBeDefined();
-    expect(daemonJs!.content).toContain("/_decopilot_vm/events");
-    expect(daemonJs!.content).toContain("text/event-stream");
-    expect(daemonJs!.content).toContain("/_decopilot_vm/exec/");
-    expect(daemonJs!.content).toContain("git clone");
-    expect(files["/opt/run-daemon.sh"]).toBeDefined();
+    const [, opts] = mockEnsure.mock.calls[0]! as [SandboxId, EnsureOptions];
+    expect(opts.repo?.cloneUrl).toContain("ghu_refreshed_token");
+    expect(opts.repo?.cloneUrl).not.toContain("ghu_stale_token");
   });
 
-  it("clears stale VM entry, creates new VM when vm.start() throws", async () => {
-    mockVmStart.mockRejectedValueOnce(new Error("VM not found"));
-    const metadata: VmMetadata = {
+  it("tears down the stale VM under its prior runner when the env runner flipped", async () => {
+    const staleEntry: VmMapEntry = {
+      vmId: "vm_docker_stale",
+      previewUrl: "https://docker.preview/",
+      runnerKind: "docker",
+    };
+    const metadata: Metadata = {
       ...BASE_METADATA,
-      activeVms: { user_1: CACHED_ENTRY },
+      vmMap: { [USER_ID]: { [BRANCH]: staleEntry } },
     };
-    const virtualMcp = makeVirtualMcp("org_1", metadata);
-    const updateSpy = mock(async () => {});
-    const ctx = makeCtx({ virtualMcp, updateSpy });
+    const virtualMcp = makeVirtualMcp(ORG_ID, metadata);
+    const ctx = makeCtx({ virtualMcp });
 
-    const result = await VM_START.handler({ virtualMcpId: "vmcp_1" }, ctx);
+    const result = await VM_START.handler(
+      { virtualMcpId: VMCP_ID, branch: BRANCH },
+      ctx,
+    );
 
-    expect(mockVmsCreate).toHaveBeenCalledTimes(1);
+    expect(mockDockerDelete).toHaveBeenCalledTimes(1);
+    expect(mockDockerDelete).toHaveBeenCalledWith("vm_docker_stale");
+    expect(mockFreestyleDelete).not.toHaveBeenCalled();
+    expect(mockEnsure).toHaveBeenCalledTimes(1);
+    expect(result.runnerKind).toBe("freestyle");
     expect(result.isNewVm).toBe(true);
-    expect(result.vmId).toBe("vm_xyz");
-
-    // updateSpy called twice: clear stale + persist new entry
-    expect(updateSpy).toHaveBeenCalledTimes(2);
   });
 
-  it("passes VmSpec integrations for bun runtime — includes node and bun runtime", async () => {
-    const metadata: VmMetadata = {
+  it("still provisions the new VM when the stale-runner teardown throws", async () => {
+    mockDockerDelete.mockImplementation(async () => {
+      throw new Error("docker runner gone");
+    });
+    const staleEntry: VmMapEntry = {
+      vmId: "vm_docker_stale",
+      previewUrl: "https://docker.preview/",
+      runnerKind: "docker",
+    };
+    const metadata: Metadata = {
       ...BASE_METADATA,
-      runtime: {
-        ...BASE_METADATA.runtime,
-        selected: "bun",
-      },
+      vmMap: { [USER_ID]: { [BRANCH]: staleEntry } },
     };
-    const virtualMcp = makeVirtualMcp("org_1", metadata);
+    const virtualMcp = makeVirtualMcp(ORG_ID, metadata);
     const ctx = makeCtx({ virtualMcp });
 
-    await VM_START.handler({ virtualMcpId: "vmcp_1" }, ctx);
-
-    const createCall = (mockVmsCreate.mock.calls as unknown[][])[0]![0] as {
-      spec: MockVmSpec;
-    };
+    const result = await VM_START.handler(
+      { virtualMcpId: VMCP_ID, branch: BRANCH },
+      ctx,
+    );
 
-    expect(createCall.spec.builders.node).toBeDefined();
-    expect(createCall.spec.builders.js).toBeDefined();
+    expect(mockDockerDelete).toHaveBeenCalledTimes(1);
+    expect(mockEnsure).toHaveBeenCalledTimes(1);
+    expect(result.vmId).toBe("vm_xyz");
+    expect(result.runnerKind).toBe("freestyle");
+    expect(result.isNewVm).toBe(true);
   });
 
-  it("throws 'Virtual MCP not found' when findById returns null", async () => {
-    const ctx = makeCtx({ virtualMcp: null });
-
-    await expect(
-      VM_START.handler({ virtualMcpId: "vmcp_missing" }, ctx),
-    ).rejects.toThrow("Virtual MCP not found");
+  it("skips freestyle teardown on runner flip — freestyle idles out on its own", async () => {
+    const original = process.env.STUDIO_SANDBOX_RUNNER;
+    process.env.STUDIO_SANDBOX_RUNNER = "docker";
+    try {
+      const staleEntry: VmMapEntry = {
+        vmId: "mh3fx1hmxzdz1h1agx4m",
+        previewUrl: "https://freestyle.preview/",
+        runnerKind: "freestyle",
+      };
+      const metadata: Metadata = {
+        ...BASE_METADATA,
+        vmMap: { [USER_ID]: { [BRANCH]: staleEntry } },
+      };
+      const virtualMcp = makeVirtualMcp(ORG_ID, metadata);
+      const ctx = makeCtx({ virtualMcp });
+
+      const result = await VM_START.handler(
+        { virtualMcpId: VMCP_ID, branch: BRANCH },
+        ctx,
+      );
+
+      expect(mockFreestyleDelete).not.toHaveBeenCalled();
+      expect(mockDockerDelete).not.toHaveBeenCalled();
+      expect(mockEnsure).toHaveBeenCalledTimes(1);
+      expect(result.runnerKind).toBe("docker");
+      expect(result.isNewVm).toBe(true);
+    } finally {
+      if (original === undefined) delete process.env.STUDIO_SANDBOX_RUNNER;
+      else process.env.STUDIO_SANDBOX_RUNNER = original;
+    }
   });
 
-  it("throws 'Virtual MCP not found' when Virtual MCP belongs to a different org", async () => {
-    const virtualMcp = makeVirtualMcp("org_other", BASE_METADATA);
-    const ctx = makeCtx({ orgId: "org_1", virtualMcp });
+  it("does not tear down anything when the existing entry is on the same runner", async () => {
+    const sameRunnerEntry: VmMapEntry = {
+      vmId: "vm_freestyle_existing",
+      previewUrl: "https://freestyle.preview/",
+      runnerKind: "freestyle",
+    };
+    const metadata: Metadata = {
+      ...BASE_METADATA,
+      vmMap: { [USER_ID]: { [BRANCH]: sameRunnerEntry } },
+    };
+    const virtualMcp = makeVirtualMcp(ORG_ID, metadata);
+    const ctx = makeCtx({ virtualMcp });
 
-    await expect(
-      VM_START.handler({ virtualMcpId: "vmcp_1" }, ctx),
-    ).rejects.toThrow("Virtual MCP not found");
+    await VM_START.handler({ virtualMcpId: VMCP_ID, branch: BRANCH }, ctx);
+
+    expect(mockFreestyleDelete).not.toHaveBeenCalled();
+    expect(mockDockerDelete).not.toHaveBeenCalled();
   });
 
-  it("throws when no GitHub token is found", async () => {
-    mockTokenGet.mockImplementation(async () => null);
+  it("throws RECONNECT_ERROR when refreshing an expired token fails", async () => {
+    const pastExpiry = new Date(Date.now() - 60_000).toISOString();
+    mockTokenGet.mockImplementation(async () => ({
+      id: "dtok_1",
+      connectionId: "conn_github_1",
+      accessToken: "ghu_stale_token",
+      refreshToken: "ghr_refresh_123",
+      scope: "repo",
+      expiresAt: pastExpiry,
+      createdAt: new Date().toISOString(),
+      updatedAt: new Date().toISOString(),
+      clientId: "Iv1.test_client",
+      clientSecret: "test_secret",
+      tokenEndpoint: "https://github.com/login/oauth/access_token",
+    }));
+    mockRefreshAccessToken.mockImplementation(async () => ({
+      success: false,
+      permanent: true,
+      status: 400,
+      errorCode: "invalid_grant",
+      error: "refresh token revoked",
+    }));
+
     const virtualMcp = makeVirtualMcp("org_1", BASE_METADATA);
     const ctx = makeCtx({ virtualMcp });
 
     await expect(
-      VM_START.handler({ virtualMcpId: "vmcp_1" }, ctx),
-    ).rejects.toThrow("No GitHub token found");
+      VM_START.handler({ virtualMcpId: "vmcp_1", branch: BRANCH }, ctx),
+    ).rejects.toThrow(
+      "GitHub token refresh failed — reconnect the mcp-github integration.",
+    );
+    expect(mockTokenDelete).toHaveBeenCalledWith("conn_github_1");
+    expect(mockEnsure).not.toHaveBeenCalled();
   });
 });
diff --git a/apps/mesh/src/tools/vm/start.ts b/apps/mesh/src/tools/vm/start.ts
index e33720f6f7..018e2f4295 100644
--- a/apps/mesh/src/tools/vm/start.ts
+++ b/apps/mesh/src/tools/vm/start.ts
@@ -1,81 +1,52 @@
 /**
- * VM_START Tool
+ * VM_START. Keyed by (userId, branch) in the Virtual MCP's `vmMap`.
+ * Runner-agnostic — dispatches through the active `SandboxRunner`; this
+ * handler only does `vmMap` bookkeeping. Branch defaults to
+ * `deco/<adjective>-<noun>` when omitted.
  *
- * Creates a Freestyle VM with the connected GitHub repo
- * and infrastructure-only systemd services (ttyd, terminal, iframe-proxy).
- * App-only tool — not visible to AI models.
- *
- * Install/dev lifecycle is handled by the in-VM daemon so VM_START returns fast.
- *
- * Freestyle docs: /v2/vms, /v2/vms/configuration/systemd-services,
- * /v2/vms/configuration/ports-networking, /v2/vms/configuration/domains
+ * Runner flips: if the existing entry's `runnerKind` differs from the env's
+ * current runner, the stale VM is torn down under its original runner before
+ * the new one is provisioned. Old VMs are ephemeral — not preserved.
  */
 
-import { createHash } from "node:crypto";
 import { z } from "zod";
+import type { VmMapEntry } from "@decocms/mesh-sdk";
+import {
+  composeSandboxRef,
+  resolveRunnerKindFromEnv,
+  type RunnerKind,
+  type Workload,
+} from "@decocms/sandbox/runner";
 import { defineTool } from "../../core/define-tool";
-import { VmSpec, freestyle } from "freestyle-sandboxes";
-import { VmDeno } from "@freestyle-sh/with-deno";
-import { VmBun } from "@freestyle-sh/with-bun";
-import { VmNodeJs } from "@freestyle-sh/with-nodejs";
-import { type VmEntry, patchActiveVms } from "./types";
+import {
+  getUserId,
+  requireAuth,
+  requireOrganization,
+  type MeshContext,
+} from "../../core/mesh-context";
 import { requireVmEntry, resolveRuntimeConfig } from "./helpers";
-import { DownstreamTokenStorage } from "../../storage/downstream-token";
-import { buildDaemonScript } from "./daemon";
-
-const PROXY_PORT = 9000;
-
-const BOOTSTRAP_SCRIPT = `<script>(function(){window.addEventListener("message",function(e){if(e.data&&e.data.type==="visual-editor::activate"&&e.data.script){try{new Function(e.data.script)()}catch(err){console.error("[visual-editor] injection failed",err)}}});})();</script>`;
-
-/**
- * Fetches the GitHub OAuth token and user profile from downstream_tokens.
- * Returns the authenticated git clone URL and the user's git identity.
- */
-async function buildCloneInfo(
-  connectionId: string,
-  owner: string,
-  name: string,
-  db: import("kysely").Kysely<import("../../storage/types").Database>,
-  vault: import("../../encryption/credential-vault").CredentialVault,
-): Promise<{ cloneUrl: string; gitUserName: string; gitUserEmail: string }> {
-  const tokenStorage = new DownstreamTokenStorage(db, vault);
-  const token = await tokenStorage.get(connectionId);
-  if (!token) {
-    throw new Error(
-      "No GitHub token found. Ensure the mcp-github connection is authenticated.",
-    );
-  }
-  const cloneUrl = `https://x-access-token:${token.accessToken}@github.com/${owner}/${name}.git`;
+import { readVmMap, resolveVm } from "./vm-map";
+import { buildCloneInfo } from "../../shared/github-clone-info";
+import { detectRepoRuntime } from "../../shared/github-runtime-detect";
+import { generateBranchName } from "../../shared/branch-name";
+import { PACKAGE_MANAGER_CONFIG } from "../../shared/runtime-defaults";
+import { getRunnerByKind, getSharedRunner } from "../../sandbox/lifecycle";
+import { setVmMapEntry } from "./vm-map";
+import type { VirtualMCPUpdateData } from "../virtual/schema";
 
-  let gitUserName = "Deco Studio";
-  let gitUserEmail = "studio@deco.cx";
-  try {
-    const res = await fetch("https://api.github.com/user", {
-      headers: {
-        Authorization: `token ${token.accessToken}`,
-        Accept: "application/vnd.github+json",
-      },
-    });
-    if (res.ok) {
-      const user = (await res.json()) as {
-        name?: string | null;
-        login: string;
-        email?: string | null;
-      };
-      gitUserName = user.name || user.login;
-      gitUserEmail = user.email || `${user.login}@users.noreply.github.com`;
-    }
-  } catch {
-    // Fallback to defaults — don't block VM start
-  }
+type GithubRepo = {
+  owner: string;
+  name: string;
+  connectionId?: string;
+};
 
-  return { cloneUrl, gitUserName, gitUserEmail };
-}
+type GithubRepoMeta = {
+  githubRepo?: GithubRepo | null;
+};
 
 export const VM_START = defineTool({
   name: "VM_START",
-  description:
-    "Start a Freestyle VM with the connected GitHub repo and dev server.",
+  description: "Start a sandbox with the connected GitHub repo and dev server.",
   annotations: {
     title: "Start VM Preview",
     readOnlyHint: false,
@@ -86,181 +57,308 @@ export const VM_START = defineTool({
   _meta: { ui: { visibility: "app" } },
   inputSchema: z.object({
     virtualMcpId: z.string().describe("Virtual MCP ID"),
+    branch: z
+      .string()
+      .min(1)
+      .optional()
+      .describe(
+        "Optional git branch to check out. When omitted the handler generates `deco/<adjective>-<noun>` and uses it. The resolved branch is returned in the response so callers can persist it.",
+      ),
   }),
   outputSchema: z.object({
-    terminalUrl: z.string().nullable(),
-    previewUrl: z.string(),
+    previewUrl: z.string().nullable(),
     vmId: z.string(),
+    branch: z.string(),
     isNewVm: z.boolean(),
+    runnerKind: z.enum(["host", "docker", "freestyle", "agent-sandbox"]),
   }),
 
   handler: async (input, ctx) => {
-    try {
-      const { metadata, userId } = await requireVmEntry(input, ctx);
+    const resolvedBranch = input.branch ?? generateBranchName();
+    const {
+      metadata,
+      userId,
+      organization,
+      entry: existing,
+    } = await requireVmEntry(
+      { virtualMcpId: input.virtualMcpId, branch: resolvedBranch },
+      ctx,
+    );
+
+    const githubRepo = (metadata as GithubRepoMeta).githubRepo ?? null;
+
+    const runnerKind = resolveRunnerKindFromEnv();
+    await reapStaleRunner(ctx, existing, runnerKind);
+
+    const { entry, isNewVm } = await provisionSandbox({
+      ctx,
+      userId,
+      orgId: organization.id,
+      virtualMcpId: input.virtualMcpId,
+      branch: resolvedBranch,
+      metadata,
+      githubRepo,
+      existing,
+    });
+    return {
+      ...entry,
+      branch: resolvedBranch,
+      isNewVm,
+      runnerKind,
+    };
+  },
+});
+
+/**
+ * Lazy provisioner for the always-on VM tools path. Mirrors VM_START's
+ * flow but: (a) tolerates a missing GitHub repo (boots blank under Docker),
+ * and (b) takes a fast path when the existing vmMap entry already matches
+ * the current runner kind — avoiding a full `runner.ensure` round-trip on
+ * every fresh stream when the VM is already registered.
+ */
+export async function ensureVmForBranch(
+  input: { virtualMcpId: string; branch: string },
+  ctx: MeshContext,
+): Promise<VmMapEntry> {
+  // Inline auth + lookup; the standard `requireVmEntry` runs
+  // `ctx.access.check()`, which expects resource scoping that the
+  // streaming turn doesn't carry. Storage writes below still go through
+  // the per-port authorization hooks.
+  requireAuth(ctx);
+  const organization = requireOrganization(ctx);
+  const userId = getUserId(ctx);
+  if (!userId) throw new Error("User ID required");
+
+  const virtualMcp = await ctx.storage.virtualMcps.findById(input.virtualMcpId);
+  if (!virtualMcp || virtualMcp.organization_id !== organization.id) {
+    throw new Error("Virtual MCP not found");
+  }
+  const metadata = (virtualMcp.metadata ?? {}) as Record<string, unknown>;
+  const existing: VmMapEntry | null = resolveVm(
+    readVmMap(metadata),
+    userId,
+    input.branch,
+  );
+
+  const runnerKind = resolveRunnerKindFromEnv();
+
+  // Fast path: vmMap already has an entry under the current runner. Trust
+  // it; matches the prior `activeVm` behavior in built-in-tools.
+  if (existing && (existing.runnerKind ?? "freestyle") === runnerKind) {
+    return existing;
+  }
+
+  await reapStaleRunner(ctx, existing, runnerKind);
+
+  const githubRepo = (metadata as GithubRepoMeta).githubRepo ?? null;
+  const { entry } = await provisionSandbox({
+    ctx,
+    userId,
+    orgId: organization.id,
+    virtualMcpId: input.virtualMcpId,
+    branch: input.branch,
+    metadata,
+    githubRepo,
+    existing,
+  });
+  return entry;
+}
 
-      if (!metadata.githubRepo) {
-        throw new Error("No GitHub repo connected");
+async function reapStaleRunner(
+  ctx: MeshContext,
+  existing: VmMapEntry | null,
+  currentKind: RunnerKind,
+): Promise<void> {
+  if (!existing) return;
+  // Legacy entries (pre-runnerKind) default to freestyle, matching VM_DELETE.
+  const priorKind: RunnerKind = existing.runnerKind ?? "freestyle";
+  if (priorKind === currentKind) return;
+
+  // Freestyle idle-times out its VMs on its own, so active teardown is
+  // unnecessary — and the freestyle SDK throws on ref() when the current
+  // env has no FREESTYLE_API_KEY (typical docker-only deploy).
+  if (priorKind === "freestyle") return;
+
+  try {
+    const priorRunner = await getRunnerByKind(ctx, priorKind);
+    await priorRunner.delete(existing.vmId);
+  } catch (err) {
+    console.error(
+      `[VM_START] stale ${priorKind} ${existing.vmId}: ${
+        err instanceof Error ? err.message : String(err)
+      }`,
+    );
+  }
+}
+
+type StartParams = {
+  ctx: MeshContext;
+  userId: string;
+  orgId: string;
+  virtualMcpId: string;
+  branch: string;
+  metadata: Record<string, unknown>;
+  githubRepo: GithubRepo | null;
+  existing: VmMapEntry | null;
+};
+
+async function provisionSandbox(
+  params: StartParams,
+): Promise<{ entry: VmMapEntry; isNewVm: boolean }> {
+  const {
+    ctx,
+    userId,
+    orgId,
+    virtualMcpId,
+    branch,
+    metadata,
+    githubRepo,
+    existing,
+  } = params;
+
+  if (githubRepo && !githubRepo.connectionId) {
+    throw new Error("GitHub connection id missing on virtual MCP metadata");
+  }
+
+  let { runtime, packageManager, port, packageManagerPath } =
+    resolveRuntimeConfig(metadata);
+
+  // Skip clone + lockfile probe entirely when no repo is connected — the
+  // sandbox boots blank (Docker only; freestyle requires a baked clone).
+  let repoOpts:
+    | {
+        cloneUrl: string;
+        userName: string;
+        userEmail: string;
+        branch: string;
+        displayName: string;
       }
+    | undefined;
 
-      const { owner, name } = metadata.githubRepo;
-      const { packageManager, runtime, port, runtimeBinPath } =
-        resolveRuntimeConfig(metadata);
-      const pathPrefix = runtimeBinPath
-        ? `export PATH=${runtimeBinPath}:$PATH && `
-        : "";
-
-      // Build authenticated clone URL and git identity from downstream token
-      const { cloneUrl, gitUserName, gitUserEmail } = await buildCloneInfo(
-        metadata.githubRepo.connectionId,
-        owner,
-        name,
+  if (githubRepo) {
+    const { cloneUrl, gitUserName, gitUserEmail } = await buildCloneInfo(
+      githubRepo.connectionId!,
+      githubRepo.owner,
+      githubRepo.name,
+      ctx.db,
+      ctx.vault,
+    );
+
+    // Lockfile probe only when metadata has no PM. Used to be client-side in
+    // the repo picker, but that introduced a race — VM_START fired from the
+    // auto-start paths before `runtime` landed in metadata, and the daemon
+    // got baked clone-only (no install, no dev server, UI stuck on setup).
+    // Running it here piggybacks on the same request so the baked workload
+    // always matches the detected PM; the result is persisted so subsequent
+    // starts skip the probe.
+    if (!packageManager) {
+      const detected = await detectRepoRuntime(
+        githubRepo.connectionId!,
+        githubRepo.owner,
+        githubRepo.name,
         ctx.db,
         ctx.vault,
       );
+      if (detected) {
+        packageManager = detected.packageManager;
+        runtime = PACKAGE_MANAGER_CONFIG[detected.packageManager].runtime;
+        port = detected.devPort ?? port;
+        await persistDetectedRuntime(
+          ctx,
+          virtualMcpId,
+          userId,
+          detected.packageManager,
+          detected.devPort,
+        );
+      }
+    }
 
-      // Generate a unique subdomain per (virtualMcpId, userId) pair.
-      // MD5 of the composite key guarantees a valid, fixed-length hex subdomain
-      // and avoids collisions between different users on the same Virtual MCP.
-      // Freestyle docs: /v2/vms/configuration/domains
-      const domainKey = createHash("md5")
-        .update(`${input.virtualMcpId}:${userId}`)
-        .digest("hex")
-        .slice(0, 16);
-      const previewDomain = `${domainKey}.deco.studio`;
-
-      // Build the full VmSpec declaratively — integrations, repo, files, and services.
-      // VmNodeJs is always included: the iframe-proxy systemd service runs Node.js on every VM.
-      // Freestyle docs: /v2/vms/integrations/deno, /v2/vms/integrations/bun, /v2/vms/integrations/web-terminal
-      const baseSpec = new VmSpec()
-        .with("node", new VmNodeJs())
-        .additionalFiles({
-          "/opt/daemon.js": {
-            content: buildDaemonScript({
-              upstreamPort: port,
-              packageManager,
-              pathPrefix,
-              port,
-              cloneUrl,
-              repoName: `${owner}/${name}`,
-              proxyPort: PROXY_PORT,
-              bootstrapScript: BOOTSTRAP_SCRIPT,
-              gitUserName,
-              gitUserEmail,
-            }),
-          },
-          "/opt/run-daemon.sh": {
-            content:
-              "#!/bin/bash\nsource /etc/profile.d/nvm.sh\nexec node /opt/daemon.js\n",
-          },
-          "/opt/install-ripgrep.sh": {
-            content:
-              "#!/bin/bash\napt-get update -qq && apt-get install -y -qq ripgrep locales && sed -i 's/^#\\s*en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && locale-gen\n",
-          },
-          "/opt/prepare-app-dir.sh": {
-            content:
-              "#!/bin/bash\nid -u deco &>/dev/null || useradd -m -u 1000 deco\nmkdir -p /app && chown deco:deco /app\n",
-          },
-        })
-        .systemdService({
-          name: "install-ripgrep",
-          mode: "oneshot",
-          exec: ["/bin/bash /opt/install-ripgrep.sh"],
-          wantedBy: ["multi-user.target"],
-        })
-        .systemdService({
-          name: "prepare-app-dir",
-          mode: "oneshot",
-          exec: ["/bin/bash /opt/prepare-app-dir.sh"],
-          wantedBy: ["multi-user.target"],
-        })
-        .systemdService({
-          name: "daemon",
-          mode: "service",
-          exec: ["/bin/bash /opt/run-daemon.sh"],
-          after: [
-            "install-nodejs.service",
-            "install-ripgrep.service",
-            "prepare-app-dir.service",
-          ],
-          requires: [
-            "install-nodejs.service",
-            "install-ripgrep.service",
-            "prepare-app-dir.service",
-          ],
-          wantedBy: ["multi-user.target"],
-          restartPolicy: {
-            policy: "always",
-            restartSec: 2,
-          },
-        });
-
-      const spec =
-        runtime === "deno"
-          ? baseSpec.with("deno", new VmDeno())
-          : runtime === "bun"
-            ? baseSpec.with("js", new VmBun())
-            : baseSpec;
-
-      // Resume existing VM if one is tracked.
-      // Try vm.start() which resumes suspended/stopped VMs. If the VM was
-      // deleted externally, the call will throw — clear the stale entry and
-      // fall through to create a new one.
-      const existing = metadata.activeVms?.[userId];
-      if (existing) {
-        try {
-          const vm = freestyle.vms.ref({ vmId: existing.vmId, spec });
-          await vm.start();
-          return { ...existing, isNewVm: false };
-        } catch {
-          // VM no longer exists on Freestyle — clear stale entry
-          await patchActiveVms(
-            ctx.storage.virtualMcps,
-            input.virtualMcpId,
-            userId,
-            (vms) => {
-              const updated = { ...vms };
-              delete updated[userId];
-              return updated;
-            },
-          );
+    repoOpts = {
+      cloneUrl,
+      userName: gitUserName,
+      userEmail: gitUserEmail,
+      branch,
+      displayName: `${githubRepo.owner}/${githubRepo.name}`,
+    };
+  }
+
+  // Missing workload = clone-only. Freestyle treats it as "node, no install,
+  // no dev server"; Docker lets the runner pick its default. `devPort` is
+  // omitted unless the user explicitly pinned one — leaves runners free to
+  // assign a unique dynamic port (host runner needs this; multiple sandboxes
+  // share the host network and can't all bind 3000).
+  const workload: Workload | undefined =
+    runtime && packageManager
+      ? {
+          runtime,
+          packageManager,
+          ...(port !== null ? { devPort: Number(port) } : {}),
+          ...(packageManagerPath ? { packageManagerPath } : {}),
         }
-      }
+      : undefined;
 
-      // Create VM from spec.
-      // Domain routes to the iframe proxy which strips X-Frame-Options/CSP
-      // so the preview can be embedded in an iframe.
-      // Terminal domain is routed post-creation via vm.terminal.logs.route() — a persistent mapping.
-      // Freestyle docs: /v2/vms/configuration/domains
-      const createResult = await freestyle.vms.create({
-        spec,
-        domains: [{ domain: previewDomain, vmPort: PROXY_PORT }],
-        // recreate: true so vm.start() rebuilds from spec if evicted.
-        // Freestyle docs: /v2/vms/lifecycle/persistence
-        recreate: true,
-        // 30-minute idle timeout before the VM is automatically stopped.
-        idleTimeoutSeconds: 1800,
-      });
-
-      const { vmId } = createResult;
-
-      const previewUrl = `https://${previewDomain}`;
-      const terminalUrl: string | null = null;
-
-      const entry: VmEntry = { terminalUrl, previewUrl, vmId };
-
-      // Persist the active VM entry in the Virtual MCP metadata so all pods
-      // can discover it and avoid spinning up duplicate VMs.
-      await patchActiveVms(
-        ctx.storage.virtualMcps,
-        input.virtualMcpId,
-        userId,
-        (vms) => ({ ...vms, [userId]: entry }),
-      );
+  const projectRef = composeSandboxRef({
+    orgId,
+    virtualMcpId,
+    branch,
+  });
+  const runner = await getSharedRunner(ctx);
+  const sandbox = await runner.ensure(
+    { userId, projectRef },
+    {
+      repo: repoOpts,
+      workload,
+      tenant: { orgId, userId },
+    },
+  );
 
-      return { ...entry, isNewVm: true };
-    } catch (e) {
-      console.error("[VM_START] error", e);
-      throw e;
-    }
-  },
-});
+  // Preserve `createdAt` across resumes so the booting overlay's elapsed
+  // timer doesn't reset on re-run.
+  const isResume = !!existing && existing.vmId === sandbox.handle;
+  const createdAt =
+    isResume && existing?.createdAt ? existing.createdAt : Date.now();
+
+  const entry: VmMapEntry = {
+    vmId: sandbox.handle,
+    previewUrl: sandbox.previewUrl,
+    runnerKind: runner.kind,
+    createdAt,
+  };
+
+  await setVmMapEntry(
+    ctx.storage.virtualMcps,
+    virtualMcpId,
+    userId,
+    userId,
+    branch,
+    entry,
+  );
+
+  // Different handle = new sandbox (stale entry / orphan recovery / state miss).
+  const isNewVm = !existing || existing.vmId !== sandbox.handle;
+  return { entry, isNewVm };
+}
+
+/**
+ * Writes back the detected runtime so subsequent VM_STARTs for this virtual
+ * MCP skip the GitHub probe and the client surfaces the resolved PM. Shape
+ * matches what the picker previously wrote (`{ selected, port }`), so
+ * readers (resolveRuntimeConfig, any client inspectors) keep working.
+ */
+async function persistDetectedRuntime(
+  ctx: MeshContext,
+  virtualMcpId: string,
+  actingUserId: string,
+  packageManager: string,
+  devPort: string | null,
+): Promise<void> {
+  const virtualMcp = await ctx.storage.virtualMcps.findById(virtualMcpId);
+  if (!virtualMcp) return;
+  const meta = (virtualMcp.metadata ?? {}) as Record<string, unknown>;
+  await ctx.storage.virtualMcps.update(virtualMcpId, actingUserId, {
+    metadata: {
+      ...meta,
+      runtime: { selected: packageManager, port: devPort },
+    } as VirtualMCPUpdateData["metadata"],
+  });
+}
diff --git a/apps/mesh/src/tools/vm/stop.test.ts b/apps/mesh/src/tools/vm/stop.test.ts
index 21e22eead5..d8ae9fc398 100644
--- a/apps/mesh/src/tools/vm/stop.test.ts
+++ b/apps/mesh/src/tools/vm/stop.test.ts
@@ -1,38 +1,73 @@
 import { describe, it, expect, mock, beforeEach } from "bun:test";
+import type { VmMap, VmMapEntry } from "@decocms/mesh-sdk";
 import type { MeshContext } from "../../core/mesh-context";
-import type { VmEntry, VmMetadata } from "./types";
+import type { SandboxRunner } from "@decocms/sandbox/runner";
 
-// ---------------------------------------------------------------------------
-// Mock freestyle-sandboxes BEFORE importing VM_DELETE (Bun requires this order)
-// ---------------------------------------------------------------------------
+// Mock per-kind runner lookup BEFORE importing VM_DELETE.
+const mockDelete = mock(async (_handle: string): Promise<void> => {});
+const lastRequestedKind: { value: string | null } = { value: null };
 
-const mockVmDelete = mock((): Promise<void> => Promise.resolve());
+async function* readyOnly() {
+  yield { kind: "ready" as const };
+}
 
-mock.module("freestyle-sandboxes", () => ({
-  freestyle: {
-    vms: {
-      ref: (_input: unknown) => ({
-        stop: () => Promise.resolve(),
-        delete: () => mockVmDelete(),
-      }),
-    },
+function makeMockRunner(kind: "docker" | "freestyle"): SandboxRunner {
+  return {
+    kind,
+    ensure: async () => ({
+      handle: "_unused",
+      workdir: "/app",
+      previewUrl: null,
+    }),
+    exec: async () => ({
+      stdout: "",
+      stderr: "",
+      exitCode: 0,
+      timedOut: false,
+    }),
+    delete: (h) => mockDelete(h),
+    alive: async () => true,
+    getPreviewUrl: async () => null,
+    proxyDaemonRequest: async () => new Response(null, { status: 204 }),
+    watchClaimLifecycle: () => readyOnly(),
+  };
+}
+
+mock.module("../../sandbox/lifecycle", () => ({
+  getSharedRunner: () => makeMockRunner("freestyle"),
+  getRunnerByKind: (_ctx: unknown, kind: "docker" | "freestyle") => {
+    lastRequestedKind.value = kind;
+    return makeMockRunner(kind);
   },
+  getSharedRunnerIfInit: () => null,
+  asDockerRunner: () => null,
 }));
 
-// Now import after mocking
 const { VM_DELETE } = await import("./stop");
 
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
+const BRANCH = "feat/example";
 
-const EXISTING_ENTRY: VmEntry = {
+const FREESTYLE_ENTRY: VmMapEntry = {
   vmId: "vm_existing",
   previewUrl: "https://vmcp-1.deco.studio",
-  terminalUrl: null,
+  runnerKind: "freestyle",
+};
+
+const DOCKER_ENTRY: VmMapEntry = {
+  vmId: "f9e2fadeb813e08eb00eef6f962be2b2",
+  previewUrl: "http://f9e2.localhost:7070/",
+  runnerKind: "docker",
+};
+
+const LEGACY_ENTRY: VmMapEntry = {
+  vmId: "vm_legacy",
+  previewUrl: "https://legacy.deco.studio",
+  // no runnerKind — legacy entry, expected to default to freestyle
 };
 
-function makeVirtualMcp(orgId: string, metadata: VmMetadata, id = "vmcp_1") {
+type Metadata = { vmMap?: VmMap };
+
+function makeVirtualMcp(orgId: string, metadata: Metadata, id = "vmcp_1") {
   return {
     id,
     organization_id: orgId,
@@ -63,7 +98,7 @@ function makeCtx(overrides: {
     auth: {
       user: {
         id: userId,
-        email: "[email protected]",
+        email: "test@example.com",
         name: "Test",
         role: "user",
       },
@@ -76,10 +111,7 @@ function makeCtx(overrides: {
       setToolName: () => {},
     },
     storage: {
-      virtualMcps: {
-        findById,
-        update: updateSpy,
-      },
+      virtualMcps: { findById, update: updateSpy },
     } as never,
     timings: {
       measure: async <T>(_name: string, cb: () => Promise<T>) => await cb(),
@@ -116,53 +148,101 @@ function makeCtx(overrides: {
   } as unknown as MeshContext;
 }
 
-// ---------------------------------------------------------------------------
-// Tests
-// ---------------------------------------------------------------------------
-
 describe("VM_DELETE", () => {
   beforeEach(() => {
-    mockVmDelete.mockReset();
-    mockVmDelete.mockImplementation(async () => {});
+    mockDelete.mockReset();
+    mockDelete.mockImplementation(async () => {});
+    lastRequestedKind.value = null;
   });
 
-  it("deletes Freestyle VM and removes DB entry when activeVms entry exists for user", async () => {
-    const metadata: VmMetadata = {
-      activeVms: { "user-1": EXISTING_ENTRY },
+  it("calls runner.delete with the entry's handle and removes vmMap entry", async () => {
+    const metadata: Metadata = {
+      vmMap: { "user-1": { [BRANCH]: FREESTYLE_ENTRY } },
     };
     const virtualMcp = makeVirtualMcp("org_1", metadata);
     const updateSpy = mock(async () => {});
     const ctx = makeCtx({ virtualMcp, updateSpy });
 
-    const result = await VM_DELETE.handler({ virtualMcpId: "vmcp_1" }, ctx);
+    const result = await VM_DELETE.handler(
+      { virtualMcpId: "vmcp_1", branch: BRANCH },
+      ctx,
+    );
 
     expect(result).toEqual({ success: true });
+    expect(mockDelete).toHaveBeenCalledTimes(1);
+    expect(mockDelete).toHaveBeenCalledWith(FREESTYLE_ENTRY.vmId);
+    expect(lastRequestedKind.value).toBe("freestyle");
 
-    // Freestyle vm.delete() was called
-    expect(mockVmDelete).toHaveBeenCalledTimes(1);
-
-    // patchActiveVms called storage.update once
     expect(updateSpy).toHaveBeenCalledTimes(1);
-
-    // Verify user-1 key was removed from activeVms
     const updateCall = (updateSpy.mock.calls as unknown[][])[0]!;
-    const updatedMetadata = (updateCall[2] as { metadata: VmMetadata })
-      .metadata;
-    expect(updatedMetadata.activeVms?.["user-1"]).toBeUndefined();
+    const updated = (updateCall[2] as { metadata: { vmMap: VmMap } }).metadata;
+    expect(updated.vmMap["user-1"]).toBeUndefined();
   });
 
-  it("skips Freestyle delete and DB update when no activeVms entry for user", async () => {
-    const metadata: VmMetadata = {
-      activeVms: { "other-user": EXISTING_ENTRY },
+  it("dispatches to the docker runner when entry.runnerKind is 'docker'", async () => {
+    const metadata: Metadata = {
+      vmMap: { "user-1": { [BRANCH]: DOCKER_ENTRY } },
+    };
+    const virtualMcp = makeVirtualMcp("org_1", metadata);
+    const ctx = makeCtx({ virtualMcp });
+
+    await VM_DELETE.handler({ virtualMcpId: "vmcp_1", branch: BRANCH }, ctx);
+
+    expect(mockDelete).toHaveBeenCalledWith(DOCKER_ENTRY.vmId);
+    expect(lastRequestedKind.value).toBe("docker");
+  });
+
+  it("defaults to freestyle when entry has no runnerKind (legacy entries)", async () => {
+    const metadata: Metadata = {
+      vmMap: { "user-1": { [BRANCH]: LEGACY_ENTRY } },
+    };
+    const virtualMcp = makeVirtualMcp("org_1", metadata);
+    const ctx = makeCtx({ virtualMcp });
+
+    await VM_DELETE.handler({ virtualMcpId: "vmcp_1", branch: BRANCH }, ctx);
+
+    expect(mockDelete).toHaveBeenCalledWith(LEGACY_ENTRY.vmId);
+    expect(lastRequestedKind.value).toBe("freestyle");
+  });
+
+  // Regression guard for the invariant called out in stop.ts:1–5: a pod that
+  // flipped STUDIO_SANDBOX_RUNNER between start and stop must still tear down
+  // the runner that the entry was created against.
+  it("dispatches on the entry's runnerKind even when STUDIO_SANDBOX_RUNNER env disagrees", async () => {
+    const original = process.env.STUDIO_SANDBOX_RUNNER;
+    process.env.STUDIO_SANDBOX_RUNNER = "freestyle";
+    try {
+      const metadata: Metadata = {
+        vmMap: { "user-1": { [BRANCH]: DOCKER_ENTRY } },
+      };
+      const virtualMcp = makeVirtualMcp("org_1", metadata);
+      const ctx = makeCtx({ virtualMcp });
+
+      await VM_DELETE.handler({ virtualMcpId: "vmcp_1", branch: BRANCH }, ctx);
+
+      expect(mockDelete).toHaveBeenCalledWith(DOCKER_ENTRY.vmId);
+      expect(lastRequestedKind.value).toBe("docker");
+    } finally {
+      if (original === undefined) delete process.env.STUDIO_SANDBOX_RUNNER;
+      else process.env.STUDIO_SANDBOX_RUNNER = original;
+    }
+  });
+
+  it("skips runner.delete and DB update when no vmMap entry for (user, branch)", async () => {
+    const metadata: Metadata = {
+      vmMap: { "other-user": { [BRANCH]: FREESTYLE_ENTRY } },
     };
     const virtualMcp = makeVirtualMcp("org_1", metadata);
     const updateSpy = mock(async () => {});
     const ctx = makeCtx({ virtualMcp, updateSpy });
 
-    const result = await VM_DELETE.handler({ virtualMcpId: "vmcp_1" }, ctx);
+    const result = await VM_DELETE.handler(
+      { virtualMcpId: "vmcp_1", branch: BRANCH },
+      ctx,
+    );
 
     expect(result).toEqual({ success: true });
-    expect(mockVmDelete).not.toHaveBeenCalled();
+    expect(mockDelete).not.toHaveBeenCalled();
     expect(updateSpy).not.toHaveBeenCalled();
   });
 
@@ -170,26 +250,24 @@ describe("VM_DELETE", () => {
     const ctx = makeCtx({ virtualMcp: null });
 
     const result = await VM_DELETE.handler(
-      { virtualMcpId: "vmcp_missing" },
+      { virtualMcpId: "vmcp_missing", branch: BRANCH },
       ctx,
     );
 
     expect(result).toEqual({ success: true });
-    expect(mockVmDelete).not.toHaveBeenCalled();
+    expect(mockDelete).not.toHaveBeenCalled();
   });
 
   it("throws 'User ID required' when userId is unavailable", async () => {
-    const metadata: VmMetadata = {};
+    const metadata: Metadata = {};
     const virtualMcp = makeVirtualMcp("org_1", metadata);
-    // Pass empty string to simulate missing userId — getUserId returns undefined/falsy
     const ctx = makeCtx({ virtualMcp, userId: "" });
 
-    // Patch auth.user.id to undefined to simulate missing user ID
     (ctx as unknown as { auth: { user: { id: undefined } } }).auth.user.id =
       undefined;
 
     await expect(
-      VM_DELETE.handler({ virtualMcpId: "vmcp_1" }, ctx),
+      VM_DELETE.handler({ virtualMcpId: "vmcp_1", branch: BRANCH }, ctx),
     ).rejects.toThrow("User ID required");
   });
 });
diff --git a/apps/mesh/src/tools/vm/stop.ts b/apps/mesh/src/tools/vm/stop.ts
index d9fc8f8ad5..0640d665af 100644
--- a/apps/mesh/src/tools/vm/stop.ts
+++ b/apps/mesh/src/tools/vm/stop.ts
@@ -1,22 +1,19 @@
 /**
- * VM_DELETE Tool
- *
- * Deletes a Freestyle VM and removes its entry from the Virtual MCP metadata.
- * App-only tool — not visible to AI models.
- *
- * Uses vm.delete() to fully destroy the VM so the next VM_START creates a
- * fresh instance with updated systemd config and infrastructure.
+ * VM_DELETE. Dispatches on the entry's persisted `runnerKind` (not env),
+ * so a pod that flipped STUDIO_SANDBOX_RUNNER between start and stop still
+ * tears down the right kind of VM.
  */
 
 import { z } from "zod";
+import type { RunnerKind } from "@decocms/sandbox/runner";
 import { defineTool } from "../../core/define-tool";
-import { freestyle } from "freestyle-sandboxes";
-import { patchActiveVms } from "./types";
 import { requireVmEntry } from "./helpers";
+import { getRunnerByKind } from "../../sandbox/lifecycle";
+import { removeVmMapEntry } from "./vm-map";
 
 export const VM_DELETE = defineTool({
   name: "VM_DELETE",
-  description: "Delete a Freestyle VM.",
+  description: "Delete a sandbox.",
   annotations: {
     title: "Delete VM Preview",
     readOnlyHint: false,
@@ -27,6 +24,10 @@ export const VM_DELETE = defineTool({
   _meta: { ui: { visibility: "app" } },
   inputSchema: z.object({
     virtualMcpId: z.string().describe("Virtual MCP ID that owns this VM"),
+    branch: z
+      .string()
+      .min(1)
+      .describe("Branch whose vm should be deleted (vmMap[userId][branch])"),
   }),
   outputSchema: z.object({
     success: z.boolean(),
@@ -44,31 +45,31 @@ export const VM_DELETE = defineTool({
     }
     const { entry, userId } = vmEntry;
 
-    // Clear the DB entry first so the UI returns to idle immediately.
-    if (entry) {
-      await patchActiveVms(
-        ctx.storage.virtualMcps,
-        input.virtualMcpId,
-        userId,
-        (vms) => {
-          const updated = { ...vms };
-          delete updated[userId];
-          return updated;
-        },
-      );
+    if (!entry) {
+      return { success: true };
     }
 
-    if (entry) {
-      const vm = freestyle.vms.ref({ vmId: entry.vmId });
-      await Promise.race([
-        vm.stop().then(() => vm.delete()),
-        new Promise((_, reject) =>
-          setTimeout(() => reject(new Error("vm.delete() timed out")), 10_000),
+    // Clear first so the UI returns to idle regardless of teardown outcome.
+    await removeVmMapEntry(
+      ctx.storage.virtualMcps,
+      input.virtualMcpId,
+      userId,
+      userId,
+      input.branch,
+    );
+
+    // Legacy entries (pre-runnerKind column) default to freestyle.
+    const kind: RunnerKind = entry.runnerKind ?? "freestyle";
+    const runner = await getRunnerByKind(ctx, kind);
+    await runner
+      .delete(entry.vmId)
+      .catch((err) =>
+        console.error(
+          `[VM_DELETE] ${kind} ${entry.vmId}: ${
+            err instanceof Error ? err.message : String(err)
+          }`,
         ),
-      ]).catch((err) =>
-        console.error(`[VM_DELETE] ${entry.vmId}: ${err.message}`),
       );
-    }
 
     return { success: true };
   },
diff --git a/apps/mesh/src/tools/vm/types.ts b/apps/mesh/src/tools/vm/types.ts
deleted file mode 100644
index ac799563eb..0000000000
--- a/apps/mesh/src/tools/vm/types.ts
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Shared VM types and metadata helpers.
- *
- * VmEntry / VmMetadata are the runtime view of the `activeVms` sub-key
- * stored inside the Virtual MCP's metadata JSON column.
- *
- * NOTE: The read-modify-write in patchActiveVms is NOT atomic across pods.
- * Two concurrent VM_START calls for the same (virtualMcpId, userId) pair
- * can both read an empty entry, both create Freestyle VMs, and the second
- * write will overwrite the first, leaving an orphaned Freestyle VM. This is
- * an accepted trade-off for the current usage pattern (one user per VM per
- * agent). A proper fix requires either a Postgres advisory lock or a dedicated
- * vm_sessions table with UNIQUE(virtual_mcp_id, user_id).
- */
-
-import type { VirtualMCPStoragePort } from "../../storage/ports";
-import type { VirtualMCPUpdateData } from "../virtual/schema";
-
-export interface VmEntry {
-  vmId: string;
-  previewUrl: string;
-  terminalUrl: string | null;
-}
-
-export type VmMetadata = {
-  githubRepo?: {
-    owner: string;
-    name: string;
-    connectionId: string; // mcp-github connection ID → fetch token from downstream_tokens
-  } | null;
-  runtime?: {
-    selected: string | null;
-    port?: string | null;
-  } | null;
-  activeVms?: Record<string, VmEntry>;
-  [key: string]: unknown;
-};
-
-/**
- * Read-modify-write helper: applies `patch` to `metadata.activeVms` and
- * persists the result. Returns the new activeVms map.
- */
-export async function patchActiveVms(
-  storage: VirtualMCPStoragePort,
-  virtualMcpId: string,
-  userId: string,
-  patch: (current: Record<string, VmEntry>) => Record<string, VmEntry>,
-): Promise<void> {
-  const virtualMcp = await storage.findById(virtualMcpId);
-  if (!virtualMcp) return;
-
-  const meta = virtualMcp.metadata as VmMetadata;
-  const updated = patch({ ...(meta.activeVms ?? {}) });
-
-  await storage.update(virtualMcpId, userId, {
-    metadata: {
-      ...meta,
-      activeVms: updated,
-    } as VirtualMCPUpdateData["metadata"],
-  });
-}
diff --git a/apps/mesh/src/tools/vm/vm-map.test.ts b/apps/mesh/src/tools/vm/vm-map.test.ts
new file mode 100644
index 0000000000..90ae90b144
--- /dev/null
+++ b/apps/mesh/src/tools/vm/vm-map.test.ts
@@ -0,0 +1,65 @@
+/**
+ * Unit tests for vmMap helpers (pure functions).
+ */
+
+import { describe, expect, test } from "bun:test";
+import type { VmMapEntry } from "@decocms/mesh-sdk";
+
+import { readVmMap, resolveVm } from "./vm-map";
+
+const ENTRY_A: VmMapEntry = {
+  vmId: "vm-1",
+  previewUrl: "https://vm-1.deco.studio",
+};
+const ENTRY_B: VmMapEntry = {
+  vmId: "vm-2",
+  previewUrl: "https://vm-2.deco.studio",
+};
+
+describe("readVmMap", () => {
+  test("returns empty object when metadata is null", () => {
+    expect(readVmMap(null)).toEqual({});
+  });
+
+  test("returns empty object when metadata is undefined", () => {
+    expect(readVmMap(undefined)).toEqual({});
+  });
+
+  test("returns empty object when vmMap key is missing", () => {
+    expect(readVmMap({ githubRepo: null })).toEqual({});
+  });
+
+  test("returns the vmMap when present", () => {
+    const vmMap = { "user-1": { main: ENTRY_A } };
+    expect(readVmMap({ vmMap })).toEqual(vmMap);
+  });
+
+  test("returns empty when vmMap is not an object", () => {
+    expect(readVmMap({ vmMap: "not an object" })).toEqual({});
+  });
+});
+
+describe("resolveVm", () => {
+  test("returns null when user is absent", () => {
+    expect(resolveVm({}, "user-1", "main")).toBeNull();
+  });
+
+  test("returns null when branch is absent for that user", () => {
+    const vmMap = { "user-1": { main: ENTRY_A } };
+    expect(resolveVm(vmMap, "user-1", "feat/x")).toBeNull();
+  });
+
+  test("returns the entry when both are present", () => {
+    const vmMap = { "user-1": { main: ENTRY_A, "feat/x": ENTRY_B } };
+    expect(resolveVm(vmMap, "user-1", "feat/x")).toEqual(ENTRY_B);
+  });
+
+  test("isolates users from each other", () => {
+    const vmMap = {
+      "user-1": { main: ENTRY_A },
+      "user-2": { main: ENTRY_B },
+    };
+    expect(resolveVm(vmMap, "user-1", "main")).toEqual(ENTRY_A);
+    expect(resolveVm(vmMap, "user-2", "main")).toEqual(ENTRY_B);
+  });
+});
diff --git a/apps/mesh/src/tools/vm/vm-map.ts b/apps/mesh/src/tools/vm/vm-map.ts
new file mode 100644
index 0000000000..47f5cad942
--- /dev/null
+++ b/apps/mesh/src/tools/vm/vm-map.ts
@@ -0,0 +1,103 @@
+/**
+ * vmMap helpers — per-user, per-branch vm registry.
+ *
+ * vmMap[userId][branch] -> { vmId, previewUrl }
+ *
+ * Kept in the virtualmcp's metadata JSON column. Lookup lets threads sharing
+ * a (user, branch) pair route to the same vm.
+ *
+ * NOTE: read-modify-write is NOT atomic across pods — two concurrent VM_START
+ * calls for the same (vm, user, branch) can race. Accepted for v1. A proper
+ * fix requires a Postgres advisory lock or a dedicated vm_sessions table.
+ */
+
+import type { VmMap, VmMapEntry } from "@decocms/mesh-sdk";
+
+import type { VirtualMCPStoragePort } from "../../storage/ports";
+import type { VirtualMCPUpdateData } from "../virtual/schema";
+
+export function readVmMap(
+  metadata: Record<string, unknown> | null | undefined,
+): VmMap {
+  if (!metadata || typeof metadata !== "object") return {};
+  const map = (metadata as { vmMap?: unknown }).vmMap;
+  if (!map || typeof map !== "object") return {};
+  return map as VmMap;
+}
+
+export function resolveVm(
+  vmMap: VmMap,
+  userId: string,
+  branch: string,
+): VmMapEntry | null {
+  return vmMap[userId]?.[branch] ?? null;
+}
+
+/**
+ * Read-modify-write: sets `vmMap[userId][branch] = entry` on the virtualmcp.
+ * Creates the user bucket if it doesn't exist.
+ */
+export async function setVmMapEntry(
+  storage: VirtualMCPStoragePort,
+  virtualMcpId: string,
+  actingUserId: string,
+  targetUserId: string,
+  branch: string,
+  entry: VmMapEntry,
+): Promise<void> {
+  const virtualMcp = await storage.findById(virtualMcpId);
+  if (!virtualMcp) return;
+
+  const meta = (virtualMcp.metadata ?? {}) as Record<string, unknown>;
+  const current = readVmMap(meta);
+  const next: VmMap = {
+    ...current,
+    [targetUserId]: {
+      ...(current[targetUserId] ?? {}),
+      [branch]: entry,
+    },
+  };
+
+  await storage.update(virtualMcpId, actingUserId, {
+    metadata: {
+      ...meta,
+      vmMap: next,
+    } as VirtualMCPUpdateData["metadata"],
+  });
+}
+
+/**
+ * Read-modify-write: removes `vmMap[userId][branch]` from the virtualmcp.
+ * Drops the user bucket entirely when it becomes empty.
+ */
+export async function removeVmMapEntry(
+  storage: VirtualMCPStoragePort,
+  virtualMcpId: string,
+  actingUserId: string,
+  targetUserId: string,
+  branch: string,
+): Promise<void> {
+  const virtualMcp = await storage.findById(virtualMcpId);
+  if (!virtualMcp) return;
+
+  const meta = (virtualMcp.metadata ?? {}) as Record<string, unknown>;
+  const current = readVmMap(meta);
+  if (!current[targetUserId]?.[branch]) return;
+
+  const userMap = { ...current[targetUserId] };
+  delete userMap[branch];
+
+  const next: VmMap = { ...current };
+  if (Object.keys(userMap).length === 0) {
+    delete next[targetUserId];
+  } else {
+    next[targetUserId] = userMap;
+  }
+
+  await storage.update(virtualMcpId, actingUserId, {
+    metadata: {
+      ...meta,
+      vmMap: next,
+    } as VirtualMCPUpdateData["metadata"],
+  });
+}
diff --git a/apps/mesh/src/web/components/account-popover.tsx b/apps/mesh/src/web/components/account-popover.tsx
index a003f88d54..59f8e61a2b 100644
--- a/apps/mesh/src/web/components/account-popover.tsx
+++ b/apps/mesh/src/web/components/account-popover.tsx
@@ -38,6 +38,7 @@ import {
 import { GitHubIcon } from "@daveyplate/better-auth-ui";
 import { SidebarMenuButton } from "@deco/ui/components/sidebar.tsx";
 import { authClient } from "@/web/lib/auth-client";
+import { track } from "@/web/lib/posthog-client";
 import { CreateOrganizationDialog } from "@/web/components/create-organization-dialog";
 import { usePreferences, type ThemeMode } from "@/web/hooks/use-preferences.ts";
 import { toast } from "@deco/ui/components/sonner.js";
@@ -539,9 +540,9 @@ export function AccountPopover() {
     },
     {
       key: "github",
-      label: "decocms/mesh",
+      label: "decocms/studio",
       icon: <GitHubIcon className="w-4 h-4" />,
-      href: "https://github.com/decocms/mesh",
+      href: "https://github.com/decocms/studio",
       external: true,
     },
     {
@@ -564,7 +565,10 @@ export function AccountPopover() {
     key: "logout",
     label: "Sign out",
     icon: <LogOut01 size={16} />,
-    onClick: () => authClient.signOut(),
+    onClick: () => {
+      track("signed_out", { source: "account_popover" });
+      authClient.signOut();
+    },
   };
 
   const themeOptions: {
diff --git a/apps/mesh/src/web/components/agent-icon.tsx b/apps/mesh/src/web/components/agent-icon.tsx
index 1439095c37..761f256fb8 100644
--- a/apps/mesh/src/web/components/agent-icon.tsx
+++ b/apps/mesh/src/web/components/agent-icon.tsx
@@ -342,6 +342,7 @@ export function AgentAvatar({
     return (
       <AgentAvatarImage
         url={parsed.url}
+        color={parsed.color}
         name={name}
         size={size}
         className={className}
@@ -377,19 +378,26 @@ export function AgentAvatar({
 // Image sub-component (handles load errors)
 // ---------------------------------------------------------------------------
 
+const URL_COLOR_BG: Record<string, string> = {
+  "brand-green": "bg-[var(--brand-green-light)]",
+};
+
 function AgentAvatarImage({
   url,
+  color,
   name,
   size = "md",
   className,
 }: {
   url: string;
+  color?: string;
   name: string;
   size?: AgentAvatarSize;
   className?: string;
 }) {
   const [errored, setErrored] = useState(false);
   const sizeConfig = SIZES[size];
+  const bgClass = color ? (URL_COLOR_BG[color] ?? "") : "";
 
   if (errored) {
     const { IconComp: FallbackIcon, color: fallbackColor } =
@@ -420,6 +428,7 @@ function AgentAvatarImage({
       className={cn(
         sizeConfig.container,
         sizeConfig.radius,
+        bgClass,
         "shrink-0 overflow-hidden",
         className,
       )}
@@ -431,7 +440,10 @@ function AgentAvatarImage({
       <img
         src={url}
         alt={name}
-        className="h-full w-full object-cover"
+        className={cn(
+          "h-full w-full",
+          bgClass ? "object-contain p-3" : "object-cover",
+        )}
         onError={() => setErrored(true)}
       />
     </div>
diff --git a/apps/mesh/src/web/components/chat/chat-context.tsx b/apps/mesh/src/web/components/chat/chat-context.tsx
index e724009fb0..97626fd0fd 100644
--- a/apps/mesh/src/web/components/chat/chat-context.tsx
+++ b/apps/mesh/src/web/components/chat/chat-context.tsx
@@ -17,11 +17,20 @@
 import {
   createContext,
   useContext,
+  useEffect,
   useRef,
   useState,
   type PropsWithChildren,
 } from "react";
+import { useSearch } from "@tanstack/react-router";
+import { useQueryClient } from "@tanstack/react-query";
 import { useChat as useAIChat, type UseChatHelpers } from "@ai-sdk/react";
+import {
+  AUTOSEND_QUERY_VALUE,
+  claimStoredAutosend,
+  clearStoredAutosend,
+  writeStoredAutosend,
+} from "@/web/lib/autosend";
 import {
   lastAssistantMessageIsCompleteWithToolCalls,
   lastAssistantMessageIsCompleteWithApprovalResponses,
@@ -38,6 +47,7 @@ import { toast } from "sonner";
 import {
   useAiProviderKeys,
   useAiProviderModels,
+  type AiProviderKey,
   type AiProviderModel,
 } from "../../hooks/collections/use-ai-providers";
 import { useContext as useContextHook } from "../../hooks/use-context";
@@ -48,10 +58,17 @@ import {
 import { useInvalidateCollectionsOnToolCall } from "../../hooks/use-invalidate-collections-on-tool-call";
 import { useTaskReadState } from "../../hooks/use-task-read-state";
 import { authClient } from "../../lib/auth-client";
+import { track } from "../../lib/posthog-client";
+
+// Module-level set so a given chat fires `chat_opened` at most once per page
+// session per thread_id. Prevents duplicates from re-renders while still
+// re-firing when the user switches tasks.
+const openedChats = new Set<string>();
 import { toMetadataModelInfo } from "../../lib/metadata-model-info";
 
 import { useChatNavigation } from "./hooks/use-chat-navigation";
 import { useStreamManager } from "./hooks/use-stream-manager";
+import { useTaskActions } from "../../hooks/use-tasks";
 import { useTaskManager, type TaskOwnerFilter } from "./task";
 import { useTaskMessages } from "./task/use-task-manager";
 import { derivePartsFromTiptapDoc } from "./derive-parts";
@@ -66,6 +83,8 @@ import type {
 import { useLocalStorage } from "../../hooks/use-local-storage";
 import { chatModeForTransportRef } from "../../lib/chat-mode-sync";
 import { LOCALSTORAGE_KEYS } from "../../lib/localstorage-keys";
+import { KEYS } from "../../lib/query-keys";
+import { useSimpleMode } from "../../hooks/use-organization-settings";
 
 // ============================================================================
 // Context Types
@@ -104,15 +123,18 @@ export interface ChatTaskContextValue {
   hideTask: (taskId: string) => Promise<void>;
   renameTask: (taskId: string, title: string) => Promise<void>;
   setTaskStatus: (taskId: string, status: string) => Promise<void>;
+  /** thread.branch — the only source of truth. Null until the user picks one or the server generates one on first send. */
+  currentBranch: string | null;
+  /**
+   * Immutable once set: switching branches mid-conversation would reroute the
+   * thread's vmMap entry, so users must create a new thread for another branch.
+   */
+  isBranchLocked: boolean;
+  /** Persist pinned branch onto the thread (cache + server). */
+  setCurrentTaskBranch: (branch: string | null) => void;
   ownerFilter: TaskOwnerFilter;
   setOwnerFilter: (filter: TaskOwnerFilter) => void;
   isFilterChangePending: boolean;
-  pendingMessage: {
-    taskId: string;
-    message: SendMessageParams;
-    createdAt: number;
-  } | null;
-  clearPendingMessage: () => void;
 }
 
 export interface ChatPrefsContextValue {
@@ -139,14 +161,75 @@ export interface ChatPrefsContextValue {
   setTiptapDoc: (doc: Metadata["tiptapDoc"]) => void;
   /** @deprecated Use tiptapDoc directly */
   tiptapDocRef: { current: Metadata["tiptapDoc"] };
-  /** Set ephemeral per-task agent override. Passing null resets to URL agent. */
-  setVirtualMcpId: (id: string | null) => void;
   /** @deprecated No-op */
   resetInteraction: () => void;
+  /** Whether Simple Model Mode is enabled for the org */
+  simpleModeEnabled: boolean;
+  /** The currently selected tier in Simple Model Mode */
+  simpleModeTier: "fast" | "smart" | "thinking";
+  setSimpleModeTier: (tier: "fast" | "smart" | "thinking") => void;
 }
 
 export interface ChatBridgeValue {
   sendMessage: (params: SendMessageParams) => Promise<void>;
+  isStreaming: boolean;
+}
+
+// ============================================================================
+// Model resolution helpers (shared across chat / image / deep-research paths)
+// ============================================================================
+
+type ModelRef = { keyId: string; modelId: string };
+type SimpleTier = "fast" | "smart" | "thinking";
+
+/**
+ * Resolve a stored ModelRef against the currently available keys and models.
+ * Returns null when the ref's key no longer exists. Match is by `modelId`
+ * only within `allModels` — the API-returned model objects don't carry
+ * `keyId` (it's a client-side-only field), so we attach it ourselves.
+ * When the model isn't in the provided list (list still loading, or list
+ * scoped to a different credential), synthesize a minimal AiProviderModel
+ * from the ref so callers always get a routable `{ keyId, modelId }`.
+ */
+function findModel(
+  ref: ModelRef | null,
+  allKeys: AiProviderKey[],
+  allModels: AiProviderModel[],
+  title?: string,
+): AiProviderModel | null {
+  if (!ref) return null;
+  const key = allKeys.find((k) => k.id === ref.keyId);
+  if (!key) return null;
+  const hit = allModels.find((m) => m.modelId === ref.modelId);
+  if (hit) return { ...hit, keyId: ref.keyId };
+  return {
+    modelId: ref.modelId,
+    title: title ?? ref.modelId,
+    keyId: ref.keyId,
+    providerId: key.providerId,
+    description: null,
+    logo: null,
+    capabilities: [],
+    limits: null,
+    costs: null,
+  } as AiProviderModel;
+}
+
+/**
+ * Pick the active Simple Mode tier, validated against the current config.
+ * Handles the case where the stored tier is orphaned (slot unset or Simple
+ * Mode changed server-side). Falls through to the first configured tier.
+ */
+function resolveActiveTier(
+  stored: SimpleTier | null,
+  simpleMode: { chat: Record<SimpleTier, unknown> },
+): SimpleTier {
+  const configured = (["fast", "smart", "thinking"] as const).filter(
+    (t) => simpleMode.chat[t] != null,
+  );
+  if (stored && configured.includes(stored)) return stored;
+  if (configured.includes("smart")) return "smart";
+  return configured[0] ?? "smart";
 }
 
 // ============================================================================
@@ -155,7 +238,6 @@ export interface ChatBridgeValue {
 
 const MAX_APP_CONTEXT_LENGTH = 10_000;
 const MAX_APP_CONTEXT_SOURCES = 10;
-const PENDING_MESSAGE_TTL_MS = 10_000;
 
 const BRIDGE_NOOP: ChatBridgeValue = {
   sendMessage: async () => {
@@ -163,6 +245,7 @@ const BRIDGE_NOOP: ChatBridgeValue = {
       "[ChatBridge] sendMessage called but ActiveTaskProvider not mounted",
     );
   },
+  isStreaming: false,
 };
 
 /** Internal-only type for cross-provider communication */
@@ -189,11 +272,236 @@ interface TaskProviderInternals {
 const ChatStreamCtx = createContext<ChatStreamContextValue | null>(null);
 const ChatTaskCtx = createContext<ChatTaskContextValue | null>(null);
 const ChatPrefsCtx = createContext<ChatPrefsContextValue | null>(null);
-const ChatBridgeCtx = createContext<ChatBridgeValue>(BRIDGE_NOOP);
+/**
+ * ChatBridgeCtx holds a RefObject (not a value) so consumers outside
+ * ActiveTaskProvider always read the latest sendMessage/isStreaming via
+ * `.current` at call time — avoids stale closures when ActiveTaskProvider
+ * mutates the ref after initial render.
+ */
+const ChatBridgeCtx = createContext<React.RefObject<ChatBridgeValue>>({
+  current: BRIDGE_NOOP,
+});
 
 /** Internal context for passing TaskProvider internals to ActiveTaskProvider */
 const TaskInternalsCtx = createContext<TaskProviderInternals | null>(null);
 
+// ============================================================================
+// ChatPrefsProvider — standalone-mountable prefs context
+// ============================================================================
+
+/**
+ * Mounts the prefs context (model/agent/mode selection) without the rest
+ * of the chat infrastructure. Use on routes that have a chat composer but
+ * no active stream — currently `/$org/`. Localstorage-backed selections
+ * (chat model, image model, deep research model, simple-mode tier) sync
+ * automatically with any other mount of this provider via storage events.
+ *
+ * `virtualMcpId` is derived from the URL search param (`virtualmcpid`) with
+ * a decopilot fallback, matching `useChatNavigation` — so the same
+ * provider works on `/$org/` and `/$org/$taskId`.
+ *
+ * On routes that mount `ChatContextProvider`, that wrapper internally
+ * mounts its own `ChatPrefsCtx.Provider` for backwards compatibility; the
+ * inner mount shadows this one. Persistent state still syncs via
+ * localStorage; transient state (chatMode, tiptapDoc, appContexts) is
+ * scoped to whichever mount the consumer is reading from — fine for our
+ * flows because home submit clears the editor and the task page starts
+ * fresh.
+ */
+export function ChatPrefsProvider({ children }: PropsWithChildren) {
+  const { locator } = useProjectContext();
+  const { virtualMcpId: urlVirtualMcpId } = useChatNavigation();
+
+  // Model selection (localStorage-backed)
+  const [storedChatRef, setStoredChatRef] = useLocalStorage<ModelRef | null>(
+    LOCALSTORAGE_KEYS.chatSelectedModel(locator),
+    null,
+  );
+  const [storedImageRef, setStoredImageRef] = useLocalStorage<ModelRef | null>(
+    LOCALSTORAGE_KEYS.chatSelectedImageModel(locator),
+    null,
+  );
+  const [storedDeepResearchRef, setStoredDeepResearchRef] =
+    useLocalStorage<ModelRef | null>(
+      LOCALSTORAGE_KEYS.chatSelectedDeepResearchModel(locator),
+      null,
+    );
+
+  const [sessionCredentialId, setSessionCredentialId] = useState<string | null>(
+    null,
+  );
+
+  const [chatMode, setChatMode] = useState<ChatMode>("default");
+  chatModeForTransportRef.current = chatMode;
+
+  // Simple Model Mode
+  const simpleMode = useSimpleMode();
+  const [storedTier, setStoredTier] = useLocalStorage<SimpleTier | null>(
+    LOCALSTORAGE_KEYS.chatSimpleModeTier(locator),
+    null,
+  );
+  const activeTier = resolveActiveTier(storedTier, simpleMode);
+
+  // AI provider keys + models
+  const keys = useAiProviderKeys();
+  const effectiveKeyId =
+    sessionCredentialId && keys.some((k) => k.id === sessionCredentialId)
+      ? sessionCredentialId
+      : storedChatRef && keys.some((k) => k.id === storedChatRef.keyId)
+        ? storedChatRef.keyId
+        : (keys[0]?.id ?? null);
+  const { models: allKeyModels, isLoading: isModelsQueryLoading } =
+    useAiProviderModels(effectiveKeyId ?? undefined);
+  const effectiveProviderId =
+    keys.find((k) => k.id === effectiveKeyId)?.providerId ?? "anthropic";
+  const defaultModel = selectDefaultModel(
+    allKeyModels,
+    effectiveProviderId,
+    effectiveKeyId ?? undefined,
+  );
+
+  const activeChatSlot = simpleMode.chat[activeTier];
+  const { models: simpleChatModels } = useAiProviderModels(
+    activeChatSlot?.keyId,
+  );
+  const { models: simpleImageModels } = useAiProviderModels(
+    simpleMode.image?.keyId,
+  );
+  const { models: simpleWebResearchModels } = useAiProviderModels(
+    simpleMode.webResearch?.keyId,
+  );
+
+  const validatedStoredChat = findModel(storedChatRef, keys, allKeyModels);
+  const selectedModel: AiProviderModel | null = simpleMode.enabled
+    ? findModel(activeChatSlot, keys, simpleChatModels, activeChatSlot?.title)
+    : (validatedStoredChat ?? defaultModel);
+  const isModelsLoading = !storedChatRef && isModelsQueryLoading;
+
+  const imageModels = allKeyModels.filter((m) =>
+    m.capabilities?.includes("image"),
+  );
+  const validatedStoredImage = findModel(storedImageRef, keys, imageModels);
+  const resolvedImageModel: AiProviderModel | null = simpleMode.enabled
+    ? findModel(
+        simpleMode.image,
+        keys,
+        simpleImageModels,
+        simpleMode.image?.title,
+      )
+    : (validatedStoredImage ?? imageModels[0] ?? null);
+
+  const deepResearchModels = allKeyModels.filter((m) => {
+    const n = m.modelId.toLowerCase().replace(/[^a-z0-9]/g, "");
+    return n.includes("sonar") || n.includes("deepresearch");
+  });
+  const validatedStoredDeepResearch = findModel(
+    storedDeepResearchRef,
+    keys,
+    deepResearchModels,
+  );
+  const defaultDeepResearchModel =
+    deepResearchModels.find((m) => m.modelId === "perplexity/sonar") ??
+    deepResearchModels[0] ??
+    null;
+  const resolvedDeepResearchModel: AiProviderModel | null = simpleMode.enabled
+    ? findModel(
+        simpleMode.webResearch,
+        keys,
+        simpleWebResearchModels,
+        simpleMode.webResearch?.title,
+      )
+    : (validatedStoredDeepResearch ?? defaultDeepResearchModel);
+
+  // selectedVirtualMcp — URL-derived
+  const selectedVirtualMcpData = useVirtualMCP(urlVirtualMcpId);
+  const selectedVirtualMcp: VirtualMCPInfo = selectedVirtualMcpData ?? {
+    id: urlVirtualMcpId,
+    title: "",
+    description: null,
+    icon: null,
+  };
+
+  // App contexts
+  const [appContexts, setAppContextsState] = useState<Record<string, string>>(
+    {},
+  );
+  const setAppContext = (sourceId: string, params: SetAppContextParams) => {
+    const textParts: string[] = [];
+    for (const block of params.content ?? []) {
+      if (block.type === "text" && block.text?.trim()) {
+        textParts.push(block.text.trim());
+      }
+    }
+    const text = textParts.join("\n");
+    if (!text) {
+      clearAppContext(sourceId);
+      return;
+    }
+    if (new TextEncoder().encode(text).length > MAX_APP_CONTEXT_LENGTH) return;
+    setAppContextsState((prev) => {
+      if (
+        Object.keys(prev).length >= MAX_APP_CONTEXT_SOURCES &&
+        !(sourceId in prev)
+      )
+        return prev;
+      return { ...prev, [sourceId]: text };
+    });
+  };
+  const clearAppContext = (sourceId: string) => {
+    setAppContextsState((prev) => {
+      const { [sourceId]: _, ...rest } = prev;
+      return rest;
+    });
+  };
+
+  // Tiptap doc (transient UI state)
+  const [tiptapDoc, setTiptapDoc] = useState<Metadata["tiptapDoc"]>(undefined);
+  const tiptapDocRef = useRef<Metadata["tiptapDoc"]>(tiptapDoc);
+  tiptapDocRef.current = tiptapDoc;
+
+  const value: ChatPrefsContextValue = {
+    selectedModel,
+    setModel: (model: AiProviderModel) => {
+      if (!model.keyId) return;
+      setStoredChatRef({ keyId: model.keyId, modelId: model.modelId });
+      setSessionCredentialId(null);
+    },
+    credentialId: effectiveKeyId,
+    setCredentialId: setSessionCredentialId,
+    allModelsConnections: keys,
+    isModelsLoading,
+    selectedVirtualMcp,
+    imageModel: resolvedImageModel,
+    setImageModel: (model: AiProviderModel | null) => {
+      setStoredImageRef(
+        model?.keyId ? { keyId: model.keyId, modelId: model.modelId } : null,
+      );
+    },
+    deepResearchModel: resolvedDeepResearchModel,
+    setDeepResearchModel: (model: AiProviderModel | null) => {
+      setStoredDeepResearchRef(
+        model?.keyId ? { keyId: model.keyId, modelId: model.modelId } : null,
+      );
+    },
+    chatMode,
+    setChatMode,
+    appContexts,
+    setAppContext,
+    clearAppContext,
+    tiptapDoc,
+    setTiptapDoc,
+    tiptapDocRef,
+    resetInteraction: () => {},
+    simpleModeEnabled: simpleMode.enabled,
+    simpleModeTier: activeTier,
+    setSimpleModeTier: setStoredTier,
+  };
+
+  return (
+    <ChatPrefsCtx.Provider value={value}>{children}</ChatPrefsCtx.Provider>
+  );
+}
+
 // ============================================================================
 // TaskProvider (outer)
 // ============================================================================
@@ -209,49 +517,57 @@ export function ChatContextProvider({
   // URL state
   const {
     taskId: urlTaskId,
-    virtualMcpOverride,
+    virtualMcpId: urlVirtualMcpId,
     navigateToTask: rawNavigateToTask,
-    setVirtualMcpOverride,
   } = useChatNavigation();
 
   // Preferences
   const [preferences] = usePreferences();
   const { markTaskRead } = useTaskReadState();
 
-  // Model selection (localStorage-backed)
-  const [storedModel, setStoredModel] = useLocalStorage<AiProviderModel | null>(
+  // Model selection (localStorage-backed, identifier refs only — metadata
+  // is re-resolved from the live models list every render to avoid staleness).
+  const [storedChatRef, setStoredChatRef] = useLocalStorage<ModelRef | null>(
     LOCALSTORAGE_KEYS.chatSelectedModel(locator),
     null,
   );
-  const [storedCredentialId, setStoredCredentialId] = useLocalStorage<
-    string | null
-  >(LOCALSTORAGE_KEYS.chatSelectedKeyId(locator), null);
-
-  // Image model selection (localStorage-backed).
-  // null = auto-detect from available models, model = user-chosen model.
-  const [storedImageModel, setStoredImageModel] =
-    useLocalStorage<AiProviderModel | null>(
-      LOCALSTORAGE_KEYS.chatSelectedImageModel(locator),
-      null,
-    );
-
-  // Deep research model selection (localStorage-backed).
-  const [storedDeepResearchModel, setStoredDeepResearchModel] =
-    useLocalStorage<AiProviderModel | null>(
+  const [storedImageRef, setStoredImageRef] = useLocalStorage<ModelRef | null>(
+    LOCALSTORAGE_KEYS.chatSelectedImageModel(locator),
+    null,
+  );
+  const [storedDeepResearchRef, setStoredDeepResearchRef] =
+    useLocalStorage<ModelRef | null>(
       LOCALSTORAGE_KEYS.chatSelectedDeepResearchModel(locator),
       null,
     );
 
+  // Session-only credential override. Lets the picker browse models for a
+  // different credential before the user commits via setModel. Resets on
+  // reload — not persisted.
+  const [sessionCredentialId, setSessionCredentialId] = useState<string | null>(
+    null,
+  );
+
   const [chatMode, setChatMode] = useState<ChatMode>("default");
   chatModeForTransportRef.current = chatMode;
 
-  // AI provider keys and models
+  // Simple Model Mode — org-level config.
+  const simpleMode = useSimpleMode();
+  const [storedTier, setStoredTier] = useLocalStorage<SimpleTier | null>(
+    LOCALSTORAGE_KEYS.chatSimpleModeTier(locator),
+    null,
+  );
+  const activeTier = resolveActiveTier(storedTier, simpleMode);
+
+  // AI provider keys and models.
   const keys = useAiProviderKeys();
-  const effectiveKeyId = keys.some((k) => k.id === storedCredentialId)
-    ? storedCredentialId
-    : (keys[0]?.id ?? null);
+  const effectiveKeyId =
+    sessionCredentialId && keys.some((k) => k.id === sessionCredentialId)
+      ? sessionCredentialId
+      : storedChatRef && keys.some((k) => k.id === storedChatRef.keyId)
+        ? storedChatRef.keyId
+        : (keys[0]?.id ?? null);
   // Always fetch models — React Query (staleTime 60s) caches across consumers.
-  // Needed for both default model selection and image model auto-detection.
   const { models: allKeyModels, isLoading: isModelsQueryLoading } =
     useAiProviderModels(effectiveKeyId ?? undefined);
   const effectiveProviderId =
@@ -261,42 +577,72 @@ export function ChatContextProvider({
     effectiveProviderId,
     effectiveKeyId ?? undefined,
   );
-  const selectedModel = storedModel ?? defaultModel;
-  const isModelsLoading = !storedModel && isModelsQueryLoading;
 
-  // Image model auto-detection: always resolve to an available model.
-  // The image tool is enabled whenever an image model exists.
-  // Validate stored selection against current credential's models to avoid
-  // sending a stale model when the user switches keys.
+  // Simple Mode slots can reference any credential, not just effectiveKeyId.
+  // Fetch models for each slot's keyId directly so findModel returns real
+  // AiProviderModel objects with full capabilities (file upload, etc).
+  // Each useAiProviderModels call is a separate, cached React Query — no
+  // duplicate requests when a keyId is reused across slots.
+  const activeChatSlot = simpleMode.chat[activeTier];
+  const { models: simpleChatModels } = useAiProviderModels(
+    activeChatSlot?.keyId,
+  );
+  const { models: simpleImageModels } = useAiProviderModels(
+    simpleMode.image?.keyId,
+  );
+  const { models: simpleWebResearchModels } = useAiProviderModels(
+    simpleMode.webResearch?.keyId,
+  );
+
+  // Validate stored refs against the live models list. When validation fails
+  // we fall through to defaults; the stale ref stays on disk harmlessly and
+  // gets overwritten the next time the user picks a model. (We intentionally
+  // do NOT write to localStorage during render.)
+  const validatedStoredChat = findModel(storedChatRef, keys, allKeyModels);
+
+  // Resolve the chat model: Simple Mode and regular paths are mutually
+  // exclusive — no silent shadowing.
+  const selectedModel: AiProviderModel | null = simpleMode.enabled
+    ? findModel(activeChatSlot, keys, simpleChatModels, activeChatSlot?.title)
+    : (validatedStoredChat ?? defaultModel);
+  const isModelsLoading = !storedChatRef && isModelsQueryLoading;
+
+  // Image model — same split.
   const imageModels = allKeyModels.filter((m) =>
     m.capabilities?.includes("image"),
   );
-  const storedModelIsAvailable =
-    storedImageModel &&
-    imageModels.some((m) => m.modelId === storedImageModel.modelId);
-  const resolvedImageModel: AiProviderModel | null =
-    (storedModelIsAvailable ? storedImageModel : null) ??
-    imageModels[0] ??
-    null;
+  const validatedStoredImage = findModel(storedImageRef, keys, imageModels);
+  const resolvedImageModel: AiProviderModel | null = simpleMode.enabled
+    ? findModel(
+        simpleMode.image,
+        keys,
+        simpleImageModels,
+        simpleMode.image?.title,
+      )
+    : (validatedStoredImage ?? imageModels[0] ?? null);
 
-  // Deep research model auto-detection + user override.
-  // Validates stored selection against current credential's models.
+  // Deep research model — same split.
   const deepResearchModels = allKeyModels.filter((m) => {
     const n = m.modelId.toLowerCase().replace(/[^a-z0-9]/g, "");
     return n.includes("sonar") || n.includes("deepresearch");
   });
-  const storedDeepResearchIsAvailable =
-    storedDeepResearchModel &&
-    deepResearchModels.some(
-      (m) => m.modelId === storedDeepResearchModel.modelId,
-    );
+  const validatedStoredDeepResearch = findModel(
+    storedDeepResearchRef,
+    keys,
+    deepResearchModels,
+  );
   const defaultDeepResearchModel =
     deepResearchModels.find((m) => m.modelId === "perplexity/sonar") ??
     deepResearchModels[0] ??
     null;
-  const resolvedDeepResearchModel: AiProviderModel | null =
-    (storedDeepResearchIsAvailable ? storedDeepResearchModel : null) ??
-    defaultDeepResearchModel;
+  const resolvedDeepResearchModel: AiProviderModel | null = simpleMode.enabled
+    ? findModel(
+        simpleMode.webResearch,
+        keys,
+        simpleWebResearchModels,
+        simpleMode.webResearch?.title,
+      )
+    : (validatedStoredDeepResearch ?? defaultDeepResearchModel);
 
   // Task management (scoped by URL virtualMcpId — task list doesn't change on override)
   const taskManager = useTaskManager(virtualMcpId);
@@ -305,8 +651,8 @@ export function ChatContextProvider({
   // taskId always comes from the URL (seeded by router's validateSearch)
   const effectiveTaskId = urlTaskId;
 
-  // Effective agent: URL override (ephemeral per-task) ?? path param (thread owner)
-  const effectiveVirtualMcpId = virtualMcpOverride ?? virtualMcpId;
+  // Effective agent: URL param ?? prop (thread owner)
+  const effectiveVirtualMcpId = urlVirtualMcpId;
 
   // Single-item fetch for the selected virtual MCP (no full list needed)
   const selectedVirtualMcpData = useVirtualMCP(effectiveVirtualMcpId);
@@ -413,48 +759,75 @@ export function ChatContextProvider({
   // Bridge ref — ActiveTaskProvider registers sendMessage here
   const bridgeRef = useRef<ChatBridgeValue>(BRIDGE_NOOP);
 
-  // Pending message state (replaces module-level Map from useSendToChat)
-  const [pendingMessage, setPendingMessage] = useState<{
-    taskId: string;
-    message: SendMessageParams;
-    createdAt: number;
-  } | null>(null);
-
-  const clearPendingMessage = () => setPendingMessage(null);
-
-  // Navigate to task with read tracking
   const navigateToTask = (
     taskId: string,
-    opts?: { virtualMcpOverride?: string },
+    opts?: { virtualMcpId?: string; autosend?: boolean },
   ) => {
     markTaskRead(taskId);
-    rawNavigateToTask(taskId, opts);
+    rawNavigateToTask(taskId, {
+      virtualMcpId: opts?.virtualMcpId,
+      autosend: opts?.autosend,
+    });
   };
 
-  // Create task (optimistic + navigate), returns new task ID
+  const activeTask = tasks.find((t) => t.id === effectiveTaskId);
+  const currentBranch = activeTask?.branch ?? null;
+  const isBranchLocked = !!activeTask?.branch;
+
+  // Create task — calls COLLECTION_THREADS_CREATE up-front with the active
+  // task's branch so the new thread lands on the same warm sandbox. The
+  // route loader's useEnsureTask will see the row already exists on its
+  // GET and skip the create-on-404 fallback.
+  const taskActions = useTaskActions();
   const createTask = (): string => {
-    const newId = taskManager.createTask();
-    navigateToTask(newId);
+    const newId = crypto.randomUUID();
+    void taskActions.create
+      .mutateAsync({
+        id: newId,
+        virtual_mcp_id: virtualMcpId,
+        ...(currentBranch ? { branch: currentBranch } : {}),
+      } as Partial<Task>)
+      .then(() => navigateToTask(newId))
+      .catch(() => {
+        // create error toast already fired by useCollectionActions; navigate
+        // anyway so the user's not stranded — the route loader's ensure
+        // fallback will retry.
+        navigateToTask(newId);
+      });
     return newId;
   };
 
-  // Create task + queue a pending message for ActiveTaskProvider to consume
+  // Create task + hand off the message via URL ?autosend= so the new
+  // task's ActiveTaskProvider fires it on mount. Propagates currentBranch
+  // only when the new task is on the same vMCP (different vMCPs have their
+  // own vmMap, so carrying a branch across them would land on a cold
+  // sandbox).
   const createTaskWithMessage = (params: {
     message: SendMessageParams;
     virtualMcpId?: string;
   }) => {
-    const newId = taskManager.createTask();
-    navigateToTask(newId, {
-      virtualMcpOverride:
-        params.virtualMcpId && params.virtualMcpId !== virtualMcpId
-          ? params.virtualMcpId
-          : undefined,
-    });
-    setPendingMessage({
-      taskId: newId,
-      message: params.message,
-      createdAt: Date.now(),
-    });
+    const newId = crypto.randomUUID();
+    const targetVmcp = params.virtualMcpId ?? virtualMcpId;
+    const carryBranch = targetVmcp === virtualMcpId ? currentBranch : null;
+    writeStoredAutosend(sessionStorage, locator, newId, params.message);
+    void taskActions.create
+      .mutateAsync({
+        id: newId,
+        virtual_mcp_id: targetVmcp,
+        ...(carryBranch ? { branch: carryBranch } : {}),
+      } as Partial<Task>)
+      .then(() =>
+        navigateToTask(newId, {
+          virtualMcpId: params.virtualMcpId,
+          autosend: true,
+        }),
+      )
+      .catch(() => {
+        navigateToTask(newId, {
+          virtualMcpId: params.virtualMcpId,
+          autosend: true,
+        });
+      });
   };
 
   // Hide task (switch to next after hiding)
@@ -482,31 +855,42 @@ export function ChatContextProvider({
     hideTask,
     renameTask: taskManager.renameTask,
     setTaskStatus: taskManager.setTaskStatus,
+    currentBranch,
+    isBranchLocked,
+    setCurrentTaskBranch: (branch: string | null) => {
+      if (effectiveTaskId) {
+        taskManager.setTaskBranch(effectiveTaskId, branch);
+      }
+    },
     ownerFilter: taskManager.ownerFilter,
     setOwnerFilter: taskManager.setOwnerFilter,
     isFilterChangePending: taskManager.isFilterChangePending ?? false,
-    pendingMessage,
-    clearPendingMessage,
   };
 
   const prefsValue: ChatPrefsContextValue = {
     selectedModel,
     setModel: (model: AiProviderModel) => {
-      setStoredModel(model);
-      if (model.keyId) setStoredCredentialId(model.keyId);
+      if (!model.keyId) return;
+      setStoredChatRef({ keyId: model.keyId, modelId: model.modelId });
+      // Clear session override — the new model's keyId is the new source of truth.
+      setSessionCredentialId(null);
     },
     credentialId: effectiveKeyId,
-    setCredentialId: setStoredCredentialId,
+    setCredentialId: setSessionCredentialId,
     allModelsConnections: keys,
     isModelsLoading,
     selectedVirtualMcp,
     imageModel: resolvedImageModel,
     setImageModel: (model: AiProviderModel | null) => {
-      setStoredImageModel(model);
+      setStoredImageRef(
+        model?.keyId ? { keyId: model.keyId, modelId: model.modelId } : null,
+      );
     },
     deepResearchModel: resolvedDeepResearchModel,
     setDeepResearchModel: (model: AiProviderModel | null) => {
-      setStoredDeepResearchModel(model);
+      setStoredDeepResearchRef(
+        model?.keyId ? { keyId: model.keyId, modelId: model.modelId } : null,
+      );
     },
     chatMode,
     setChatMode,
@@ -516,8 +900,10 @@ export function ChatContextProvider({
     tiptapDoc,
     setTiptapDoc,
     tiptapDocRef,
-    setVirtualMcpId: setVirtualMcpOverride,
     resetInteraction: () => {},
+    simpleModeEnabled: simpleMode.enabled,
+    simpleModeTier: activeTier,
+    setSimpleModeTier: setStoredTier,
   };
 
   const internals: TaskProviderInternals = {
@@ -537,7 +923,7 @@ export function ChatContextProvider({
   return (
     <ChatTaskCtx.Provider value={taskValue}>
       <ChatPrefsCtx.Provider value={prefsValue}>
-        <ChatBridgeCtx.Provider value={bridgeRef.current}>
+        <ChatBridgeCtx.Provider value={bridgeRef}>
           <TaskInternalsCtx.Provider value={internals}>
             {children}
           </TaskInternalsCtx.Provider>
@@ -555,8 +941,16 @@ export function ActiveTaskProvider({
   taskId,
   children,
 }: PropsWithChildren<{ taskId: string }>) {
-  const { virtualMcpId, tasks, pendingMessage, clearPendingMessage } =
-    useChatTask();
+  const { virtualMcpId, tasks, currentBranch } = useChatTask();
+
+  // Fire chat_opened once per (page session × taskId). Runs during render, but
+  // the Set gate keeps it idempotent. Fires for every thread a user views —
+  // new or existing — giving us a "chat session view" signal distinct from
+  // chat_started (thread creation).
+  if (taskId && !openedChats.has(taskId)) {
+    openedChats.add(taskId);
+    track("chat_opened", { thread_id: taskId });
+  }
   const {
     selectedModel,
     imageModel,
@@ -585,7 +979,7 @@ export function ActiveTaskProvider({
     bridgeRef,
   } = internals;
 
-  const { org } = useProjectContext();
+  const { org, locator } = useProjectContext();
 
   // Messages for current task (from React Query / server) — this is what suspends
   const serverMessages = useTaskMessages(taskId || null);
@@ -594,6 +988,7 @@ export function ActiveTaskProvider({
   const [chatError, setChatError] = useState<Error | null>(null);
 
   const onToolCall = useInvalidateCollectionsOnToolCall();
+  const queryClient = useQueryClient();
 
   // AI SDK — useChat with taskId as id (multiplexed)
   const chat = useAIChat<ChatMessage>({
@@ -606,6 +1001,13 @@ export function ActiveTaskProvider({
     onFinish: (payload: FinishPayload) => {
       setFinishReason(payload.finishReason ?? null);
 
+      // Refresh download chips for files share_with_user produced this turn.
+      if (taskId) {
+        queryClient.invalidateQueries({
+          queryKey: KEYS.threadOutputs(taskId),
+        });
+      }
+
       const serverThreadId = (payload.message.metadata as Metadata | undefined)
         ?.thread_id;
 
@@ -665,7 +1067,7 @@ export function ActiveTaskProvider({
     messages.length > 0;
 
   // Stream manager (SSE + resume) — task-scoped
-  useStreamManager(taskId, org.id, chat);
+  useStreamManager(taskId, chat, thread?.status);
 
   // sendMessage — captures context at call time
   async function sendMessageInternal(params: SendMessageParams): Promise<void> {
@@ -692,6 +1094,7 @@ export function ActiveTaskProvider({
       created_at: new Date().toISOString(),
       thread_id: capturedTaskId,
       agent: { id: capturedVirtualMcpId },
+      ...(currentBranch ? { branch: currentBranch } : {}),
       user: {
         avatar: user?.image ?? undefined,
         name: user?.name ?? "you",
@@ -788,29 +1191,29 @@ export function ActiveTaskProvider({
   };
 
   // Register sendMessage on the bridge so TaskProvider-level code can call it
-  bridgeRef.current = { sendMessage: sendMessageInternal };
-
-  // Consume pending message when this task is the target
-  const pendingConsumedRef = useRef<string | null>(null);
-  if (
-    pendingMessage &&
-    pendingMessage.taskId === taskId &&
-    pendingConsumedRef.current !== taskId
-  ) {
-    // TTL check: discard stale messages
-    const age = Date.now() - pendingMessage.createdAt;
-    if (age < PENDING_MESSAGE_TTL_MS) {
-      pendingConsumedRef.current = taskId;
-      const msg = pendingMessage.message;
-      queueMicrotask(() => {
-        void sendMessageInternal(msg);
-        clearPendingMessage();
-      });
-    } else {
-      // Stale — silently discard
-      queueMicrotask(() => clearPendingMessage());
-    }
-  }
+  bridgeRef.current = {
+    sendMessage: sendMessageInternal,
+    isStreaming: chat.status === "submitted" || chat.status === "streaming",
+  };
+
+  // Autosend consumer: the URL carries only `autosend=true`; the message
+  // body lives in sessionStorage keyed by locator + taskId. It only boots empty
+  // threads, and the stored status gates duplicate sends across remounts.
+  const autosendSearch = useSearch({ strict: false }) as { autosend?: string };
+  const shouldAutosend = autosendSearch.autosend === AUTOSEND_QUERY_VALUE;
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect, react-hooks/exhaustive-deps -- storage status, not function identity, gates duplicate sends
+  useEffect(() => {
+    if (!shouldAutosend) return;
+    if (messages.length > 0) return;
+
+    const payload = claimStoredAutosend(sessionStorage, locator, taskId);
+    if (!payload) return;
+
+    void sendMessageInternal(payload.message).then(() => {
+      clearStoredAutosend(sessionStorage, locator, taskId);
+    });
+    // oxlint-disable-next-line eslint-plugin-react-hooks/exhaustive-deps -- storage status, not function identity, gates duplicate sends
+  }, [shouldAutosend, messages.length, locator, taskId, sendMessageInternal]);
 
   const streamValue: ChatStreamContextValue = {
     messages,
@@ -870,6 +1273,20 @@ export function useOptionalChatPrefs(): ChatPrefsContextValue | null {
   return useContext(ChatPrefsCtx);
 }
 
+export function useOptionalChatTask(): ChatTaskContextValue | null {
+  return useContext(ChatTaskCtx);
+}
+
 export function useChatBridge(): ChatBridgeValue {
-  return useContext(ChatBridgeCtx);
+  const ref = useContext(ChatBridgeCtx);
+  // Return wrappers that read .current at call time. Destructuring
+  // `{ sendMessage }` still sees the latest implementation even when the
+  // ref is mutated after this hook call (which is the case when
+  // ActiveTaskProvider registers sendMessage after the consumer mounts).
+  return {
+    sendMessage: (params) => ref.current.sendMessage(params),
+    get isStreaming() {
+      return ref.current.isStreaming;
+    },
+  };
 }
diff --git a/apps/mesh/src/web/components/chat/context-panel.tsx b/apps/mesh/src/web/components/chat/context-panel.tsx
index aa6ba9b178..56bde4bbad 100644
--- a/apps/mesh/src/web/components/chat/context-panel.tsx
+++ b/apps/mesh/src/web/components/chat/context-panel.tsx
@@ -232,11 +232,22 @@ export function ChatContextPanel({
     }>,
   );
 
-  const contextWindow = selectedModel?.limits?.contextWindow ?? null;
+  // Context % = last assistant turn's end-of-turn fill, NOT cumulative billed tokens.
+  const lastAssistantMessage = [...(messages as ChatMessage[])]
+    .reverse()
+    .find((m) => m.role === "assistant" && m.metadata?.usage);
+  const lastAssistantUsage = lastAssistantMessage?.metadata?.usage;
+  // Prefer runtime-reported limits (Claude Code fills these from CLI result); fall back to catalog.
+  const contextWindow =
+    lastAssistantMessage?.metadata?.modelLimits?.contextWindow ??
+    selectedModel?.limits?.contextWindow ??
+    null;
+  const contextFillTokens =
+    lastAssistantUsage?.contextTokens ?? lastAssistantUsage?.totalTokens ?? 0;
 
   const usagePct =
     contextWindow && contextWindow > 0
-      ? ((stats.totalTokens / contextWindow) * 100).toFixed(1)
+      ? ((contextFillTokens / contextWindow) * 100).toFixed(1)
       : null;
 
   // Per-role token breakdown from message metadata
@@ -301,7 +312,7 @@ export function ChatContextPanel({
       value: contextWindow ? formatTokens(contextWindow) : "—",
     },
     {
-      label: "Total Tokens",
+      label: "Session Tokens (billed)",
       value: stats.totalTokens > 0 ? formatTokens(stats.totalTokens) : "0",
     },
     {
@@ -458,9 +469,88 @@ export function ChatContextPanel({
                       )}
                     </button>
                     {isExpanded && (
-                      <pre className="text-xs font-mono bg-muted px-3 py-2 overflow-auto whitespace-pre-wrap break-all border-t border-border/50 max-h-64">
-                        {JSON.stringify(m, null, 2)}
-                      </pre>
+                      <>
+                        {m.role === "assistant" &&
+                          (() => {
+                            const req = (
+                              m.metadata as {
+                                _request?: {
+                                  systemSections?: {
+                                    chars: number;
+                                    preview: string;
+                                  }[];
+                                  tools?: number;
+                                  activeTools?: number;
+                                };
+                              }
+                            )?._request;
+                            if (!req) return null;
+                            const sections = req.systemSections ?? [];
+                            const maxChars = Math.max(
+                              1,
+                              ...sections.map((s) => s.chars),
+                            );
+                            const totalChars = sections.reduce(
+                              (sum, s) => sum + s.chars,
+                              0,
+                            );
+                            return (
+                              <div className="border-t border-border/50 px-3 py-2.5 text-xs space-y-2.5">
+                                <div className="flex items-center justify-between">
+                                  <span className="font-medium text-foreground">
+                                    Request
+                                  </span>
+                                  <span className="text-muted-foreground tabular-nums">
+                                    {req.activeTools ?? 0} / {req.tools ?? 0}{" "}
+                                    tools active
+                                  </span>
+                                </div>
+                                {sections.length > 0 && (
+                                  <div className="space-y-1.5">
+                                    <div className="text-muted-foreground">
+                                      System prompt{" "}
+                                      <span className="tabular-nums">
+                                        ~
+                                        {Math.round(
+                                          totalChars / 4,
+                                        ).toLocaleString()}{" "}
+                                        tok
+                                      </span>
+                                    </div>
+                                    {sections.map((s, i) => {
+                                      const tag =
+                                        s.preview.match(/^<([a-z-]+)/i)?.[1] ??
+                                        `section ${i}`;
+                                      const pct = (s.chars / maxChars) * 100;
+                                      const tok = Math.round(s.chars / 4);
+                                      return (
+                                        <div key={i} className="space-y-0.5">
+                                          <div className="flex items-center justify-between gap-2">
+                                            <span className="font-mono text-foreground truncate">
+                                              {tag}
+                                            </span>
+                                            <span className="text-muted-foreground tabular-nums shrink-0">
+                                              ~{tok.toLocaleString()} tok
+                                            </span>
+                                          </div>
+                                          <div className="h-1 w-full rounded-full bg-muted overflow-hidden">
+                                            <div
+                                              className="h-full rounded-full bg-chart-3"
+                                              style={{ width: `${pct}%` }}
+                                            />
+                                          </div>
+                                        </div>
+                                      );
+                                    })}
+                                  </div>
+                                )}
+                              </div>
+                            );
+                          })()}
+                        <pre className="text-xs font-mono bg-muted px-3 py-2 overflow-auto whitespace-pre-wrap break-all border-t border-border/50 max-h-64">
+                          {JSON.stringify(m, null, 2)}
+                        </pre>
+                      </>
                     )}
                   </div>
                 );
diff --git a/apps/mesh/src/web/components/chat/context.tsx b/apps/mesh/src/web/components/chat/context.tsx
index b695407b03..579ff778e0 100644
--- a/apps/mesh/src/web/components/chat/context.tsx
+++ b/apps/mesh/src/web/components/chat/context.tsx
@@ -1,22 +1,23 @@
 /**
- * Chat Context — consumer hooks from split provider architecture.
+ * Chat Context — consumer hooks from merged provider architecture.
  *
  * Use the specific hooks for fine-grained subscriptions:
- *   useChatStream() — messages, status, streaming state (under ActiveTaskProvider)
- *   useChatTask() — tasks, navigation, virtualMcpId (under TaskProvider)
- *   useChatPrefs() — model selection, app contexts, tiptap (under TaskProvider)
- *   useChatBridge() — bridge to active task's sendMessage (under TaskProvider)
+ *   useChatStream() — messages, status, streaming state
+ *   useChatTask() — tasks, navigation, virtualMcpId
+ *   useChatPrefs() — model selection, app contexts, tiptap
  */
 
 export {
-  ChatContextProvider,
+  ChatContextProvider as ChatProvider,
+  ChatPrefsProvider,
   ActiveTaskProvider,
+  useChatBridge,
   useChatTask,
+  useOptionalChatTask,
   useChatStream,
   useOptionalChatStream,
   useChatPrefs,
   useOptionalChatPrefs,
-  useChatBridge,
   type ChatStreamContextValue,
   type ChatTaskContextValue,
   type ChatPrefsContextValue,
diff --git a/apps/mesh/src/web/components/chat/credits-empty-state.tsx b/apps/mesh/src/web/components/chat/credits-empty-state.tsx
index 426ed8f4c0..54cfc8e8d2 100644
--- a/apps/mesh/src/web/components/chat/credits-empty-state.tsx
+++ b/apps/mesh/src/web/components/chat/credits-empty-state.tsx
@@ -7,7 +7,8 @@
  * so it doesn't reappear. The normal home page renders underneath.
  */
 
-import { useState } from "react";
+import { useEffect, useState } from "react";
+import { track } from "@/web/lib/posthog-client";
 import { Coins04, ArrowRight } from "@untitledui/icons";
 import { Button } from "@deco/ui/components/button.tsx";
 import { Input } from "@deco/ui/components/input.tsx";
@@ -66,6 +67,7 @@ export function CreditsEmptyState() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const [open, setOpen] = useState(true);
@@ -75,6 +77,7 @@ export function CreditsEmptyState() {
   const currencySymbol = currency === "brl" ? "R$" : "$";
 
   const dismiss = () => {
+    track("credits_empty_state_dismissed", { organization_id: org.id });
     setOpen(false);
     try {
       localStorage.setItem(dismissKeyForOrg(org.id), "1");
@@ -83,6 +86,13 @@ export function CreditsEmptyState() {
     }
   };
 
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect
+  useEffect(() => {
+    if (open) {
+      track("credits_empty_state_shown", { organization_id: org.id });
+    }
+  }, [open, org.id]);
+
   const { mutate: topUp, isPending } = useMutation({
     mutationFn: async (amountCents: number) => {
       const result = (await client.callTool({
@@ -175,7 +185,15 @@ export function CreditsEmptyState() {
                   key={dollars}
                   type="button"
                   disabled={isPending}
-                  onClick={() => topUp(dollars * 100)}
+                  onClick={() => {
+                    track("credits_topup_clicked", {
+                      amount_cents: dollars * 100,
+                      currency,
+                      tier_label: label,
+                      source: "empty_state",
+                    });
+                    topUp(dollars * 100);
+                  }}
                   className={cn(
                     "relative flex flex-col items-center gap-1 py-6 rounded-xl border transition-all duration-150 cursor-pointer",
                     "disabled:opacity-50 disabled:cursor-wait",
@@ -212,7 +230,15 @@ export function CreditsEmptyState() {
                 <Button
                   className="h-10"
                   disabled={!isCustomValid || isPending}
-                  onClick={() => topUp(Math.round(customNum * 100))}
+                  onClick={() => {
+                    track("credits_topup_clicked", {
+                      amount_cents: Math.round(customNum * 100),
+                      currency,
+                      tier_label: "custom",
+                      source: "empty_state",
+                    });
+                    topUp(Math.round(customNum * 100));
+                  }}
                 >
                   {isPending ? "Opening..." : "Add"}
                 </Button>
diff --git a/apps/mesh/src/web/components/chat/credits-exhausted-banner.tsx b/apps/mesh/src/web/components/chat/credits-exhausted-banner.tsx
index 6220e18621..3a2c9303d4 100644
--- a/apps/mesh/src/web/components/chat/credits-exhausted-banner.tsx
+++ b/apps/mesh/src/web/components/chat/credits-exhausted-banner.tsx
@@ -6,7 +6,8 @@
  * or navigate to settings for full provider management.
  */
 
-import { useState } from "react";
+import { useEffect, useState } from "react";
+import { track } from "@/web/lib/posthog-client";
 import { Check } from "@untitledui/icons";
 import { Button } from "@deco/ui/components/button.tsx";
 import {
@@ -71,6 +72,7 @@ export function CreditsExhaustedBanner({
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const [customAmount, setCustomAmount] = useState("");
@@ -78,6 +80,11 @@ export function CreditsExhaustedBanner({
   const [currency, setCurrency] = useState<"usd" | "brl">("usd");
   const currencySymbol = currency === "brl" ? "R$" : "$";
 
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect
+  useEffect(() => {
+    track("credits_exhausted_shown", { organization_id: org.id });
+  }, [org.id]);
+
   const { mutate: topUp, isPending } = useMutation({
     mutationFn: async (amountCents: number) => {
       const result = (await client.callTool({
@@ -181,7 +188,15 @@ export function CreditsExhaustedBanner({
                     key={dollars}
                     type="button"
                     disabled={isPending}
-                    onClick={() => topUp(dollars * 100)}
+                    onClick={() => {
+                      track("credits_topup_clicked", {
+                        amount_cents: dollars * 100,
+                        currency,
+                        tier_label: label,
+                        source: "exhausted_banner",
+                      });
+                      topUp(dollars * 100);
+                    }}
                     className={cn(
                       "relative flex flex-col items-center gap-1 py-5 rounded-xl border transition-all duration-150 cursor-pointer",
                       "disabled:opacity-50 disabled:cursor-wait",
@@ -220,7 +235,15 @@ export function CreditsExhaustedBanner({
                   <Button
                     className="h-10"
                     disabled={!isCustomValid || isPending}
-                    onClick={() => topUp(Math.round(customNum * 100))}
+                    onClick={() => {
+                      track("credits_topup_clicked", {
+                        amount_cents: Math.round(customNum * 100),
+                        currency,
+                        tier_label: "custom",
+                        source: "exhausted_banner",
+                      });
+                      topUp(Math.round(customNum * 100));
+                    }}
                   >
                     {isPending ? "Opening..." : "Add"}
                   </Button>
diff --git a/apps/mesh/src/web/components/chat/derive-parts.ts b/apps/mesh/src/web/components/chat/derive-parts.ts
index 4342744e5f..8f43584320 100644
--- a/apps/mesh/src/web/components/chat/derive-parts.ts
+++ b/apps/mesh/src/web/components/chat/derive-parts.ts
@@ -205,13 +205,13 @@ export function derivePartsFromTiptapDoc(
           | unknown[]
           | null;
         if (meta && !Array.isArray(meta) && "agentId" in meta) {
-          // Agent mention: instruct the AI to use open_in_agent tool
+          // Agent mention: instruct the AI to delegate via subtask
           parts.push({
             type: "text",
             text:
-              `[OPEN IN AGENT: ${(meta as { title?: string }).title ?? node.attrs.name} (agent_id: ${(meta as { agentId: string }).agentId})]\n` +
-              `Use the open_in_agent tool to hand off this task to the agent above. ` +
-              `Include the full relevant context from this conversation in the context field.`,
+              `[DELEGATE TO AGENT: ${(meta as { title?: string }).title ?? node.attrs.name} (agent_id: ${(meta as { agentId: string }).agentId})]\n` +
+              `Use the subtask tool to delegate this task to the agent above. ` +
+              `Include the full relevant context from this conversation in the prompt field — the subagent has no conversation history.`,
           });
         } else if (Array.isArray(meta)) {
           // Resource mention: metadata is ReadResourceResult.contents
diff --git a/apps/mesh/src/web/components/chat/hooks/use-chat-navigation.ts b/apps/mesh/src/web/components/chat/hooks/use-chat-navigation.ts
index 8528ccc249..365347614d 100644
--- a/apps/mesh/src/web/components/chat/hooks/use-chat-navigation.ts
+++ b/apps/mesh/src/web/components/chat/hooks/use-chat-navigation.ts
@@ -1,90 +1,55 @@
-/**
- * useChatNavigation — URL-driven chat state.
- *
- * Reads taskId from path params and virtualmcpid from search params.
- * virtualMcpId is never null — defaults to the well-known decopilot virtual MCP.
- * virtualMcpOverride is an optional search param for ephemeral per-task agent switching.
- */
-
 import { useRef } from "react";
 import { getWellKnownDecopilotVirtualMCP } from "@decocms/mesh-sdk";
 import { useNavigate, useParams, useSearch } from "@tanstack/react-router";
 import { useProjectContext } from "@decocms/mesh-sdk";
+import { AUTOSEND_QUERY_VALUE } from "@/web/lib/autosend";
 
 export interface ChatNavigation {
+  /** Resolved vMCP for the current chat — either the URL param or the well-known decopilot. */
   virtualMcpId: string;
-  virtualMcpOverride: string | undefined;
-  /** Always defined — resolved from the `/$org/$taskId` path param. */
+  /** Always defined — `/$org/$taskId` path param, or a stable fallback for routes that don't have it. */
   taskId: string;
+  /** Navigate to a task. `virtualMcpId` becomes `?virtualmcpid=`. `autosend` tells the task route to consume the stored handoff message. */
   navigateToTask: (
     taskId: string,
-    opts?: { virtualMcpOverride?: string },
+    opts?: { virtualMcpId?: string; autosend?: boolean },
   ) => void;
-  setVirtualMcpOverride: (id: string | null) => void;
 }
 
 export function useChatNavigation(): ChatNavigation {
   const navigate = useNavigate();
   const { org } = useProjectContext();
-  const search = useSearch({ strict: false }) as {
-    virtualmcpid?: string;
-    virtualMcpOverride?: string;
-  };
-
-  const routeParams = useParams({ strict: false }) as {
-    org?: string;
-    taskId?: string;
-  };
+  const search = useSearch({ strict: false }) as { virtualmcpid?: string };
+  const routeParams = useParams({ strict: false }) as { taskId?: string };
 
   const virtualMcpId =
     search.virtualmcpid ?? getWellKnownDecopilotVirtualMCP(org.id).id;
 
   const navigateToTask = (
     taskId: string,
-    opts?: { virtualMcpOverride?: string },
+    opts?: { virtualMcpId?: string; autosend?: boolean },
   ) => {
-    // Reset panel state — only preserve virtualmcpid + tasks panel visibility.
-    // This ensures panel layout defaults kick in for the new task.
     navigate({
       to: "/$org/$taskId",
       params: { org: org.slug, taskId },
       search: (prev: Record<string, unknown>) => {
         const next: Record<string, unknown> = {};
-        if (prev.virtualmcpid) next.virtualmcpid = prev.virtualmcpid;
+        const vmcp = opts?.virtualMcpId ?? prev.virtualmcpid;
+        if (vmcp) next.virtualmcpid = vmcp;
         if (prev.tasks) next.tasks = prev.tasks;
-        if (opts?.virtualMcpOverride) {
-          next.virtualMcpOverride = opts.virtualMcpOverride;
-        }
+        if (prev.main) next.main = prev.main;
+        if (prev.chat) next.chat = prev.chat;
+        if (opts?.autosend) next.autosend = AUTOSEND_QUERY_VALUE;
         return next;
       },
     });
   };
 
-  const setVirtualMcpOverride = (id: string | null) => {
-    navigate({
-      search: (prev: Record<string, unknown>) => {
-        const next = { ...prev };
-        if (id) {
-          next.virtualMcpOverride = id;
-        } else {
-          delete next.virtualMcpOverride;
-        }
-        return next;
-      },
-    } as never);
-  };
-
   // On unified chat routes the taskId is a path param.
   // On other routes (e.g. settings) Chat.Provider still mounts but taskId is
   // absent — fall back to a stable generated ID so the provider works everywhere.
   const fallbackRef = useRef(crypto.randomUUID());
   const taskId = routeParams.taskId ?? fallbackRef.current;
 
-  return {
-    virtualMcpId,
-    virtualMcpOverride: search.virtualMcpOverride,
-    taskId,
-    navigateToTask,
-    setVirtualMcpOverride,
-  };
+  return { virtualMcpId, taskId, navigateToTask };
 }
diff --git a/apps/mesh/src/web/components/chat/hooks/use-stream-manager.ts b/apps/mesh/src/web/components/chat/hooks/use-stream-manager.ts
index b961f7dccc..8bf241fcfd 100644
--- a/apps/mesh/src/web/components/chat/hooks/use-stream-manager.ts
+++ b/apps/mesh/src/web/components/chat/hooks/use-stream-manager.ts
@@ -4,9 +4,9 @@
  * Listens for SSE events on the active task and resumes disconnected streams.
  */
 
-import { useRef } from "react";
+import { useRef, useSyncExternalStore } from "react";
 import { useQueryClient } from "@tanstack/react-query";
-import { useProjectContext } from "@decocms/mesh-sdk";
+import { useProjectContext, type ThreadDisplayStatus } from "@decocms/mesh-sdk";
 import type { UseChatHelpers } from "@ai-sdk/react";
 import { useDecopilotEvents } from "../../../hooks/use-decopilot-events";
 import { KEYS } from "../../../lib/query-keys";
@@ -16,18 +16,22 @@ const MAX_RESUME_RETRIES = 3;
 
 export function useStreamManager(
   threadId: string,
-  orgId: string,
   chat: UseChatHelpers<ChatMessage>,
+  threadStatus: ThreadDisplayStatus | undefined,
 ) {
-  const { locator } = useProjectContext();
+  const { locator, org } = useProjectContext();
   const queryClient = useQueryClient();
 
-  const hasResumedRef = useRef<string | null>(null);
+  // Per-mount in-flight guard (NOT module-scoped — useChat is per-mount, not
+  // shared by id). StrictMode double-mount fires /attach twice; server treats
+  // concurrent attaches as idempotent JetStream reads.
+  const resumeInFlightRef = useRef(false);
   const resumeFailCountRef = useRef(0);
   const prevThreadIdRef = useRef(threadId);
   if (prevThreadIdRef.current !== threadId) {
     prevThreadIdRef.current = threadId;
     resumeFailCountRef.current = 0;
+    resumeInFlightRef.current = false;
   }
 
   const invalidateThreadList = () => {
@@ -47,33 +51,80 @@ export function useStreamManager(
     });
   };
 
+  const invalidateThreadOutputs = () => {
+    if (!threadId) return;
+    queryClient.invalidateQueries({
+      queryKey: KEYS.threadOutputs(threadId),
+    });
+  };
+
   const isChatActive = () =>
     chat.status === "submitted" || chat.status === "streaming";
 
   const tryResumeStream = (reason: string) => {
-    if (!threadId || hasResumedRef.current === threadId) return;
+    if (!threadId) return;
+    if (resumeInFlightRef.current) return;
     if (resumeFailCountRef.current >= MAX_RESUME_RETRIES) return;
     if (isChatActive()) return;
-    hasResumedRef.current = threadId;
+    resumeInFlightRef.current = true;
 
     console.log(`[chat] resumeStream (${reason})`, threadId);
-    chat.resumeStream().catch((err: unknown) => {
-      console.error("[chat] resumeStream error", err);
-      resumeFailCountRef.current++;
-      hasResumedRef.current = null;
-      invalidateThreadList();
-      invalidateMessages();
-    });
+    chat
+      .resumeStream()
+      .then(() => {
+        resumeInFlightRef.current = false;
+        resumeFailCountRef.current = 0;
+      })
+      .catch((err: unknown) => {
+        console.error("[chat] resumeStream error", err);
+        resumeFailCountRef.current++;
+        resumeInFlightRef.current = false;
+        invalidateThreadList();
+        invalidateMessages();
+      });
   };
 
+  // Auto-resume on mount / task switch. "expired" = stuck in-progress runs.
+  // Triggered via useSyncExternalStore.subscribe so the kick-off runs post-mount,
+  // avoiding React's "state update on unmounted component" warning when /attach
+  // returns 204 fast in StrictMode. Subscribe identity is stable per-threadId;
+  // tryResumeStream is read through a ref so subscribe sees the latest closure.
+  const tryResumeStreamRef = useRef(tryResumeStream);
+  tryResumeStreamRef.current = tryResumeStream;
+  const threadStatusRef = useRef(threadStatus);
+  threadStatusRef.current = threadStatus;
+
+  const autoResumeSubscribeRef = useRef<
+    ((onChange: () => void) => () => void) | null
+  >(null);
+  const autoResumeSubscribeThreadRef = useRef<string | null>(null);
+  if (autoResumeSubscribeThreadRef.current !== threadId) {
+    autoResumeSubscribeThreadRef.current = threadId;
+    autoResumeSubscribeRef.current = (_onChange: () => void) => {
+      const s = threadStatusRef.current;
+      if (threadId && (s === "in_progress" || s === "expired")) {
+        tryResumeStreamRef.current("auto-mount-or-status");
+      }
+      return () => {};
+    };
+  }
+  useSyncExternalStore(
+    autoResumeSubscribeRef.current!,
+    () => threadId,
+    () => threadId,
+  );
+
   // Task-scoped SSE (for stream resume on this specific task)
   useDecopilotEvents({
-    orgId,
+    orgSlug: org.slug,
     taskId: threadId,
     onStep: () => tryResumeStream("sse-step"),
     onFinish: () => {
+      // Always refresh download chips — fires for both active and resume
+      // paths. Cheap (one GET, prefix-scoped listing).
+      invalidateThreadOutputs();
       if (!isChatActive()) {
-        hasResumedRef.current = null;
+        resumeInFlightRef.current = false;
         resumeFailCountRef.current = 0;
         invalidateThreadList();
         setTimeout(invalidateMessages, 2000);
diff --git a/apps/mesh/src/web/components/chat/ice-breakers.tsx b/apps/mesh/src/web/components/chat/ice-breakers.tsx
index e5810815ab..25ba111d1f 100644
--- a/apps/mesh/src/web/components/chat/ice-breakers.tsx
+++ b/apps/mesh/src/web/components/chat/ice-breakers.tsx
@@ -360,7 +360,11 @@ function IceBreakersContent({ connectionId }: { connectionId: string | null }) {
   const { org } = useProjectContext();
 
   // Fetch prompts from the aggregated virtual MCP
-  const client = useMCPClient({ connectionId, orgId: org.id });
+  const client = useMCPClient({
+    connectionId,
+    orgId: org.id,
+    orgSlug: org.slug,
+  });
   const { data } = useMCPPromptsList({ client, staleTime: 60000 });
   const prompts = data?.prompts ?? [];
 
diff --git a/apps/mesh/src/web/components/chat/index.tsx b/apps/mesh/src/web/components/chat/index.tsx
index 549d859c3f..4ca195ff64 100644
--- a/apps/mesh/src/web/components/chat/index.tsx
+++ b/apps/mesh/src/web/components/chat/index.tsx
@@ -1,10 +1,8 @@
 import { cn } from "@deco/ui/lib/utils.ts";
 import type { PropsWithChildren } from "react";
-import {
-  ChatContextProvider,
-  ActiveTaskProvider,
-  useChatStream,
-} from "./context";
+import { ActiveTaskProvider, ChatProvider, useChatStream } from "./context";
+
+export { useChatTask } from "./context";
 import { IceBreakers } from "./ice-breakers";
 import { ChatInput } from "./input";
 import { MessagePair, useMessagePairs } from "./message/pair.tsx";
@@ -13,7 +11,6 @@ import { CreditsEmptyState } from "./credits-empty-state";
 import { CreditsExhaustedBanner } from "./credits-exhausted-banner";
 import { CreditsEyebrow, NoCreditsEyebrow } from "./credits-eyebrow";
 import { DecoChatSkeleton } from "./skeleton";
-export { useChatTask } from "./context";
 export type { VirtualMCPInfo } from "./select-virtual-mcp";
 export type { ChatMessage, ChatStatus } from "./types.ts";
 
@@ -126,7 +123,7 @@ export const Chat = Object.assign(ChatRoot, {
   EmptyState: ChatEmptyState,
   Footer: ChatFooter,
   Input: ChatInput,
-  Provider: ChatContextProvider,
+  Provider: ChatProvider,
   ActiveTaskProvider: ActiveTaskProvider,
   Skeleton: DecoChatSkeleton,
   IceBreakers: IceBreakers,
diff --git a/apps/mesh/src/web/components/chat/input.tsx b/apps/mesh/src/web/components/chat/input.tsx
index ca87ad6794..9830e4f68d 100644
--- a/apps/mesh/src/web/components/chat/input.tsx
+++ b/apps/mesh/src/web/components/chat/input.tsx
@@ -1,11 +1,13 @@
 import { isModKey } from "@/web/lib/keyboard-shortcuts";
 import { calculateUsageStats } from "@/web/lib/usage-utils.ts";
+import { AUTOSEND_QUERY_VALUE, writeStoredAutosend } from "@/web/lib/autosend";
 import { Button } from "@deco/ui/components/button.tsx";
 import { cn } from "@deco/ui/lib/utils.ts";
 import {
   getWellKnownDecopilotVirtualMCP,
   useProjectContext,
 } from "@decocms/mesh-sdk";
+import { useNavigate } from "@tanstack/react-router";
 import {
   ArrowUp,
   BookOpen01,
@@ -22,12 +24,24 @@ import {
 import type { FormEvent } from "react";
 import { useEffect, useRef, useState } from "react";
 import type { Metadata } from "./types.ts";
-import { useChatStream, useChatTask, useChatPrefs } from "./context";
+import {
+  useChatPrefs,
+  useOptionalChatStream,
+  useOptionalChatTask,
+} from "./context";
+import type { VirtualMCPInfo } from "./select-virtual-mcp";
 import { ChatHighlight } from "./highlight";
 import { ModelSelector } from "./select-model";
-import { modelSupportsFiles } from "./select-model";
+import { getSupportedFileTypesLabel, modelSupportsFiles } from "./select-model";
+import { SimpleModeTierDropdown } from "./simple-mode-tier-dropdown";
 import type { AiProviderModel } from "@/web/hooks/collections/use-ai-providers";
-import { FileUploadButton, processFile } from "./tiptap/file";
+import {
+  FileUploadButton,
+  UnsupportedFileDialog,
+  useUnsupportedFileDialog,
+  processFile,
+  type UnsupportedFileInfo,
+} from "./tiptap/file";
 import { useCurrentEditor } from "@tiptap/react";
 import {
   TiptapInput,
@@ -38,6 +52,7 @@ import { isTiptapDocEmpty } from "./tiptap/utils";
 import { ToolsPopover } from "./tools-popover";
 import { SessionStats } from "./usage-stats";
 import { authClient } from "@/web/lib/auth-client.ts";
+import { track } from "@/web/lib/posthog-client";
 import { useSound } from "@/web/hooks/use-sound.ts";
 import { question004Sound } from "@deco/ui/lib/question-004.ts";
 import { AddConnectionDialog } from "@/web/views/virtual-mcp/add-connection-dialog";
@@ -55,7 +70,10 @@ import { VoiceWaveform } from "./voice-input";
  *
  * Must be called inside a TiptapProvider so `useCurrentEditor()` resolves.
  */
-function useWindowFileDrop(selectedModel: AiProviderModel | null | undefined) {
+function useWindowFileDrop(
+  selectedModel: AiProviderModel | null | undefined,
+  onUnsupportedFile?: (info: UnsupportedFileInfo) => void,
+) {
   const { editor } = useCurrentEditor();
   const [isDraggingOver, setIsDraggingOver] = useState(false);
   const dragCounterRef = useRef(0);
@@ -94,7 +112,7 @@ function useWindowFileDrop(selectedModel: AiProviderModel | null | undefined) {
 
       const { from } = editor.state.selection;
       for (const file of Array.from(files)) {
-        void processFile(editor, selectedModel, file, from);
+        void processFile(editor, selectedModel, file, from, onUnsupportedFile);
       }
     };
 
@@ -108,7 +126,7 @@ function useWindowFileDrop(selectedModel: AiProviderModel | null | undefined) {
       window.removeEventListener("dragover", onDragOver);
       window.removeEventListener("drop", onDrop);
     };
-  }, [editor, selectedModel]);
+  }, [editor, selectedModel, onUnsupportedFile]);
 
   return isDraggingOver;
 }
@@ -119,10 +137,12 @@ function useWindowFileDrop(selectedModel: AiProviderModel | null | undefined) {
 
 function FileDropZone({
   selectedModel,
+  onUnsupportedFile,
 }: {
   selectedModel: AiProviderModel | null | undefined;
+  onUnsupportedFile?: (info: UnsupportedFileInfo) => void;
 }) {
-  const isDraggingOver = useWindowFileDrop(selectedModel);
+  const isDraggingOver = useWindowFileDrop(selectedModel, onUnsupportedFile);
   const supportsFiles = modelSupportsFiles(selectedModel);
 
   return (
@@ -138,13 +158,16 @@ function FileDropZone({
       {supportsFiles ? (
         <>
           <Upload01 size={24} />
-          <span className="text-sm font-medium">Drop files here</span>
+          <span className="text-sm font-medium">
+            Drop {getSupportedFileTypesLabel(selectedModel)} here
+          </span>
         </>
       ) : (
         <>
           <Lock01 size={24} />
           <span className="text-sm font-medium">
-            This model does not support files
+            This model can't read attachments — switch to one with vision or
+            file support
           </span>
         </>
       )}
@@ -156,6 +179,36 @@ function FileDropZone({
 // ChatInput - Merged component with virtual MCP wrapper, banners, and selectors
 // ============================================================================
 
+/**
+ * Submit handler for the home composer. No active task exists; we write
+ * the tiptap doc to sessionStorage and navigate to a fresh /$org/$taskId.
+ * The new task page's useEnsureTask creates the thread (server-side
+ * idempotent on id) and ActiveTaskProvider's autosend consumer fires
+ * sendMessage on mount.
+ */
+function useHomeSubmit() {
+  const navigate = useNavigate();
+  const { org, locator } = useProjectContext();
+
+  return ({
+    tiptapDoc,
+    virtualMcp,
+  }: {
+    tiptapDoc: Metadata["tiptapDoc"];
+    virtualMcp: VirtualMCPInfo | null;
+  }) => {
+    const newId = crypto.randomUUID();
+    const targetVmcp =
+      virtualMcp?.id ?? getWellKnownDecopilotVirtualMCP(org.id).id;
+    writeStoredAutosend(sessionStorage, locator, newId, { tiptapDoc });
+    navigate({
+      to: "/$org/$taskId",
+      params: { org: org.slug, taskId: newId },
+      search: { virtualmcpid: targetVmcp, autosend: AUTOSEND_QUERY_VALUE },
+    });
+  };
+}
+
 export function ChatInput({
   onOpenContextPanel,
   showConnectionsBanner = false,
@@ -163,9 +216,15 @@ export function ChatInput({
   onOpenContextPanel?: () => void;
   showConnectionsBanner?: boolean;
 }) {
-  const { messages, isStreaming, isRunInProgress, sendMessage, stop } =
-    useChatStream();
-  const { taskId, tasks } = useChatTask();
+  const stream = useOptionalChatStream();
+  const taskCtx = useOptionalChatTask();
+  const messages = stream?.messages ?? [];
+  const isStreaming = stream?.isStreaming ?? false;
+  const isRunInProgress = stream?.isRunInProgress ?? false;
+  const stop = stream?.stop ?? (() => {});
+  const taskId = taskCtx?.taskId ?? "";
+  const tasks = taskCtx?.tasks ?? [];
+  const homeSubmit = useHomeSubmit();
   const {
     selectedModel,
     selectedVirtualMcp,
@@ -175,6 +234,9 @@ export function ChatInput({
     deepResearchModel,
     chatMode,
     setChatMode,
+    simpleModeEnabled,
+    simpleModeTier,
+    setSimpleModeTier,
   } = useChatPrefs();
   const { data: session } = authClient.useSession();
   const userId = session?.user?.id;
@@ -183,6 +245,8 @@ export function ChatInput({
   const decopilotId = getWellKnownDecopilotVirtualMCP(org.id).id;
   const playSwitchSound = useSound(question004Sound);
   const [connectionsOpen, setConnectionsOpen] = useState(false);
+  const { unsupportedFile, onUnsupportedFile, clearUnsupportedFile } =
+    useUnsupportedFileDialog();
 
   const voice = useVoiceInput();
   const voiceBaselineDocRef = useRef<Metadata["tiptapDoc"]>(undefined);
@@ -190,15 +254,30 @@ export function ChatInput({
   const handleVoiceStart = async () => {
     voiceBaselineDocRef.current = tiptapDoc;
     await voice.startRecording();
+    // Fire with the real outcome — voice.status is set inside startRecording
+    // before the promise resolves ("recording" on success, "unsupported" or
+    // "permission-denied" on failure). Button click on its own doesn't tell
+    // us if the mic actually started.
+    const outcome =
+      voice.status === "recording"
+        ? "started"
+        : voice.status === "unsupported"
+          ? "unsupported"
+          : voice.status === "permission-denied"
+            ? "permission_denied"
+            : "unknown";
+    track("chat_voice_started", { thread_id: taskId, outcome });
   };
 
   const handleVoiceConfirm = () => {
+    track("chat_voice_confirmed", { thread_id: taskId });
     const finalText = voice.stopRecording();
     tiptapRef.current?.syncVoiceText(voiceBaselineDocRef.current, finalText);
     tiptapRef.current?.focus();
   };
 
   const handleVoiceCancel = () => {
+    track("chat_voice_cancelled", { thread_id: taskId });
     voice.cancelRecording();
     tiptapRef.current?.restoreContent(voiceBaselineDocRef.current);
   };
@@ -234,7 +313,14 @@ export function ChatInput({
     tiptapDocRef.current = undefined;
   }
 
-  const contextWindow = selectedModel?.limits?.contextWindow;
+  // Prefer per-turn modelLimits (Claude Code reports real window at turn end)
+  // so the ring renders even when catalog limits are null.
+  const lastAssistantMetadata = [...messages]
+    .reverse()
+    .find((m) => m.role === "assistant")?.metadata;
+  const contextWindow =
+    lastAssistantMetadata?.modelLimits?.contextWindow ??
+    selectedModel?.limits?.contextWindow;
 
   const tiptapRef = useRef<TiptapInputHandle | null>(null);
 
@@ -261,7 +347,9 @@ export function ChatInput({
   const lastUsage = [...messages]
     .reverse()
     .find((m) => m.role === "assistant" && m.metadata?.usage)?.metadata?.usage;
+  // Prefer per-turn context size; fall back to cumulative for legacy messages.
   const lastTotalTokens =
+    lastUsage?.contextTokens ??
     (lastUsage?.totalTokens ?? 0) - (lastUsage?.reasoningTokens ?? 0);
 
   const playClickSound = useSound(question004Sound);
@@ -277,12 +365,26 @@ export function ChatInput({
   const handleSubmit = (e?: FormEvent) => {
     e?.preventDefault();
     if (isStreaming) {
+      track("chat_message_stopped", { thread_id: taskId });
       stop();
     } else if (isRunInProgress) {
+      track("chat_message_stopped", { thread_id: taskId });
       stop();
     } else if (canSubmit && tiptapDoc) {
+      track("chat_message_sent", {
+        thread_id: taskId || null,
+        mode: chatMode,
+        model_id: selectedModel?.modelId ?? null,
+        model_provider: selectedModel?.providerId ?? null,
+        virtual_mcp_id: selectedVirtualMcp?.id ?? null,
+        submission: e ? "button_or_enter" : "programmatic",
+      });
       playClickSound();
-      void sendMessage(tiptapDoc);
+      if (stream) {
+        void stream.sendMessage(tiptapDoc);
+      } else {
+        homeSubmit({ tiptapDoc, virtualMcp: selectedVirtualMcp });
+      }
       setTiptapDoc(undefined);
     }
   };
@@ -307,8 +409,10 @@ export function ChatInput({
             <div className="absolute inset-0 rounded-2xl pointer-events-none bg-muted/50" />
           )}
 
-          {/* Highlight floats above the form area */}
-          <ChatHighlight />
+          {/* Highlight floats above the form area. Only renders when there's
+              an active task — it depends on useChatStream + useChatTask, both
+              absent on the home composer. */}
+          {stream && taskCtx && <ChatHighlight />}
 
           <TiptapProvider
             key={taskId}
@@ -324,7 +428,10 @@ export function ChatInput({
                 "w-full relative rounded-2xl min-h-[110px] md:min-h-[130px] flex flex-col bg-background dark:bg-muted card-shadow",
               )}
             >
-              <FileDropZone selectedModel={selectedModel} />
+              <FileDropZone
+                selectedModel={selectedModel}
+                onUnsupportedFile={onUnsupportedFile}
+              />
 
               <div className="group/input relative flex flex-col gap-2 flex-1">
                 <TiptapInput
@@ -337,6 +444,7 @@ export function ChatInput({
                   virtualMcpId={selectedVirtualMcp?.id ?? decopilotId}
                   showFileUploader={true}
                   selectedModel={selectedModel}
+                  onUnsupportedFile={onUnsupportedFile}
                 />
               </div>
 
@@ -376,10 +484,17 @@ export function ChatInput({
                         selectedModel={selectedModel}
                         isStreaming={isStreaming}
                         icon={<Plus size={16} />}
+                        onUnsupportedFile={onUnsupportedFile}
                       />
                       <ToolsPopover
                         disabled={isStreaming}
-                        onOpenConnections={() => setConnectionsOpen(true)}
+                        onOpenConnections={() => {
+                          track("connections_dialog_opened", {
+                            source: "tools_popover",
+                            mode: "add",
+                          });
+                          setConnectionsOpen(true);
+                        }}
                         virtualMcpId={selectedVirtualMcp?.id ?? decopilotId}
                       />
                       {isPlanMode && (
@@ -387,6 +502,11 @@ export function ChatInput({
                           type="button"
                           onClick={() => {
                             playSwitchSound();
+                            track("chat_mode_changed", {
+                              from_mode: "plan",
+                              to_mode: "default",
+                              source: "pill_dismiss",
+                            });
                             setChatMode("default");
                           }}
                           className="flex items-center gap-1.5 h-8 rounded-lg px-2.5 text-sm font-medium text-violet-600 dark:text-violet-400 hover:bg-violet-500/10 group whitespace-nowrap animate-in fade-in duration-200"
@@ -404,15 +524,25 @@ export function ChatInput({
                           type="button"
                           onClick={() => {
                             playSwitchSound();
+                            track("chat_mode_changed", {
+                              from_mode: "gen-image",
+                              to_mode: "default",
+                              source: "pill_dismiss",
+                            });
                             setChatMode("default");
                           }}
                           className="flex items-center gap-1.5 h-8 rounded-lg px-2.5 text-sm font-medium text-pink-600 dark:text-pink-400 hover:bg-pink-500/10 group whitespace-nowrap animate-in fade-in duration-200"
                         >
                           <Image01 size={14} className="shrink-0" />
                           <span className="max-w-[120px] truncate">
-                            {imageModel.title.includes(": ")
-                              ? imageModel.title.split(": ").slice(1).join(": ")
-                              : imageModel.title}
+                            {simpleModeEnabled
+                              ? "Create image"
+                              : imageModel.title.includes(": ")
+                                ? imageModel.title
+                                    .split(": ")
+                                    .slice(1)
+                                    .join(": ")
+                                : imageModel.title}
                           </span>
                           <X
                             size={14}
@@ -425,18 +555,25 @@ export function ChatInput({
                           type="button"
                           onClick={() => {
                             playSwitchSound();
+                            track("chat_mode_changed", {
+                              from_mode: "web-search",
+                              to_mode: "default",
+                              source: "pill_dismiss",
+                            });
                             setChatMode("default");
                           }}
                           className="flex items-center gap-1.5 h-8 rounded-lg px-2.5 text-sm font-medium text-blue-600 dark:text-blue-400 hover:bg-blue-500/10 group whitespace-nowrap animate-in fade-in duration-200"
                         >
                           <Globe02 size={14} className="shrink-0" />
                           <span className="max-w-[120px] truncate">
-                            {deepResearchModel.title.includes(": ")
-                              ? deepResearchModel.title
-                                  .split(": ")
-                                  .slice(1)
-                                  .join(": ")
-                              : deepResearchModel.title}
+                            {simpleModeEnabled
+                              ? "Web search"
+                              : deepResearchModel.title.includes(": ")
+                                ? deepResearchModel.title
+                                    .split(": ")
+                                    .slice(1)
+                                    .join(": ")
+                                : deepResearchModel.title}
                           </span>
                           <X
                             size={14}
@@ -456,11 +593,18 @@ export function ChatInput({
 
                     {/* Right Actions (mic, model, send) */}
                     <div className="flex items-center gap-1.5 min-w-0">
-                      <ModelSelector
-                        placeholder="Model"
-                        variant="borderless"
-                        className="h-8 text-sm py-2 min-w-0"
-                      />
+                      {simpleModeEnabled ? (
+                        <SimpleModeTierDropdown
+                          tier={simpleModeTier}
+                          onSelect={setSimpleModeTier}
+                        />
+                      ) : (
+                        <ModelSelector
+                          placeholder="Model"
+                          variant="borderless"
+                          className="h-8 text-sm py-2 min-w-0"
+                        />
+                      )}
 
                       {/* Microphone button — only shown when not streaming and speech is supported */}
                       {voice.isSupported &&
@@ -531,7 +675,18 @@ export function ChatInput({
 
           {/* Connections Banner Footer - always visible on home */}
           {showConnectionsBanner && (
-            <ConnectionsBanner onClick={() => setConnectionsOpen(true)} />
+            <ConnectionsBanner
+              onClick={() => {
+                track("connections_banner_clicked", {
+                  source: "home_chat_input",
+                });
+                track("connections_dialog_opened", {
+                  source: "home_banner",
+                  mode: "add",
+                });
+                setConnectionsOpen(true);
+              }}
+            />
           )}
         </div>
       </div>
@@ -542,6 +697,11 @@ export function ChatInput({
         onOpenChange={setConnectionsOpen}
         defaultTab="all"
       />
+
+      <UnsupportedFileDialog
+        info={unsupportedFile}
+        onClose={clearUnsupportedFile}
+      />
     </>
   );
 }
diff --git a/apps/mesh/src/web/components/chat/message/assistant.tsx b/apps/mesh/src/web/components/chat/message/assistant.tsx
index b74b3c6854..b102ecbf10 100644
--- a/apps/mesh/src/web/components/chat/message/assistant.tsx
+++ b/apps/mesh/src/web/components/chat/message/assistant.tsx
@@ -16,20 +16,21 @@ import {
   GenericToolCallPart,
   GenerateImagePart,
   WebSearchPart,
-  OpenInAgentPart,
   ProposePlanPart,
   SubtaskPart,
   UserAskPart,
 } from "./parts/tool-call-part/index.ts";
 import { SmartAutoScroll } from "./smart-auto-scroll.tsx";
+import { ThreadOutputs } from "./thread-outputs.tsx";
 import {
   type DataParts,
   type RenderItem,
   useFilterParts,
 } from "./use-filter-parts.ts";
 import { addUsage, emptyUsageStats } from "@decocms/mesh-sdk";
-import { useOptionalChatStream } from "../context.tsx";
+import { useOptionalChatStream, useOptionalChatTask } from "../context.tsx";
 import { LiveTimer } from "../../live-timer.tsx";
+import { GridLoader } from "../../grid-loader.tsx";
 import { formatDuration } from "../../../lib/format-time.ts";
 
 type ThinkingStage = "planning" | "thinking";
@@ -90,55 +91,6 @@ function TypingIndicator() {
   );
 }
 
-const GRID_CELLS = [
-  { delay: 0 },
-  { delay: 100 },
-  { delay: 200 },
-  { delay: 100 },
-  { delay: 200 },
-  { delay: 200 },
-  { delay: 300 },
-  { delay: 300 },
-  { delay: 400 },
-];
-
-function GridLoader() {
-  const [cellColors] = useState(() => {
-    const chart = `var(--chart-${Math.ceil(Math.random() * 5)})`;
-    return GRID_CELLS.map(() =>
-      Math.random() < 0.6
-        ? "color-mix(in srgb, var(--muted-foreground) 25%, transparent)"
-        : chart,
-    );
-  });
-  return (
-    <div
-      className="grid"
-      style={{
-        gridTemplateColumns: "repeat(3, 3px)",
-        gap: "1.5px",
-        width: "fit-content",
-      }}
-    >
-      {GRID_CELLS.map(({ delay }, i) => (
-        <div
-          key={i}
-          className="rounded-[1px]"
-          style={
-            {
-              width: 3,
-              height: 3,
-              "--cell-color": cellColors[i],
-              animation: "grid-ripple 1s ease infinite",
-              animationDelay: `${delay}ms`,
-            } as React.CSSProperties
-          }
-        />
-      ))}
-    </div>
-  );
-}
-
 function GeneratingFooter({ startedAt }: { startedAt: number }) {
   return (
     <div className="flex items-center gap-2.5 mt-1 pb-1 text-muted-foreground/40 select-none">
@@ -495,14 +447,6 @@ function MessagePart({
           latency={getMeta(part.toolCallId)?.latencySeconds}
         />
       );
-    case "tool-open_in_agent":
-      return (
-        <OpenInAgentPart
-          part={part}
-          annotations={getMeta(part.toolCallId)?.annotations}
-          latency={getMeta(part.toolCallId)?.latencySeconds}
-        />
-      );
     case "text":
       return (
         <MessageTextPart
@@ -606,6 +550,7 @@ export function MessageAssistant({
   isLast = false,
 }: MessageAssistantProps) {
   const { isRunInProgress = false } = useOptionalChatStream() ?? {};
+  const taskId = useOptionalChatTask()?.taskId ?? null;
   const isStreaming = status === "streaming";
   const isSubmitted = status === "submitted";
   const isLoading = isStreaming || isSubmitted;
@@ -710,6 +655,9 @@ export function MessageAssistant({
           {isLast && isLoading && startedAt !== null && (
             <GeneratingFooter startedAt={startedAt} />
           )}
+          {isLast && !isLoading && taskId && (
+            <ThreadOutputs threadId={taskId} />
+          )}
         </div>
       ) : isLoading ? (
         <TypingIndicator />
diff --git a/apps/mesh/src/web/components/chat/message/parts/text-part.tsx b/apps/mesh/src/web/components/chat/message/parts/text-part.tsx
index d62e89ccc3..317fb5b3cc 100644
--- a/apps/mesh/src/web/components/chat/message/parts/text-part.tsx
+++ b/apps/mesh/src/web/components/chat/message/parts/text-part.tsx
@@ -4,6 +4,7 @@ import { cn } from "@deco/ui/lib/utils.ts";
 import { MemoizedMarkdown } from "../../markdown.tsx";
 import { Check, Copy01 } from "@untitledui/icons";
 import type { TextUIPart } from "ai";
+import { track } from "@/web/lib/posthog-client";
 
 interface MessageTextPartProps {
   id: string;
@@ -25,6 +26,10 @@ export function MessageTextPart({
   const [isCopied, setIsCopied] = useState(false);
 
   const handleCopyMessage = async () => {
+    track("chat_message_copied", {
+      message_id: id,
+      chars: part.text.length,
+    });
     await handleCopy(part.text);
     setIsCopied(true);
     setTimeout(() => setIsCopied(false), 2000);
diff --git a/apps/mesh/src/web/components/chat/message/parts/tool-call-part/generate-image.tsx b/apps/mesh/src/web/components/chat/message/parts/tool-call-part/generate-image.tsx
index bb20c732bc..1375b96893 100644
--- a/apps/mesh/src/web/components/chat/message/parts/tool-call-part/generate-image.tsx
+++ b/apps/mesh/src/web/components/chat/message/parts/tool-call-part/generate-image.tsx
@@ -15,9 +15,9 @@ import type { UsageStats } from "@/web/lib/usage-utils.ts";
 import { formatDuration } from "@/web/lib/format-time.ts";
 import { parseMeshStorageKey } from "@/api/routes/decopilot/mesh-storage-uri";
 
-function resolveImageSrc(uri: string, orgId: string): string {
+function resolveImageSrc(uri: string, orgSlug: string): string {
   const key = parseMeshStorageKey(uri);
-  if (key !== null) return `/api/${orgId}/files/${key}`;
+  if (key !== null) return `/api/${orgSlug}/files/${key}`;
   // data: URIs or any other URL — use as-is
   return uri;
 }
@@ -57,8 +57,14 @@ function extractUsage(
   };
 }
 
-function ReferenceImageChip({ uri, orgId }: { uri: string; orgId: string }) {
-  const src = resolveImageSrc(uri, orgId);
+function ReferenceImageChip({
+  uri,
+  orgSlug,
+}: {
+  uri: string;
+  orgSlug: string;
+}) {
+  const src = resolveImageSrc(uri, orgSlug);
   const label =
     parseMeshStorageKey(uri) !== null
       ? uri.slice(uri.lastIndexOf("/") + 1)
@@ -90,7 +96,9 @@ export function GenerateImagePart({ part, latency }: GenerateImagePartProps) {
   const images = result?.images;
   const usage = extractUsage(result);
   const modelLabel = result?.model;
-  const refImages = input?.referenceImages?.filter((r) => r.uri ?? r.url);
+  const refImages = Array.isArray(input?.referenceImages)
+    ? input.referenceImages.filter((r) => r.uri ?? r.url)
+    : undefined;
   const latencyLabel =
     latency != null && latency > 0 ? (
       <span className="text-[11px] font-mono tabular-nums text-muted-foreground/60">
@@ -145,7 +153,9 @@ export function GenerateImagePart({ part, latency }: GenerateImagePartProps) {
               </span>
               {refImages.map((ref, i) => {
                 const raw = (ref.uri ?? ref.url)!;
-                return <ReferenceImageChip key={i} uri={raw} orgId={org.id} />;
+                return (
+                  <ReferenceImageChip key={i} uri={raw} orgSlug={org.slug} />
+                );
               })}
             </div>
           )}
@@ -155,7 +165,7 @@ export function GenerateImagePart({ part, latency }: GenerateImagePartProps) {
         {images.map((img, i) => {
           const raw = img.uri ?? img.url;
           if (!raw) return null;
-          const src = resolveImageSrc(raw, org.id);
+          const src = resolveImageSrc(raw, org.slug);
           return (
             <ImageLightbox
               key={i}
diff --git a/apps/mesh/src/web/components/chat/message/parts/tool-call-part/generic.tsx b/apps/mesh/src/web/components/chat/message/parts/tool-call-part/generic.tsx
index a0ed7fff09..7ac7b756ce 100644
--- a/apps/mesh/src/web/components/chat/message/parts/tool-call-part/generic.tsx
+++ b/apps/mesh/src/web/components/chat/message/parts/tool-call-part/generic.tsx
@@ -28,6 +28,7 @@ import { stripMcpServerPrefix } from "@/web/lib/tool-namespace";
 import { useToolDefinitionLookup } from "@/web/hooks/use-tool-definition-lookup";
 import { toTitleCase } from "./utils.tsx";
 import type {
+  McpUiDisplayMode,
   McpUiMessageRequest,
   McpUiUpdateModelContextRequest,
 } from "@modelcontextprotocol/ext-apps";
@@ -42,6 +43,7 @@ import {
   RefreshCw01,
   XClose,
 } from "@untitledui/icons";
+import { TOOL_DISPLAY_MAP } from "./tool-display-map.ts";
 import type { DynamicToolUIPart, ToolUIPart } from "ai";
 import type React from "react";
 import { Suspense } from "react";
@@ -208,11 +210,14 @@ export function GenericToolCallPart({
     connectionId ? rawToolName : null,
     connectionId,
     org.id,
+    org.slug,
   );
   const meta = toolDef?._meta ?? toolMeta;
   const gatewayClientId = getGatewayClientId(meta);
   const toolName = stripToolNamespace(mcpStrippedName, gatewayClientId);
-  const friendlyName = toolDef?.title ?? toTitleCase(toolName);
+  const toolDisplay = TOOL_DISPLAY_MAP[toolName];
+  const friendlyName =
+    toolDef?.title ?? toolDisplay?.label ?? toTitleCase(toolName);
   const uiResourceUri = getUIResourceUri(meta);
 
   const hasMCPApp = !!uiResourceUri && part.state === "output-available";
@@ -244,6 +249,16 @@ export function GenericToolCallPart({
     });
   };
 
+  const handleRequestDisplayMode = (
+    mode: McpUiDisplayMode,
+  ): McpUiDisplayMode => {
+    if (mode === "fullscreen" && canOpenInPanel) {
+      handleOpenInPanel();
+      return "fullscreen";
+    }
+    return "inline";
+  };
+
   const handleAppMessage = (params: McpUiMessageRequest["params"]) => {
     const doc = contentBlocksToTiptapDoc(params.content);
     if (doc.content.length > 0) {
@@ -302,15 +317,15 @@ export function GenericToolCallPart({
   return (
     <div>
       <ToolCallShell
-        icon={
-          isCancelled ? (
-            <XClose />
-          ) : hasMCPApp ? (
-            <LayersTwo01 className="size-4 text-muted-foreground" />
-          ) : (
-            <Atom02 className="size-4 text-muted-foreground" />
-          )
-        }
+        icon={(() => {
+          if (isCancelled) return <XClose />;
+          if (hasMCPApp)
+            return <LayersTwo01 className="size-4 text-muted-foreground" />;
+          const MappedIcon = toolDisplay?.icon;
+          if (MappedIcon)
+            return <MappedIcon className="size-4 text-muted-foreground" />;
+          return <Atom02 className="size-4 text-muted-foreground" />;
+        })()}
         iconDestructive={isCancelled}
         trailing={
           <AnnotationBadges annotations={annotations} toolMeta={toolMeta} />
@@ -369,6 +384,7 @@ export function GenericToolCallPart({
                 uiResourceUri={uiResourceUri}
                 connectionId={connectionId}
                 orgId={org.id}
+                orgSlug={org.slug}
                 toolName={toolName}
                 toolInput={part.input}
                 toolResult={part.output}
@@ -384,6 +400,9 @@ export function GenericToolCallPart({
                     ? () => chatPrefs.clearAppContext(sourceId)
                     : undefined
                 }
+                onRequestDisplayMode={
+                  canOpenInPanel ? handleRequestDisplayMode : undefined
+                }
               />
             </Suspense>
           </ErrorBoundary>
@@ -397,6 +416,7 @@ interface MCPAppRendererProps {
   uiResourceUri: string;
   connectionId: string;
   orgId: string;
+  orgSlug: string;
   toolName: string;
   toolInput: unknown;
   toolResult: unknown;
@@ -406,6 +426,9 @@ interface MCPAppRendererProps {
     params: McpUiUpdateModelContextRequest["params"],
   ) => void;
   onTeardown?: () => void;
+  onRequestDisplayMode?: (
+    mode: McpUiDisplayMode,
+  ) => McpUiDisplayMode | Promise<McpUiDisplayMode>;
 }
 
 /**
@@ -485,6 +508,7 @@ function MCPAppRenderer({
   uiResourceUri,
   connectionId,
   orgId,
+  orgSlug,
   toolName,
   toolInput,
   toolResult,
@@ -492,8 +516,9 @@ function MCPAppRenderer({
   onMessage,
   onUpdateModelContext,
   onTeardown,
+  onRequestDisplayMode,
 }: MCPAppRendererProps) {
-  const client = useMCPClient({ connectionId, orgId });
+  const client = useMCPClient({ connectionId, orgId, orgSlug });
 
   const toolDef: Tool = {
     name: toolName,
@@ -513,6 +538,7 @@ function MCPAppRenderer({
         onMessage={onMessage}
         onUpdateModelContext={onUpdateModelContext}
         onTeardown={onTeardown}
+        onRequestDisplayMode={onRequestDisplayMode}
       />
     </div>
   );
diff --git a/apps/mesh/src/web/components/chat/message/parts/tool-call-part/index.ts b/apps/mesh/src/web/components/chat/message/parts/tool-call-part/index.ts
index 2eb6352f60..99c35d34c7 100644
--- a/apps/mesh/src/web/components/chat/message/parts/tool-call-part/index.ts
+++ b/apps/mesh/src/web/components/chat/message/parts/tool-call-part/index.ts
@@ -1,7 +1,6 @@
 export { GenericToolCallPart } from "./generic.tsx";
 export { GenerateImagePart } from "./generate-image.tsx";
 export { WebSearchPart } from "./web-search.tsx";
-export { OpenInAgentPart } from "./open-in-agent.tsx";
 export { UserAskPart } from "./user-ask.tsx";
 export { SubtaskPart } from "./subtask.tsx";
 export { ProposePlanPart } from "./propose-plan.tsx";
diff --git a/apps/mesh/src/web/components/chat/message/parts/tool-call-part/open-in-agent.tsx b/apps/mesh/src/web/components/chat/message/parts/tool-call-part/open-in-agent.tsx
deleted file mode 100644
index 922e20c7ea..0000000000
--- a/apps/mesh/src/web/components/chat/message/parts/tool-call-part/open-in-agent.tsx
+++ /dev/null
@@ -1,165 +0,0 @@
-"use client";
-
-import { IntegrationIcon } from "@/web/components/integration-icon";
-import { useNavigateToAgent } from "@/web/hooks/use-navigate-to-agent";
-import { useOrg, useVirtualMCP, type ToolDefinition } from "@decocms/mesh-sdk";
-import { Spinner } from "@deco/ui/components/spinner.tsx";
-import { cn } from "@deco/ui/lib/utils.ts";
-import { ArrowRight, Users03 } from "@untitledui/icons";
-import { useRef } from "react";
-import { getEffectiveState } from "./utils.tsx";
-
-type OpenInAgentToolPart = Extract<
-  import("../../../types.ts").ChatMessage["parts"][number],
-  { type: "tool-open_in_agent" }
->;
-
-interface OpenInAgentPartProps {
-  part: OpenInAgentToolPart;
-  annotations?: ToolDefinition["annotations"];
-  latency?: number;
-}
-
-/**
- * Module-level set prevents duplicate stream starts across re-renders
- * within the same page session. sessionStorage covers page refreshes.
- */
-const startedTasks = new Set<string>();
-
-function isAlreadyStarted(taskId: string): boolean {
-  if (startedTasks.has(taskId)) return true;
-  try {
-    return sessionStorage.getItem(`open-in-agent:${taskId}`) === "1";
-  } catch {
-    return false;
-  }
-}
-
-function markStarted(taskId: string) {
-  startedTasks.add(taskId);
-  try {
-    sessionStorage.setItem(`open-in-agent:${taskId}`, "1");
-  } catch {
-    // sessionStorage might be unavailable
-  }
-}
-
-export function OpenInAgentPart({ part }: OpenInAgentPartProps) {
-  const org = useOrg();
-  const navigateToAgent = useNavigateToAgent();
-  const startFiredRef = useRef(false);
-
-  const agentId = part.input?.agent_id;
-  const context = part.input?.context;
-  const agent = useVirtualMCP(agentId);
-
-  const output = part.output as Record<string, unknown> | undefined;
-  const taskId = output?.task_id as string | undefined;
-
-  const rawState = getEffectiveState(
-    part.state,
-    "preliminary" in part ? part.preliminary : false,
-  );
-  const isComplete = part.state === "output-available" && !part.preliminary;
-  const isError = part.state === "output-error";
-  const isLoading = rawState === "loading";
-
-  // Start the agent stream via the standard decopilot/stream endpoint.
-  // Idempotent: module-level Set (re-renders) + sessionStorage (refreshes).
-  if (
-    isComplete &&
-    taskId &&
-    context &&
-    agentId &&
-    !startFiredRef.current &&
-    !isAlreadyStarted(taskId)
-  ) {
-    startFiredRef.current = true;
-    markStarted(taskId);
-
-    queueMicrotask(() => {
-      const now = new Date().toISOString();
-      fetch(`/api/${org.slug}/decopilot/stream`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        credentials: "include",
-        body: JSON.stringify({
-          messages: [
-            {
-              id: crypto.randomUUID(),
-              role: "user",
-              parts: [{ type: "text", text: context }],
-              metadata: {
-                thread_id: taskId,
-                agent: { id: agentId },
-                created_at: now,
-              },
-            },
-          ],
-          thread_id: taskId,
-          agent: { id: agentId },
-          toolApprovalLevel: "auto",
-        }),
-      }).catch((err) =>
-        console.error("[open_in_agent] stream start failed:", err),
-      );
-    });
-  }
-
-  const title = agent?.title ?? (isError ? "Agent not found" : "Agent");
-
-  const handleClick = () => {
-    if (!agentId || !isComplete) return;
-    navigateToAgent(agentId, {
-      search: taskId ? { taskId } : undefined,
-    });
-  };
-
-  return (
-    <div
-      role={isComplete ? "button" : undefined}
-      tabIndex={isComplete ? 0 : undefined}
-      onClick={isComplete ? handleClick : undefined}
-      onKeyDown={
-        isComplete
-          ? (e) => {
-              if (e.key === "Enter" || e.key === " ") {
-                e.preventDefault();
-                handleClick();
-              }
-            }
-          : undefined
-      }
-      className={cn(
-        "flex items-center gap-3 py-2.5 px-1 rounded-md transition-colors",
-        isComplete && "cursor-pointer [@media(hover:hover)]:hover:bg-accent/30",
-        isLoading && "shimmer",
-      )}
-    >
-      <div className="shrink-0 size-5 flex items-center justify-center">
-        <IntegrationIcon
-          icon={agent?.icon}
-          name={agent?.title ?? "Agent"}
-          size="2xs"
-          className="rounded-xs"
-          fallbackIcon={<Users03 />}
-        />
-      </div>
-
-      <span className="text-sm font-medium text-foreground truncate">
-        {title}
-      </span>
-
-      {isLoading && <Spinner size="xs" />}
-
-      {isComplete && (
-        <>
-          <span className="text-xs text-muted-foreground">Open</span>
-          <ArrowRight size={14} className="text-muted-foreground shrink-0" />
-        </>
-      )}
-
-      {isError && <span className="text-xs text-destructive">Failed</span>}
-    </div>
-  );
-}
diff --git a/apps/mesh/src/web/components/chat/message/parts/tool-call-part/tool-display-map.ts b/apps/mesh/src/web/components/chat/message/parts/tool-call-part/tool-display-map.ts
new file mode 100644
index 0000000000..1a9ae02ea7
--- /dev/null
+++ b/apps/mesh/src/web/components/chat/message/parts/tool-call-part/tool-display-map.ts
@@ -0,0 +1,64 @@
+import type React from "react";
+import {
+  BookOpen01,
+  Code01,
+  Code02,
+  Database01,
+  Download01,
+  Edit01,
+  Edit02,
+  File06,
+  Folder,
+  Globe02,
+  Monitor01,
+  SearchMd,
+  Server01,
+  TerminalSquare,
+  Tool01,
+  Upload01,
+  Users03,
+} from "@untitledui/icons";
+
+export interface ToolDisplay {
+  /** Icon component — rendered with `size-4 text-muted-foreground` by the caller */
+  icon: React.ComponentType<{ className?: string; size?: number }>;
+  /** Human-readable label; overrides the toTitleCase fallback when set */
+  label?: string;
+}
+
+/**
+ * Maps clean tool names (after prefix-stripping) to display metadata.
+ * Only built-in tools need entries here — MCP passthrough tools get their
+ * titles from listTools and fall back to Atom02 / toTitleCase.
+ */
+export const TOOL_DISPLAY_MAP: Record<string, ToolDisplay> = {
+  // VM file tools
+  read: { icon: File06, label: "Read File" },
+  write: { icon: Edit01, label: "Write File" },
+  edit: { icon: Edit02, label: "Edit File" },
+  grep: { icon: SearchMd, label: "Search Content" },
+  glob: { icon: Folder, label: "Find Files" },
+  bash: { icon: TerminalSquare, label: "Run Command" },
+
+  // Agent / orchestration tools
+  agent_search: { icon: Users03, label: "Search Agents" },
+
+  // Resource / context tools
+  read_tool_output: { icon: File06, label: "Read Tool Output" },
+  read_resource: { icon: Database01, label: "Read Resource" },
+  read_prompt: { icon: BookOpen01, label: "Read Prompt" },
+
+  // System tools
+  enable_tools: { icon: Tool01, label: "Enable Tools" },
+  open_in_agent: { icon: Server01, label: "Open in Agent" },
+
+  // Sandbox / code execution tools
+  sandbox: { icon: Code02, label: "Run Code" },
+  copy_to_sandbox: { icon: Download01, label: "Load File" },
+  share_with_user: { icon: Upload01, label: "Share with User" },
+
+  // Browser / web tools
+  take_screenshot: { icon: Monitor01, label: "Take Screenshot" },
+  scrape_url: { icon: Globe02, label: "Scrape URL" },
+  inspect_page: { icon: Code01, label: "Inspect Page" },
+};
diff --git a/apps/mesh/src/web/components/chat/message/parts/tool-call-part/web-search.tsx b/apps/mesh/src/web/components/chat/message/parts/tool-call-part/web-search.tsx
index 7b17cd064b..52f0fe3e58 100644
--- a/apps/mesh/src/web/components/chat/message/parts/tool-call-part/web-search.tsx
+++ b/apps/mesh/src/web/components/chat/message/parts/tool-call-part/web-search.tsx
@@ -18,9 +18,9 @@ import {
 } from "@decocms/mesh-sdk";
 import { parseMeshStorageKey } from "@/api/routes/decopilot/mesh-storage-uri";
 
-function resolveStorageUri(uri: string, orgId: string): string {
+function resolveStorageUri(uri: string, orgSlug: string): string {
   const key = parseMeshStorageKey(uri);
-  if (key !== null) return `/api/${orgId}/files/${key}`;
+  if (key !== null) return `/api/${orgSlug}/files/${key}`;
   return uri;
 }
 
@@ -180,7 +180,7 @@ export function WebSearchPart({
 
   // Resolve blob-stored content for large results
   const blobUrl = result?.uri
-    ? resolveStorageUri(result.uri, org.id)
+    ? resolveStorageUri(result.uri, org.slug)
     : undefined;
 
   const { data: blobContent } = useQuery({
diff --git a/apps/mesh/src/web/components/chat/message/thread-outputs.tsx b/apps/mesh/src/web/components/chat/message/thread-outputs.tsx
new file mode 100644
index 0000000000..bdfd2127c6
--- /dev/null
+++ b/apps/mesh/src/web/components/chat/message/thread-outputs.tsx
@@ -0,0 +1,90 @@
+/**
+ * ThreadOutputs — download chips for files the model has shared back
+ * to the user via the `share_with_user` tool. Files live under
+ * `model-outputs/<thread_id>/` and are listed by
+ * `GET /api/:org/threads/:threadId/outputs`. The query is invalidated on
+ * assistant-turn completion (see useStreamManager + chat onFinish).
+ *
+ * Attribution caveat: outputs are aggregated under the *last* assistant
+ * message of the thread rather than per-producing-message. Future
+ * iterations can encode the message id in the storage key to attribute
+ * each chip to its producing turn.
+ */
+
+import { useQuery } from "@tanstack/react-query";
+import { Download01 } from "@untitledui/icons";
+import { useProjectContext } from "@decocms/mesh-sdk";
+import { KEYS } from "../../../lib/query-keys";
+
+interface ThreadOutput {
+  key: string;
+  filename: string;
+  size: number;
+  uploadedAt?: string;
+  downloadUrl: string;
+}
+
+interface ThreadOutputsResponse {
+  objects: ThreadOutput[];
+}
+
+async function fetchThreadOutputs(
+  threadId: string,
+  orgSlug: string,
+): Promise<ThreadOutput[]> {
+  const res = await fetch(
+    `/api/${orgSlug}/threads/${encodeURIComponent(threadId)}/outputs`,
+    {
+      credentials: "include",
+    },
+  );
+  if (!res.ok) {
+    throw new Error(`Failed to fetch thread outputs: ${res.status}`);
+  }
+  const body = (await res.json()) as ThreadOutputsResponse;
+  return body.objects ?? [];
+}
+
+function formatSize(bytes: number): string {
+  if (bytes < 1024) return `${bytes} B`;
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
+  return `${(bytes / (1024 * 1024)).toFixed(1)} MB`;
+}
+
+export function ThreadOutputs({ threadId }: { threadId: string }) {
+  const { org } = useProjectContext();
+  const { data: outputs } = useQuery({
+    queryKey: KEYS.threadOutputs(threadId),
+    queryFn: () => fetchThreadOutputs(threadId, org.slug),
+    // Stale immediately so refetch on invalidation is fresh.
+    staleTime: 0,
+  });
+
+  if (!outputs || outputs.length === 0) return null;
+
+  return (
+    <div className="flex flex-col gap-1.5 py-2">
+      <div className="text-[12px] text-muted-foreground/70 uppercase tracking-wide">
+        Files shared in this chat
+      </div>
+      <div className="flex flex-wrap gap-2">
+        {outputs.map((file) => (
+          <a
+            key={file.key}
+            href={file.downloadUrl}
+            download={file.filename}
+            target="_blank"
+            rel="noopener noreferrer"
+            className="inline-flex items-center gap-2 px-3 py-1.5 rounded-lg border border-border bg-muted/30 hover:bg-muted/60 text-[13px] transition-colors"
+          >
+            <Download01 className="size-3.5 shrink-0 text-muted-foreground" />
+            <span className="font-medium text-foreground">{file.filename}</span>
+            <span className="text-muted-foreground">
+              {formatSize(file.size)}
+            </span>
+          </a>
+        ))}
+      </div>
+    </div>
+  );
+}
diff --git a/apps/mesh/src/web/components/chat/no-ai-provider-empty-state.tsx b/apps/mesh/src/web/components/chat/no-ai-provider-empty-state.tsx
index 1d52207899..9bb6aaae7b 100644
--- a/apps/mesh/src/web/components/chat/no-ai-provider-empty-state.tsx
+++ b/apps/mesh/src/web/components/chat/no-ai-provider-empty-state.tsx
@@ -24,6 +24,7 @@ function useDefaultBrand(): BrandContext | null {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const { data } = useQuery<BrandContext | null>({
diff --git a/apps/mesh/src/web/components/chat/select-model.tsx b/apps/mesh/src/web/components/chat/select-model.tsx
index 5ebee6694e..bb5ec30210 100644
--- a/apps/mesh/src/web/components/chat/select-model.tsx
+++ b/apps/mesh/src/web/components/chat/select-model.tsx
@@ -54,8 +54,10 @@ import {
   useAiProviders,
 } from "../../hooks/collections/use-ai-providers";
 import { ErrorBoundary } from "../error-boundary";
+import { track } from "@/web/lib/posthog-client";
 import { useChatPrefs } from "./context";
 import { getProviderLogo } from "@/web/utils/ai-providers-logos";
+import { getPreset } from "@/web/utils/openai-compatible-presets";
 import { useNavigate } from "@tanstack/react-router";
 import { useProjectContext } from "@decocms/mesh-sdk";
 import { NoAiProviderEmptyState } from "./no-ai-provider-empty-state";
@@ -787,6 +789,7 @@ function ConnectionModelList({
   onModelSelect,
   managing,
   onToggleManage,
+  filterModels: filterModelsProp,
 }: {
   keyId: string | undefined;
   searchTerm: string;
@@ -794,8 +797,17 @@ function ConnectionModelList({
   onHover: (model: AiProviderModel) => void;
   managing: boolean;
   onToggleManage: () => void;
+  filterModels?: (m: AiProviderModel) => boolean;
 }) {
-  const { models: allModels } = useAiProviderModels(keyId);
+  const { models: rawModels } = useAiProviderModels(keyId);
+  // When no explicit filter is given, hide async-research-only models
+  // (e.g. Gemini Deep Research). They aren't usable as a Thinking/Coding/
+  // Fast model — the agent loop's `streamText` rejects them. Callers that
+  // want to expose them (the deep-research slot) pass their own filter that
+  // opts them back in.
+  const allModels = filterModelsProp
+    ? rawModels.filter(filterModelsProp)
+    : rawModels.filter((m) => m.asyncResearch !== true);
   const [shortlistSet, setShortlistSet] = useState<Set<string>>(
     () => (keyId ? readShortlist(keyId) : null) ?? DEFAULT_SHORTLIST,
   );
@@ -820,7 +832,7 @@ function ConnectionModelList({
   };
 
   const normalizedSearch = searchTerm.toLowerCase().trim();
-  const filterModels = (models: AiProviderModel[]) =>
+  const applySearch = (models: AiProviderModel[]) =>
     normalizedSearch
       ? models.filter(
           (m) =>
@@ -830,7 +842,7 @@ function ConnectionModelList({
       : models;
 
   if (managing) {
-    const grouped = groupByTier(filterModels(allModels));
+    const grouped = groupByTier(applySearch(allModels));
     const flatItems = buildManageItems(grouped);
     const selectedCount = allModels.filter((m) =>
       shortlistSet.has(m.modelId),
@@ -864,7 +876,7 @@ function ConnectionModelList({
   // Browse mode: show shortlisted models (fall back to all if none match)
   const shortlisted = allModels.filter((m) => shortlistSet.has(m.modelId));
   const browseable = shortlisted.length > 0 ? shortlisted : allModels;
-  const grouped = groupByTier(filterModels(browseable));
+  const grouped = groupByTier(applySearch(browseable));
 
   return (
     <div className="flex-1 overflow-y-auto px-0.5 pt-1 [touch-action:pan-y]">
@@ -943,13 +955,111 @@ function SelectedModelDisplay({
   );
 }
 
+const FILE_BEARING_CAPABILITIES = [
+  "vision",
+  "image",
+  "file",
+  "audio",
+  "video",
+] as const;
+
+const IMAGE_MIME_TYPES = [
+  "image/png",
+  "image/jpeg",
+  "image/gif",
+  "image/webp",
+] as const;
+
+/**
+ * MIME types that no model handles natively but are usable end-to-end
+ * via sandbox skills: the model invokes `copy_to_sandbox` to bring the
+ * file in, then runs the matching skill (e.g. pptx-extract) to get
+ * text/images it can reason over. Allowed whenever the model has any
+ * file-bearing capability — text output is universal and thumbnail
+ * images need vision, both already covered by the existing checks.
+ */
+const SKILL_HANDLED_MIME_TYPES = [
+  "application/vnd.openxmlformats-officedocument.presentationml.presentation",
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+] as const;
+
 export function modelSupportsFiles(
   selectedModel: AiProviderModel | null | undefined,
 ): boolean {
-  return (
-    selectedModel?.capabilities?.includes("vision") === true ||
-    selectedModel?.capabilities?.includes("image") === true
-  );
+  const caps = selectedModel?.capabilities;
+  if (!caps) return false;
+  return FILE_BEARING_CAPABILITIES.some((c) => caps.includes(c));
+}
+
+export function isFileTypeSupportedByModel(
+  mimeType: string,
+  selectedModel: AiProviderModel | null | undefined,
+): boolean {
+  if (!mimeType) return false;
+  if (mimeType.startsWith("text/")) return true;
+
+  const caps = selectedModel?.capabilities ?? [];
+  const hasVision = caps.includes("vision") || caps.includes("image");
+  const hasFile = caps.includes("file");
+  const hasAudio = caps.includes("audio");
+  const hasVideo = caps.includes("video");
+
+  if (hasVision && IMAGE_MIME_TYPES.includes(mimeType as never)) return true;
+  if (hasFile && mimeType === "application/pdf") return true;
+  if (hasAudio && mimeType.startsWith("audio/")) return true;
+  if (hasVideo && mimeType.startsWith("video/")) return true;
+  if (
+    modelSupportsFiles(selectedModel) &&
+    SKILL_HANDLED_MIME_TYPES.includes(mimeType as never)
+  ) {
+    return true;
+  }
+
+  return false;
+}
+
+export function getAcceptedMimeTypesForModel(
+  selectedModel: AiProviderModel | null | undefined,
+): string {
+  const caps = selectedModel?.capabilities ?? [];
+  const accepted: string[] = ["text/*"];
+
+  if (caps.includes("vision") || caps.includes("image")) {
+    accepted.push(...IMAGE_MIME_TYPES);
+  }
+  if (caps.includes("file")) {
+    accepted.push("application/pdf");
+  }
+  if (caps.includes("audio")) {
+    accepted.push("audio/*");
+  }
+  if (caps.includes("video")) {
+    accepted.push("video/*");
+  }
+  if (modelSupportsFiles(selectedModel)) {
+    accepted.push(...SKILL_HANDLED_MIME_TYPES);
+  }
+
+  return accepted.join(",");
+}
+
+export function getSupportedFileTypesLabel(
+  selectedModel: AiProviderModel | null | undefined,
+): string {
+  const caps = selectedModel?.capabilities ?? [];
+  const parts: string[] = [];
+
+  if (caps.includes("vision") || caps.includes("image")) parts.push("images");
+  if (caps.includes("file")) parts.push("PDFs");
+  if (caps.includes("audio")) parts.push("audio");
+  if (caps.includes("video")) parts.push("video");
+  if (modelSupportsFiles(selectedModel)) parts.push("Office files");
+
+  if (parts.length === 0) return "text only";
+  if (parts.length === 1) return parts[0]!;
+  if (parts.length === 2) return `${parts[0]} and ${parts[1]}`;
+  return `${parts.slice(0, -1).join(", ")}, and ${parts.at(-1)}`;
 }
 
 // ============================================================================
@@ -1014,6 +1124,7 @@ interface ModelSelectorInnerProps {
   onCredentialChange: (id: string | null) => void;
   selectedModel: AiProviderModel | null;
   onModelChange: (model: AiProviderModel) => void;
+  filterModels?: (m: AiProviderModel) => boolean;
 }
 
 function ModelSelectorInner({
@@ -1022,6 +1133,7 @@ function ModelSelectorInner({
   onCredentialChange,
   selectedModel,
   onModelChange,
+  filterModels,
 }: ModelSelectorInnerProps) {
   const [hoveredModel, setHoveredModel] = useState<AiProviderModel | null>(
     null,
@@ -1072,7 +1184,7 @@ function ModelSelectorInner({
               }
               value={searchTerm}
               onChange={(e) => setSearchTerm(e.target.value)}
-              className="flex-1 min-w-0 border-0 shadow-none focus-visible:ring-0 px-0 h-full text-sm placeholder:text-muted-foreground/50 bg-transparent"
+              className="flex-1 min-w-0 border-0 !shadow-none focus-visible:ring-0 px-0 h-full text-sm placeholder:text-muted-foreground/50 bg-transparent"
             />
             {keys.length > 0 && (
               <Select
@@ -1090,24 +1202,27 @@ function ModelSelectorInner({
                       const provider = key
                         ? providerMap[key.providerId]
                         : undefined;
+                      const preset = getPreset(key?.presetId);
+                      const logo = preset?.logo ?? provider?.logo;
+                      const name =
+                        preset?.name ??
+                        provider?.name ??
+                        key?.providerId ??
+                        "Key";
                       return (
                         <span className="flex items-center gap-1.5 min-w-0">
-                          {provider?.logo ? (
+                          {logo ? (
                             <img
-                              src={provider.logo}
-                              alt={provider.name}
+                              src={logo}
+                              alt={name}
                               className="w-4 h-4 rounded shrink-0 dark:bg-white dark:rounded-sm dark:p-px"
                             />
                           ) : (
                             <div className="w-4 h-4 rounded bg-primary/10 flex items-center justify-center text-xs font-semibold text-primary shrink-0">
-                              {(provider?.name ?? key?.providerId ?? "?")
-                                .slice(0, 1)
-                                .toUpperCase()}
+                              {name.slice(0, 1).toUpperCase()}
                             </div>
                           )}
-                          <span className="text-xs truncate">
-                            {provider?.name ?? key?.providerId ?? "Key"}
-                          </span>
+                          <span className="text-xs truncate">{name}</span>
                         </span>
                       );
                     })()}
@@ -1117,24 +1232,26 @@ function ModelSelectorInner({
                 <SelectContent>
                   {keys.map((key) => {
                     const provider = providerMap[key.providerId];
+                    const preset = getPreset(key.presetId);
+                    const logo = preset?.logo ?? provider?.logo;
+                    const name =
+                      preset?.name ?? provider?.name ?? key.providerId;
                     return (
                       <SelectItem key={key.id} value={key.id}>
                         <div className="flex items-center gap-2">
-                          {provider?.logo ? (
+                          {logo ? (
                             <img
-                              src={provider.logo}
-                              alt={provider.name}
+                              src={logo}
+                              alt={name}
                               className="w-4 h-4 rounded dark:bg-white dark:rounded-sm dark:p-px"
                             />
                           ) : (
                             <div className="w-4 h-4 rounded bg-primary/10 flex items-center justify-center text-xs font-semibold text-primary">
-                              {(provider?.name ?? key.providerId)
-                                .slice(0, 1)
-                                .toUpperCase()}
+                              {name.slice(0, 1).toUpperCase()}
                             </div>
                           )}
                           <span>
-                            {provider?.name ?? key.providerId} — {key.label}
+                            {name} — {key.label}
                           </span>
                         </div>
                       </SelectItem>
@@ -1164,6 +1281,7 @@ function ModelSelectorInner({
               onModelSelect={handleModelSelect}
               managing={managing}
               onToggleManage={() => setManaging((v) => !v)}
+              filterModels={filterModels}
             />
           </Suspense>
         </ErrorBoundary>
@@ -1210,10 +1328,19 @@ function ModelSelectorContent({ onClose }: { onClose: () => void }) {
     <ModelSelectorInner
       onClose={onClose}
       credentialId={credentialId}
-      onCredentialChange={setCredentialId}
+      onCredentialChange={(id) => {
+        track("chat_credential_changed", { credential_id: id });
+        setCredentialId(id);
+      }}
       selectedModel={selectedModel}
       onModelChange={(model) => {
         if (!credentialId) return;
+        track("chat_model_changed", {
+          from_model_id: selectedModel?.modelId ?? null,
+          to_model_id: model.modelId,
+          to_model_provider: model.providerId ?? null,
+          credential_id: credentialId,
+        });
         setModel({ ...model, keyId: credentialId });
       }}
     />
@@ -1234,6 +1361,7 @@ export interface ModelSelectorProps {
   credentialId?: string | null;
   onCredentialChange?: (id: string | null) => void;
   onModelChange?: (model: AiProviderModel) => void;
+  filterModels?: (m: AiProviderModel) => boolean;
 }
 
 export function ModelSelector({
@@ -1245,6 +1373,7 @@ export function ModelSelector({
   credentialId: credentialIdProp,
   onCredentialChange,
   onModelChange,
+  filterModels,
 }: ModelSelectorProps) {
   const [open, setOpen] = useState(false);
   const standalone = onModelChange !== undefined;
@@ -1281,6 +1410,7 @@ export function ModelSelector({
           onCredentialChange={onCredentialChange ?? (() => {})}
           selectedModel={modelProp ?? null}
           onModelChange={onModelChange}
+          filterModels={filterModels}
         />
       ) : (
         <ModelSelectorContent onClose={() => setOpen(false)} />
diff --git a/apps/mesh/src/web/components/chat/side-panel-chat.tsx b/apps/mesh/src/web/components/chat/side-panel-chat.tsx
index 19df610886..82eaba0c53 100644
--- a/apps/mesh/src/web/components/chat/side-panel-chat.tsx
+++ b/apps/mesh/src/web/components/chat/side-panel-chat.tsx
@@ -1,210 +1,39 @@
-import { AgentsList } from "@/web/components/home/agents-list.tsx";
-import { ImportFromDecoDialog } from "@/web/components/import-from-deco-dialog.tsx";
 import { IntegrationIcon } from "@/web/components/integration-icon";
 import { authClient } from "@/web/lib/auth-client";
-import { KEYS } from "@/web/lib/query-keys";
-import { useIsMobile } from "@deco/ui/hooks/use-mobile.ts";
 import { cn } from "@deco/ui/lib/utils.ts";
 import {
   getWellKnownDecopilotVirtualMCP,
   useProjectContext,
+  useVirtualMCP,
 } from "@decocms/mesh-sdk";
-import { ArrowRight, Users03 } from "@untitledui/icons";
-import { useQuery } from "@tanstack/react-query";
+import { Users03 } from "@untitledui/icons";
 import { Suspense, useState } from "react";
 import { ErrorBoundary } from "../error-boundary";
 
 import { Chat } from "./index";
-import { useChatStream, useChatPrefs } from "./context";
+import { useChatStream, useChatPrefs, useChatTask } from "./context";
 import { ChatContextPanel } from "./context-panel";
 import { wasCreditsEmptyDismissed } from "./credits-empty-state";
+import { BranchPicker } from "../thread/github/branch-picker.tsx";
 
 import { useAiProviderKeys } from "@/web/hooks/collections/use-ai-providers";
 import { useDecoCredits } from "@/web/hooks/use-deco-credits";
 
-// ---------- Import deco.cx Banner ----------
-
-const DECO_BANNER_GRADIENT = [
-  "radial-gradient(ellipse 25% 220% at -5% 120%, rgba(165,149,255,0.35) 0%, transparent 100%)",
-  "radial-gradient(ellipse 25% 220% at 105% -20%, rgba(208,236,26,0.32) 0%, transparent 100%)",
-].join(", ");
-const DECO_BANNER_TEXTURE = "/decotexture.svg";
-
-function ImportDecoSiteBanner({ onClick }: { onClick: () => void }) {
-  return (
-    <button
-      type="button"
-      onClick={onClick}
-      className="w-full relative flex items-center gap-4 px-4 py-4 rounded-lg border border-border bg-background overflow-hidden transition-colors text-left cursor-pointer group"
-      style={{ backgroundImage: DECO_BANNER_GRADIENT }}
-    >
-      <div className="relative shrink-0 p-1.5 bg-[var(--brand-green-light)] rounded-lg border border-border">
-        <IntegrationIcon
-          icon="/logos/deco%20logo.svg"
-          name="deco.cx"
-          size="xs"
-          className="border-0 rounded-none bg-transparent"
-        />
-      </div>
-      <p className="flex-1 relative text-sm font-medium text-foreground leading-none whitespace-nowrap">
-        Import your deco.cx site
-      </p>
-      <img
-        src={DECO_BANNER_TEXTURE}
-        alt=""
-        aria-hidden
-        className="absolute pointer-events-none"
-        style={{
-          width: "274.5px",
-          height: "272.25px",
-          left: "calc(50% + 145.5px)",
-          top: "calc(50% + 40px)",
-          transform: "translate(-50%, -50%)",
-        }}
-      />
-      <div className="relative bg-background flex items-center justify-center size-8 rounded-md shrink-0">
-        <ArrowRight
-          size={16}
-          className="text-foreground transition-transform group-hover:translate-x-0.5"
-        />
-      </div>
-    </button>
-  );
-}
-
-function useIsDecoUser() {
-  const { data: session } = authClient.useSession();
-  const { data } = useQuery({
-    queryKey: KEYS.decoProfile(session?.user?.email),
-    queryFn: async () => {
-      const res = await fetch("/api/deco-sites/profile");
-      if (!res.ok) return { isDecoUser: false };
-      return res.json() as Promise<{ isDecoUser: boolean }>;
-    },
-    enabled: Boolean(session?.user?.email),
-    staleTime: 5 * 60_000,
-  });
-  return data?.isDecoUser ?? false;
-}
-
-// ---------- Home empty state (greeting, agents, ice breakers, banner) ----------
-
-function HomeEmptyState({
-  onOpenContextPanel,
-}: {
-  onOpenContextPanel: () => void;
-}) {
-  const { data: session } = authClient.useSession();
-  const [importOpen, setImportOpen] = useState(false);
-  const isDecoUser = useIsDecoUser();
-  const isMobile = useIsMobile();
-  const {
-    hasDecoKey,
-    isZeroBalance,
-    isInitialFreeCredit,
-    balanceDollars,
-    hasOnlyDecoProvider,
-  } = useDecoCredits();
-
-  const userName = session?.user?.name?.split(" ")[0] || "there";
-
-  // Only show the eyebrow for the initial free $2 credit (onboarding)
-  const showEyebrow =
-    hasDecoKey && isInitialFreeCredit && balanceDollars != null;
-  const showNoCreditsEyebrow =
-    hasDecoKey && isZeroBalance && hasOnlyDecoProvider;
-
-  if (isMobile) {
-    return (
-      <>
-        <div className="flex-1 relative flex flex-col items-center px-4">
-          {/* Centered greeting */}
-          <div className="flex-1 flex flex-col items-center justify-center w-full">
-            {showEyebrow && (
-              <div className="mb-4">
-                <Chat.CreditsEyebrow balanceDollars={balanceDollars} />
-              </div>
-            )}
-            {showNoCreditsEyebrow && (
-              <div className="mb-4">
-                <Chat.NoCreditsEyebrow />
-              </div>
-            )}
-            <p className="text-3xl font-medium text-foreground text-center max-w-[280px]">
-              What's on your mind, {userName}?
-            </p>
-          </div>
-          {/* Agents above input at bottom */}
-          <div className="w-full flex flex-col gap-4 pb-4">
-            <AgentsList />
-            <Chat.Input
-              onOpenContextPanel={onOpenContextPanel}
-              showConnectionsBanner
-            />
-          </div>
-          {isDecoUser && (
-            <div className="w-full">
-              <ImportDecoSiteBanner onClick={() => setImportOpen(true)} />
-            </div>
-          )}
-        </div>
-        <ImportFromDecoDialog open={importOpen} onOpenChange={setImportOpen} />
-      </>
-    );
-  }
-
-  return (
-    <>
-      <div className="flex-1 relative flex flex-col items-center px-10">
-        <div className="flex-1 flex flex-col items-center justify-center w-full">
-          <div className="flex flex-col items-center w-full max-w-[672px]">
-            <div className="text-center mb-10">
-              {showEyebrow && (
-                <div className="mb-4">
-                  <Chat.CreditsEyebrow balanceDollars={balanceDollars} />
-                </div>
-              )}
-              {showNoCreditsEyebrow && (
-                <div className="mb-4">
-                  <Chat.NoCreditsEyebrow />
-                </div>
-              )}
-              <p className="text-3xl font-medium text-foreground">
-                What's on your mind, {userName}?
-              </p>
-            </div>
-            <div className="w-full">
-              <Chat.Input
-                onOpenContextPanel={onOpenContextPanel}
-                showConnectionsBanner
-              />
-            </div>
-          </div>
-          <div className="w-full mt-10 mx-auto">
-            <AgentsList />
-          </div>
-        </div>
-        {isDecoUser && (
-          <div className="absolute bottom-6 left-0 right-0 px-10">
-            <div className="w-full max-w-[500px] mx-auto">
-              <ImportDecoSiteBanner onClick={() => setImportOpen(true)} />
-            </div>
-          </div>
-        )}
-      </div>
-      <ImportFromDecoDialog open={importOpen} onOpenChange={setImportOpen} />
-    </>
-  );
-}
-
 // ---------- Default sidebar empty state ----------
 
 function SidebarEmptyState() {
   const { org } = useProjectContext();
   const { selectedVirtualMcp } = useChatPrefs();
+  const { data: session } = authClient.useSession();
+  const { currentBranch, setCurrentTaskBranch } = useChatTask();
 
   const defaultAgent = getWellKnownDecopilotVirtualMCP(org.id);
   const displayAgent = selectedVirtualMcp ?? defaultAgent;
+  const fullVm = useVirtualMCP(displayAgent.id);
+
+  const userId = session?.user?.id ?? "";
+  const githubRepo = fullVm?.metadata?.githubRepo ?? null;
+  const showBranchPicker = !!githubRepo?.connectionId && !!userId;
 
   return (
     <div className="h-full w-full flex flex-col items-center justify-center gap-6 px-4">
@@ -223,6 +52,21 @@ function SidebarEmptyState() {
           {displayAgent.description ??
             "Ask anything about configuring model providers or using MCP Mesh."}
         </div>
+        {showBranchPicker && (
+          <div className="mt-2">
+            <BranchPicker
+              orgId={org.id}
+              orgSlug={org.slug}
+              userId={userId}
+              connectionId={githubRepo.connectionId!}
+              owner={githubRepo.owner}
+              repo={githubRepo.name}
+              vmMap={fullVm?.metadata?.vmMap}
+              value={currentBranch ?? undefined}
+              onChange={setCurrentTaskBranch}
+            />
+          </div>
+        )}
       </div>
       <div className="w-full max-w-3xl mx-auto">
         <Chat.IceBreakers />
@@ -233,7 +77,7 @@ function SidebarEmptyState() {
 
 // ---------- Panel content ----------
 
-function ChatPanelContent({ variant }: { variant?: "home" | "default" }) {
+function ChatPanelContent() {
   const { org } = useProjectContext();
   const allKeys = useAiProviderKeys();
   const { isChatEmpty } = useChatStream();
@@ -286,10 +130,6 @@ function ChatPanelContent({ variant }: { variant?: "home" | "default" }) {
               />
             </Chat.Footer>
           </>
-        ) : variant === "home" ? (
-          <HomeEmptyState
-            onOpenContextPanel={() => setActivePanel("context")}
-          />
         ) : (
           <>
             <Chat.Main>
@@ -319,11 +159,11 @@ function ChatPanelContent({ variant }: { variant?: "home" | "default" }) {
   );
 }
 
-export function ChatPanel({ variant }: { variant?: "home" | "default" }) {
+export function ChatPanel() {
   return (
     <ErrorBoundary fallback={<Chat.Skeleton />}>
       <Suspense fallback={<Chat.Skeleton />}>
-        <ChatPanelContent variant={variant} />
+        <ChatPanelContent />
       </Suspense>
     </ErrorBoundary>
   );
diff --git a/apps/mesh/src/web/components/chat/simple-mode-tier-dropdown.tsx b/apps/mesh/src/web/components/chat/simple-mode-tier-dropdown.tsx
new file mode 100644
index 0000000000..2c03424beb
--- /dev/null
+++ b/apps/mesh/src/web/components/chat/simple-mode-tier-dropdown.tsx
@@ -0,0 +1,79 @@
+import { Button } from "@deco/ui/components/button.tsx";
+import {
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuTrigger,
+} from "@deco/ui/components/dropdown-menu.tsx";
+import { Atom01, Lightning01, Stars01 } from "@untitledui/icons";
+
+export type SimpleModeTier = "fast" | "smart" | "thinking";
+
+const SIMPLE_MODE_TIER_OPTIONS = [
+  {
+    value: "fast" as const,
+    label: "Fast",
+    Icon: Lightning01,
+    description: "Quicker responses",
+  },
+  {
+    value: "smart" as const,
+    label: "Smart",
+    Icon: Stars01,
+    description: "Balanced quality",
+  },
+  {
+    value: "thinking" as const,
+    label: "Thinking",
+    Icon: Atom01,
+    description: "Deeper reasoning",
+  },
+] as const;
+
+export function SimpleModeTierDropdown({
+  tier,
+  onSelect,
+}: {
+  tier: SimpleModeTier;
+  onSelect: (t: SimpleModeTier) => void;
+}) {
+  const current =
+    SIMPLE_MODE_TIER_OPTIONS.find((o) => o.value === tier) ??
+    SIMPLE_MODE_TIER_OPTIONS[1]!;
+  const Icon = current.Icon;
+  return (
+    <DropdownMenu>
+      <DropdownMenuTrigger asChild>
+        <Button
+          type="button"
+          variant="ghost"
+          size="default"
+          className="text-muted-foreground hover:text-foreground"
+        >
+          <Icon size={14} />
+          <span className="hidden sm:inline">{current.label}</span>
+        </Button>
+      </DropdownMenuTrigger>
+      <DropdownMenuContent align="end" className="w-52 p-1.5">
+        {SIMPLE_MODE_TIER_OPTIONS.map(
+          ({ value, label, Icon: TierIcon, description }) => (
+            <DropdownMenuItem key={value} onSelect={() => onSelect(value)}>
+              <TierIcon size={16} className="text-muted-foreground" />
+              <div className="flex flex-col gap-0.5 flex-1">
+                <span>{label}</span>
+                <span className="text-xs text-muted-foreground font-normal">
+                  {description}
+                </span>
+              </div>
+              {tier === value && (
+                <span className="text-xs text-muted-foreground font-medium">
+                  On
+                </span>
+              )}
+            </DropdownMenuItem>
+          ),
+        )}
+      </DropdownMenuContent>
+    </DropdownMenu>
+  );
+}
diff --git a/apps/mesh/src/web/components/chat/task/cache-operations.ts b/apps/mesh/src/web/components/chat/task/cache-operations.ts
index 7a9fb61923..4e95d454a0 100644
--- a/apps/mesh/src/web/components/chat/task/cache-operations.ts
+++ b/apps/mesh/src/web/components/chat/task/cache-operations.ts
@@ -7,13 +7,6 @@ import { KEYS } from "../../../lib/query-keys";
 import type { ChatMessage, Task, TasksQueryData } from "./types.ts";
 import { TASK_CONSTANTS } from "./types.ts";
 
-export interface TaskCacheFilters {
-  owner: "me" | "automation" | "all";
-  status: "open" | "archived";
-  virtualMcpId?: string;
-  userId?: string | null;
-}
-
 /**
  * Update task across every cached task list where it appears.
  * Returns true if the task was found (and updated) in any cache entry.
@@ -41,6 +34,7 @@ export function updateTaskInCache(
         updated_at: updates.updated_at ?? current.updated_at,
         hidden: updates.hidden ?? current.hidden,
         status: updates.status ?? current.status,
+        branch: "branch" in updates ? updates.branch : current.branch,
       };
 
       const items = [...data.items];
@@ -52,41 +46,6 @@ export function updateTaskInCache(
   return found;
 }
 
-/**
- * Add task optimistically to the cache
- */
-export function addTaskToCache(
-  queryClient: QueryClient,
-  locator: string,
-  task: Task,
-  filters: TaskCacheFilters,
-): void {
-  const queryKey = KEYS.tasks(locator, filters);
-
-  const currentData = queryClient.getQueryData<TasksQueryData>(queryKey);
-
-  if (!currentData) {
-    queryClient.setQueryData(queryKey, {
-      items: [task],
-      hasMore: false,
-      totalCount: 1,
-    });
-    return;
-  }
-
-  // Check if task already exists in cache
-  const taskExists = currentData.items.some((t) => t.id === task.id);
-  if (taskExists) {
-    return;
-  }
-
-  queryClient.setQueryData(queryKey, {
-    ...currentData,
-    items: [task, ...currentData.items],
-    totalCount: (currentData.totalCount ?? currentData.items.length) + 1,
-  });
-}
-
 /**
  * Update messages cache for a task with new messages
  * Populates the cache directly without refetching from backend
diff --git a/apps/mesh/src/web/components/chat/task/helpers.ts b/apps/mesh/src/web/components/chat/task/helpers.ts
index 5a9546a94e..818c6e5989 100644
--- a/apps/mesh/src/web/components/chat/task/helpers.ts
+++ b/apps/mesh/src/web/components/chat/task/helpers.ts
@@ -38,18 +38,3 @@ export async function callUpdateTaskTool(
   });
   return payload.item;
 }
-
-/**
- * Build an optimistic task object for immediate cache insertion
- */
-export function buildOptimisticTask(id: string, virtualMcpId?: string): Task {
-  const now = new Date().toISOString();
-  return {
-    id,
-    title: "New chat",
-    status: "completed",
-    created_at: now,
-    updated_at: now,
-    virtual_mcp_id: virtualMcpId,
-  };
-}
diff --git a/apps/mesh/src/web/components/chat/task/types.ts b/apps/mesh/src/web/components/chat/task/types.ts
index dc61f39303..3f45d5b013 100644
--- a/apps/mesh/src/web/components/chat/task/types.ts
+++ b/apps/mesh/src/web/components/chat/task/types.ts
@@ -24,6 +24,8 @@ export interface Task {
   virtual_mcp_id?: string;
   /** True when this task was triggered by an automation */
   fromAutomation?: boolean;
+  /** Git branch associated with this thread, when the vMCP is GitHub-linked. */
+  branch?: string | null;
 }
 
 export type { ChatMessage } from "../types.ts";
diff --git a/apps/mesh/src/web/components/chat/task/use-task-manager.ts b/apps/mesh/src/web/components/chat/task/use-task-manager.ts
index f1373e645c..29bf5772a0 100644
--- a/apps/mesh/src/web/components/chat/task/use-task-manager.ts
+++ b/apps/mesh/src/web/components/chat/task/use-task-manager.ts
@@ -18,16 +18,11 @@ import {
 import { useQueryClient, useSuspenseQuery } from "@tanstack/react-query";
 import { toast } from "sonner";
 import { authClient } from "../../../lib/auth-client";
-import { useCollectionCachePrefill } from "../../../hooks/use-collection-cache-prefill";
 import { LOCALSTORAGE_KEYS } from "../../../lib/localstorage-keys";
 import { KEYS } from "../../../lib/query-keys";
 import { useDecopilotEvents } from "../../../hooks/use-decopilot-events";
-import {
-  addTaskToCache,
-  updateMessagesCache,
-  updateTaskInCache,
-} from "./cache-operations.ts";
-import { buildOptimisticTask, callUpdateTaskTool } from "./helpers.ts";
+import { updateMessagesCache, updateTaskInCache } from "./cache-operations.ts";
+import { callUpdateTaskTool } from "./helpers.ts";
 import { useState, useTransition } from "react";
 import type { ChatMessage, Task } from "./types.ts";
 import { TASK_CONSTANTS } from "./types.ts";
@@ -52,6 +47,7 @@ export function useTasks(params: UseTasksParams) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const { data, refetch } = useSuspenseQuery({
@@ -111,6 +107,7 @@ export function useTaskMessages(taskId: string | null) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   // Pass null client when no taskId to skip the query entirely
@@ -134,7 +131,6 @@ export function useTaskMessages(taskId: string | null) {
 export function useTaskManager(virtualMcpId: string) {
   const { locator, org } = useProjectContext();
   const queryClient = useQueryClient();
-  const { prefillCollectionCache } = useCollectionCachePrefill();
 
   const { data: session } = authClient.useSession();
   const userId = session?.user?.id;
@@ -192,27 +188,9 @@ export function useTaskManager(virtualMcpId: string) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
-  // Create task (optimistic + cache)
-  const createTask = (): string => {
-    const newTaskId = crypto.randomUUID();
-    const optimisticTask = buildOptimisticTask(newTaskId, virtualMcpId);
-    addTaskToCache(queryClient, locator, optimisticTask, {
-      owner: ownerFilter,
-      status: "open",
-      virtualMcpId,
-      userId: ownerFilter === "me" ? (userId ?? null) : null,
-    });
-    if (client) {
-      prefillCollectionCache(client, "THREAD_MESSAGES", org.id, {
-        filters: [{ column: "thread_id", value: newTaskId }],
-        pageSize: TASK_CONSTANTS.TASK_MESSAGES_PAGE_SIZE,
-      });
-    }
-    return newTaskId;
-  };
-
   // Update task in cache (across all matching task lists)
   const updateTask = (taskId: string, updates: Partial<Task>) => {
     updateTaskInCache(queryClient, locator, taskId, updates);
@@ -241,6 +219,19 @@ export function useTaskManager(virtualMcpId: string) {
     }
   };
 
+  // Persist the picked branch on the thread row. Server enforces that
+  // github-linked threads cannot have branch=null; surface that error.
+  const setTaskBranch = async (taskId: string, branch: string | null) => {
+    try {
+      await callUpdateTaskTool(client, taskId, { branch });
+      updateTaskInCache(queryClient, locator, taskId, { branch });
+    } catch (error) {
+      const err = error as Error;
+      toast.error(`Failed to update branch: ${err.message}`);
+      console.error("[chat] setTaskBranch:", error);
+    }
+  };
+
   // Rename task (backend + cache)
   const renameTask = async (taskId: string, title: string) => {
     try {
@@ -285,7 +276,7 @@ export function useTaskManager(virtualMcpId: string) {
 
   // Org-wide SSE for real-time sidebar task status updates
   useDecopilotEvents({
-    orgId: org.id,
+    orgSlug: org.slug,
     enabled: true,
     onTaskStatus: (event) => {
       const threadId = event.subject;
@@ -311,11 +302,11 @@ export function useTaskManager(virtualMcpId: string) {
     ownerFilter,
     setOwnerFilter,
     isFilterChangePending,
-    createTask,
     updateTask,
     renameTask,
     hideTask,
     setTaskStatus,
+    setTaskBranch,
     updateMessagesCache: updateMessagesInCache,
   };
 }
diff --git a/apps/mesh/src/web/components/chat/tiptap/build-improve-prompt-doc.test.ts b/apps/mesh/src/web/components/chat/tiptap/build-improve-prompt-doc.test.ts
new file mode 100644
index 0000000000..33d42b2bef
--- /dev/null
+++ b/apps/mesh/src/web/components/chat/tiptap/build-improve-prompt-doc.test.ts
@@ -0,0 +1,75 @@
+import { describe, expect, test } from "bun:test";
+import { buildImprovePromptDoc } from "./build-improve-prompt-doc";
+import { derivePartsFromTiptapDoc } from "../derive-parts";
+
+const baseInput = {
+  managerAgentId: "agent_mgr_123",
+  managerName: "Agent Manager",
+  kind: "agent" as const,
+  id: "vmcp_abc",
+  instructions: "Help users with onboarding.\nBe concise.",
+};
+
+describe("buildImprovePromptDoc", () => {
+  test("starts with leading text, then the manager mention, then the trailing payload", () => {
+    const doc = buildImprovePromptDoc(baseInput);
+    expect(doc.type).toBe("doc");
+    const para = doc.content?.[0];
+    expect(para?.type).toBe("paragraph");
+
+    const [leading, mention, trailing] = para?.content ?? [];
+    expect(leading?.type).toBe("text");
+    expect(leading?.text).toBe("Use ");
+
+    expect(mention?.type).toBe("mention");
+    expect(mention?.attrs).toMatchObject({
+      id: "agent_mgr_123",
+      name: "Agent Manager",
+      char: "@",
+      metadata: { agentId: "agent_mgr_123", title: "Agent Manager" },
+    });
+
+    expect(trailing?.type).toBe("text");
+    expect(trailing?.text).toContain(
+      'to improve the instructions of agent "vmcp_abc"',
+    );
+    expect(trailing?.text).toContain("Here are its current instructions.");
+    expect(trailing?.text).toContain(
+      "<current_instructions>Help users with onboarding.\nBe concise.</current_instructions>",
+    );
+  });
+
+  test("compiles through derivePartsFromTiptapDoc into a DELEGATE directive", () => {
+    const doc = buildImprovePromptDoc(baseInput);
+    const parts = derivePartsFromTiptapDoc(
+      doc as Parameters<typeof derivePartsFromTiptapDoc>[0],
+    );
+    const text = parts
+      .filter((p): p is { type: "text"; text: string } => p.type === "text")
+      .map((p) => p.text)
+      .join("\n");
+    expect(text).toContain("Use @Agent Manager to improve the instructions");
+    expect(text).toContain(
+      "[DELEGATE TO AGENT: Agent Manager (agent_id: agent_mgr_123)]",
+    );
+    expect(text).toContain("subtask tool");
+    expect(text).toContain("<current_instructions>");
+  });
+
+  test("handles automation kind", () => {
+    const doc = buildImprovePromptDoc({
+      managerAgentId: "agent_mgr_auto",
+      managerName: "Automation Manager",
+      kind: "automation",
+      id: "auto_42",
+      instructions: "ping every minute",
+    });
+    const trailing = doc.content?.[0]?.content?.[2]?.text ?? "";
+    expect(trailing).toContain(
+      'to improve the instructions of automation "auto_42"',
+    );
+    expect(trailing).toContain(
+      "<current_instructions>ping every minute</current_instructions>",
+    );
+  });
+});
diff --git a/apps/mesh/src/web/components/chat/tiptap/build-improve-prompt-doc.ts b/apps/mesh/src/web/components/chat/tiptap/build-improve-prompt-doc.ts
new file mode 100644
index 0000000000..27ce071a4a
--- /dev/null
+++ b/apps/mesh/src/web/components/chat/tiptap/build-improve-prompt-doc.ts
@@ -0,0 +1,50 @@
+import type { TiptapDoc } from "../types";
+
+export interface ImprovePromptDocInput {
+  managerAgentId: string;
+  managerName: string;
+  kind: "agent" | "automation";
+  id: string;
+  instructions: string;
+}
+
+/**
+ * Build a tiptap document that, when sent through the chat, reads as:
+ *   Use @<Manager> to improve the instructions of <kind> "<id>".
+ *   Here are its current instructions.
+ *   <current_instructions>{instructions}</current_instructions>
+ *
+ * The mention is shaped so derivePartsFromTiptapDoc emits the standard
+ * `[DELEGATE TO AGENT: ...]` directive that Decopilot's SUBTASK tool
+ * picks up.
+ */
+export function buildImprovePromptDoc(input: ImprovePromptDocInput): TiptapDoc {
+  const { managerAgentId, managerName, kind, id, instructions } = input;
+
+  const trailing =
+    ` to improve the instructions of ${kind} "${id}". ` +
+    `Here are its current instructions.\n` +
+    `<current_instructions>${instructions}</current_instructions>`;
+
+  return {
+    type: "doc",
+    content: [
+      {
+        type: "paragraph",
+        content: [
+          { type: "text", text: "Use " },
+          {
+            type: "mention",
+            attrs: {
+              id: managerAgentId,
+              name: managerName,
+              char: "@",
+              metadata: { agentId: managerAgentId, title: managerName },
+            },
+          },
+          { type: "text", text: trailing },
+        ],
+      },
+    ],
+  };
+}
diff --git a/apps/mesh/src/web/components/chat/tiptap/file/index.ts b/apps/mesh/src/web/components/chat/tiptap/file/index.ts
index 3236ef1ce0..8f7e9097d6 100644
--- a/apps/mesh/src/web/components/chat/tiptap/file/index.ts
+++ b/apps/mesh/src/web/components/chat/tiptap/file/index.ts
@@ -2,4 +2,11 @@ export {
   FileNode,
   type FileAttrs,
 } from "./node.tsx";
-export { FileUploader, FileUploadButton, processFile } from "./uploader.tsx";
+export {
+  FileUploader,
+  FileUploadButton,
+  UnsupportedFileDialog,
+  useUnsupportedFileDialog,
+  processFile,
+  type UnsupportedFileInfo,
+} from "./uploader.tsx";
diff --git a/apps/mesh/src/web/components/chat/tiptap/file/uploader.tsx b/apps/mesh/src/web/components/chat/tiptap/file/uploader.tsx
index 007dba96ea..6cb01d8b3a 100644
--- a/apps/mesh/src/web/components/chat/tiptap/file/uploader.tsx
+++ b/apps/mesh/src/web/components/chat/tiptap/file/uploader.tsx
@@ -1,4 +1,11 @@
 import { Button } from "@deco/ui/components/button.tsx";
+import {
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogHeader,
+  DialogTitle,
+} from "@deco/ui/components/dialog.tsx";
 import {
   Tooltip,
   TooltipContent,
@@ -6,16 +13,28 @@ import {
 } from "@deco/ui/components/tooltip.tsx";
 import { Plugin, PluginKey } from "@tiptap/pm/state";
 import { useCurrentEditor, type Editor } from "@tiptap/react";
-import { useEffect, useRef, type ChangeEvent } from "react";
-import { Attachment01 } from "@untitledui/icons";
+import { useEffect, useRef, useState, type ChangeEvent } from "react";
+import { AlertTriangle, Attachment01 } from "@untitledui/icons";
 import { toast } from "sonner";
-import { modelSupportsFiles } from "../../select-model";
+import {
+  getAcceptedMimeTypesForModel,
+  getSupportedFileTypesLabel,
+  isFileTypeSupportedByModel,
+  modelSupportsFiles,
+} from "../../select-model";
 import { insertFile, type FileAttrs } from "./node.tsx";
 import { AiProviderModel } from "@/web/hooks/collections/use-ai-providers.ts";
 
+export interface UnsupportedFileInfo {
+  fileName: string;
+  modelName: string;
+  accepted: string;
+}
+
 interface FileUploaderProps {
   editor: Editor;
   selectedModel: AiProviderModel | null;
+  onUnsupportedFile?: (info: UnsupportedFileInfo) => void;
 }
 
 /**
@@ -26,6 +45,7 @@ export async function processFile(
   selectedModel: AiProviderModel | null,
   file: File,
   position: number,
+  onUnsupportedFile?: (info: UnsupportedFileInfo) => void,
 ): Promise<void> {
   // Check if model supports files
   if (!modelSupportsFiles(selectedModel)) {
@@ -33,6 +53,20 @@ export async function processFile(
     return;
   }
 
+  const fileMimeType = file.type || "application/octet-stream";
+  if (!isFileTypeSupportedByModel(fileMimeType, selectedModel)) {
+    const accepted = getSupportedFileTypesLabel(selectedModel);
+    const modelName = selectedModel?.title ?? "This model";
+    if (onUnsupportedFile) {
+      onUnsupportedFile({ fileName: file.name, modelName, accepted });
+    } else {
+      toast.error(`"${file.name}" can't be attached`, {
+        description: `${modelName} accepts ${accepted}.`,
+      });
+    }
+    return;
+  }
+
   const MAX_SIZE = 10 * 1024 * 1024; // 10MB
 
   if (file.size > MAX_SIZE) {
@@ -81,7 +115,11 @@ export async function processFile(
  * FileUploader component that registers a ProseMirror plugin to handle file drops.
  * Uses a ref to keep the latest selectedModel in sync for file processing.
  */
-export function FileUploader({ editor, selectedModel }: FileUploaderProps) {
+export function FileUploader({
+  editor,
+  selectedModel,
+  onUnsupportedFile,
+}: FileUploaderProps) {
   // Use a ref to store the latest processFile handler
   // This ensures we always use the latest selectedModel when processing files
   const processFileRef = useRef<
@@ -92,9 +130,15 @@ export function FileUploader({ editor, selectedModel }: FileUploaderProps) {
   // eslint-disable-next-line ban-use-effect/ban-use-effect
   useEffect(() => {
     processFileRef.current = async (file: File, position: number) => {
-      await processFile(editor, selectedModel, file, position);
+      await processFile(
+        editor,
+        selectedModel,
+        file,
+        position,
+        onUnsupportedFile,
+      );
     };
-  }, [editor, selectedModel]);
+  }, [editor, selectedModel, onUnsupportedFile]);
 
   // Register the file drop plugin once per editor instance
   // eslint-disable-next-line ban-use-effect/ban-use-effect
@@ -189,12 +233,14 @@ interface FileUploadButtonProps {
   selectedModel: AiProviderModel | null;
   isStreaming: boolean;
   icon?: React.ReactNode;
+  onUnsupportedFile?: (info: UnsupportedFileInfo) => void;
 }
 
 export function FileUploadButton({
   selectedModel,
   isStreaming,
   icon,
+  onUnsupportedFile,
 }: FileUploadButtonProps) {
   const { editor } = useCurrentEditor();
   const fileInputRef = useRef<HTMLInputElement | null>(null);
@@ -212,7 +258,13 @@ export function FileUploadButton({
 
     // Process files sequentially using the shared processFile function
     for (const file of fileArray) {
-      await processFile(editor, selectedModel, file, currentPos);
+      await processFile(
+        editor,
+        selectedModel,
+        file,
+        currentPos,
+        onUnsupportedFile,
+      );
     }
 
     // Reset input so same file can be selected again
@@ -231,6 +283,7 @@ export function FileUploadButton({
         ref={fileInputRef}
         type="file"
         multiple
+        accept={getAcceptedMimeTypesForModel(selectedModel)}
         className="hidden"
         onChange={handleFileSelect}
         disabled={isStreaming}
@@ -253,3 +306,85 @@ export function FileUploadButton({
     </>
   );
 }
+
+/**
+ * Dialog shown when the user tries to attach a file whose MIME type the
+ * selected model doesn't support.
+ */
+export function UnsupportedFileDialog({
+  info,
+  onClose,
+}: {
+  info: UnsupportedFileInfo | null;
+  onClose: () => void;
+}) {
+  return (
+    <Dialog open={info !== null} onOpenChange={(open) => !open && onClose()}>
+      <DialogContent
+        className="sm:max-w-[480px] gap-0 p-0 overflow-hidden"
+        onOpenAutoFocus={(e) => e.preventDefault()}
+      >
+        {/* Header with subtle amber warning gradient */}
+        <div className="relative px-8 pt-8 pb-2 overflow-hidden">
+          <div
+            className="absolute inset-x-0 top-0 h-36 pointer-events-none"
+            style={{
+              backgroundImage: [
+                "radial-gradient(ellipse 40% 200% at -5% 100%, rgba(251,191,36,0.35) 0%, transparent 100%)",
+                "radial-gradient(ellipse 40% 200% at 105% -10%, rgba(244,114,182,0.25) 0%, transparent 100%)",
+              ].join(", "),
+              maskImage:
+                "linear-gradient(to bottom, black 0%, transparent 100%)",
+              WebkitMaskImage:
+                "linear-gradient(to bottom, black 0%, transparent 100%)",
+            }}
+          />
+          <DialogHeader className="relative gap-4">
+            <div className="flex items-center justify-center size-9 rounded-lg bg-amber-500/15 text-amber-600 dark:text-amber-400">
+              <AlertTriangle size={18} />
+            </div>
+            <div>
+              <DialogTitle className="text-xl font-semibold tracking-tight">
+                File type not supported
+              </DialogTitle>
+              <DialogDescription className="mt-1.5 text-sm leading-relaxed">
+                <span className="font-medium text-foreground">
+                  &ldquo;{info?.fileName}&rdquo;
+                </span>{" "}
+                can&apos;t be attached to this chat.
+              </DialogDescription>
+            </div>
+          </DialogHeader>
+        </div>
+
+        {/* Body */}
+        <div className="px-8 pt-3 pb-6 space-y-3">
+          <div className="rounded-xl border border-border p-4">
+            <div className="text-xs font-medium uppercase tracking-wide text-muted-foreground mb-2">
+              {info?.modelName} accepts
+            </div>
+            <div className="flex items-center gap-2 text-sm text-foreground">
+              <Attachment01 size={14} className="text-muted-foreground" />
+              <span className="capitalize">{info?.accepted}</span>
+            </div>
+          </div>
+        </div>
+
+        {/* Footer */}
+        <div className="px-8 py-4 border-t border-border bg-muted/30 flex items-center justify-end">
+          <Button onClick={onClose}>Got it</Button>
+        </div>
+      </DialogContent>
+    </Dialog>
+  );
+}
+
+export function useUnsupportedFileDialog() {
+  const [unsupportedFile, setUnsupportedFile] =
+    useState<UnsupportedFileInfo | null>(null);
+  return {
+    unsupportedFile,
+    onUnsupportedFile: setUnsupportedFile,
+    clearUnsupportedFile: () => setUnsupportedFile(null),
+  };
+}
diff --git a/apps/mesh/src/web/components/chat/tiptap/input.tsx b/apps/mesh/src/web/components/chat/tiptap/input.tsx
index 944c959f69..5cc9bf2fc8 100644
--- a/apps/mesh/src/web/components/chat/tiptap/input.tsx
+++ b/apps/mesh/src/web/components/chat/tiptap/input.tsx
@@ -11,7 +11,7 @@ import StarterKit from "@tiptap/starter-kit";
 import type { Ref } from "react";
 import { Suspense, useEffect, useImperativeHandle, useRef } from "react";
 import type { Metadata } from "../types.ts";
-import { FileNode, FileUploader } from "./file";
+import { FileNode, FileUploader, type UnsupportedFileInfo } from "./file";
 import { MentionNode } from "./mention";
 import { AtMention } from "./mention-at.tsx";
 import { SlashMention } from "./mention-slash.tsx";
@@ -155,6 +155,7 @@ interface TiptapInputProps {
   virtualMcpId?: string | null;
   showFileUploader?: boolean;
   selectedModel?: AiProviderModel | null;
+  onUnsupportedFile?: (info: UnsupportedFileInfo) => void;
   ref?: Ref<TiptapInputHandle>;
   className?: string;
 }
@@ -168,6 +169,7 @@ export function TiptapInput({
   virtualMcpId,
   showFileUploader = false,
   selectedModel,
+  onUnsupportedFile,
   ref,
   className,
 }: TiptapInputProps) {
@@ -245,7 +247,11 @@ export function TiptapInput({
 
       {/* Render file upload handler */}
       {showFileUploader && selectedModel ? (
-        <FileUploader editor={editor} selectedModel={selectedModel} />
+        <FileUploader
+          editor={editor}
+          selectedModel={selectedModel}
+          onUnsupportedFile={onUnsupportedFile}
+        />
       ) : null}
     </>
   );
diff --git a/apps/mesh/src/web/components/chat/tiptap/mention-at.tsx b/apps/mesh/src/web/components/chat/tiptap/mention-at.tsx
index 6deac69ea8..a986f1842d 100644
--- a/apps/mesh/src/web/components/chat/tiptap/mention-at.tsx
+++ b/apps/mesh/src/web/components/chat/tiptap/mention-at.tsx
@@ -18,6 +18,7 @@ import type { Editor } from "@tiptap/react";
 import { useRef, useState } from "react";
 import { toast } from "sonner";
 import { BaseItem, insertMention, OnSelectProps, Suggestion } from "./mention";
+import { track } from "@/web/lib/posthog-client";
 
 interface AtMentionProps {
   editor: Editor;
@@ -59,6 +60,7 @@ export const AtMention = ({ editor, virtualMcpId }: AtMentionProps) => {
   const client = useMCPClient({
     connectionId: virtualMcpId,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const resourcesQueryKey = KEYS.virtualMcpResources(virtualMcpId, org.id);
 
@@ -66,6 +68,10 @@ export const AtMention = ({ editor, virtualMcpId }: AtMentionProps) => {
   const modeRef = useRef(mode);
   modeRef.current = mode;
 
+  // Track picker open → close outcome so we can measure abandonment.
+  const pickerOpenedAtRef = useRef<number | null>(null);
+  const pickerHadSelectionRef = useRef(false);
+
   // Reset mode when menu closes/opens (query key changes signal re-render)
   const queryKey = ["at-mention", org.id, virtualMcpId ?? "default", mode];
 
@@ -73,6 +79,16 @@ export const AtMention = ({ editor, virtualMcpId }: AtMentionProps) => {
     item,
     range,
   }: OnSelectProps<AtItem>): Promise<void | false> => {
+    track("chat_picker_item_selected", {
+      picker: "@",
+      item_kind: item.kind,
+      item_name: item.name,
+    });
+    // Category clicks drill deeper — don't mark as final selection yet.
+    if (item.kind !== "category") {
+      pickerHadSelectionRef.current = true;
+    }
+
     if (item.kind === "category") {
       // Drill into category — keep menu open
       setMode(item.name === "agents" ? "agents" : "resources");
@@ -233,7 +249,21 @@ export const AtMention = ({ editor, virtualMcpId }: AtMentionProps) => {
   };
 
   const handleOpenChange = (open: boolean) => {
-    if (!open) {
+    if (open) {
+      // Fires when the @ picker dropdown actually renders (TipTap's onStart).
+      // NOT when a literal "@" is typed — e.g. inside an email address the
+      // picker won't open so the event won't fire.
+      pickerOpenedAtRef.current = Date.now();
+      pickerHadSelectionRef.current = false;
+      track("chat_picker_opened", { picker: "@" });
+    } else {
+      const openedAt = pickerOpenedAtRef.current;
+      track("chat_picker_closed", {
+        picker: "@",
+        outcome: pickerHadSelectionRef.current ? "selected" : "dismissed",
+        duration_ms: openedAt ? Date.now() - openedAt : null,
+      });
+      pickerOpenedAtRef.current = null;
       setMode("categories");
     }
   };
diff --git a/apps/mesh/src/web/components/chat/tiptap/mention-slash.tsx b/apps/mesh/src/web/components/chat/tiptap/mention-slash.tsx
index ad54cf69d6..0f5b65c2b9 100644
--- a/apps/mesh/src/web/components/chat/tiptap/mention-slash.tsx
+++ b/apps/mesh/src/web/components/chat/tiptap/mention-slash.tsx
@@ -32,6 +32,7 @@ import {
   type PromptArgumentValues,
 } from "../dialog-prompt-arguments.tsx";
 import { BaseItem, insertMention, OnSelectProps, Suggestion } from "./mention";
+import { track } from "@/web/lib/posthog-client";
 
 interface SlashMentionProps {
   editor: Editor;
@@ -103,8 +104,13 @@ export const SlashMention = ({ editor, virtualMcpId }: SlashMentionProps) => {
   const client = useMCPClient({
     connectionId: virtualMcpId,
     orgId: org.id,
+    orgSlug: org.slug,
   });
-  const promptToConnection = usePromptConnectionMap(virtualMcpId, org.id);
+  const promptToConnection = usePromptConnectionMap(
+    virtualMcpId,
+    org.id,
+    org.slug,
+  );
   const promptToConnectionRef = useRef(promptToConnection);
   promptToConnectionRef.current = promptToConnection;
 
@@ -121,10 +127,21 @@ export const SlashMention = ({ editor, virtualMcpId }: SlashMentionProps) => {
     null,
   );
 
+  // Track picker open → close outcome so we can measure abandonment.
+  const pickerOpenedAtRef = useRef<number | null>(null);
+  const pickerHadSelectionRef = useRef(false);
+
   const handleItemSelect = async ({
     item,
     range,
   }: OnSelectProps<SlashItem>) => {
+    track("chat_picker_item_selected", {
+      picker: "/",
+      item_kind: item.kind,
+      item_name: item.name,
+    });
+    pickerHadSelectionRef.current = true;
+
     if (!client) return;
 
     if (item.kind === "prompt") {
@@ -230,6 +247,24 @@ export const SlashMention = ({ editor, virtualMcpId }: SlashMentionProps) => {
         queryKey={queryKey}
         queryFn={fetchItems}
         onSelect={handleItemSelect}
+        onOpenChange={(open) => {
+          // Fires when the / picker dropdown actually renders (TipTap's
+          // onStart). NOT when a literal "/" is typed — e.g. inside a URL
+          // the picker won't open so the event won't fire.
+          if (open) {
+            pickerOpenedAtRef.current = Date.now();
+            pickerHadSelectionRef.current = false;
+            track("chat_picker_opened", { picker: "/" });
+          } else {
+            const openedAt = pickerOpenedAtRef.current;
+            track("chat_picker_closed", {
+              picker: "/",
+              outcome: pickerHadSelectionRef.current ? "selected" : "dismissed",
+              duration_ms: openedAt ? Date.now() - openedAt : null,
+            });
+            pickerOpenedAtRef.current = null;
+          }
+        }}
       />
       <PromptArgsDialog
         prompt={dialogPrompt}
diff --git a/apps/mesh/src/web/components/chat/tools-popover.tsx b/apps/mesh/src/web/components/chat/tools-popover.tsx
index 300a7e60fb..6c9bfe05ca 100644
--- a/apps/mesh/src/web/components/chat/tools-popover.tsx
+++ b/apps/mesh/src/web/components/chat/tools-popover.tsx
@@ -36,6 +36,7 @@ import {
 } from "@untitledui/icons";
 import { Suspense, useState } from "react";
 import { toast } from "sonner";
+import { track } from "@/web/lib/posthog-client";
 import {
   PromptArgsDialog,
   type PromptArgumentValues,
@@ -90,6 +91,7 @@ export function ToolsPopover({
   const client = useMCPClient({
     connectionId: virtualMcpId,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const queryKey = KEYS.virtualMcpPrompts(virtualMcpId, org.id);
 
@@ -112,6 +114,7 @@ export function ToolsPopover({
     setDeepResearchModel,
     chatMode,
     setChatMode,
+    simpleModeEnabled,
   } = useChatPrefs();
   const isPlanMode = chatMode === "plan";
 
@@ -131,7 +134,13 @@ export function ToolsPopover({
 
   const handleTogglePlanMode = () => {
     playSwitchSound();
-    setChatMode(isPlanMode ? "default" : "plan");
+    const nextMode = isPlanMode ? "default" : "plan";
+    track("chat_mode_changed", {
+      from_mode: chatMode,
+      to_mode: nextMode,
+      source: "tools_popover",
+    });
+    setChatMode(nextMode);
     setOpen(false);
   };
 
@@ -167,7 +176,12 @@ export function ToolsPopover({
 
   const handlePromptSelect = async (prompt: Prompt) => {
     setOpen(false);
-    if (prompt.arguments && prompt.arguments.length > 0) {
+    const hasArgs = !!(prompt.arguments && prompt.arguments.length > 0);
+    track("chat_prompt_inserted", {
+      prompt_name: prompt.name,
+      with_arguments: hasArgs,
+    });
+    if (hasArgs) {
       setActivePrompt(prompt);
       return;
     }
@@ -182,25 +196,47 @@ export function ToolsPopover({
 
   const handleImageModelSelect = (model: AiProviderModel) => {
     playSwitchSound();
+    track("chat_image_model_selected", {
+      model_id: model.modelId,
+      model_title: model.title,
+      provider: model.providerId ?? null,
+    });
     setImageModel(model);
     setOpen(false);
   };
 
   const handleSearchModelSelect = (model: AiProviderModel) => {
     playSwitchSound();
+    track("chat_search_model_selected", {
+      model_id: model.modelId,
+      model_title: model.title,
+      provider: model.providerId ?? null,
+    });
     setDeepResearchModel(model);
     setOpen(false);
   };
 
   const handleForceImageGeneration = () => {
     playSwitchSound();
-    setChatMode(chatMode === "gen-image" ? "default" : "gen-image");
+    const nextMode = chatMode === "gen-image" ? "default" : "gen-image";
+    track("chat_mode_changed", {
+      from_mode: chatMode,
+      to_mode: nextMode,
+      source: "tools_popover",
+    });
+    setChatMode(nextMode);
     setOpen(false);
   };
 
   const handleForceWebSearch = () => {
     playSwitchSound();
-    setChatMode(chatMode === "web-search" ? "default" : "web-search");
+    const nextMode = chatMode === "web-search" ? "default" : "web-search";
+    track("chat_mode_changed", {
+      from_mode: chatMode,
+      to_mode: nextMode,
+      source: "tools_popover",
+    });
+    setChatMode(nextMode);
     setOpen(false);
   };
 
@@ -209,7 +245,17 @@ export function ToolsPopover({
 
   return (
     <>
-      <DropdownMenu open={open} onOpenChange={setOpen}>
+      <DropdownMenu
+        open={open}
+        onOpenChange={(next) => {
+          if (next && !open) {
+            track("chat_tools_popover_opened", {
+              chat_mode: chatMode,
+            });
+          }
+          setOpen(next);
+        }}
+      >
         <DropdownMenuTrigger asChild>
           <Button
             type="button"
@@ -237,98 +283,41 @@ export function ToolsPopover({
             )}
           </DropdownMenuItem>
 
-          {/* Image mode: split row — left toggles mode, right opens model picker */}
-          <DropdownMenuSub open={imageSubOpen} onOpenChange={setImageSubOpen}>
-            <div className="flex items-center rounded-lg">
-              <DropdownMenuItem
-                onClick={handleForceImageGeneration}
-                disabled={!imageModel}
-                className={cn(
-                  "flex-1 rounded-r-none pr-1",
-                  isImageActive && "text-pink-600 dark:text-pink-400",
-                )}
-              >
-                <Image01
-                  size={16}
-                  className={cn(isImageActive && "text-pink-500")}
-                />
-                <span className="flex-1">Image mode</span>
-                {isImageActive && (
-                  <span className="text-xs text-pink-500 font-medium">On</span>
-                )}
-              </DropdownMenuItem>
-              <DropdownMenuPrimitive.SubTrigger
-                className={cn(
-                  "flex items-center justify-center rounded-r-lg rounded-l-none px-1.5 py-1.5 text-muted-foreground outline-hidden select-none",
-                  "hover:bg-accent hover:text-accent-foreground focus:bg-accent focus:text-accent-foreground",
-                  "data-[state=open]:bg-accent data-[state=open]:text-accent-foreground",
-                )}
-              >
-                <ChevronDown size={14} />
-              </DropdownMenuPrimitive.SubTrigger>
-            </div>
-            <DropdownMenuSubContent className="w-80 max-h-72 overflow-y-auto p-1.5">
-              {isModelsLoading ? (
-                <div className="flex items-center gap-2 px-2 py-3 text-sm text-muted-foreground">
-                  <Loading01 size={14} className="animate-spin" />
-                  Loading models…
-                </div>
-              ) : imageModels.length === 0 ? (
-                <div className="px-2 py-3 text-sm text-muted-foreground">
-                  No image models available
-                </div>
-              ) : (
-                imageModels.map((model) => {
-                  const isSelected = imageModel?.modelId === model.modelId;
-                  const logo = getProviderLogo(model);
-                  const displayName = model.title.includes(": ")
-                    ? model.title.split(": ").slice(1).join(": ")
-                    : model.title;
-                  return (
-                    <DropdownMenuItem
-                      key={model.modelId}
-                      onClick={() => handleImageModelSelect(model)}
-                      className="flex items-center gap-2"
-                    >
-                      <img
-                        src={logo}
-                        alt=""
-                        className="size-4 shrink-0 rounded-sm dark:bg-white dark:p-px"
-                      />
-                      <span className="flex-1 text-sm truncate">
-                        {displayName}
-                      </span>
-                      {isSelected && (
-                        <Check size={14} className="text-pink-500 shrink-0" />
-                      )}
-                    </DropdownMenuItem>
-                  );
-                })
+          {/* Create image */}
+          {simpleModeEnabled ? (
+            <DropdownMenuItem
+              onClick={handleForceImageGeneration}
+              className={cn(
+                isImageActive && "text-pink-600 dark:text-pink-400",
               )}
-            </DropdownMenuSubContent>
-          </DropdownMenuSub>
-
-          {/* Web search: split row — left toggles force mode, right opens model picker */}
-          {deepResearchModel && (
-            <DropdownMenuSub
-              open={searchSubOpen}
-              onOpenChange={setSearchSubOpen}
             >
+              <Image01
+                size={16}
+                className={cn(isImageActive && "text-pink-500")}
+              />
+              <span className="flex-1">Create image</span>
+              {isImageActive && (
+                <span className="text-xs text-pink-500 font-medium">On</span>
+              )}
+            </DropdownMenuItem>
+          ) : (
+            <DropdownMenuSub open={imageSubOpen} onOpenChange={setImageSubOpen}>
               <div className="flex items-center rounded-lg">
                 <DropdownMenuItem
-                  onClick={handleForceWebSearch}
+                  onClick={handleForceImageGeneration}
+                  disabled={!imageModel}
                   className={cn(
                     "flex-1 rounded-r-none pr-1",
-                    isWebSearchActive && "text-blue-600 dark:text-blue-400",
+                    isImageActive && "text-pink-600 dark:text-pink-400",
                   )}
                 >
-                  <Globe02
+                  <Image01
                     size={16}
-                    className={cn(isWebSearchActive && "text-blue-500")}
+                    className={cn(isImageActive && "text-pink-500")}
                   />
-                  <span className="flex-1">Web search</span>
-                  {isWebSearchActive && (
-                    <span className="text-xs text-blue-500 font-medium">
+                  <span className="flex-1">Create image</span>
+                  {isImageActive && (
+                    <span className="text-xs text-pink-500 font-medium">
                       On
                     </span>
                   )}
@@ -349,10 +338,13 @@ export function ToolsPopover({
                     <Loading01 size={14} className="animate-spin" />
                     Loading models…
                   </div>
+                ) : imageModels.length === 0 ? (
+                  <div className="px-2 py-3 text-sm text-muted-foreground">
+                    No image models available
+                  </div>
                 ) : (
-                  deepResearchModels.map((model) => {
-                    const isSelected =
-                      deepResearchModel?.modelId === model.modelId;
+                  imageModels.map((model) => {
+                    const isSelected = imageModel?.modelId === model.modelId;
                     const logo = getProviderLogo(model);
                     const displayName = model.title.includes(": ")
                       ? model.title.split(": ").slice(1).join(": ")
@@ -360,7 +352,7 @@ export function ToolsPopover({
                     return (
                       <DropdownMenuItem
                         key={model.modelId}
-                        onClick={() => handleSearchModelSelect(model)}
+                        onClick={() => handleImageModelSelect(model)}
                         className="flex items-center gap-2"
                       >
                         <img
@@ -372,7 +364,7 @@ export function ToolsPopover({
                           {displayName}
                         </span>
                         {isSelected && (
-                          <Check size={14} className="text-blue-500 shrink-0" />
+                          <Check size={14} className="text-pink-500 shrink-0" />
                         )}
                       </DropdownMenuItem>
                     );
@@ -382,6 +374,101 @@ export function ToolsPopover({
             </DropdownMenuSub>
           )}
 
+          {/* Web search */}
+          {simpleModeEnabled ? (
+            <DropdownMenuItem
+              onClick={handleForceWebSearch}
+              className={cn(
+                isWebSearchActive && "text-blue-600 dark:text-blue-400",
+              )}
+            >
+              <Globe02
+                size={16}
+                className={cn(isWebSearchActive && "text-blue-500")}
+              />
+              <span className="flex-1">Web search</span>
+              {isWebSearchActive && (
+                <span className="text-xs text-blue-500 font-medium">On</span>
+              )}
+            </DropdownMenuItem>
+          ) : (
+            deepResearchModel && (
+              <DropdownMenuSub
+                open={searchSubOpen}
+                onOpenChange={setSearchSubOpen}
+              >
+                <div className="flex items-center rounded-lg">
+                  <DropdownMenuItem
+                    onClick={handleForceWebSearch}
+                    className={cn(
+                      "flex-1 rounded-r-none pr-1",
+                      isWebSearchActive && "text-blue-600 dark:text-blue-400",
+                    )}
+                  >
+                    <Globe02
+                      size={16}
+                      className={cn(isWebSearchActive && "text-blue-500")}
+                    />
+                    <span className="flex-1">Web search</span>
+                    {isWebSearchActive && (
+                      <span className="text-xs text-blue-500 font-medium">
+                        On
+                      </span>
+                    )}
+                  </DropdownMenuItem>
+                  <DropdownMenuPrimitive.SubTrigger
+                    className={cn(
+                      "flex items-center justify-center rounded-r-lg rounded-l-none px-1.5 py-1.5 text-muted-foreground outline-hidden select-none",
+                      "hover:bg-accent hover:text-accent-foreground focus:bg-accent focus:text-accent-foreground",
+                      "data-[state=open]:bg-accent data-[state=open]:text-accent-foreground",
+                    )}
+                  >
+                    <ChevronDown size={14} />
+                  </DropdownMenuPrimitive.SubTrigger>
+                </div>
+                <DropdownMenuSubContent className="w-80 max-h-72 overflow-y-auto p-1.5">
+                  {isModelsLoading ? (
+                    <div className="flex items-center gap-2 px-2 py-3 text-sm text-muted-foreground">
+                      <Loading01 size={14} className="animate-spin" />
+                      Loading models…
+                    </div>
+                  ) : (
+                    deepResearchModels.map((model) => {
+                      const isSelected =
+                        deepResearchModel?.modelId === model.modelId;
+                      const logo = getProviderLogo(model);
+                      const displayName = model.title.includes(": ")
+                        ? model.title.split(": ").slice(1).join(": ")
+                        : model.title;
+                      return (
+                        <DropdownMenuItem
+                          key={model.modelId}
+                          onClick={() => handleSearchModelSelect(model)}
+                          className="flex items-center gap-2"
+                        >
+                          <img
+                            src={logo}
+                            alt=""
+                            className="size-4 shrink-0 rounded-sm dark:bg-white dark:p-px"
+                          />
+                          <span className="flex-1 text-sm truncate">
+                            {displayName}
+                          </span>
+                          {isSelected && (
+                            <Check
+                              size={14}
+                              className="text-blue-500 shrink-0"
+                            />
+                          )}
+                        </DropdownMenuItem>
+                      );
+                    })
+                  )}
+                </DropdownMenuSubContent>
+              </DropdownMenuSub>
+            )
+          )}
+
           <DropdownMenuSub>
             <DropdownMenuSubTrigger className="gap-2">
               <span className="flex size-4 items-center justify-center text-base font-medium text-muted-foreground">
diff --git a/apps/mesh/src/web/components/chat/types.ts b/apps/mesh/src/web/components/chat/types.ts
index 552baa535a..c4a8241f6b 100644
--- a/apps/mesh/src/web/components/chat/types.ts
+++ b/apps/mesh/src/web/components/chat/types.ts
@@ -62,6 +62,7 @@ export interface MetadataModelInfo {
     text?: boolean;
     tools?: boolean;
     reasoning?: boolean;
+    file?: boolean;
   };
   limits?: { contextWindow?: number; maxOutputTokens?: number };
 }
@@ -81,6 +82,8 @@ export interface Metadata {
   user?: ChatUserConfig;
   created_at?: string | Date;
   thread_id?: string;
+  /** Git branch to pin this thread to on creation. GitHub-linked vms only. */
+  branch?: string | null;
   title?: string;
   /** System prompt to prepend to messages at the transport layer */
   system?: string;
@@ -101,10 +104,17 @@ export interface Metadata {
     outputTokens?: number;
     totalTokens?: number;
     reasoningTokens?: number;
+    /** End-of-turn context-window fill (for the % ring). Sibling `totalTokens` is cumulative billed tokens. */
+    contextTokens?: number;
     providerMetadata?: {
       [key: string]: unknown;
     };
   };
+  /** Runtime-reported per-turn limits (Claude Code). Takes precedence over catalog `limits`. */
+  modelLimits?: {
+    contextWindow: number;
+    maxOutputTokens: number;
+  };
 }
 
 // ============================================================================
diff --git a/apps/mesh/src/web/components/chat/use-prompt-connection-map.ts b/apps/mesh/src/web/components/chat/use-prompt-connection-map.ts
index 1a8116756d..22dd8e4532 100644
--- a/apps/mesh/src/web/components/chat/use-prompt-connection-map.ts
+++ b/apps/mesh/src/web/components/chat/use-prompt-connection-map.ts
@@ -15,6 +15,7 @@ import { KEYS } from "@/web/lib/query-keys";
 export function usePromptConnectionMap(
   virtualMcpId: string | null,
   orgId: string,
+  orgSlug: string,
 ): Map<string, ConnectionEntity> {
   const virtualMcp = useVirtualMCP(virtualMcpId);
   const allConnections = useConnections();
@@ -34,6 +35,7 @@ export function usePromptConnectionMap(
             const client = await createMCPClient({
               connectionId: connId,
               orgId,
+              orgSlug,
             });
             const result = await listPrompts(client);
             for (const p of result.prompts) {
diff --git a/apps/mesh/src/web/components/connections/create-connection-dialog.tsx b/apps/mesh/src/web/components/connections/create-connection-dialog.tsx
index da4103a426..8d83dcb4b8 100644
--- a/apps/mesh/src/web/components/connections/create-connection-dialog.tsx
+++ b/apps/mesh/src/web/components/connections/create-connection-dialog.tsx
@@ -507,6 +507,7 @@ export function CreateConnectionDialog({
                       providerHint?.token?.placeholder ??
                       "Bearer token or API key"
                     }
+                    className="ph-no-capture"
                     {...field}
                     value={field.value ?? ""}
                   />
diff --git a/apps/mesh/src/web/components/details/connection/collection-tab.tsx b/apps/mesh/src/web/components/details/connection/collection-tab.tsx
index 4f807e232a..e412ceaadd 100644
--- a/apps/mesh/src/web/components/details/connection/collection-tab.tsx
+++ b/apps/mesh/src/web/components/details/connection/collection-tab.tsx
@@ -66,6 +66,7 @@ export function CollectionTab({
   const client = useMCPClient({
     connectionId,
     orgId: projectOrg.id,
+    orgSlug: projectOrg.slug,
   });
 
   const actions = useCollectionActions<BaseCollectionEntity>(
diff --git a/apps/mesh/src/web/components/details/connection/connection-activity.tsx b/apps/mesh/src/web/components/details/connection/connection-activity.tsx
index fb41f36949..3a2d2beba9 100644
--- a/apps/mesh/src/web/components/details/connection/connection-activity.tsx
+++ b/apps/mesh/src/web/components/details/connection/connection-activity.tsx
@@ -47,11 +47,21 @@ const CHART_CONFIG = {
 interface ActivityChartProps {
   connectionId: string;
   orgId: string;
+  orgSlug: string;
   timeframe: Timeframe;
 }
 
-function ActivityChart({ connectionId, orgId, timeframe }: ActivityChartProps) {
-  const client = useMCPClient({ connectionId: SELF_MCP_ALIAS_ID, orgId });
+function ActivityChart({
+  connectionId,
+  orgId,
+  orgSlug,
+  timeframe,
+}: ActivityChartProps) {
+  const client = useMCPClient({
+    connectionId: SELF_MCP_ALIAS_ID,
+    orgId,
+    orgSlug,
+  });
   const dateRange = getDateRange(timeframe);
 
   const { data } = useSuspenseQuery({
@@ -217,6 +227,7 @@ export function ConnectionActivity({ connectionId }: ConnectionActivityProps) {
         <ActivityChart
           connectionId={connectionId}
           orgId={org.id}
+          orgSlug={org.slug}
           timeframe={timeframe}
         />
       </Suspense>
diff --git a/apps/mesh/src/web/components/details/connection/connection-ui-tab.tsx b/apps/mesh/src/web/components/details/connection/connection-ui-tab.tsx
index c192237429..2dd4110e8c 100644
--- a/apps/mesh/src/web/components/details/connection/connection-ui-tab.tsx
+++ b/apps/mesh/src/web/components/details/connection/connection-ui-tab.tsx
@@ -26,7 +26,11 @@ export function ConnectionUiTab({
 }: ConnectionUiTabProps) {
   const navigate = useNavigate();
   const { org: projectOrg } = useProjectContext();
-  const client = useMCPClient({ connectionId, orgId: projectOrg.id });
+  const client = useMCPClient({
+    connectionId,
+    orgId: projectOrg.id,
+    orgSlug: projectOrg.slug,
+  });
   const connectionData = useConnection(connectionId);
   const appSlug = connectionData
     ? getConnectionSlug(connectionData)
diff --git a/apps/mesh/src/web/components/details/connection/index.tsx b/apps/mesh/src/web/components/details/connection/index.tsx
index 688b66ae08..ae402edc5f 100644
--- a/apps/mesh/src/web/components/details/connection/index.tsx
+++ b/apps/mesh/src/web/components/details/connection/index.tsx
@@ -241,6 +241,7 @@ function ConnectionInspectorViewWithConnection({
   const navigate = useNavigate({ from: "/$org/settings/connections/$appSlug" });
   const queryClient = useQueryClient();
   const connectionActions = useConnectionActions();
+  const { org: projectOrg } = useProjectContext();
   const deleteConnection = useDeleteConnection({
     onSuccess: () => {
       if (siblings.length <= 1) {
@@ -305,6 +306,8 @@ function ConnectionInspectorViewWithConnection({
   const handleAuthenticateForId = async (connId: string) => {
     const { token, tokenInfo, error } = await authenticateMcp({
       connectionId: connId,
+      orgSlug: projectOrg.slug,
+      scope: "offline_access",
     });
     if (error || !token) {
       toast.error(`Authentication failed: ${error}`);
@@ -313,20 +316,25 @@ function ConnectionInspectorViewWithConnection({
 
     if (tokenInfo) {
       try {
-        const response = await fetch(`/api/connections/${connId}/oauth-token`, {
-          method: "POST",
-          headers: { "Content-Type": "application/json" },
-          credentials: "include",
-          body: JSON.stringify({
-            accessToken: tokenInfo.accessToken,
-            refreshToken: tokenInfo.refreshToken,
-            expiresIn: tokenInfo.expiresIn,
-            scope: tokenInfo.scope,
-            clientId: tokenInfo.clientId,
-            clientSecret: tokenInfo.clientSecret,
-            tokenEndpoint: tokenInfo.tokenEndpoint,
-          }),
-        });
+        const response = await fetch(
+          `/api/${projectOrg.slug}/connections/${connId}/oauth-token`,
+          {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/json",
+            },
+            credentials: "include",
+            body: JSON.stringify({
+              accessToken: tokenInfo.accessToken,
+              refreshToken: tokenInfo.refreshToken,
+              expiresIn: tokenInfo.expiresIn,
+              scope: tokenInfo.scope,
+              clientId: tokenInfo.clientId,
+              clientSecret: tokenInfo.clientSecret,
+              tokenEndpoint: tokenInfo.tokenEndpoint,
+            }),
+          },
+        );
         if (!response.ok) {
           console.error("Failed to save OAuth token:", await response.text());
           await connectionActions.update.mutateAsync({
@@ -360,7 +368,10 @@ function ConnectionInspectorViewWithConnection({
       });
     }
 
-    const mcpProxyUrl = new URL(`/mcp/${connId}`, window.location.origin);
+    const mcpProxyUrl = new URL(
+      `/api/${projectOrg.slug}/mcp/${connId}`,
+      window.location.origin,
+    );
     await queryClient.invalidateQueries({
       queryKey: KEYS.isMCPAuthenticated(mcpProxyUrl.href, null),
     });
@@ -373,7 +384,7 @@ function ConnectionInspectorViewWithConnection({
   const handleRemoveOAuth = async () => {
     try {
       const response = await fetch(
-        `/api/connections/${connection.id}/oauth-token`,
+        `/api/${projectOrg.slug}/connections/${connection.id}/oauth-token`,
         {
           method: "DELETE",
           credentials: "include",
@@ -387,7 +398,7 @@ function ConnectionInspectorViewWithConnection({
       }
 
       const mcpProxyUrl = new URL(
-        `/mcp/${connection.id}`,
+        `/api/${projectOrg.slug}/mcp/${connection.id}`,
         window.location.origin,
       );
       await queryClient.invalidateQueries({
@@ -579,12 +590,13 @@ function ConnectionInspectorViewWithConnection({
                         status: "inactive",
                       });
                       const mcpProxyUrl = new URL(
-                        `/mcp/${newId}`,
+                        `/api/${projectOrg.slug}/mcp/${newId}`,
                         window.location.origin,
                       );
                       const authStatus = await isConnectionAuthenticated({
                         url: mcpProxyUrl.href,
                         token: null,
+                        orgId: projectOrg.id,
                       });
                       if (
                         authStatus.supportsOAuth &&
@@ -637,6 +649,7 @@ function ConnectionInspectorViewContent() {
   const client = useMCPClient({
     connectionId: connectionId || null,
     orgId: projectOrg.id,
+    orgSlug: projectOrg.slug,
   });
 
   // Fetch tools - uses cached if available, otherwise fetches dynamically
diff --git a/apps/mesh/src/web/components/details/connection/settings-tab/index.tsx b/apps/mesh/src/web/components/details/connection/settings-tab/index.tsx
index 7335e96150..5d909e8545 100644
--- a/apps/mesh/src/web/components/details/connection/settings-tab/index.tsx
+++ b/apps/mesh/src/web/components/details/connection/settings-tab/index.tsx
@@ -34,6 +34,7 @@ function useMcpConfiguration(connectionId: string) {
   const client = useMCPClient({
     connectionId,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const { data: configResult } = useMCPToolCall<McpConfigurationResult>({
diff --git a/apps/mesh/src/web/components/details/prompt/index.tsx b/apps/mesh/src/web/components/details/prompt/index.tsx
index 5bdec0dd7f..37cafae38b 100644
--- a/apps/mesh/src/web/components/details/prompt/index.tsx
+++ b/apps/mesh/src/web/components/details/prompt/index.tsx
@@ -132,6 +132,7 @@ function PromptDetailContent({
   const client = useMCPClient({
     connectionId: providerId || null,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const prompt = useCollectionItem<Prompt>(
diff --git a/apps/mesh/src/web/components/details/tool.tsx b/apps/mesh/src/web/components/details/tool.tsx
index 0647ff552c..07b5215fd8 100644
--- a/apps/mesh/src/web/components/details/tool.tsx
+++ b/apps/mesh/src/web/components/details/tool.tsx
@@ -64,7 +64,7 @@ import { contentBlocksToTiptapDoc } from "@/mcp-apps/content-blocks.ts";
 import { IntegrationIcon } from "@/web/components/integration-icon.tsx";
 import { ToolAnnotationBadges } from "@/web/components/tools/tools-list.tsx";
 import {
-  useChatBridge,
+  useOptionalChatStream,
   useOptionalChatPrefs,
 } from "@/web/components/chat/context.tsx";
 import { usePanelActions } from "@/web/layouts/shell-layout";
@@ -202,7 +202,7 @@ function ToolDetailsAuthenticated({
 
   const { org } = useProjectContext();
   const connection = useConnection(connectionId);
-  const { sendMessage } = useChatBridge();
+  const chatStream = useOptionalChatStream();
   const chatPrefs = useOptionalChatPrefs();
   const { setChatOpen } = usePanelActions();
   const sourceId = `${connectionId}:${toolName}`;
@@ -210,6 +210,7 @@ function ToolDetailsAuthenticated({
   const client = useMCPClient({
     connectionId,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const toolsQuery = useMCPToolsListQuery({ client });
@@ -219,10 +220,11 @@ function ToolDetailsAuthenticated({
   const uiResourceUri = getUIResourceUri(tool?._meta);
 
   const handleAppMessage = (params: McpUiMessageRequest["params"]) => {
+    if (!chatStream) return;
     const doc = contentBlocksToTiptapDoc(params.content);
     if (doc.content.length > 0) {
       setChatOpen(true);
-      sendMessage({ tiptapDoc: doc });
+      chatStream.sendMessage({ tiptapDoc: doc });
     }
   };
 
diff --git a/apps/mesh/src/web/components/details/workflow/components/step-detail-panel.tsx b/apps/mesh/src/web/components/details/workflow/components/step-detail-panel.tsx
index 08f410376e..87010f3ed6 100644
--- a/apps/mesh/src/web/components/details/workflow/components/step-detail-panel.tsx
+++ b/apps/mesh/src/web/components/details/workflow/components/step-detail-panel.tsx
@@ -235,6 +235,7 @@ function useVirtualMCPTool(toolName: string) {
   const client = useMCPClient({
     connectionId: virtualMcpId,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const toolsQuery = useMCPToolsListQuery({ client });
diff --git a/apps/mesh/src/web/components/details/workflow/components/tool-sidebar.tsx b/apps/mesh/src/web/components/details/workflow/components/tool-sidebar.tsx
index a39e2bd127..5e046b52f2 100644
--- a/apps/mesh/src/web/components/details/workflow/components/tool-sidebar.tsx
+++ b/apps/mesh/src/web/components/details/workflow/components/tool-sidebar.tsx
@@ -33,6 +33,7 @@ function useVirtualMCPTools() {
   const client = useMCPClient({
     connectionId: virtualMcpId,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const toolsQuery = useMCPToolsListQuery({ client });
diff --git a/apps/mesh/src/web/components/details/workflow/hooks/mutations/use-workflow-start.ts b/apps/mesh/src/web/components/details/workflow/hooks/mutations/use-workflow-start.ts
index 33dd0ab904..769b227194 100644
--- a/apps/mesh/src/web/components/details/workflow/hooks/mutations/use-workflow-start.ts
+++ b/apps/mesh/src/web/components/details/workflow/hooks/mutations/use-workflow-start.ts
@@ -23,6 +23,7 @@ export function useWorkflowStart() {
   const client = useMCPClient({
     connectionId,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const { mutateAsync: startWorkflowMutation, isPending } =
     useMCPToolCallMutation({
@@ -70,6 +71,7 @@ export function useWorkflowCancel() {
   const client = useMCPClient({
     connectionId,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const { mutateAsync: cancelWorkflowMutation, isPending: isCancelling } =
     useMCPToolCallMutation({ client });
@@ -97,6 +99,7 @@ export function useWorkflowResume() {
   const client = useMCPClient({
     connectionId,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const { mutateAsync: resumeWorkflowMutation, isPending: isResuming } =
     useMCPToolCallMutation({ client });
diff --git a/apps/mesh/src/web/components/details/workflow/hooks/queries/use-workflow-collection-item.ts b/apps/mesh/src/web/components/details/workflow/hooks/queries/use-workflow-collection-item.ts
index 17b82647b9..f4fe4493f2 100644
--- a/apps/mesh/src/web/components/details/workflow/hooks/queries/use-workflow-collection-item.ts
+++ b/apps/mesh/src/web/components/details/workflow/hooks/queries/use-workflow-collection-item.ts
@@ -24,6 +24,7 @@ export function usePollingWorkflowExecution(executionId?: string) {
   const client = useMCPClient({
     connectionId: connection.id,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const { data, isLoading } = useMCPToolCallQuery<ExecutionQueryResult>({
@@ -58,6 +59,7 @@ export function useExecutionCompletedStep(
   const client = useMCPClient({
     connectionId: connection.id,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const isEnabled = (options?.enabled ?? true) && !!executionId && !!stepName;
diff --git a/apps/mesh/src/web/components/details/workflow/hooks/queries/use-workflow-executions.ts b/apps/mesh/src/web/components/details/workflow/hooks/queries/use-workflow-executions.ts
index cc08c92fcc..fa8885d1b2 100644
--- a/apps/mesh/src/web/components/details/workflow/hooks/queries/use-workflow-executions.ts
+++ b/apps/mesh/src/web/components/details/workflow/hooks/queries/use-workflow-executions.ts
@@ -23,6 +23,7 @@ export function useWorkflowExecutions() {
   const client = useMCPClient({
     connectionId: connection.id,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const { data, isLoading, refetch } =
diff --git a/apps/mesh/src/web/components/details/workflow/hooks/use-workflow-sse.ts b/apps/mesh/src/web/components/details/workflow/hooks/use-workflow-sse.ts
index 57bae8cf01..b4490d73c8 100644
--- a/apps/mesh/src/web/components/details/workflow/hooks/use-workflow-sse.ts
+++ b/apps/mesh/src/web/components/details/workflow/hooks/use-workflow-sse.ts
@@ -1,7 +1,7 @@
 /**
  * useWorkflowSSE — Subscribe to workflow SSE events and invalidate queries
  *
- * Connects to the /org/:orgId/watch?types=workflow.* SSE endpoint and
+ * Connects to the /api/:org/watch?types=workflow.* SSE endpoint and
  * invalidates the relevant React Query caches when workflow events arrive.
  * This replaces polling for real-time workflow execution updates.
  *
@@ -29,7 +29,8 @@ const WORKFLOW_EVENT_TYPES = [
 ];
 
 const workflowSSE = createSSESubscription({
-  buildUrl: (orgId) => `/org/${orgId}/watch?types=workflow.*`,
+  buildUrl: (orgSlug) =>
+    `/api/${encodeURIComponent(orgSlug)}/watch?types=workflow.*`,
   eventTypes: WORKFLOW_EVENT_TYPES,
 });
 
@@ -90,6 +91,7 @@ export function useWorkflowSSE(): void {
   const { org } = useProjectContext();
   const queryClient = useQueryClient();
   const orgId = org.id;
+  const orgSlug = org.slug;
 
   const subscribe = (onStoreChange: () => void) => {
     let clients = queryClients.get(orgId);
@@ -104,7 +106,7 @@ export function useWorkflowSSE(): void {
       onStoreChange();
     };
 
-    const unsubscribe = workflowSSE.subscribe(orgId, handler);
+    const unsubscribe = workflowSSE.subscribe(orgSlug, handler);
 
     return () => {
       unsubscribe();
diff --git a/apps/mesh/src/web/components/details/workflow/index.tsx b/apps/mesh/src/web/components/details/workflow/index.tsx
index 346348c809..5d6d7f64f3 100644
--- a/apps/mesh/src/web/components/details/workflow/index.tsx
+++ b/apps/mesh/src/web/components/details/workflow/index.tsx
@@ -69,6 +69,7 @@ export function useCollectionWorkflow({
   const client = useMCPClient({
     connectionId: connectionId ?? null,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const item = useCollectionItem<Workflow>(
@@ -416,6 +417,7 @@ function useCollectionWorkflowExecution({
   const client = useMCPClient({
     connectionId: connectionId ?? null,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const item = useCollectionItem<WorkflowExecution>(
diff --git a/apps/mesh/src/web/components/error-boundary.tsx b/apps/mesh/src/web/components/error-boundary.tsx
index ceb7d14414..2025248cdf 100644
--- a/apps/mesh/src/web/components/error-boundary.tsx
+++ b/apps/mesh/src/web/components/error-boundary.tsx
@@ -1,6 +1,7 @@
 import { Component, type ErrorInfo, type ReactNode } from "react";
 import { Button } from "@deco/ui/components/button.tsx";
 import { AlertTriangle, RefreshCw01 } from "@untitledui/icons";
+import { captureException } from "@/web/lib/posthog-client";
 
 const CHUNK_RELOAD_KEY = "__mesh_chunk_reload_ts";
 
@@ -56,6 +57,13 @@ export class ErrorBoundary extends Component<Props, State> {
 
   override componentDidCatch(error: Error, errorInfo: ErrorInfo) {
     console.error("Uncaught error:", error, errorInfo);
+    captureException(error, {
+      boundary: "default",
+      error_name: error.name,
+      error_message: error.message,
+      component_stack: errorInfo.componentStack ?? null,
+      route: typeof window !== "undefined" ? window.location.pathname : null,
+    });
   }
 
   private resetError = () => {
@@ -119,8 +127,17 @@ export class ChunkErrorBoundary extends Component<
 
   override componentDidCatch(error: Error, errorInfo: ErrorInfo) {
     console.error("Uncaught error:", error, errorInfo);
-
-    if (!isChunkLoadError(error)) return;
+    const isChunk = isChunkLoadError(error);
+    captureException(error, {
+      boundary: "chunk_root",
+      is_chunk_load_error: isChunk,
+      error_name: error.name,
+      error_message: error.message,
+      component_stack: errorInfo.componentStack ?? null,
+      route: typeof window !== "undefined" ? window.location.pathname : null,
+    });
+
+    if (!isChunk) return;
 
     // Auto-reload once. Guard against infinite loops with a timestamp check.
     const lastReload = sessionStorage.getItem(CHUNK_RELOAD_KEY);
diff --git a/apps/mesh/src/web/components/github-repo-picker.tsx b/apps/mesh/src/web/components/github-repo-picker.tsx
index 63ed315a6c..62ac6ac4ca 100644
--- a/apps/mesh/src/web/components/github-repo-picker.tsx
+++ b/apps/mesh/src/web/components/github-repo-picker.tsx
@@ -4,9 +4,11 @@ import {
   DialogHeader,
   DialogTitle,
 } from "@deco/ui/components/dialog.tsx";
+import { Checkbox } from "@deco/ui/components/checkbox.tsx";
 import { CollectionSearch } from "@/web/components/collections/collection-search.tsx";
 import { cn } from "@deco/ui/lib/utils.ts";
 import { Suspense, useDeferredValue, useState } from "react";
+import { useDebouncedValue } from "@/web/hooks/use-debounced-value.ts";
 import {
   useMutation,
   useQuery,
@@ -41,7 +43,7 @@ interface GitHubInstallation {
   type: string;
 }
 
-interface Repo {
+export interface Repo {
   owner: string;
   name: string;
   fullName: string;
@@ -51,12 +53,24 @@ interface Repo {
   updatedAt: string;
 }
 
+export interface GitHubImportPayload {
+  virtualMcpId: string;
+  repo: Repo;
+  connectionId: string;
+}
+
 export function GitHubRepoPicker({
   open,
   onOpenChange,
+  title = "Import from GitHub",
+  hideAutoRespondCheckbox = false,
+  onImportComplete,
 }: {
   open: boolean;
   onOpenChange: (open: boolean) => void;
+  title?: string;
+  hideAutoRespondCheckbox?: boolean;
+  onImportComplete?: (payload: GitHubImportPayload) => void;
 }) {
   const [preferences] = usePreferences();
   const [selectedInstallation, setSelectedInstallation] =
@@ -70,7 +84,7 @@ export function GitHubRepoPicker({
     <Dialog open={open} onOpenChange={onOpenChange}>
       <DialogContent className="sm:max-w-[560px] h-[85svh] sm:h-[520px] p-0 gap-0 overflow-hidden flex flex-col">
         <DialogHeader className="sr-only">
-          <DialogTitle>Import from GitHub</DialogTitle>
+          <DialogTitle>{title}</DialogTitle>
         </DialogHeader>
         <div className="flex items-center h-12 border-b border-border px-4 gap-3 shrink-0">
           {selectedInstallation ? (
@@ -96,7 +110,7 @@ export function GitHubRepoPicker({
             <>
               <GitHubIcon className="size-4 text-foreground shrink-0" />
               <span className="text-sm font-medium text-foreground">
-                Import from GitHub
+                {title}
               </span>
             </>
           )}
@@ -116,6 +130,8 @@ export function GitHubRepoPicker({
               onComplete={() => onOpenChange(false)}
               selectedInstallation={selectedInstallation}
               onSelectInstallation={setSelectedInstallation}
+              hideAutoRespondCheckbox={hideAutoRespondCheckbox}
+              onImportComplete={onImportComplete}
             />
           </Suspense>
         </div>
@@ -128,16 +144,24 @@ function PickerContent({
   onComplete,
   selectedInstallation,
   onSelectInstallation,
+  hideAutoRespondCheckbox,
+  onImportComplete,
 }: {
   onComplete: () => void;
   selectedInstallation: GitHubInstallation | null;
   onSelectInstallation: (inst: GitHubInstallation | null) => void;
+  hideAutoRespondCheckbox?: boolean;
+  onImportComplete?: (payload: GitHubImportPayload) => void;
 }) {
   const { org } = useProjectContext();
   const queryClient = useQueryClient();
   const navigateToAgent = useNavigateToAgent();
   const [selectedConnection, setSelectedConnection] =
     useState<ConnectionEntity | null>(null);
+  const [autoRespondToIssues, setAutoRespondToIssues] = useState(true);
+  const effectiveAutoRespond = hideAutoRespondCheckbox
+    ? true
+    : autoRespondToIssues;
 
   const githubConnections = useConnections({ slug: "mcp-github" });
 
@@ -153,10 +177,12 @@ function PickerContent({
   const githubClient = useMCPClient({
     connectionId: effectiveConnection?.id ?? "",
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const selfClient = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const getFileContent = async (
@@ -191,91 +217,113 @@ function PickerContent({
     }
   };
 
+  // Runtime detection moved server-side into VM_START (see
+  // github-runtime-detect.ts). Here we only pull AGENTS.md / CLAUDE.md so the
+  // agent has instructions ready even before the first VM boots.
   const detectRepoFiles = (virtualMcpId: string, repo: Repo) => {
-    const allPaths = [
-      "AGENTS.md",
-      "CLAUDE.md",
-      "deno.json",
-      "deno.jsonc",
-      "bun.lock",
-      "bunfig.toml",
-      "pnpm-lock.yaml",
-      "yarn.lock",
-      "package-lock.json",
-      "package.json",
-    ];
-
-    Promise.all(
-      allPaths.map(async (p) => [p, await getFileContent(repo, p)] as const),
-    )
-      .then(async (entries) => {
-        const files = new Map(entries);
-
-        const instructions =
-          files.get("AGENTS.md") ?? files.get("CLAUDE.md") ?? null;
-
-        const runtimeFiles: Array<{ file: string; pm: string }> = [
-          { file: "deno.json", pm: "deno" },
-          { file: "deno.jsonc", pm: "deno" },
-          { file: "bun.lock", pm: "bun" },
-          { file: "bunfig.toml", pm: "bun" },
-          { file: "pnpm-lock.yaml", pm: "pnpm" },
-          { file: "yarn.lock", pm: "yarn" },
-          { file: "package-lock.json", pm: "npm" },
-          { file: "package.json", pm: "npm" },
-        ];
-        let detected: string | null = null;
-        for (const { file, pm } of runtimeFiles) {
-          if (files.get(file) !== null) {
-            detected = pm;
-            break;
-          }
-        }
-
-        let devPort = "";
-        if (detected) {
-          const extractPort = (content: string | null) => {
-            if (!content) return "";
-            try {
-              const parsed = JSON.parse(content) as {
-                tasks?: Record<string, string>;
-                scripts?: Record<string, string>;
-              };
-              const cmds = parsed.tasks ?? parsed.scripts ?? {};
-              const devCmd = cmds.dev ?? cmds.start ?? "";
-              const portMatch = devCmd.match(/(?:--port|PORT=|:)(\d{4,5})/);
-              return portMatch?.[1] ?? "";
-            } catch {
-              return "";
-            }
-          };
-          if (detected === "deno") {
-            devPort =
-              extractPort(files.get("deno.json") ?? null) ||
-              extractPort(files.get("deno.jsonc") ?? null);
-          } else {
-            devPort = extractPort(files.get("package.json") ?? null);
-          }
-        }
-
+    Promise.all([
+      getFileContent(repo, "AGENTS.md"),
+      getFileContent(repo, "CLAUDE.md"),
+    ])
+      .then(async ([agents, claude]) => {
+        const instructions = agents ?? claude ?? null;
+        if (!instructions) return;
         await selfClient.callTool({
           name: "COLLECTION_VIRTUAL_MCP_UPDATE",
           arguments: {
             id: virtualMcpId,
-            data: {
-              metadata: {
-                instructions,
-                runtime: { selected: detected, port: devPort || null },
-              },
-            },
+            data: { metadata: { instructions } },
           },
         });
-
         invalidateVirtualMcpQueries(queryClient, org.id);
       })
       .catch((err) => {
-        console.error("GitHub repo file detection failed:", err);
+        console.error("GitHub instructions fetch failed:", err);
+      });
+  };
+
+  const setupIssueAutomation = async ({
+    virtualMcpId,
+    repo,
+    connectionId,
+  }: {
+    virtualMcpId: string;
+    repo: Repo;
+    connectionId: string;
+  }) => {
+    const triggerListResult = (await githubClient.callTool({
+      name: "TRIGGER_LIST",
+      arguments: {},
+    })) as { structuredContent?: unknown };
+
+    const triggerPayload = (triggerListResult.structuredContent ??
+      triggerListResult) as {
+      triggers?: Array<{
+        type: string;
+        params?: Array<{ name: string }> | Record<string, unknown>;
+        paramsSchema?: Record<string, unknown>;
+      }>;
+    };
+
+    const issueTrigger =
+      triggerPayload.triggers?.find((t) => t.type === "github.issues.opened") ??
+      triggerPayload.triggers?.find((t) => {
+        const type = t.type.toLowerCase();
+        return (
+          /\bissues?\./.test(type) &&
+          (type.endsWith(".opened") || type.endsWith(".created"))
+        );
       });
+
+    if (!issueTrigger) {
+      throw new Error("No issue-created trigger exposed by GitHub connection");
+    }
+
+    const paramNames = new Set<string>();
+    if (Array.isArray(issueTrigger.params)) {
+      for (const p of issueTrigger.params) paramNames.add(p.name);
+    } else if (issueTrigger.params && typeof issueTrigger.params === "object") {
+      for (const k of Object.keys(issueTrigger.params)) paramNames.add(k);
+    }
+    if (issueTrigger.paramsSchema) {
+      for (const k of Object.keys(issueTrigger.paramsSchema)) paramNames.add(k);
+    }
+
+    const params: Record<string, string> = {};
+    if (paramNames.has("repo")) {
+      params.repo = `${repo.owner}/${repo.name}`;
+    } else {
+      if (paramNames.has("owner")) params.owner = repo.owner;
+      if (paramNames.has("name")) params.name = repo.name;
+      if (paramNames.has("repository"))
+        params.repository = `${repo.owner}/${repo.name}`;
+    }
+
+    const automationInstructions = `A new GitHub issue has been opened in ${repo.owner}/${repo.name}. Read the issue details, explore the relevant code in the repository, create a new branch, implement the fix or feature requested, and open a pull request that resolves the issue. Reference the issue number in the PR description.`;
+
+    const automationResult = (await selfClient.callTool({
+      name: "AUTOMATION_CREATE",
+      arguments: {
+        name: `${repo.name}: auto-respond to issues`,
+        virtual_mcp_id: virtualMcpId,
+        messages: automationInstructions,
+        active: true,
+      },
+    })) as { structuredContent?: unknown };
+
+    const automationPayload = (automationResult.structuredContent ??
+      automationResult) as { id: string };
+
+    await selfClient.callTool({
+      name: "AUTOMATION_TRIGGER_ADD",
+      arguments: {
+        automation_id: automationPayload.id,
+        type: "event",
+        connection_id: connectionId,
+        event_type: issueTrigger.type,
+        params,
+      },
+    });
   };
 
   const importMutation = useMutation({
@@ -302,9 +350,10 @@ function PickerContent({
                 installationId: selectedInstallation.installationId,
                 connectionId,
               },
-              activeVms: {},
               instructions: null,
-              runtime: null,
+              // runtime is resolved server-side inside VM_START's lockfile
+              // probe (github-runtime-detect.ts). Writing a client-side
+              // sentinel here only re-created the race the probe fixed.
               ui: {
                 pinnedViews: null,
                 layout: {
@@ -323,15 +372,29 @@ function PickerContent({
         item: { id: string; title: string };
       };
 
+      const virtualMcpId = payload.item.id;
+
+      if (effectiveAutoRespond) {
+        await setupIssueAutomation({
+          virtualMcpId,
+          repo,
+          connectionId,
+        }).catch((err) => {
+          console.error("Failed to set up issue automation:", err);
+          toast.warning(
+            "Imported repo, but failed to set up issue auto-response. You can add the trigger manually from the automations view.",
+          );
+        });
+      }
+
       return {
-        virtualMcpId: payload.item.id,
+        virtualMcpId,
         repo,
+        connectionId,
         item: payload.item,
       };
     },
-    onSuccess: ({ virtualMcpId, repo, item }) => {
-      toast.success(`Imported ${repo.name} from GitHub`);
-
+    onSuccess: ({ virtualMcpId, repo, connectionId, item }) => {
       queryClient.setQueryData(
         KEYS.collectionItem(
           selfClient,
@@ -344,11 +407,17 @@ function PickerContent({
       );
       invalidateVirtualMcpQueries(queryClient, org.id);
 
+      detectRepoFiles(virtualMcpId, repo);
+
+      if (onImportComplete) {
+        onImportComplete({ virtualMcpId, repo, connectionId });
+        return;
+      }
+
+      toast.success(`Imported ${repo.name} from GitHub`);
       onComplete();
       localStorage.setItem("mesh:sidebar-open", JSON.stringify(false));
       navigateToAgent(virtualMcpId);
-
-      detectRepoFiles(virtualMcpId, repo);
     },
     onError: (error) => {
       toast.error(
@@ -431,6 +500,7 @@ function PickerContent({
       <InstallationPicker
         connectionId={effectiveConnection.id}
         orgId={org.id}
+        orgSlug={org.slug}
         onSelect={onSelectInstallation}
         showBackButton={githubConnections.length > 1}
         onBack={() => setSelectedConnection(null)}
@@ -442,9 +512,13 @@ function PickerContent({
     <RepoBrowser
       connectionId={effectiveConnection.id}
       orgId={org.id}
+      orgSlug={org.slug}
       installation={selectedInstallation}
       onSelectRepo={(repo) => importMutation.mutate(repo)}
       isSaving={importMutation.isPending}
+      autoRespondToIssues={autoRespondToIssues}
+      onAutoRespondChange={setAutoRespondToIssues}
+      hideAutoRespondCheckbox={hideAutoRespondCheckbox}
     />
   );
 }
@@ -452,12 +526,14 @@ function PickerContent({
 function InstallationPicker({
   connectionId,
   orgId,
+  orgSlug,
   onSelect,
   showBackButton,
   onBack,
 }: {
   connectionId: string;
   orgId: string;
+  orgSlug: string;
   onSelect: (installation: GitHubInstallation) => void;
   showBackButton: boolean;
   onBack: () => void;
@@ -465,6 +541,7 @@ function InstallationPicker({
   const selfClient = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId,
+    orgSlug,
   });
 
   const installationsQuery = useQuery({
@@ -574,18 +651,27 @@ function InstallationPicker({
 function RepoBrowser({
   connectionId,
   orgId,
+  orgSlug,
   installation,
   onSelectRepo,
   isSaving,
+  autoRespondToIssues,
+  onAutoRespondChange,
+  hideAutoRespondCheckbox,
 }: {
   connectionId: string;
   orgId: string;
+  orgSlug: string;
   installation: GitHubInstallation;
   onSelectRepo: (repo: Repo) => void;
   isSaving: boolean;
+  autoRespondToIssues: boolean;
+  onAutoRespondChange: (value: boolean) => void;
+  hideAutoRespondCheckbox?: boolean;
 }) {
   const [query, setQuery] = useState("");
-  const deferredQuery = useDeferredValue(query);
+  const debouncedQuery = useDebouncedValue(query, 300);
+  const deferredQuery = useDeferredValue(debouncedQuery);
   const isStale = query !== deferredQuery;
 
   return (
@@ -616,6 +702,7 @@ function RepoBrowser({
           <RepoList
             connectionId={connectionId}
             orgId={orgId}
+            orgSlug={orgSlug}
             installation={installation}
             query={deferredQuery}
             onSelectRepo={onSelectRepo}
@@ -623,6 +710,18 @@ function RepoBrowser({
           />
         </Suspense>
       </div>
+
+      {!hideAutoRespondCheckbox && (
+        <label className="flex items-center gap-2 px-4 py-3 border-t border-border shrink-0 cursor-pointer select-none">
+          <Checkbox
+            checked={autoRespondToIssues}
+            onCheckedChange={(checked) => onAutoRespondChange(checked === true)}
+          />
+          <span className="text-xs text-foreground">
+            Auto-respond to new issues with a PR
+          </span>
+        </label>
+      )}
     </div>
   );
 }
@@ -630,6 +729,7 @@ function RepoBrowser({
 function RepoList({
   connectionId,
   orgId,
+  orgSlug,
   installation,
   query,
   onSelectRepo,
@@ -637,12 +737,13 @@ function RepoList({
 }: {
   connectionId: string;
   orgId: string;
+  orgSlug: string;
   installation: GitHubInstallation;
   query: string;
   onSelectRepo: (repo: Repo) => void;
   isSaving: boolean;
 }) {
-  const githubClient = useMCPClient({ connectionId, orgId });
+  const githubClient = useMCPClient({ connectionId, orgId, orgSlug });
 
   const qualifier = installation.type === "User" ? "user" : "org";
   const searchQuery = query
@@ -656,11 +757,15 @@ function RepoList({
       installation.login,
       query,
     ),
-    queryFn: async () => {
-      const result = await githubClient.callTool({
-        name: "search_repositories",
-        arguments: { query: searchQuery, page: 1, perPage: 30 },
-      });
+    queryFn: async ({ signal }) => {
+      const result = await githubClient.callTool(
+        {
+          name: "search_repositories",
+          arguments: { query: searchQuery, page: 1, perPage: 30 },
+        },
+        undefined,
+        { signal },
+      );
       const content = (result as { content?: Array<{ text?: string }> })
         .content?.[0]?.text;
       if (!content) throw new Error("No response from search_repositories");
diff --git a/apps/mesh/src/web/components/grid-loader.tsx b/apps/mesh/src/web/components/grid-loader.tsx
new file mode 100644
index 0000000000..1d12b4d4f4
--- /dev/null
+++ b/apps/mesh/src/web/components/grid-loader.tsx
@@ -0,0 +1,50 @@
+import { useState } from "react";
+
+const GRID_CELLS = [
+  { delay: 0 },
+  { delay: 100 },
+  { delay: 200 },
+  { delay: 100 },
+  { delay: 200 },
+  { delay: 200 },
+  { delay: 300 },
+  { delay: 300 },
+  { delay: 400 },
+];
+
+export function GridLoader() {
+  const [cellColors] = useState(() => {
+    const chart = `var(--chart-${Math.ceil(Math.random() * 5)})`;
+    return GRID_CELLS.map(() =>
+      Math.random() < 0.6
+        ? "color-mix(in srgb, var(--muted-foreground) 25%, transparent)"
+        : chart,
+    );
+  });
+  return (
+    <div
+      className="grid"
+      style={{
+        gridTemplateColumns: "repeat(3, 3px)",
+        gap: "1.5px",
+        width: "fit-content",
+      }}
+    >
+      {GRID_CELLS.map(({ delay }, i) => (
+        <div
+          key={i}
+          className="rounded-[1px]"
+          style={
+            {
+              width: 3,
+              height: 3,
+              "--cell-color": cellColors[i],
+              animation: "grid-ripple 1s ease infinite",
+              animationDelay: `${delay}ms`,
+            } as React.CSSProperties
+          }
+        />
+      ))}
+    </div>
+  );
+}
diff --git a/apps/mesh/src/web/components/home/agents-list.tsx b/apps/mesh/src/web/components/home/agents-list.tsx
index 3ce44c705a..4bb644d54e 100644
--- a/apps/mesh/src/web/components/home/agents-list.tsx
+++ b/apps/mesh/src/web/components/home/agents-list.tsx
@@ -2,7 +2,9 @@
  * Agents List Component for Home Page
  *
  * Displays a compact list of agents (Virtual MCPs) with their icon and name.
- * Only shows when the organization has agents.
+ * Order is controlled by the org's `default_home_agents` setting when present;
+ * otherwise falls back to the legacy mix of well-known templates + most-recent
+ * custom agents.
  */
 
 import { IntegrationIcon } from "@/web/components/integration-icon.tsx";
@@ -14,7 +16,8 @@ import {
   useProjectContext,
   useVirtualMCPs,
 } from "@decocms/mesh-sdk";
-import type { ProjectLocator } from "@decocms/mesh-sdk";
+import type { ProjectLocator, VirtualMCPEntity } from "@decocms/mesh-sdk";
+import { useDefaultHomeAgents } from "@/web/hooks/use-organization-settings";
 
 function readRecentAgentIds(locator: ProjectLocator): string[] {
   try {
@@ -30,9 +33,23 @@ import { ImportFromDecoDialog } from "@/web/components/import-from-deco-dialog.t
 import { SiteDiagnosticsRecruitModal } from "@/web/components/home/site-diagnostics-recruit-modal.tsx";
 import { AiImageRecruitModal } from "@/web/components/home/ai-image-recruit-modal.tsx";
 import { AiResearchRecruitModal } from "@/web/components/home/ai-research-recruit-modal.tsx";
+import { LeanCanvasRecruitModal } from "@/web/components/home/lean-canvas-recruit-modal.tsx";
+import { StudioPackRecruitModal } from "@/web/components/home/studio-pack-recruit-modal.tsx";
+import { SelfHealingRepoFlow } from "@/web/components/self-healing-repo/self-healing-repo-flow.tsx";
 import { useCreateVirtualMCP } from "@/web/hooks/use-create-virtual-mcp";
-import { useNavigateToAgent } from "@/web/hooks/use-navigate-to-agent";
+import { useNavigateToAgentThread } from "@/web/hooks/use-navigate-to-agent-thread";
+import { usePreferences } from "@/web/hooks/use-preferences.ts";
 import { Suspense, useState } from "react";
+import { track } from "@/web/lib/posthog-client";
+
+/**
+ * Max tiles rendered on the home view. Keep in sync with the form copy in
+ * `default-home-agents-form.tsx`.
+ */
+const HOME_VIEW_DISPLAY_LIMIT = 8;
+
+type TileKind = "template" | "existing" | "recent";
+type TileAction = "new_chat" | "open_modal" | "navigate";
 
 /**
  * Individual agent preview component
@@ -40,20 +57,33 @@ import { Suspense, useState } from "react";
 function AgentPreview({
   agent,
   onSpecialClick,
+  tracking,
 }: {
   agent: {
     id: string;
     title: string;
     icon?: string | null;
   };
-  onSpecialClick?: () => void;
+  onSpecialClick?: () => void | Promise<unknown>;
+  tracking: {
+    template_id: string | null;
+    tile_kind: TileKind;
+    action: TileAction;
+  };
 }) {
   const { org } = useProjectContext();
   const navigate = useNavigate();
 
   const handleClick = () => {
+    track("home_agent_tile_clicked", {
+      template_id: tracking.template_id,
+      agent_id: agent.id,
+      agent_title: agent.title,
+      tile_kind: tracking.tile_kind,
+      action: tracking.action,
+    });
     if (onSpecialClick) {
-      onSpecialClick();
+      void onSpecialClick();
     } else {
       const taskId = crypto.randomUUID();
       navigate({
@@ -110,6 +140,7 @@ function SeeAllButton() {
       )}
       aria-label="See all agents"
       onClick={() => {
+        track("home_see_all_agents_clicked");
         navigate({ to: "/$org/settings/agents", params: { org: org.slug } });
       }}
     >
@@ -134,7 +165,10 @@ function CreateAgentButton() {
   return (
     <button
       type="button"
-      onClick={() => createVirtualMCP()}
+      onClick={() => {
+        track("home_create_agent_clicked");
+        createVirtualMCP();
+      }}
       disabled={isCreating}
       className={cn(
         "flex flex-col items-center gap-3 p-2 rounded-lg",
@@ -156,14 +190,70 @@ function CreateAgentButton() {
   );
 }
 
+/**
+ * Tile = either an existing custom agent that already lives in the org, or a
+ * not-yet-recruited template that opens its specific recruit/import flow.
+ */
+type RecruitModalKey =
+  | "import-deco"
+  | "diagnostics"
+  | "ai-image"
+  | "ai-research"
+  | "lean-canvas"
+  | "studio-pack"
+  | "self-healing";
+
+type HomeTile =
+  | {
+      key: string;
+      kind: "template-recruit";
+      templateId:
+        | "site-editor"
+        | "site-diagnostics"
+        | "ai-image"
+        | "ai-research"
+        | "lean-canvas"
+        | "studio-pack"
+        | "self-healing-storefront";
+      agent: { id: string; title: string; icon?: string | null };
+      onClick: RecruitModalKey;
+    }
+  | {
+      key: string;
+      kind: "existing";
+      templateId: string | null;
+      agent: VirtualMCPEntity & { id: string };
+    };
+
+/**
+ * Match a vMCP to a known template by metadata.type or title.
+ */
+function findExistingForTemplate(
+  agents: VirtualMCPEntity[],
+  templateId: string,
+  templateTitle: string,
+): (VirtualMCPEntity & { id: string }) | undefined {
+  return agents.find(
+    (a): a is typeof a & { id: string } =>
+      a.id !== null &&
+      ((a as { metadata?: { type?: string } }).metadata?.type === templateId ||
+        a.title === templateTitle),
+  );
+}
+
 function AgentsListContent() {
   const virtualMcps = useVirtualMCPs();
-  const { locator } = useProjectContext();
+  const { locator, org } = useProjectContext();
+  const orgDefaults = useDefaultHomeAgents();
   const [importDecoOpen, setImportDecoOpen] = useState(false);
   const [diagnosticsModalOpen, setDiagnosticsModalOpen] = useState(false);
   const [aiImageModalOpen, setAiImageModalOpen] = useState(false);
   const [aiResearchModalOpen, setAiResearchModalOpen] = useState(false);
-  const navigateToAgent = useNavigateToAgent();
+  const [leanCanvasModalOpen, setLeanCanvasModalOpen] = useState(false);
+  const [studioPackModalOpen, setStudioPackModalOpen] = useState(false);
+  const [selfHealingOpen, setSelfHealingOpen] = useState(false);
+  const [preferences] = usePreferences();
+  const navigateToAgentThread = useNavigateToAgentThread(org.slug);
 
   const siteEditorAgent = WELL_KNOWN_AGENT_TEMPLATES.find(
     (t) => t.id === "site-editor",
@@ -177,106 +267,260 @@ function AgentsListContent() {
   const aiResearchAgent = WELL_KNOWN_AGENT_TEMPLATES.find(
     (t) => t.id === "ai-research",
   )!;
+  const leanCanvasAgent = WELL_KNOWN_AGENT_TEMPLATES.find(
+    (t) => t.id === "lean-canvas",
+  )!;
+  const studioPackAgent = WELL_KNOWN_AGENT_TEMPLATES.find(
+    (t) => t.id === "studio-pack",
+  )!;
+  const selfHealingStorefrontAgent = WELL_KNOWN_AGENT_TEMPLATES.find(
+    (t) => t.id === "self-healing-storefront",
+  )!;
 
-  const recentIds = readRecentAgentIds(locator);
-
-  // Filter out Decopilot, sort by most recently used (from localStorage), then take top 5
-  const agents = virtualMcps
-    .filter(
-      (agent): agent is typeof agent & { id: string } =>
-        agent.id !== null && !isDecopilot(agent.id),
-    )
-    .sort((a, b) => {
-      const aIdx = recentIds.indexOf(a.id);
-      const bIdx = recentIds.indexOf(b.id);
-      if (aIdx !== -1 && bIdx !== -1) return aIdx - bIdx;
-      if (aIdx !== -1) return -1;
-      if (bIdx !== -1) return 1;
-      return (
-        new Date(b.updated_at).getTime() - new Date(a.updated_at).getTime()
-      );
-    })
-    .slice(0, 4);
-
-  // Check if Site Diagnostics agent already exists (search full list, not just top-5)
-  const existingDiagnostics = virtualMcps.find(
-    (a): a is typeof a & { id: string } =>
-      a.id !== null &&
-      ((a as { metadata?: { type?: string } }).metadata?.type ===
-        siteDiagnosticsAgent.id ||
-        a.title === siteDiagnosticsAgent.title),
+  const existingDiagnostics = findExistingForTemplate(
+    virtualMcps,
+    siteDiagnosticsAgent.id,
+    siteDiagnosticsAgent.title,
   );
-
-  // Check if AI Image agent already exists
-  const existingAiImage = virtualMcps.find(
-    (a): a is typeof a & { id: string } =>
-      a.id !== null &&
-      ((a as { metadata?: { type?: string } }).metadata?.type ===
-        aiImageAgent.id ||
-        a.title === aiImageAgent.title),
+  const existingAiImage = findExistingForTemplate(
+    virtualMcps,
+    aiImageAgent.id,
+    aiImageAgent.title,
+  );
+  const existingAiResearch = findExistingForTemplate(
+    virtualMcps,
+    aiResearchAgent.id,
+    aiResearchAgent.title,
+  );
+  const existingLeanCanvas = findExistingForTemplate(
+    virtualMcps,
+    leanCanvasAgent.id,
+    leanCanvasAgent.title,
   );
 
-  // Check if AI Research agent already exists
-  const existingAiResearch = virtualMcps.find(
-    (a): a is typeof a & { id: string } =>
-      a.id !== null &&
-      ((a as { metadata?: { type?: string } }).metadata?.type ===
-        aiResearchAgent.id ||
-        a.title === aiResearchAgent.title),
+  /**
+   * Resolve a single id (template id OR custom UUID) into a renderable tile.
+   * Returns null if the id doesn't match any known template or live custom
+   * agent (e.g. the agent was deleted after the admin saved).
+   */
+  const resolveTile = (id: string): HomeTile | null => {
+    if (id === siteEditorAgent.id) {
+      return {
+        key: id,
+        kind: "template-recruit",
+        templateId: "site-editor",
+        agent: siteEditorAgent,
+        onClick: "import-deco",
+      };
+    }
+    if (id === siteDiagnosticsAgent.id) {
+      if (existingDiagnostics) {
+        return {
+          key: existingDiagnostics.id,
+          kind: "existing",
+          templateId: "site-diagnostics",
+          agent: existingDiagnostics,
+        };
+      }
+      return {
+        key: id,
+        kind: "template-recruit",
+        templateId: "site-diagnostics",
+        agent: siteDiagnosticsAgent,
+        onClick: "diagnostics",
+      };
+    }
+    if (id === aiImageAgent.id) {
+      if (existingAiImage) {
+        return {
+          key: existingAiImage.id,
+          kind: "existing",
+          templateId: "ai-image",
+          agent: existingAiImage,
+        };
+      }
+      return {
+        key: id,
+        kind: "template-recruit",
+        templateId: "ai-image",
+        agent: aiImageAgent,
+        onClick: "ai-image",
+      };
+    }
+    if (id === leanCanvasAgent.id) {
+      if (existingLeanCanvas) {
+        return {
+          key: existingLeanCanvas.id,
+          kind: "existing",
+          templateId: "lean-canvas",
+          agent: existingLeanCanvas,
+        };
+      }
+      return {
+        key: id,
+        kind: "template-recruit",
+        templateId: "lean-canvas",
+        agent: leanCanvasAgent,
+        onClick: "lean-canvas",
+      };
+    }
+    if (id === studioPackAgent.id) {
+      return {
+        key: id,
+        kind: "template-recruit",
+        templateId: "studio-pack",
+        agent: studioPackAgent,
+        onClick: "studio-pack",
+      };
+    }
+    if (id === selfHealingStorefrontAgent.id) {
+      // Experimental — only render when the user has opted in.
+      if (!preferences.experimental_vibecode) return null;
+      return {
+        key: id,
+        kind: "template-recruit",
+        templateId: "self-healing-storefront",
+        agent: selfHealingStorefrontAgent,
+        onClick: "self-healing",
+      };
+    }
+    if (id === aiResearchAgent.id) {
+      if (existingAiResearch) {
+        return {
+          key: existingAiResearch.id,
+          kind: "existing",
+          templateId: "ai-research",
+          agent: existingAiResearch,
+        };
+      }
+      return {
+        key: id,
+        kind: "template-recruit",
+        templateId: "ai-research",
+        agent: aiResearchAgent,
+        onClick: "ai-research",
+      };
+    }
+    const custom = virtualMcps.find(
+      (a): a is typeof a & { id: string } =>
+        a.id !== null && a.id === id && !isDecopilot(a.id),
+    );
+    if (custom) {
+      return {
+        key: custom.id,
+        kind: "existing",
+        templateId: null,
+        agent: custom,
+      };
+    }
+    return null;
+  };
+
+  let tiles: HomeTile[];
+
+  if (orgDefaults?.ids) {
+    // Admin-controlled order. Resolve in order and drop unresolvable ids.
+    tiles = orgDefaults.ids
+      .map(resolveTile)
+      .filter((t): t is HomeTile => t !== null)
+      .slice(0, HOME_VIEW_DISPLAY_LIMIT);
+  } else {
+    // Legacy fallback: 4 templates + up to 4 most-recent custom agents.
+    // self-healing-storefront slots in after site-editor when the user has
+    // opted into the experimental flag (resolveTile returns null otherwise).
+    const templateIds = [
+      siteEditorAgent.id,
+      selfHealingStorefrontAgent.id,
+      siteDiagnosticsAgent.id,
+      aiImageAgent.id,
+      aiResearchAgent.id,
+    ];
+    const templateTiles = templateIds
+      .map(resolveTile)
+      .filter((t): t is HomeTile => t !== null);
+
+    const recentIds = readRecentAgentIds(locator);
+    const recentCustom = virtualMcps
+      .filter(
+        (agent): agent is typeof agent & { id: string } =>
+          agent.id !== null && !isDecopilot(agent.id),
+      )
+      .filter(
+        (a) =>
+          a.id !== existingDiagnostics?.id &&
+          a.id !== existingAiImage?.id &&
+          a.id !== existingAiResearch?.id,
+      )
+      .sort((a, b) => {
+        const aIdx = recentIds.indexOf(a.id);
+        const bIdx = recentIds.indexOf(b.id);
+        if (aIdx !== -1 && bIdx !== -1) return aIdx - bIdx;
+        if (aIdx !== -1) return -1;
+        if (bIdx !== -1) return 1;
+        return (
+          new Date(b.updated_at).getTime() - new Date(a.updated_at).getTime()
+        );
+      })
+      .slice(0, 4)
+      .map(
+        (agent): HomeTile => ({
+          key: agent.id,
+          kind: "existing",
+          templateId: null,
+          agent,
+        }),
+      );
+
+    tiles = [...templateTiles, ...recentCustom];
+  }
+
+  const hasAgents = tiles.some(
+    (tile) => tile.kind === "existing" && tile.templateId === null,
   );
 
-  const hasAgents = agents.length > 0;
+  const renderTile = (tile: HomeTile) => {
+    if (tile.kind === "template-recruit") {
+      const handler = {
+        "import-deco": () => setImportDecoOpen(true),
+        diagnostics: () => setDiagnosticsModalOpen(true),
+        "ai-image": () => setAiImageModalOpen(true),
+        "ai-research": () => setAiResearchModalOpen(true),
+        "lean-canvas": () => setLeanCanvasModalOpen(true),
+        "studio-pack": () => setStudioPackModalOpen(true),
+        "self-healing": () => setSelfHealingOpen(true),
+      }[tile.onClick];
+      return (
+        <AgentPreview
+          key={tile.key}
+          agent={tile.agent}
+          onSpecialClick={handler}
+          tracking={{
+            template_id: tile.templateId,
+            tile_kind: "template",
+            action: "open_modal",
+          }}
+        />
+      );
+    }
+    return (
+      <AgentPreview
+        key={tile.key}
+        agent={tile.agent}
+        onSpecialClick={() => navigateToAgentThread(tile.agent.id)}
+        tracking={{
+          template_id: tile.templateId,
+          tile_kind: tile.templateId ? "existing" : "recent",
+          action: "navigate",
+        }}
+      />
+    );
+  };
 
   return (
     <>
       <div className="w-full max-md:overflow-x-auto max-md:[scrollbar-width:none] max-md:[&::-webkit-scrollbar]:hidden">
         <div className="flex flex-wrap justify-center gap-1.5 max-md:flex-nowrap max-md:justify-start md:max-h-52 md:overflow-hidden">
-          <AgentPreview
-            key={siteEditorAgent.id}
-            agent={siteEditorAgent}
-            onSpecialClick={() => setImportDecoOpen(true)}
-          />
-          <AgentPreview
-            key={siteDiagnosticsAgent.id}
-            agent={existingDiagnostics ?? siteDiagnosticsAgent}
-            onSpecialClick={
-              existingDiagnostics
-                ? () => navigateToAgent(existingDiagnostics.id)
-                : () => setDiagnosticsModalOpen(true)
-            }
-          />
-          <AgentPreview
-            key={aiImageAgent.id}
-            agent={existingAiImage ?? aiImageAgent}
-            onSpecialClick={
-              existingAiImage
-                ? () => navigateToAgent(existingAiImage.id)
-                : () => setAiImageModalOpen(true)
-            }
-          />
-          <AgentPreview
-            key={aiResearchAgent.id}
-            agent={existingAiResearch ?? aiResearchAgent}
-            onSpecialClick={
-              existingAiResearch
-                ? () => navigateToAgent(existingAiResearch.id)
-                : () => setAiResearchModalOpen(true)
-            }
-          />
-          {agents
-            .filter(
-              (a) =>
-                a.id !== existingDiagnostics?.id &&
-                a.id !== existingAiImage?.id &&
-                a.id !== existingAiResearch?.id,
-            )
-            .map((agent) => (
-              <AgentPreview
-                key={agent.id ?? "default"}
-                agent={agent}
-                onSpecialClick={() => navigateToAgent(agent.id)}
-              />
-            ))}
+          {tiles.map(renderTile)}
           <CreateAgentButton />
           {hasAgents && <SeeAllButton />}
         </div>
@@ -304,6 +548,22 @@ function AgentsListContent() {
         onOpenChange={setAiResearchModalOpen}
         existingAgent={existingAiResearch}
       />
+
+      <LeanCanvasRecruitModal
+        open={leanCanvasModalOpen}
+        onOpenChange={setLeanCanvasModalOpen}
+        existingAgent={existingLeanCanvas}
+      />
+
+      <StudioPackRecruitModal
+        open={studioPackModalOpen}
+        onOpenChange={setStudioPackModalOpen}
+      />
+
+      <SelfHealingRepoFlow
+        open={selfHealingOpen}
+        onOpenChange={setSelfHealingOpen}
+      />
     </>
   );
 }
diff --git a/apps/mesh/src/web/components/home/ai-image-recruit-modal.tsx b/apps/mesh/src/web/components/home/ai-image-recruit-modal.tsx
index d85fef0663..552abe0fdd 100644
--- a/apps/mesh/src/web/components/home/ai-image-recruit-modal.tsx
+++ b/apps/mesh/src/web/components/home/ai-image-recruit-modal.tsx
@@ -19,6 +19,7 @@ import {
   useVirtualMCPActions,
 } from "@decocms/mesh-sdk";
 import { useNavigateToAgent } from "@/web/hooks/use-navigate-to-agent";
+import { track } from "@/web/lib/posthog-client";
 
 const AI_IMAGE_SYSTEM_PROMPT = `You are an image generator agent. Every request of the user is somewhat related to creating, editing or varying an image. You have access to image generation tools
 
@@ -358,9 +359,17 @@ export function AiImageRecruitModal({
         },
       });
 
+      track("agent_recruit_confirmed", {
+        template_id: "ai-image",
+        agent_id: virtualMcp.id!,
+      });
       onOpenChange(false);
       navigateToAgent(virtualMcp.id!);
     } catch (error) {
+      track("agent_recruit_failed", {
+        template_id: "ai-image",
+        error: error instanceof Error ? error.message : String(error),
+      });
       console.error("Failed to create Image Creator agent:", error);
     } finally {
       setIsRecruiting(false);
diff --git a/apps/mesh/src/web/components/home/ai-research-recruit-modal.tsx b/apps/mesh/src/web/components/home/ai-research-recruit-modal.tsx
index 9b1ddd5b92..263b10ebc6 100644
--- a/apps/mesh/src/web/components/home/ai-research-recruit-modal.tsx
+++ b/apps/mesh/src/web/components/home/ai-research-recruit-modal.tsx
@@ -19,6 +19,7 @@ import {
   useVirtualMCPActions,
 } from "@decocms/mesh-sdk";
 import { useNavigateToAgent } from "@/web/hooks/use-navigate-to-agent";
+import { track } from "@/web/lib/posthog-client";
 
 const AI_RESEARCH_SYSTEM_PROMPT = `You are a systematic research assistant. You have access to web search tools and user's prompts will have somewhat relation to searching the web. Help users conduct thorough, well-structured research on any topic.
 
@@ -126,9 +127,17 @@ export function AiResearchRecruitModal({
         },
       });
 
+      track("agent_recruit_confirmed", {
+        template_id: "ai-research",
+        agent_id: virtualMcp.id!,
+      });
       onOpenChange(false);
       navigateToAgent(virtualMcp.id!);
     } catch (error) {
+      track("agent_recruit_failed", {
+        template_id: "ai-research",
+        error: error instanceof Error ? error.message : String(error),
+      });
       console.error("Failed to create Researcher agent:", error);
     } finally {
       setIsRecruiting(false);
diff --git a/apps/mesh/src/web/components/home/lean-canvas-recruit-modal.tsx b/apps/mesh/src/web/components/home/lean-canvas-recruit-modal.tsx
index 57789184c1..da72323913 100644
--- a/apps/mesh/src/web/components/home/lean-canvas-recruit-modal.tsx
+++ b/apps/mesh/src/web/components/home/lean-canvas-recruit-modal.tsx
@@ -35,6 +35,7 @@ import {
 import type { CollectionListOutput } from "@decocms/bindings/collections";
 import type { ConnectionEntity } from "@decocms/mesh-sdk";
 import { useNavigateToAgent } from "@/web/hooks/use-navigate-to-agent";
+import { track } from "@/web/lib/posthog-client";
 
 const LEAN_CANVAS_MCP_URL = "https://sites-lean-canva.decocache.com/api/mcp";
 
@@ -107,6 +108,7 @@ export function LeanCanvasRecruitModal({
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const connectionQuery = useMCPToolCallMutation({ client });
   const [isRecruiting, setIsRecruiting] = useState(false);
@@ -226,9 +228,17 @@ export function LeanCanvasRecruitModal({
       });
 
       // 3. Navigate to the new agent
+      track("agent_recruit_confirmed", {
+        template_id: "lean-canvas",
+        agent_id: virtualMcp.id!,
+      });
       onOpenChange(false);
       navigateToAgent(virtualMcp.id!);
     } catch (error) {
+      track("agent_recruit_failed", {
+        template_id: "lean-canvas",
+        error: error instanceof Error ? error.message : String(error),
+      });
       console.error("Failed to create Lean Canvas agent:", error);
     } finally {
       setIsRecruiting(false);
diff --git a/apps/mesh/src/web/components/home/site-diagnostics-recruit-modal.tsx b/apps/mesh/src/web/components/home/site-diagnostics-recruit-modal.tsx
index e0111d0041..a48c7ec1da 100644
--- a/apps/mesh/src/web/components/home/site-diagnostics-recruit-modal.tsx
+++ b/apps/mesh/src/web/components/home/site-diagnostics-recruit-modal.tsx
@@ -38,6 +38,7 @@ import type { CollectionListOutput } from "@decocms/bindings/collections";
 import type { ConnectionEntity } from "@decocms/mesh-sdk";
 import { useRegistryApp } from "@/web/hooks/use-registry-app";
 import { useNavigateToAgent } from "@/web/hooks/use-navigate-to-agent";
+import { track } from "@/web/lib/posthog-client";
 
 interface SiteDiagnosticsRecruitModalProps {
   open: boolean;
@@ -111,6 +112,7 @@ export function SiteDiagnosticsRecruitModal({
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const connectionQuery = useMCPToolCallMutation({ client });
   const [isRecruiting, setIsRecruiting] = useState(false);
@@ -239,9 +241,17 @@ export function SiteDiagnosticsRecruitModal({
       });
 
       // 4. Navigate to the new agent
+      track("agent_recruit_confirmed", {
+        template_id: "site-diagnostics",
+        agent_id: virtualMcp.id!,
+      });
       onOpenChange(false);
       navigateToAgent(virtualMcp.id!);
     } catch (error) {
+      track("agent_recruit_failed", {
+        template_id: "site-diagnostics",
+        error: error instanceof Error ? error.message : String(error),
+      });
       console.error("Failed to create Site Diagnostics agent:", error);
     } finally {
       setIsRecruiting(false);
diff --git a/apps/mesh/src/web/components/home/studio-pack-recruit-modal.tsx b/apps/mesh/src/web/components/home/studio-pack-recruit-modal.tsx
index 408a888680..99735b50c1 100644
--- a/apps/mesh/src/web/components/home/studio-pack-recruit-modal.tsx
+++ b/apps/mesh/src/web/components/home/studio-pack-recruit-modal.tsx
@@ -22,14 +22,11 @@ import {
 import { Button } from "@deco/ui/components/button.tsx";
 import { useIsMobile } from "@deco/ui/hooks/use-mobile.ts";
 import { IntegrationIcon } from "@/web/components/integration-icon.tsx";
-import {
-  WellKnownOrgMCPId,
-  useProjectContext,
-  useVirtualMCPActions,
-  useVirtualMCPs,
-} from "@decocms/mesh-sdk";
+import { useProjectContext } from "@decocms/mesh-sdk";
 import { STUDIO_PACK_AGENTS } from "@/tools/virtual/studio-pack";
+import { useEnsureStudioPack } from "./use-ensure-studio-pack";
 import { useNavigate } from "@tanstack/react-router";
+import { track } from "@/web/lib/posthog-client";
 
 interface StudioPackRecruitModalProps {
   open: boolean;
@@ -102,8 +99,7 @@ export function StudioPackRecruitModal({
 }: StudioPackRecruitModalProps) {
   const isMobile = useIsMobile();
   const { org } = useProjectContext();
-  const actions = useVirtualMCPActions();
-  const existingAgents = useVirtualMCPs();
+  const ensure = useEnsureStudioPack();
   const navigate = useNavigate();
   const [isInstalling, setIsInstalling] = useState(false);
 
@@ -118,34 +114,20 @@ export function StudioPackRecruitModal({
   const handleInstall = async () => {
     setIsInstalling(true);
     try {
-      const selfConnectionId = WellKnownOrgMCPId.SELF(org.id);
-      const existingTitles = new Set(existingAgents.map((a) => a.title));
-
-      for (const agent of STUDIO_PACK_AGENTS) {
-        if (existingTitles.has(agent.title)) continue;
-
-        await actions.create.mutateAsync({
-          title: agent.title,
-          description: agent.description,
-          icon: agent.icon,
-          status: "active",
-          metadata: {
-            instructions: agent.instructions,
-          },
-          connections: [
-            {
-              connection_id: selfConnectionId,
-              selected_tools: [...agent.selectedTools],
-              selected_resources: null,
-              selected_prompts: null,
-            },
-          ],
-        });
-      }
+      const allTemplateIds = STUDIO_PACK_AGENTS.map((a) => a.id);
+      await ensure(allTemplateIds);
 
+      track("agent_recruit_confirmed", {
+        template_id: "studio-pack",
+        installed_count: allTemplateIds.length,
+      });
       onOpenChange(false);
       navigate({ to: "/$org", params: { org: org.slug } });
     } catch (error) {
+      track("agent_recruit_failed", {
+        template_id: "studio-pack",
+        error: error instanceof Error ? error.message : String(error),
+      });
       console.error("Failed to install Studio Pack:", error);
     } finally {
       setIsInstalling(false);
diff --git a/apps/mesh/src/web/components/home/use-ensure-studio-pack.ts b/apps/mesh/src/web/components/home/use-ensure-studio-pack.ts
new file mode 100644
index 0000000000..2f33b661ee
--- /dev/null
+++ b/apps/mesh/src/web/components/home/use-ensure-studio-pack.ts
@@ -0,0 +1,51 @@
+import {
+  WellKnownOrgMCPId,
+  useProjectContext,
+  useVirtualMCPActions,
+  useVirtualMCPs,
+} from "@decocms/mesh-sdk";
+import { STUDIO_PACK_AGENTS } from "@/tools/virtual/studio-pack";
+
+/**
+ * Returns an `ensure` function that idempotently installs the Studio Pack
+ * agents identified by their template ids (e.g. "studio-agent-manager").
+ * Existing agents (matched by title — same heuristic as the recruit modal)
+ * are skipped. Resolves once every requested template is present.
+ */
+export function useEnsureStudioPack() {
+  const { org } = useProjectContext();
+  const actions = useVirtualMCPActions();
+  const existingAgents = useVirtualMCPs();
+
+  return async function ensure(
+    templateIds: ReadonlyArray<(typeof STUDIO_PACK_AGENTS)[number]["id"]>,
+  ): Promise<void> {
+    const selfConnectionId = WellKnownOrgMCPId.SELF(org.id);
+    const existingTitles = new Set(existingAgents.map((a) => a.title));
+
+    const targets = STUDIO_PACK_AGENTS.filter((a) =>
+      templateIds.includes(a.id),
+    );
+
+    for (const agent of targets) {
+      if (existingTitles.has(agent.title)) continue;
+      await actions.create.mutateAsync({
+        title: agent.title,
+        description: agent.description,
+        icon: agent.icon,
+        status: "active",
+        metadata: { instructions: agent.instructions },
+        connections: [
+          {
+            connection_id: selfConnectionId,
+            selected_tools: [...agent.selectedTools],
+            selected_resources: null,
+            selected_prompts: null,
+          },
+        ],
+      });
+    }
+  };
+}
+
+export type EnsureStudioPack = ReturnType<typeof useEnsureStudioPack>;
diff --git a/apps/mesh/src/web/components/import-from-deco-dialog.tsx b/apps/mesh/src/web/components/import-from-deco-dialog.tsx
index 10add4bbff..513c4e0edd 100644
--- a/apps/mesh/src/web/components/import-from-deco-dialog.tsx
+++ b/apps/mesh/src/web/components/import-from-deco-dialog.tsx
@@ -21,6 +21,7 @@ import { authClient } from "@/web/lib/auth-client";
 import { KEYS } from "@/web/lib/query-keys";
 import { generateSlug } from "@/web/lib/slug";
 import { CollectionSearch } from "@/web/components/collections/collection-search.tsx";
+import { track } from "@/web/lib/posthog-client";
 
 interface DecoSite {
   name: string;
@@ -32,8 +33,8 @@ interface DecoSitesResponse {
   sites: DecoSite[];
 }
 
-async function loadDecoSites(): Promise<DecoSitesResponse> {
-  const res = await fetch("/api/deco-sites");
+async function loadDecoSites(orgSlug: string): Promise<DecoSitesResponse> {
+  const res = await fetch(`/api/${orgSlug}/deco-sites`);
   if (!res.ok) {
     const body = (await res.json().catch(() => ({}))) as { error?: string };
     throw new Error(body.error ?? `Failed to load sites (${res.status})`);
@@ -74,6 +75,7 @@ export function ImportFromDecoDialog({
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const {
@@ -82,7 +84,7 @@ export function ImportFromDecoDialog({
     error: sitesError,
   } = useQuery({
     queryKey: KEYS.decoSites(session?.user?.email),
-    queryFn: loadDecoSites,
+    queryFn: () => loadDecoSites(org.slug),
     enabled: open && Boolean(session?.user?.email),
     staleTime: 60_000,
     retry: false,
@@ -109,9 +111,10 @@ export function ImportFromDecoDialog({
 
   const importMutation = useMutation({
     mutationFn: async (siteName: string) => {
+      track("deco_site_import_started", { site_name: siteName });
       // 1. Create the connection server-side so the deco.cx API key never
       //    reaches the browser — the backend fetches and encrypts it directly.
-      const connRes = await fetch("/api/deco-sites/connection", {
+      const connRes = await fetch(`/api/${org.slug}/deco-sites/connection`, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({ siteName, orgId: org.id }),
@@ -192,6 +195,7 @@ export function ImportFromDecoDialog({
                     id: connId,
                     toolName: "file_explorer",
                   },
+                  chatDefaultOpen: true,
                 },
               },
             },
@@ -211,6 +215,11 @@ export function ImportFromDecoDialog({
       };
     },
     onSuccess: ({ slug, virtualMcpId, item }) => {
+      track("deco_site_import_succeeded", {
+        site_name: item.title,
+        virtual_mcp_id: virtualMcpId,
+        slug,
+      });
       // Seed the individual item cache so useVirtualMCP resolves instantly on
       // the redirected page without waiting for a network round-trip.
       queryClient.setQueryData(
@@ -239,6 +248,9 @@ export function ImportFromDecoDialog({
       navigateToAgent(virtualMcpId);
     },
     onError: (err) => {
+      track("deco_site_import_failed", {
+        error: err instanceof Error ? err.message : "Unknown error",
+      });
       toast.error(
         "Import failed: " +
           (err instanceof Error ? err.message : "Unknown error"),
diff --git a/apps/mesh/src/web/components/integration-icon.tsx b/apps/mesh/src/web/components/integration-icon.tsx
index d73ece8d7c..00e59ebb56 100644
--- a/apps/mesh/src/web/components/integration-icon.tsx
+++ b/apps/mesh/src/web/components/integration-icon.tsx
@@ -57,8 +57,8 @@ export function IntegrationIcon({
   className,
   fallbackIcon,
 }: IntegrationIconProps) {
-  // Delegate icon:// URLs to AgentAvatar for colored-icon rendering
-  if (icon?.startsWith("icon://")) {
+  // Delegate icon:// and URL-with-color to AgentAvatar for colored rendering
+  if (icon?.startsWith("icon://") || icon?.includes("#agentcolor=")) {
     return (
       <AgentAvatar
         icon={icon}
diff --git a/apps/mesh/src/web/components/invite-member-dialog.tsx b/apps/mesh/src/web/components/invite-member-dialog.tsx
index 57895bfde7..1153165297 100644
--- a/apps/mesh/src/web/components/invite-member-dialog.tsx
+++ b/apps/mesh/src/web/components/invite-member-dialog.tsx
@@ -28,7 +28,9 @@ import {
   SelectValue,
 } from "@deco/ui/components/select.tsx";
 import { Textarea } from "@deco/ui/components/textarea.tsx";
+import { track } from "@/web/lib/posthog-client";
 import { authClient } from "@/web/lib/auth-client";
+import { useOrgAuthClient } from "@/web/hooks/use-org-auth-client";
 import { useProjectContext } from "@decocms/mesh-sdk";
 import { KEYS } from "@/web/lib/query-keys";
 import { useOrganizationRoles } from "@/web/hooks/use-organization-roles";
@@ -61,6 +63,7 @@ function parseEmails(text: string): string[] {
 export function InviteMemberDialog({ trigger }: InviteMemberDialogProps) {
   const [open, setOpen] = useState(false);
   const { locator } = useProjectContext();
+  const orgAuth = useOrgAuthClient();
   const queryClient = useQueryClient();
 
   // Get the active organization from session
@@ -109,7 +112,7 @@ export function InviteMemberDialog({ trigger }: InviteMemberDialogProps) {
       // Invite each valid email with the selected role
       const results = await Promise.allSettled(
         emails.map(async (email) => {
-          const result = await authClient.organization.inviteMember({
+          const result = await orgAuth.organization.inviteMember({
             email,
             role: role as "admin" | "owner",
           });
@@ -132,7 +135,11 @@ export function InviteMemberDialog({ trigger }: InviteMemberDialogProps) {
 
       return results;
     },
-    onSuccess: (_, { emails }) => {
+    onSuccess: (_, { emails, role }) => {
+      track("member_invited", {
+        count: emails.length,
+        role,
+      });
       queryClient.invalidateQueries({ queryKey: KEYS.members(locator) });
       queryClient.invalidateQueries({ queryKey: KEYS.invitations(locator) });
       toast.success(
@@ -146,7 +153,12 @@ export function InviteMemberDialog({ trigger }: InviteMemberDialogProps) {
       });
       setOpen(false);
     },
-    onError: (error) => {
+    onError: (error, { emails, role }) => {
+      track("member_invite_failed", {
+        count: emails.length,
+        role,
+        error: error instanceof Error ? error.message : String(error),
+      });
       toast.error(
         error instanceof Error ? error.message : "Failed to invite members",
       );
diff --git a/apps/mesh/src/web/components/logo-upload.tsx b/apps/mesh/src/web/components/logo-upload.tsx
deleted file mode 100644
index 412a4f7278..0000000000
--- a/apps/mesh/src/web/components/logo-upload.tsx
+++ /dev/null
@@ -1,132 +0,0 @@
-import { Button } from "@deco/ui/components/button.tsx";
-import { Upload01, X } from "@untitledui/icons";
-import { useRef } from "react";
-import { toast } from "sonner";
-
-export function LogoUpload({
-  value,
-  onChange,
-  name,
-  disabled,
-}: {
-  value?: string | null;
-  onChange: (value: string) => void;
-  name?: string;
-  disabled?: boolean;
-}) {
-  const fileInputRef = useRef<HTMLInputElement>(null);
-
-  const handleFileChange = (event: React.ChangeEvent<HTMLInputElement>) => {
-    const file = event.target.files?.[0];
-    if (file) {
-      if (file.size > 2 * 1024 * 1024) {
-        toast.error("Image must be smaller than 2MB");
-        return;
-      }
-
-      const reader = new FileReader();
-
-      reader.onerror = () => {
-        const error = reader.error;
-        console.error("FileReader error:", error);
-        toast.error(
-          error?.message || "Failed to read image file. Please try again.",
-        );
-        if (fileInputRef.current) {
-          fileInputRef.current.value = "";
-        }
-      };
-
-      reader.onloadend = () => {
-        if (reader.readyState === FileReader.DONE && reader.result) {
-          onChange(reader.result as string);
-        }
-        if (fileInputRef.current) {
-          fileInputRef.current.value = "";
-        }
-      };
-
-      reader.readAsDataURL(file);
-    }
-  };
-
-  const handleClick = () => {
-    fileInputRef.current?.click();
-  };
-
-  const handleRemove = (e: React.MouseEvent) => {
-    e.stopPropagation();
-    onChange("");
-  };
-
-  return (
-    <div className="flex items-start gap-4">
-      <input
-        type="file"
-        ref={fileInputRef}
-        className="hidden"
-        accept="image/*"
-        onChange={handleFileChange}
-        disabled={disabled}
-      />
-
-      {value ? (
-        <div className="relative group">
-          <div className="h-20 w-20 rounded-lg border border-border bg-muted/20 overflow-hidden">
-            <img
-              src={value}
-              alt={name || "Logo"}
-              className="w-full h-full object-cover"
-            />
-          </div>
-          <button
-            type="button"
-            onClick={handleRemove}
-            disabled={disabled}
-            className="absolute -top-2 -right-2 h-6 w-6 rounded-full bg-destructive text-destructive-foreground opacity-0 group-hover:opacity-100 transition-opacity flex items-center justify-center"
-          >
-            <X className="h-3 w-3" />
-          </button>
-        </div>
-      ) : (
-        <button
-          type="button"
-          onClick={handleClick}
-          disabled={disabled}
-          className="h-20 w-20 rounded-lg border-2 border-dashed border-border hover:border-foreground/50 hover:bg-accent/50 transition-colors flex flex-col items-center justify-center gap-1 text-muted-foreground hover:text-foreground disabled:opacity-50 disabled:pointer-events-none"
-        >
-          <Upload01 className="h-5 w-5" />
-          <span className="text-xs">Upload</span>
-        </button>
-      )}
-
-      <div className="flex-1">
-        <Button
-          type="button"
-          variant="outline"
-          size="sm"
-          onClick={handleClick}
-          disabled={disabled}
-          className="mb-2"
-        >
-          {value ? "Change Logo" : "Upload Logo"}
-        </Button>
-        {value && (
-          <Button
-            type="button"
-            variant="ghost"
-            size="sm"
-            onClick={handleRemove}
-            disabled={disabled}
-            className="ml-2"
-          >
-            Remove
-          </Button>
-        )}
-        <p className="text-xs text-muted-foreground mt-2">
-          Recommended: Square image, at least 200x200px. Max 2MB.
-        </p>
-      </div>
-    </div>
-  );
-}
diff --git a/apps/mesh/src/web/components/manage-roles-dialog.tsx b/apps/mesh/src/web/components/manage-roles-dialog.tsx
deleted file mode 100644
index 915a926b5a..0000000000
--- a/apps/mesh/src/web/components/manage-roles-dialog.tsx
+++ /dev/null
@@ -1,1957 +0,0 @@
-import {
-  getPermissionOptions,
-  getToolsByCategory,
-  type ToolName,
-} from "@/tools/registry-metadata";
-import { DEFAULT_LOGO, PROVIDER_LOGOS } from "@/web/utils/ai-providers-logos";
-import { ToolSetSelector } from "@/web/components/tool-set-selector.tsx";
-import { useMembers } from "@/web/hooks/use-members";
-import {
-  useOrganizationRoles,
-  type OrganizationRole,
-} from "@/web/hooks/use-organization-roles";
-import { authClient } from "@/web/lib/auth-client";
-import { KEYS } from "@/web/lib/query-keys";
-import { useConnections, useProjectContext } from "@decocms/mesh-sdk";
-import {
-  AiProviderKey,
-  useAiProviderKeys,
-  useSuspenseAiProviderModels,
-} from "@/web/hooks/collections/use-ai-providers";
-import { Avatar } from "@deco/ui/components/avatar.tsx";
-import { Badge } from "@deco/ui/components/badge.tsx";
-import { Button } from "@deco/ui/components/button.tsx";
-import { Checkbox } from "@deco/ui/components/checkbox.tsx";
-import {
-  AlertDialog,
-  AlertDialogAction,
-  AlertDialogCancel,
-  AlertDialogContent,
-  AlertDialogDescription,
-  AlertDialogFooter,
-  AlertDialogHeader,
-  AlertDialogTitle,
-} from "@deco/ui/components/alert-dialog.tsx";
-import {
-  Dialog,
-  DialogContent,
-  DialogTrigger,
-} from "@deco/ui/components/dialog.tsx";
-import {
-  DropdownMenu,
-  DropdownMenuContent,
-  DropdownMenuItem,
-  DropdownMenuTrigger,
-} from "@deco/ui/components/dropdown-menu.tsx";
-import {
-  Plus,
-  Lock01,
-  DotsHorizontal,
-  Trash01,
-  Loading01,
-  X,
-} from "@untitledui/icons";
-import { Input } from "@deco/ui/components/input.tsx";
-import { Switch } from "@deco/ui/components/switch.tsx";
-import {
-  Tooltip,
-  TooltipContent,
-  TooltipProvider,
-  TooltipTrigger,
-} from "@deco/ui/components/tooltip.tsx";
-import { cn } from "@deco/ui/lib/utils.ts";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query";
-import { Suspense, useDeferredValue, useState } from "react";
-import { useForm } from "react-hook-form";
-import { toast } from "sonner";
-import { z } from "zod";
-import { CollectionSearch } from "./collections/collection-search.tsx";
-
-interface ManageRolesDialogProps {
-  trigger: React.ReactNode;
-  onSuccess?: () => void;
-}
-
-// ============================================================================
-// Zod Schema - Single role form
-// ============================================================================
-
-const roleFormSchema = z.object({
-  // Role identity fields
-  role: z.object({
-    id: z.string().optional(),
-    slug: z.string().optional(),
-    label: z.string(),
-  }),
-  // Static permissions (organization-level)
-  allowAllStaticPermissions: z.boolean(),
-  staticPermissions: z.array(z.string()),
-  // Connection-specific permissions (MCP permissions)
-  toolSet: z.record(z.string(), z.array(z.string())),
-  // Model permissions (connection-scoped)
-  allowAllModels: z.boolean(),
-  modelSet: z.record(z.string(), z.array(z.string())),
-  // Members
-  memberIds: z.array(z.string()),
-});
-
-type RoleFormData = z.infer<typeof roleFormSchema>;
-
-// Helper to get initials from name
-function getInitials(name: string | undefined | null): string {
-  if (!name) return "?";
-  return name
-    .split(" ")
-    .map((part) => part[0])
-    .join("")
-    .toUpperCase()
-    .slice(0, 2);
-}
-
-// Built-in roles that cannot be edited
-const BUILTIN_ROLES = [
-  { role: "owner", label: "Owner", color: "bg-red-500" },
-  { role: "admin", label: "Admin", color: "bg-blue-500" },
-  { role: "user", label: "User", color: "bg-green-500" },
-] as const;
-
-// Available colors for custom roles
-const ROLE_COLORS = [
-  "bg-red-500",
-  "bg-orange-500",
-  "bg-amber-500",
-  "bg-yellow-500",
-  "bg-lime-500",
-  "bg-green-500",
-  "bg-emerald-500",
-  "bg-teal-500",
-  "bg-cyan-500",
-  "bg-sky-500",
-  "bg-blue-500",
-  "bg-indigo-500",
-  "bg-violet-500",
-  "bg-purple-500",
-  "bg-fuchsia-500",
-  "bg-pink-500",
-  "bg-rose-500",
-] as const;
-
-// Deterministic color based on role name using simple hash
-function getRoleColor(roleName: string): string {
-  if (!roleName) return "bg-neutral-400";
-  let hash = 0;
-  for (let i = 0; i < roleName.length; i++) {
-    const char = roleName.charCodeAt(i);
-    hash = (hash << 5) - hash + char;
-    hash = hash & hash; // Convert to 32-bit integer
-  }
-  const index = Math.abs(hash) % ROLE_COLORS.length;
-  return ROLE_COLORS[index] ?? ROLE_COLORS[0];
-}
-
-// Create empty role
-function createEmptyRole(): RoleFormData {
-  return {
-    role: {
-      id: undefined,
-      slug: undefined,
-      label: "",
-    },
-    allowAllStaticPermissions: false,
-    staticPermissions: [],
-    toolSet: {},
-    allowAllModels: true,
-    modelSet: {},
-    memberIds: [],
-  };
-}
-
-// ============================================================================
-// Organization Permissions Tab
-// ============================================================================
-
-interface OrgPermissionsTabProps {
-  allowAllStaticPermissions: boolean;
-  staticPermissions: string[];
-  onAllowAllChange: (allowAll: boolean) => void;
-  onPermissionsChange: (permissions: string[]) => void;
-  readOnly?: boolean;
-}
-
-function OrgPermissionsTab({
-  allowAllStaticPermissions,
-  staticPermissions,
-  onAllowAllChange,
-  onPermissionsChange,
-  readOnly = false,
-}: OrgPermissionsTabProps) {
-  const [searchQuery, setSearchQuery] = useState("");
-  const deferredSearchQuery = useDeferredValue(searchQuery);
-
-  const toolsByCategory = getToolsByCategory();
-  const allPermissions = getPermissionOptions();
-
-  // Filter permissions by search
-  const filteredPermissions = allPermissions.filter((perm) =>
-    perm.label.toLowerCase().includes(deferredSearchQuery.toLowerCase()),
-  );
-
-  // Toggle a single permission
-  const togglePermission = (permission: ToolName) => {
-    if (staticPermissions.includes(permission)) {
-      onPermissionsChange(staticPermissions.filter((p) => p !== permission));
-    } else {
-      const newPermissions = [...staticPermissions, permission];
-      // If all permissions are now selected, turn on allowAll
-      if (newPermissions.length === allPermissions.length) {
-        onAllowAllChange(true);
-        onPermissionsChange([]);
-      } else {
-        onPermissionsChange(newPermissions);
-      }
-    }
-  };
-
-  return (
-    <div className="flex flex-col h-full">
-      {/* Search */}
-      <div className="border-b border-border">
-        <CollectionSearch
-          value={searchQuery}
-          onChange={setSearchQuery}
-          placeholder="Search permissions..."
-          className="border-b-0"
-        />
-      </div>
-
-      {/* Select All Toggle */}
-      <div className="border-b border-border">
-        <div
-          className={cn(
-            "flex items-center justify-between px-4 py-3 rounded-lg",
-            !readOnly && "hover:bg-muted/50 cursor-pointer",
-          )}
-          onClick={() => {
-            if (readOnly) return;
-            const newValue = !allowAllStaticPermissions;
-            onAllowAllChange(newValue);
-            onPermissionsChange([]);
-          }}
-        >
-          <span className="text-sm font-medium">
-            All organization permissions
-          </span>
-          <div onClick={(e) => e.stopPropagation()}>
-            {readOnly ? (
-              <TooltipProvider>
-                <Tooltip>
-                  <TooltipTrigger asChild>
-                    <div>
-                      <Switch
-                        checked={allowAllStaticPermissions}
-                        disabled={readOnly}
-                        onCheckedChange={(checked) => {
-                          if (readOnly) return;
-                          onAllowAllChange(checked);
-                          onPermissionsChange([]);
-                        }}
-                      />
-                    </div>
-                  </TooltipTrigger>
-                  <TooltipContent>
-                    <p>Built-in role permissions cannot be changed</p>
-                  </TooltipContent>
-                </Tooltip>
-              </TooltipProvider>
-            ) : (
-              <Switch
-                checked={allowAllStaticPermissions}
-                disabled={readOnly}
-                onCheckedChange={(checked) => {
-                  if (readOnly) return;
-                  onAllowAllChange(checked);
-                  onPermissionsChange([]);
-                }}
-              />
-            )}
-          </div>
-        </div>
-      </div>
-
-      {/* Permissions List */}
-      <div className="flex-1 overflow-auto">
-        {Object.entries(toolsByCategory).map(([category, tools]) => {
-          const categoryPermissions = filteredPermissions.filter((p) =>
-            tools.some((t) => t.name === p.value),
-          );
-
-          if (categoryPermissions.length === 0) return null;
-
-          return (
-            <div key={category} className="mb-6 last:mb-0">
-              <h4 className="text-sm font-medium p-3 pb-1.5 text-muted-foreground/75">
-                {category}
-              </h4>
-              <div className="space-y-1">
-                {categoryPermissions.map((permission) => (
-                  <div
-                    key={permission.value}
-                    className={cn(
-                      "flex items-center justify-between gap-3 px-4 py-3",
-                      !readOnly && "hover:bg-muted/50 cursor-pointer",
-                    )}
-                    onClick={() => {
-                      if (readOnly) return;
-                      if (allowAllStaticPermissions) {
-                        onAllowAllChange(false);
-                        // Select all except this one
-                        const allPerms = allPermissions.map((p) => p.value);
-                        onPermissionsChange(
-                          allPerms.filter((p) => p !== permission.value),
-                        );
-                      } else {
-                        togglePermission(permission.value);
-                      }
-                    }}
-                  >
-                    <div className="flex-1 min-w-0">
-                      <span className="text-sm">{permission.label}</span>
-                    </div>
-                    <div onClick={(e) => e.stopPropagation()}>
-                      {readOnly ? (
-                        <TooltipProvider>
-                          <Tooltip>
-                            <TooltipTrigger asChild>
-                              <div>
-                                <Switch
-                                  checked={
-                                    allowAllStaticPermissions ||
-                                    staticPermissions.includes(permission.value)
-                                  }
-                                  disabled={readOnly}
-                                  onCheckedChange={() => {
-                                    if (readOnly) return;
-                                    if (allowAllStaticPermissions) {
-                                      onAllowAllChange(false);
-                                      // Select all except this one
-                                      const allPerms = allPermissions.map(
-                                        (p) => p.value,
-                                      );
-                                      onPermissionsChange(
-                                        allPerms.filter(
-                                          (p) => p !== permission.value,
-                                        ),
-                                      );
-                                    } else {
-                                      togglePermission(permission.value);
-                                    }
-                                  }}
-                                />
-                              </div>
-                            </TooltipTrigger>
-                            <TooltipContent>
-                              <p>Built-in role permissions cannot be changed</p>
-                            </TooltipContent>
-                          </Tooltip>
-                        </TooltipProvider>
-                      ) : (
-                        <Switch
-                          checked={
-                            allowAllStaticPermissions ||
-                            staticPermissions.includes(permission.value)
-                          }
-                          disabled={readOnly}
-                          onCheckedChange={() => {
-                            if (readOnly) return;
-                            if (allowAllStaticPermissions) {
-                              onAllowAllChange(false);
-                              // Select all except this one
-                              const allPerms = allPermissions.map(
-                                (p) => p.value,
-                              );
-                              onPermissionsChange(
-                                allPerms.filter((p) => p !== permission.value),
-                              );
-                            } else {
-                              togglePermission(permission.value);
-                            }
-                          }}
-                        />
-                      )}
-                    </div>
-                  </div>
-                ))}
-              </div>
-            </div>
-          );
-        })}
-      </div>
-    </div>
-  );
-}
-
-// ============================================================================
-// Models Permissions Tab
-// ============================================================================
-
-const PROVIDER_DISPLAY_NAMES: Record<string, string> = {
-  anthropic: "Anthropic",
-  openrouter: "OpenRouter",
-};
-
-interface ModelsPermissionsTabProps {
-  allowAllModels: boolean;
-  modelSet: Record<string, string[]>;
-  onAllowAllChange: (allowAll: boolean) => void;
-  onModelSetChange: (modelSet: Record<string, string[]>) => void;
-  readOnly?: boolean;
-}
-
-/**
- * Inner component per connection that fetches and displays models.
- * Wrapped in Suspense by the parent.
- */
-const MODELS_PAGE_SIZE = 30;
-
-function ConnectionModelsSection({
-  connection,
-  selectedModels,
-  allowAllModels,
-  onToggleModel,
-  onToggleConnectionAll,
-  allConnectionModelsSelected,
-  searchQuery,
-  readOnly,
-}: {
-  connection: AiProviderKey;
-  selectedModels: string[];
-  allowAllModels: boolean;
-  onToggleModel: (keyId: string, modelId: string) => void;
-  onToggleConnectionAll: (keyId: string, models: { id: string }[]) => void;
-  allConnectionModelsSelected: boolean;
-  searchQuery: string;
-  readOnly: boolean;
-}) {
-  const [visibleCount, setVisibleCount] = useState(MODELS_PAGE_SIZE);
-  const rawModels = useSuspenseAiProviderModels(connection.id);
-  const models = rawModels
-    .filter((m, i, arr) => arr.findIndex((x) => x.modelId === m.modelId) === i)
-    .map((m) => ({
-      ...m,
-      id: m.modelId,
-      provider: connection.label,
-    }));
-
-  // Filter models by search query
-  const filteredModels = searchQuery.trim()
-    ? models.filter(
-        (m) =>
-          m.title.toLowerCase().includes(searchQuery.toLowerCase()) ||
-          m.id.toLowerCase().includes(searchQuery.toLowerCase()) ||
-          m.provider?.toLowerCase().includes(searchQuery.toLowerCase()),
-      )
-    : models;
-
-  if (filteredModels.length === 0) return null;
-
-  const visibleModels = filteredModels.slice(0, visibleCount);
-  const hasMore = filteredModels.length > visibleCount;
-
-  // Check if all filtered models in this connection are selected
-  const allSelected =
-    allowAllModels ||
-    allConnectionModelsSelected ||
-    (selectedModels.includes("*") && !allowAllModels) ||
-    filteredModels.every(
-      (m) => selectedModels.includes(m.id) || selectedModels.includes("*"),
-    );
-
-  return (
-    <div className="mb-6 last:mb-0">
-      {/* Connection header with toggle-all for this connection */}
-      <div className="flex items-center justify-between px-4 py-2">
-        <div className="flex items-center gap-2">
-          <img
-            src={PROVIDER_LOGOS[connection.providerId] ?? DEFAULT_LOGO}
-            alt={connection.providerId}
-            className="w-4 h-4 rounded-sm dark:bg-white dark:rounded-sm dark:p-px"
-          />
-          <div className="flex flex-col">
-            <h4 className="text-sm font-medium text-muted-foreground/75">
-              {PROVIDER_DISPLAY_NAMES[connection.providerId] ??
-                connection.providerId}
-            </h4>
-            <span className="text-xs text-muted-foreground/50">
-              {connection.label}
-            </span>
-          </div>
-        </div>
-        {!readOnly && !allowAllModels && (
-          <Switch
-            checked={allSelected}
-            onCheckedChange={() => onToggleConnectionAll(connection.id, models)}
-          />
-        )}
-      </div>
-      {/* Model list */}
-      <div className="space-y-1">
-        {visibleModels.map((model) => {
-          const isEnabled =
-            allowAllModels ||
-            selectedModels.includes("*") ||
-            selectedModels.includes(model.id);
-
-          return (
-            <div
-              key={model.id}
-              className={cn(
-                "flex items-center justify-between gap-3 px-4 py-3",
-                !readOnly && "hover:bg-muted/50 cursor-pointer",
-              )}
-              onClick={() => {
-                if (readOnly || allowAllModels) return;
-                onToggleModel(connection.id, model.id);
-              }}
-            >
-              <div className="flex items-center gap-2 flex-1 min-w-0">
-                {model.logo && (
-                  <img
-                    src={model.logo}
-                    className="w-4 h-4 shrink-0 rounded-sm dark:bg-white dark:rounded-sm dark:p-px"
-                    alt={model.title}
-                  />
-                )}
-                <span className="text-sm truncate">{model.title}</span>
-              </div>
-              <div onClick={(e) => e.stopPropagation()}>
-                {readOnly ? (
-                  <TooltipProvider>
-                    <Tooltip>
-                      <TooltipTrigger asChild>
-                        <div>
-                          <Switch checked={isEnabled} disabled />
-                        </div>
-                      </TooltipTrigger>
-                      <TooltipContent>
-                        <p>Built-in role permissions cannot be changed</p>
-                      </TooltipContent>
-                    </Tooltip>
-                  </TooltipProvider>
-                ) : (
-                  <Switch
-                    checked={isEnabled}
-                    disabled={readOnly || allowAllModels}
-                    onCheckedChange={() => {
-                      if (readOnly || allowAllModels) return;
-                      onToggleModel(connection.id, model.id);
-                    }}
-                  />
-                )}
-              </div>
-            </div>
-          );
-        })}
-        {hasMore && (
-          <button
-            type="button"
-            className="w-full px-4 py-2 text-xs text-muted-foreground hover:text-foreground hover:bg-muted/50 transition-colors"
-            onClick={() => setVisibleCount((c) => c + MODELS_PAGE_SIZE)}
-          >
-            Show more ({filteredModels.length - visibleCount} remaining)
-          </button>
-        )}
-      </div>
-    </div>
-  );
-}
-
-function ConnectionModelsSectionFallback() {
-  return (
-    <div className="px-4 py-3 flex items-center gap-2 text-sm text-muted-foreground">
-      <Loading01 className="size-4 animate-spin" />
-      Loading models...
-    </div>
-  );
-}
-
-function ModelsPermissionsTab({
-  allowAllModels,
-  modelSet,
-  onAllowAllChange,
-  onModelSetChange,
-  readOnly = false,
-}: ModelsPermissionsTabProps) {
-  const [searchQuery, setSearchQuery] = useState("");
-  const deferredSearchQuery = useDeferredValue(searchQuery);
-
-  const allModelsConnections = useAiProviderKeys();
-
-  // Toggle a single model for a connection
-  const toggleModel = (connectionId: string, modelId: string) => {
-    const current = modelSet[connectionId] ?? [];
-    const newModelSet = { ...modelSet };
-    if (current.includes(modelId)) {
-      const filtered = current.filter((m) => m !== modelId);
-      if (filtered.length === 0) {
-        delete newModelSet[connectionId];
-      } else {
-        newModelSet[connectionId] = filtered;
-      }
-    } else {
-      newModelSet[connectionId] = [...current, modelId];
-    }
-    onModelSetChange(newModelSet);
-  };
-
-  // Toggle all models for a connection
-  const toggleConnectionAll = (
-    connectionId: string,
-    models: { id: string }[],
-  ) => {
-    const current = modelSet[connectionId] ?? [];
-    const allModelIds = models.map((m) => m.id);
-    const allSelected =
-      current.includes("*") || allModelIds.every((id) => current.includes(id));
-
-    const newModelSet = { ...modelSet };
-    if (allSelected) {
-      // Deselect all for this connection
-      delete newModelSet[connectionId];
-    } else {
-      // Select all for this connection
-      newModelSet[connectionId] = allModelIds;
-    }
-    onModelSetChange(newModelSet);
-  };
-
-  return (
-    <div className="flex flex-col h-full">
-      {/* Search */}
-      <div className="border-b border-border">
-        <CollectionSearch
-          value={searchQuery}
-          onChange={setSearchQuery}
-          placeholder="Search models..."
-          className="border-b-0"
-        />
-      </div>
-
-      {/* Select All Toggle */}
-      <div className="border-b border-border">
-        <div
-          className={cn(
-            "flex items-center justify-between px-4 py-3 rounded-lg",
-            !readOnly && "hover:bg-muted/50 cursor-pointer",
-          )}
-          onClick={() => {
-            if (readOnly) return;
-            const newValue = !allowAllModels;
-            onAllowAllChange(newValue);
-            if (newValue) {
-              onModelSetChange({});
-            }
-          }}
-        >
-          <span className="text-sm font-medium">All models</span>
-          <div onClick={(e) => e.stopPropagation()}>
-            {readOnly ? (
-              <TooltipProvider>
-                <Tooltip>
-                  <TooltipTrigger asChild>
-                    <div>
-                      <Switch checked={allowAllModels} disabled />
-                    </div>
-                  </TooltipTrigger>
-                  <TooltipContent>
-                    <p>Built-in role permissions cannot be changed</p>
-                  </TooltipContent>
-                </Tooltip>
-              </TooltipProvider>
-            ) : (
-              <Switch
-                checked={allowAllModels}
-                onCheckedChange={(checked) => {
-                  if (readOnly) return;
-                  onAllowAllChange(checked);
-                  if (checked) {
-                    onModelSetChange({});
-                  }
-                }}
-              />
-            )}
-          </div>
-        </div>
-      </div>
-
-      {/* Models list grouped by connection */}
-      <div className="flex-1 overflow-auto">
-        {allModelsConnections.length === 0 ? (
-          <div className="flex items-center justify-center py-8 text-sm text-muted-foreground">
-            No LLM connections configured
-          </div>
-        ) : (
-          allModelsConnections.map((conn) => (
-            <Suspense
-              key={conn.id}
-              fallback={<ConnectionModelsSectionFallback />}
-            >
-              <ConnectionModelsSection
-                connection={conn}
-                selectedModels={modelSet[conn.id] ?? []}
-                allowAllModels={allowAllModels}
-                onToggleModel={toggleModel}
-                onToggleConnectionAll={toggleConnectionAll}
-                allConnectionModelsSelected={(modelSet[conn.id] ?? []).includes(
-                  "*",
-                )}
-                searchQuery={deferredSearchQuery}
-                readOnly={readOnly}
-              />
-            </Suspense>
-          ))
-        )}
-      </div>
-    </div>
-  );
-}
-
-// ============================================================================
-// Add Member Dialog
-// ============================================================================
-
-interface AddMemberDialogProps {
-  open: boolean;
-  onOpenChange: (open: boolean) => void;
-  selectedMemberIds: string[];
-  onAddMembers: (memberIds: string[]) => void;
-}
-
-function AddMemberDialog({
-  open,
-  onOpenChange,
-  selectedMemberIds,
-  onAddMembers,
-}: AddMemberDialogProps) {
-  const [searchQuery, setSearchQuery] = useState("");
-  const deferredSearchQuery = useDeferredValue(searchQuery);
-  const [pendingMemberIds, setPendingMemberIds] = useState<string[]>([]);
-
-  const { data } = useMembers();
-  const members = data?.data?.members ?? [];
-
-  // Filter members by search
-  type Member = (typeof members)[number];
-  const filteredMembers = members.filter((member: Member) => {
-    const searchLower = deferredSearchQuery.toLowerCase();
-    return (
-      member.user?.name?.toLowerCase().includes(searchLower) ||
-      member.user?.email?.toLowerCase().includes(searchLower)
-    );
-  });
-
-  // Check if member is eligible (not owner)
-  const isMemberEligible = (member: Member) => {
-    return member.role !== "owner";
-  };
-
-  // Check if member is already in the role
-  const isAlreadyInRole = (memberId: string) => {
-    return selectedMemberIds.includes(memberId);
-  };
-
-  // Toggle member selection
-  const toggleMember = (memberId: string) => {
-    if (pendingMemberIds.includes(memberId)) {
-      setPendingMemberIds(pendingMemberIds.filter((id) => id !== memberId));
-    } else {
-      setPendingMemberIds([...pendingMemberIds, memberId]);
-    }
-  };
-
-  const handleAdd = () => {
-    onAddMembers(pendingMemberIds);
-    setPendingMemberIds([]);
-    onOpenChange(false);
-  };
-
-  return (
-    <AlertDialog open={open} onOpenChange={onOpenChange}>
-      <AlertDialogContent className="sm:max-w-md p-0 overflow-hidden">
-        <AlertDialogHeader className="px-6 pt-6">
-          <AlertDialogTitle>Add Members to Role</AlertDialogTitle>
-          <AlertDialogDescription>
-            Select members to add to this role.
-          </AlertDialogDescription>
-        </AlertDialogHeader>
-
-        <div className="flex flex-col h-80">
-          <CollectionSearch
-            value={searchQuery}
-            onChange={setSearchQuery}
-            placeholder="Search members..."
-            className="border-b border-t-0 border-x-0 rounded-none"
-          />
-
-          <div className="flex-1 overflow-auto">
-            {filteredMembers.length === 0 ? (
-              <div className="flex items-center justify-center h-full px-6">
-                <p className="text-sm text-muted-foreground">
-                  {searchQuery ? "No members found" : "No members available"}
-                </p>
-              </div>
-            ) : (
-              <div className="px-6 py-2 space-y-1">
-                {filteredMembers.map((member: Member) => {
-                  const eligible = isMemberEligible(member);
-                  const alreadyInRole = isAlreadyInRole(member.id);
-                  const isSelected = pendingMemberIds.includes(member.id);
-
-                  return (
-                    <label
-                      key={member.id}
-                      className={cn(
-                        "flex items-center gap-3 p-2 rounded-lg",
-                        !eligible || alreadyInRole
-                          ? "opacity-50 cursor-not-allowed"
-                          : "cursor-pointer hover:bg-muted/50",
-                      )}
-                    >
-                      <Checkbox
-                        checked={isSelected || alreadyInRole}
-                        onCheckedChange={() => {
-                          if (eligible && !alreadyInRole) {
-                            toggleMember(member.id);
-                          }
-                        }}
-                        disabled={!eligible || alreadyInRole}
-                      />
-                      <Avatar
-                        url={member.user?.image ?? undefined}
-                        fallback={getInitials(member.user?.name)}
-                        shape="circle"
-                        size="sm"
-                      />
-                      <div className="flex-1 min-w-0">
-                        <p className="text-sm font-medium truncate">
-                          {member.user?.name || "Unknown"}
-                        </p>
-                        <p className="text-xs text-muted-foreground truncate">
-                          {member.user?.email}
-                        </p>
-                      </div>
-                      {!eligible && (
-                        <Badge variant="secondary" className="shrink-0">
-                          Owner
-                        </Badge>
-                      )}
-                      {alreadyInRole && eligible && (
-                        <Badge variant="outline" className="shrink-0">
-                          Added
-                        </Badge>
-                      )}
-                    </label>
-                  );
-                })}
-              </div>
-            )}
-          </div>
-        </div>
-
-        <AlertDialogFooter className="px-6 pb-6">
-          <AlertDialogCancel>Cancel</AlertDialogCancel>
-          <AlertDialogAction
-            onClick={handleAdd}
-            disabled={pendingMemberIds.length === 0}
-          >
-            Add {pendingMemberIds.length > 0 && `(${pendingMemberIds.length})`}
-          </AlertDialogAction>
-        </AlertDialogFooter>
-      </AlertDialogContent>
-    </AlertDialog>
-  );
-}
-
-// ============================================================================
-// Members Tab
-// ============================================================================
-
-interface MembersTabProps {
-  memberIds: string[];
-  onMemberIdsChange: (memberIds: string[]) => void;
-  readOnly?: boolean;
-}
-
-function MembersTabContent({
-  memberIds,
-  onMemberIdsChange,
-  readOnly = false,
-}: MembersTabProps) {
-  const [searchQuery, setSearchQuery] = useState("");
-  const deferredSearchQuery = useDeferredValue(searchQuery);
-  const [addMemberDialogOpen, setAddMemberDialogOpen] = useState(false);
-
-  const { data } = useMembers();
-  const members = data?.data?.members ?? [];
-
-  type Member = (typeof members)[number];
-  // Get members that are in this role
-  const roleMembers = members.filter((m: Member) => memberIds.includes(m.id));
-
-  // Filter by search
-  const filteredMembers = roleMembers.filter((member: Member) => {
-    const searchLower = deferredSearchQuery.toLowerCase();
-    return (
-      member.user?.name?.toLowerCase().includes(searchLower) ||
-      member.user?.email?.toLowerCase().includes(searchLower)
-    );
-  });
-
-  // Remove member from role
-  const removeMember = (memberId: string) => {
-    onMemberIdsChange(memberIds.filter((id) => id !== memberId));
-  };
-
-  // Add members to role
-  const handleAddMembers = (newMemberIds: string[]) => {
-    onMemberIdsChange([...memberIds, ...newMemberIds]);
-  };
-
-  return (
-    <div className="flex flex-col h-full">
-      {/* Search and Add Button */}
-      <div className="flex items-center border-b border-border">
-        <CollectionSearch
-          value={searchQuery}
-          onChange={setSearchQuery}
-          placeholder="Search members..."
-          className="flex-1 border-b-0"
-        />
-        {readOnly ? (
-          <div className="pr-4">
-            <TooltipProvider>
-              <Tooltip>
-                <TooltipTrigger asChild>
-                  <div>
-                    <Button variant="outline" size="sm" disabled>
-                      <Plus size={16} />
-                      Add Member
-                    </Button>
-                  </div>
-                </TooltipTrigger>
-                <TooltipContent>
-                  <p>Owner membership cannot be changed</p>
-                </TooltipContent>
-              </Tooltip>
-            </TooltipProvider>
-          </div>
-        ) : (
-          <div className="pr-4">
-            <Button
-              variant="outline"
-              size="sm"
-              onClick={() => setAddMemberDialogOpen(true)}
-            >
-              <Plus size={16} />
-              Add Member
-            </Button>
-          </div>
-        )}
-      </div>
-
-      {/* Members List */}
-      <div className="flex-1 overflow-auto">
-        {roleMembers.length === 0 ? (
-          <div className="flex items-center justify-center h-full">
-            <div className="text-center">
-              <h3 className="text-lg font-medium mb-2">No members</h3>
-              <p className="text-sm text-muted-foreground">
-                Add members to this role to grant them the configured
-                permissions.
-              </p>
-            </div>
-          </div>
-        ) : filteredMembers.length === 0 ? (
-          <div className="flex items-center justify-center h-full">
-            <p className="text-sm text-muted-foreground">
-              No members match "{searchQuery}"
-            </p>
-          </div>
-        ) : (
-          <div className="p-4 space-y-2">
-            {filteredMembers.map((member: Member) => (
-              <div
-                key={member.id}
-                className="flex items-center gap-3 p-3 rounded-lg bg-muted/30"
-              >
-                <Avatar
-                  url={member.user?.image ?? undefined}
-                  fallback={getInitials(member.user?.name)}
-                  shape="circle"
-                  size="sm"
-                />
-                <div className="flex-1 min-w-0">
-                  <p className="text-sm font-medium truncate">
-                    {member.user?.name || "Unknown"}
-                  </p>
-                  <p className="text-xs text-muted-foreground truncate">
-                    {member.user?.email}
-                  </p>
-                </div>
-                {readOnly ? (
-                  <TooltipProvider>
-                    <Tooltip>
-                      <TooltipTrigger asChild>
-                        <div>
-                          <Button variant="ghost" size="sm" disabled>
-                            <X size={16} />
-                          </Button>
-                        </div>
-                      </TooltipTrigger>
-                      <TooltipContent>
-                        <p>Owner membership cannot be changed</p>
-                      </TooltipContent>
-                    </Tooltip>
-                  </TooltipProvider>
-                ) : (
-                  <Button
-                    variant="ghost"
-                    size="sm"
-                    onClick={() => removeMember(member.id)}
-                  >
-                    <X size={16} />
-                  </Button>
-                )}
-              </div>
-            ))}
-          </div>
-        )}
-      </div>
-
-      <AddMemberDialog
-        open={addMemberDialogOpen}
-        onOpenChange={setAddMemberDialogOpen}
-        selectedMemberIds={memberIds}
-        onAddMembers={handleAddMembers}
-      />
-    </div>
-  );
-}
-
-function MembersTab(props: MembersTabProps) {
-  return (
-    <Suspense
-      fallback={
-        <div className="flex items-center justify-center h-full">
-          <Loading01 size={24} className="animate-spin text-muted-foreground" />
-        </div>
-      }
-    >
-      <MembersTabContent {...props} />
-    </Suspense>
-  );
-}
-
-// ============================================================================
-// Built-in Role Helper
-// ============================================================================
-
-const BUILTIN_ROLE_PERMISSIONS: Record<"owner" | "admin" | "user", string[]> = {
-  owner: [], // Owner has all permissions
-  admin: [], // Admin has all permissions
-  user: [], // User has no organization permissions by default
-};
-
-// Helper to load built-in role into form data
-function loadBuiltinRoleIntoForm(
-  role: "owner" | "admin" | "user",
-  members: Array<{ id: string; role: string }>,
-): RoleFormData {
-  const isOwnerOrAdmin = role === "owner" || role === "admin";
-  const roleMembers = members.filter((m) => m.role === role);
-
-  return {
-    role: {
-      slug: role,
-      label: role.charAt(0).toUpperCase() + role.slice(1),
-    },
-    allowAllStaticPermissions: isOwnerOrAdmin,
-    staticPermissions: BUILTIN_ROLE_PERMISSIONS[role],
-    toolSet: {},
-    allowAllModels: true,
-    modelSet: {},
-    memberIds: roleMembers.map((m) => m.id),
-  };
-}
-
-// ============================================================================
-// Main Component
-// ============================================================================
-
-export function ManageRolesDialog({
-  trigger,
-  onSuccess,
-}: ManageRolesDialogProps) {
-  const [open, setOpen] = useState(false);
-  const [activeTab, setActiveTab] = useState<
-    "mcp" | "org" | "models" | "members"
-  >("mcp");
-  const { locator } = useProjectContext();
-  const queryClient = useQueryClient();
-
-  // Get all connections for permission save/load logic (wildcard expansion, ID lookup).
-  // Display-level search is handled inside ToolSetSelector's own useConnections call.
-  const connections = useConnections() ?? [];
-
-  // Get existing custom roles
-  const { customRoles, refetch: refetchRoles } = useOrganizationRoles();
-
-  // Get members
-  const { data: membersData } = useQuery({
-    queryKey: KEYS.members(locator),
-    queryFn: () => authClient.organization.listMembers(),
-  });
-
-  // React Hook Form setup - single role at a time
-  const form = useForm<RoleFormData>({
-    resolver: zodResolver(roleFormSchema),
-    defaultValues: createEmptyRole(),
-  });
-
-  // Form validity from Zod schema (requires roleName)
-  const isFormValid = form.formState.isValid;
-  const isFormDirty = form.formState.isDirty;
-
-  // Track which role is selected (by ID for existing, null for new)
-  const [selectedRoleId, setSelectedRoleId] = useState<string | null>(null);
-
-  // Track if viewing a built-in role (owner, admin, user)
-  const [viewingBuiltinRole, setViewingBuiltinRole] = useState<
-    "owner" | "admin" | "user" | null
-  >(null);
-
-  // Check if editing a new role (not yet saved) - exclude built-in roles
-  const isNewRole =
-    !form.watch("role.id") && !form.watch("role.slug") && !viewingBuiltinRole;
-
-  // Delete confirmation dialog state
-  const [roleToDelete, setRoleToDelete] = useState<{
-    id: string;
-    label: string;
-  } | null>(null);
-
-  // Discard changes confirmation dialog state
-  const [discardDialogOpen, setDiscardDialogOpen] = useState(false);
-  const [pendingAction, setPendingAction] = useState<(() => void) | null>(null);
-
-  // Convert existing OrganizationRole to form data
-  const convertRoleToFormData = (role: OrganizationRole): RoleFormData => {
-    const permission = role.permission || {};
-
-    // Check for static permissions under "self"
-    const selfPerms = permission["self"] || [];
-    const hasAllStaticPerms = selfPerms.includes("*");
-    const staticPerms = hasAllStaticPerms
-      ? []
-      : selfPerms.filter((p) => p !== "*");
-
-    // Build toolSet from connection permissions
-    const toolSet: Record<string, string[]> = {};
-    for (const [key, tools] of Object.entries(permission)) {
-      if (key === "self" || key === "models") continue;
-      if (key === "*") {
-        // All connections - expand to all current connections
-        for (const conn of connections) {
-          if (tools.includes("*")) {
-            toolSet[conn.id] = conn.tools?.map((t) => t.name) ?? [];
-          } else {
-            toolSet[conn.id] = tools;
-          }
-        }
-      } else {
-        // Specific connection
-        const conn = connections.find((c) => c.id === key);
-        if (conn) {
-          if (tools.includes("*")) {
-            toolSet[key] = conn.tools?.map((t) => t.name) ?? [];
-          } else {
-            toolSet[key] = tools;
-          }
-        }
-      }
-    }
-
-    // Build modelSet from "models" key (composite keyId:modelId strings)
-    const modelsEntries = permission["models"] || [];
-    const hasAllModels =
-      modelsEntries.length === 0 || modelsEntries.includes("*:*");
-    const modelSet: Record<string, string[]> = {};
-    if (!hasAllModels) {
-      for (const entry of modelsEntries) {
-        const colonIdx = entry.indexOf(":");
-        if (colonIdx === -1) continue;
-        const keyId = entry.slice(0, colonIdx);
-        const modelId = entry.slice(colonIdx + 1);
-        if (!modelSet[keyId]) {
-          modelSet[keyId] = [];
-        }
-        modelSet[keyId].push(modelId);
-      }
-    }
-
-    // Get members with this role
-    const members = membersData?.data?.members ?? [];
-    type MemberItem = (typeof members)[number];
-    const roleMemberIds = members
-      .filter((m: MemberItem) => m.role === role.role)
-      .map((m: MemberItem) => m.id);
-
-    return {
-      role: {
-        id: role.id,
-        slug: role.role,
-        label: role.label,
-      },
-      allowAllStaticPermissions: hasAllStaticPerms,
-      staticPermissions: staticPerms,
-      toolSet,
-      allowAllModels: hasAllModels,
-      modelSet,
-      memberIds: roleMemberIds,
-    };
-  };
-
-  // Load a role into the form
-  const loadRole = (role: OrganizationRole) => {
-    const formData = convertRoleToFormData(role);
-    form.reset(formData);
-    setSelectedRoleId(role.id ?? null);
-    setViewingBuiltinRole(null);
-  };
-
-  // Start editing a new role
-  const startNewRole = () => {
-    form.reset(createEmptyRole());
-    setSelectedRoleId(null);
-    setViewingBuiltinRole(null);
-    setActiveTab("mcp");
-  };
-
-  // Handle switching roles - only prompt if there are valid unsaved changes
-  const handleSelectRole = (role: OrganizationRole) => {
-    if (isFormDirty && isFormValid) {
-      // Has valid unsaved changes - ask what to do
-      setPendingAction(() => () => loadRole(role));
-      setDiscardDialogOpen(true);
-    } else {
-      // Form is either clean OR invalid - just switch
-      loadRole(role);
-    }
-  };
-
-  // Handle creating a new role - save current if valid, then start new
-  const handleCreateNewRole = async () => {
-    if (isFormDirty && isFormValid) {
-      await saveCurrentRole();
-    }
-    startNewRole();
-  };
-
-  // Handle selecting a built-in role
-  const handleSelectBuiltinRole = (role: "owner" | "admin" | "user") => {
-    if (isFormDirty && isFormValid) {
-      // Has valid unsaved changes - ask what to do
-      setPendingAction(() => () => {
-        const builtinFormData = loadBuiltinRoleIntoForm(
-          role,
-          membersData?.data?.members ?? [],
-        );
-        form.reset(builtinFormData);
-        setViewingBuiltinRole(role);
-        setSelectedRoleId(null);
-        setActiveTab("org");
-      });
-      setDiscardDialogOpen(true);
-    } else {
-      // Form is clean or invalid - just switch
-      const builtinFormData = loadBuiltinRoleIntoForm(
-        role,
-        membersData?.data?.members ?? [],
-      );
-      form.reset(builtinFormData);
-      setViewingBuiltinRole(role);
-      setSelectedRoleId(null);
-      setActiveTab("org");
-    }
-  };
-
-  // Handle dialog open/close
-  const handleOpenChange = (isOpen: boolean) => {
-    // Only prompt to discard if there are valid unsaved changes
-    if (!isOpen && form.formState.isDirty && isFormValid) {
-      setPendingAction(() => () => {
-        setOpen(false);
-        form.reset(createEmptyRole());
-        setViewingBuiltinRole(null);
-      });
-      setDiscardDialogOpen(true);
-      return;
-    }
-    setOpen(isOpen);
-
-    if (!isOpen) {
-      form.reset(createEmptyRole());
-      setViewingBuiltinRole(null);
-      setSelectedRoleId(null);
-    } else {
-      const firstRole = customRoles[0];
-      if (firstRole) {
-        loadRole(firstRole);
-      } else {
-        // If no custom roles, open the "user" built-in role
-        const builtinFormData = loadBuiltinRoleIntoForm(
-          "user",
-          membersData?.data?.members ?? [],
-        );
-        form.reset(builtinFormData);
-        setViewingBuiltinRole("user");
-        setSelectedRoleId(null);
-        setActiveTab("org");
-      }
-    }
-  };
-
-  // Confirm discard changes
-  const handleConfirmDiscard = () => {
-    setDiscardDialogOpen(false);
-    if (pendingAction) {
-      pendingAction();
-      setPendingAction(null);
-    }
-  };
-
-  // Build permission object from role form data
-  const buildPermission = (role: RoleFormData): Record<string, string[]> => {
-    const permission: Record<string, string[]> = {};
-
-    // Add static/organization-level permissions under "self"
-    if (role.allowAllStaticPermissions) {
-      permission["self"] = ["*"];
-    } else if (role.staticPermissions.length > 0) {
-      permission["self"] = role.staticPermissions;
-    }
-
-    // Add connection/tool permissions
-    for (const [connectionId, tools] of Object.entries(role.toolSet)) {
-      if (tools.length > 0) {
-        const conn = connections.find((c) => c.id === connectionId);
-        const allTools = conn?.tools?.map((t) => t.name) ?? [];
-        // If all tools selected, use wildcard
-        if (allTools.length > 0 && allTools.every((t) => tools.includes(t))) {
-          permission[connectionId] = ["*"];
-        } else {
-          permission[connectionId] = tools;
-        }
-      }
-    }
-
-    // Add model permissions as composite "keyId:modelId" strings
-    if (role.allowAllModels) {
-      permission["models"] = ["*:*"];
-    } else {
-      const modelEntries: string[] = [];
-      for (const [keyId, models] of Object.entries(role.modelSet)) {
-        if (models.length > 0) {
-          for (const modelId of models) {
-            modelEntries.push(`${keyId}:${modelId}`);
-          }
-        }
-      }
-      // Always set the key when allowAllModels is false — an empty array
-      // means "no models allowed". Omitting the key would mean "all allowed"
-      // per the backward-compat data model, which is the opposite of intent.
-      permission["models"] = modelEntries;
-    }
-
-    return permission;
-  };
-
-  // Save mutation for single role
-  const saveMutation = useMutation({
-    mutationFn: async (formData: RoleFormData) => {
-      const permission = buildPermission(formData);
-      const roleSlug =
-        formData.role.slug ||
-        formData.role.label.toLowerCase().replace(/\s+/g, "-");
-
-      // Check if this is a built-in role (has slug but no id)
-      const isBuiltinRole = formData.role.slug && !formData.role.id;
-
-      if (isBuiltinRole) {
-        // Built-in role - only update member assignments
-        const members = membersData?.data?.members ?? [];
-        type SaveMember = (typeof members)[number];
-        const currentMemberIds = members
-          .filter((m: SaveMember) => m.role === formData.role.slug)
-          .map((m: SaveMember) => m.id);
-
-        // Find members to add
-        const membersToAdd = formData.memberIds.filter(
-          (id: string) => !currentMemberIds.includes(id),
-        );
-
-        // Find members to remove
-        const membersToRemove = currentMemberIds.filter(
-          (id: string) => !formData.memberIds.includes(id),
-        );
-
-        // Add new members to this role
-        for (const memberId of membersToAdd) {
-          const memberResult = await authClient.organization.updateMemberRole({
-            memberId,
-            role: [formData.role.slug!],
-          });
-          if (memberResult?.error) {
-            throw new Error(memberResult.error.message);
-          }
-        }
-
-        // Remove members from this role
-        for (const memberId of membersToRemove) {
-          const memberResult = await authClient.organization.updateMemberRole({
-            memberId,
-            role: ["user"],
-          });
-          if (memberResult?.error) {
-            throw new Error(memberResult.error.message);
-          }
-        }
-
-        return formData;
-      } else if (formData.role.id) {
-        // Update existing custom role
-        const result = await authClient.organization.updateRole({
-          roleId: formData.role.id,
-          data: { permission },
-        });
-
-        if (result?.error) {
-          throw new Error(result.error.message);
-        }
-
-        // Update member assignments
-        const members = membersData?.data?.members ?? [];
-        type UpdateMember = (typeof members)[number];
-        const currentMemberIds = members
-          .filter((m: UpdateMember) => m.role === formData.role.slug)
-          .map((m: UpdateMember) => m.id);
-
-        // Find members to add
-        const membersToAdd = formData.memberIds.filter(
-          (id: string) => !currentMemberIds.includes(id),
-        );
-
-        // Find members to remove
-        const membersToRemove = currentMemberIds.filter(
-          (id: string) => !formData.memberIds.includes(id),
-        );
-
-        // Add new members to this role
-        for (const memberId of membersToAdd) {
-          const memberResult = await authClient.organization.updateMemberRole({
-            memberId,
-            role: [formData.role.slug!],
-          });
-          if (memberResult?.error) {
-            throw new Error(memberResult.error.message);
-          }
-        }
-
-        // Remove members from this role
-        for (const memberId of membersToRemove) {
-          const memberResult = await authClient.organization.updateMemberRole({
-            memberId,
-            role: ["user"],
-          });
-          if (memberResult?.error) {
-            throw new Error(memberResult.error.message);
-          }
-        }
-
-        return formData;
-      } else {
-        // Create new role
-        const result = await authClient.organization.createRole({
-          role: roleSlug,
-          permission,
-        });
-
-        if (result?.error) {
-          throw new Error(result.error.message);
-        }
-
-        // Assign members to the new role
-        for (const memberId of formData.memberIds) {
-          const memberResult = await authClient.organization.updateMemberRole({
-            memberId,
-            role: [roleSlug],
-          });
-          if (memberResult?.error) {
-            throw new Error(memberResult.error.message);
-          }
-        }
-
-        return {
-          ...formData,
-          role: {
-            ...formData.role,
-            id: result.data?.roleData?.id,
-            slug: roleSlug,
-          },
-        };
-      }
-    },
-    onSuccess: (data, variables) => {
-      queryClient.invalidateQueries({ queryKey: KEYS.members(locator) });
-      queryClient.invalidateQueries({
-        queryKey: KEYS.organizationRoles(locator),
-      });
-      const isNew = !variables.role.id && !variables.role.slug;
-      const isBuiltinRole = variables.role.slug && !variables.role.id;
-      toast.success(
-        isBuiltinRole
-          ? "Members updated successfully!"
-          : isNew
-            ? "Role created successfully!"
-            : "Role updated successfully!",
-      );
-      refetchRoles();
-      form.reset(data);
-      if (data.role.id) {
-        setSelectedRoleId(data.role.id);
-      }
-      onSuccess?.();
-    },
-    onError: (error) => {
-      toast.error(
-        error instanceof Error ? error.message : "Failed to save role",
-      );
-    },
-  });
-
-  const deleteRoleMutation = useMutation({
-    mutationFn: async (roleId: string) => {
-      const result = await authClient.organization.deleteRole({ roleId });
-
-      if (result?.error) {
-        throw new Error(result.error.message);
-      }
-
-      return result?.data;
-    },
-    onSuccess: () => {
-      queryClient.invalidateQueries({ queryKey: KEYS.members(locator) });
-      queryClient.invalidateQueries({
-        queryKey: KEYS.organizationRoles(locator),
-      });
-      toast.success("Role deleted successfully!");
-      refetchRoles();
-      // If the deleted role was the one being edited, load another role
-      if (roleToDelete?.id === selectedRoleId) {
-        const remainingRoles = customRoles.filter(
-          (r) => r.id !== roleToDelete?.id,
-        );
-        if (remainingRoles[0]) {
-          loadRole(remainingRoles[0]);
-        } else {
-          // No custom roles left, load the "user" built-in role
-          const builtinFormData = loadBuiltinRoleIntoForm(
-            "user",
-            membersData?.data?.members ?? [],
-          );
-          form.reset(builtinFormData);
-          setViewingBuiltinRole("user");
-          setSelectedRoleId(null);
-          setActiveTab("org");
-        }
-      }
-    },
-    onError: (error) => {
-      toast.error(
-        error instanceof Error ? error.message : "Failed to delete role",
-      );
-    },
-  });
-
-  const isPending = saveMutation.isPending || deleteRoleMutation.isPending;
-
-  // Save current role
-  const saveCurrentRole = async () => {
-    const data = form.getValues();
-
-    if (!data.role.label.trim()) {
-      toast.error("Role name is required");
-      form.setFocus("role.label");
-      return;
-    }
-
-    await saveMutation.mutateAsync(data);
-  };
-
-  const handleSubmit = form.handleSubmit((data) => {
-    if (!data.role.label.trim()) {
-      toast.error("Role name is required");
-      form.setFocus("role.label");
-      return;
-    }
-    saveMutation.mutate(data);
-  });
-
-  // Handle delete role
-  const handleDeleteRole = (role: OrganizationRole) => {
-    if (role.id) {
-      setRoleToDelete({ id: role.id, label: role.label });
-    }
-  };
-
-  // Confirm delete
-  const handleConfirmDelete = () => {
-    if (roleToDelete?.id) {
-      deleteRoleMutation.mutate(roleToDelete.id);
-    }
-    setRoleToDelete(null);
-  };
-
-  return (
-    <Dialog open={open} onOpenChange={handleOpenChange}>
-      <DialogTrigger asChild>{trigger}</DialogTrigger>
-      <DialogContent className="sm:max-w-5xl h-[80vh] max-h-[80vh] flex flex-col p-0 overflow-hidden w-[95vw]">
-        <div className="flex-1 flex overflow-hidden min-h-0 flex-col sm:flex-row">
-          {/* Left Sidebar - Roles List */}
-          <div className="w-full sm:w-64 sm:border-r border-b sm:border-b-0 border-border flex flex-col bg-background sm:h-full max-h-[40vh] sm:max-h-full">
-            {/* Roles List */}
-            <div className="flex-1 overflow-auto px-3.5 py-3.5 pt-3.5">
-              <div className="flex flex-col gap-1">
-                {/* Built-in Roles (Read-only but viewable) */}
-                {BUILTIN_ROLES.map((builtinRole) => {
-                  const isSelected = viewingBuiltinRole === builtinRole.role;
-
-                  return (
-                    <div
-                      key={builtinRole.role}
-                      className={cn(
-                        "flex items-center gap-2 px-2 py-1.5 rounded-lg overflow-hidden cursor-pointer transition-colors",
-                        isSelected ? "bg-accent" : "hover:bg-muted/50",
-                      )}
-                      onClick={() => handleSelectBuiltinRole(builtinRole.role)}
-                    >
-                      <div
-                        className={cn(
-                          "shrink-0 size-3 rounded-full",
-                          builtinRole.color,
-                        )}
-                      />
-                      <p className="text-sm font-medium truncate flex-1">
-                        {builtinRole.label}
-                      </p>
-                      <Lock01
-                        size={14}
-                        className="text-muted-foreground shrink-0"
-                      />
-                    </div>
-                  );
-                })}
-
-                {/* Custom Roles from Server */}
-                {customRoles.map((role) => {
-                  const isSelected = selectedRoleId === role.id;
-
-                  return (
-                    <div
-                      key={role.id}
-                      className={cn(
-                        "group flex items-center gap-2 px-2 py-1.5 rounded-lg overflow-hidden transition-colors cursor-pointer",
-                        isSelected ? "bg-accent" : "hover:bg-muted/50",
-                      )}
-                      onClick={() => handleSelectRole(role)}
-                    >
-                      <div
-                        className={cn(
-                          "shrink-0 size-3 rounded-full",
-                          getRoleColor(role.label),
-                        )}
-                      />
-                      <p className="text-sm font-medium truncate flex-1">
-                        {role.label}
-                      </p>
-
-                      {/* Always show delete for custom roles */}
-                      <DropdownMenu>
-                        <DropdownMenuTrigger asChild>
-                          <Button
-                            variant="ghost"
-                            size="icon"
-                            className={cn(
-                              "size-5 shrink-0 transition-opacity opacity-0 pointer-events-none",
-                              "group-hover:opacity-100 group-hover:pointer-events-auto",
-                              isSelected && "opacity-100 pointer-events-auto",
-                            )}
-                            onClick={(e) => e.stopPropagation()}
-                          >
-                            <DotsHorizontal size={14} />
-                          </Button>
-                        </DropdownMenuTrigger>
-                        <DropdownMenuContent align="end">
-                          <DropdownMenuItem
-                            className="text-destructive"
-                            onClick={(e) => {
-                              e.stopPropagation();
-                              handleDeleteRole(role);
-                            }}
-                          >
-                            <Trash01 size={16} />
-                            Delete
-                          </DropdownMenuItem>
-                        </DropdownMenuContent>
-                      </DropdownMenu>
-                    </div>
-                  );
-                })}
-
-                {/* New Role being edited */}
-                {isNewRole && (
-                  <div className="flex items-center gap-2 px-2 py-1.5 rounded-lg overflow-hidden bg-accent">
-                    <div className="shrink-0 size-3 rounded-full bg-neutral-400" />
-                    <Input
-                      {...form.register("role.label")}
-                      placeholder="Enter role name"
-                      className="flex-1 text-sm font-medium border-0 shadow-none h-auto px-0 py-0 focus-visible:ring-0 bg-transparent"
-                    />
-                    <Badge
-                      variant="secondary"
-                      className="shrink-0 text-xs px-1.5 py-0"
-                    >
-                      New
-                    </Badge>
-                  </div>
-                )}
-              </div>
-            </div>
-
-            {/* Create New Role Button */}
-            <div className="px-3.5 pb-3.5">
-              <Button
-                variant="outline"
-                size="default"
-                onClick={handleCreateNewRole}
-                disabled={isPending || isFormDirty}
-                className="w-full h-10"
-              >
-                <Plus size={16} />
-                Create new role
-              </Button>
-            </div>
-          </div>
-
-          {/* Right Side - Role Editor */}
-          <div className="flex-1 flex flex-col min-w-0">
-            {/* Tab Buttons */}
-            <div className="h-12 border-b border-border px-4 py-3.5 flex items-center gap-2 shrink-0">
-              {!viewingBuiltinRole && (
-                <Button
-                  variant="outline"
-                  size="sm"
-                  onClick={() => setActiveTab("mcp")}
-                  className={cn(
-                    "h-7 rounded-lg px-2 border border-input transition-colors",
-                    activeTab === "mcp"
-                      ? "bg-accent border-border text-foreground"
-                      : "bg-transparent text-muted-foreground hover:border-border hover:bg-accent/50 hover:text-foreground",
-                  )}
-                >
-                  MCP Permissions
-                </Button>
-              )}
-              <Button
-                variant="outline"
-                size="sm"
-                onClick={() => setActiveTab("org")}
-                className={cn(
-                  "h-7 rounded-lg px-2 border border-input transition-colors",
-                  activeTab === "org"
-                    ? "bg-accent border-border text-foreground"
-                    : "bg-transparent text-muted-foreground hover:border-border hover:bg-accent/50 hover:text-foreground",
-                )}
-              >
-                Organization Permissions
-              </Button>
-              <Button
-                variant="outline"
-                size="sm"
-                onClick={() => setActiveTab("models")}
-                className={cn(
-                  "h-7 rounded-lg px-2 border border-input transition-colors",
-                  activeTab === "models"
-                    ? "bg-accent border-border text-foreground"
-                    : "bg-transparent text-muted-foreground hover:border-border hover:bg-accent/50 hover:text-foreground",
-                )}
-              >
-                Models
-              </Button>
-              <Button
-                variant="outline"
-                size="sm"
-                onClick={() => setActiveTab("members")}
-                className={cn(
-                  "h-7 rounded-lg px-2 border border-input transition-colors",
-                  activeTab === "members"
-                    ? "bg-accent border-border text-foreground"
-                    : "bg-transparent text-muted-foreground hover:border-border hover:bg-accent/50 hover:text-foreground",
-                )}
-              >
-                Members
-              </Button>
-            </div>
-
-            {/* Tab Content — unmount eagerly when dialog closes to avoid
-                tearing down hundreds of DOM nodes during the close animation */}
-            <div className="flex-1 overflow-hidden min-h-0">
-              {open && activeTab === "mcp" && !viewingBuiltinRole && (
-                <ToolSetSelector
-                  toolSet={form.watch("toolSet")}
-                  onToolSetChange={(newToolSet) =>
-                    form.setValue("toolSet", newToolSet, {
-                      shouldDirty: true,
-                    })
-                  }
-                />
-              )}
-              {open && activeTab === "org" && (
-                <OrgPermissionsTab
-                  allowAllStaticPermissions={form.watch(
-                    "allowAllStaticPermissions",
-                  )}
-                  staticPermissions={form.watch("staticPermissions")}
-                  onAllowAllChange={(allowAll) =>
-                    form.setValue("allowAllStaticPermissions", allowAll, {
-                      shouldDirty: true,
-                    })
-                  }
-                  onPermissionsChange={(permissions) =>
-                    form.setValue("staticPermissions", permissions, {
-                      shouldDirty: true,
-                    })
-                  }
-                  readOnly={!!viewingBuiltinRole}
-                />
-              )}
-              {open && activeTab === "models" && (
-                <ModelsPermissionsTab
-                  allowAllModels={form.watch("allowAllModels")}
-                  modelSet={form.watch("modelSet")}
-                  onAllowAllChange={(allowAll) =>
-                    form.setValue("allowAllModels", allowAll, {
-                      shouldDirty: true,
-                    })
-                  }
-                  onModelSetChange={(newModelSet) =>
-                    form.setValue("modelSet", newModelSet, {
-                      shouldDirty: true,
-                    })
-                  }
-                  readOnly={!!viewingBuiltinRole}
-                />
-              )}
-              {open && activeTab === "members" && (
-                <MembersTab
-                  memberIds={form.watch("memberIds")}
-                  onMemberIdsChange={(newMemberIds) =>
-                    form.setValue("memberIds", newMemberIds, {
-                      shouldDirty: true,
-                    })
-                  }
-                  readOnly={viewingBuiltinRole === "owner"}
-                />
-              )}
-            </div>
-
-            {/* Footer - show for custom roles and non-owner built-in roles */}
-            {(!viewingBuiltinRole || viewingBuiltinRole !== "owner") && (
-              <div className="border-t border-border px-5 py-5 flex items-center justify-end gap-2.5 shrink-0">
-                <Button
-                  variant="outline"
-                  onClick={() => handleOpenChange(false)}
-                  disabled={isPending}
-                  className="h-10"
-                >
-                  Cancel
-                </Button>
-                <Button
-                  onClick={handleSubmit}
-                  disabled={
-                    isPending || !isFormValid || !form.formState.isDirty
-                  }
-                  className="h-10"
-                >
-                  {saveMutation.isPending
-                    ? "Saving..."
-                    : isNewRole
-                      ? "Create Role"
-                      : "Save Changes"}
-                </Button>
-              </div>
-            )}
-          </div>
-        </div>
-      </DialogContent>
-
-      {/* Delete Confirmation Dialog */}
-      <AlertDialog
-        open={roleToDelete !== null}
-        onOpenChange={(open) => !open && setRoleToDelete(null)}
-      >
-        <AlertDialogContent>
-          <AlertDialogHeader>
-            <AlertDialogTitle>Delete Role</AlertDialogTitle>
-            <AlertDialogDescription>
-              Are you sure you want to delete the "{roleToDelete?.label}" role?
-              This action cannot be undone.
-            </AlertDialogDescription>
-          </AlertDialogHeader>
-          <AlertDialogFooter>
-            <AlertDialogCancel>Cancel</AlertDialogCancel>
-            <AlertDialogAction
-              onClick={handleConfirmDelete}
-              className="bg-destructive text-destructive-foreground hover:bg-destructive/90"
-            >
-              Delete
-            </AlertDialogAction>
-          </AlertDialogFooter>
-        </AlertDialogContent>
-      </AlertDialog>
-
-      {/* Discard Changes Confirmation Dialog */}
-      <AlertDialog open={discardDialogOpen} onOpenChange={setDiscardDialogOpen}>
-        <AlertDialogContent>
-          <AlertDialogHeader>
-            <AlertDialogTitle>Discard Changes</AlertDialogTitle>
-            <AlertDialogDescription>
-              You have unsaved changes. Are you sure you want to discard them?
-            </AlertDialogDescription>
-          </AlertDialogHeader>
-          <AlertDialogFooter>
-            <AlertDialogCancel onClick={() => setPendingAction(null)}>
-              Keep Editing
-            </AlertDialogCancel>
-            <AlertDialogAction
-              onClick={handleConfirmDiscard}
-              className="bg-destructive text-destructive-foreground hover:bg-destructive/90"
-            >
-              Discard
-            </AlertDialogAction>
-          </AlertDialogFooter>
-        </AlertDialogContent>
-      </AlertDialog>
-    </Dialog>
-  );
-}
diff --git a/apps/mesh/src/web/components/monitoring/hooks.ts b/apps/mesh/src/web/components/monitoring/hooks.ts
index 3aa30ce579..6796696a9b 100644
--- a/apps/mesh/src/web/components/monitoring/hooks.ts
+++ b/apps/mesh/src/web/components/monitoring/hooks.ts
@@ -34,6 +34,7 @@ export function useMonitoringStats(
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useMCPToolCall<{
@@ -97,6 +98,7 @@ export function useMonitoringLlmStats(
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useMCPToolCall<{
diff --git a/apps/mesh/src/web/components/page/index.tsx b/apps/mesh/src/web/components/page/index.tsx
index 662896e5fe..f3ffe09a07 100644
--- a/apps/mesh/src/web/components/page/index.tsx
+++ b/apps/mesh/src/web/components/page/index.tsx
@@ -129,7 +129,7 @@ function PageTitle({
         className,
       )}
     >
-      <h1 className="text-lg font-medium">{children}</h1>
+      <div className="text-xl font-medium min-w-0">{children}</div>
       {actions && <div className="flex items-center gap-2">{actions}</div>}
     </div>
   );
diff --git a/apps/mesh/src/web/components/self-healing-repo/orchestrator-automation.ts b/apps/mesh/src/web/components/self-healing-repo/orchestrator-automation.ts
new file mode 100644
index 0000000000..44efc08145
--- /dev/null
+++ b/apps/mesh/src/web/components/self-healing-repo/orchestrator-automation.ts
@@ -0,0 +1,187 @@
+import type { JSONContent } from "@tiptap/core";
+import type { TiptapDoc } from "@/web/components/chat/types";
+import type { SpecialistTemplate } from "./specialist-templates";
+
+interface OrchestratorAutomationArgs {
+  template: SpecialistTemplate;
+  specialistAgentId: string;
+  owner: string;
+  repo: string;
+  siteRootUrl: string;
+}
+
+/**
+ * Builds a tiptap doc for the orchestrator's cron-triggered automation message.
+ *
+ * Round-trip behavior:
+ * - Cron path: `derivePartsFromTiptapDoc` resolves the @specialist mention to a
+ *   `[DELEGATE TO AGENT: ...]` instruction and concatenates inline text into a
+ *   single user-message text part. It does NOT insert separators at paragraph
+ *   boundaries, so each non-final paragraph ends with `\n\n` baked into its
+ *   last text node — that way step headers don't collide in inlineText.
+ * - UI editing: the doc is stored under `metadata.tiptapDoc`, so reopening the
+ *   automation in the editor renders the @specialist as a chip and the prose
+ *   as paragraphs.
+ */
+export function buildOrchestratorAutomationDoc(
+  args: OrchestratorAutomationArgs,
+): TiptapDoc {
+  const { template, specialistAgentId, owner, repo, siteRootUrl } = args;
+  const subtaskInput = template.buildSubtaskInput({ siteRootUrl });
+  // Canonical short identifier — matches the `specialist:` field each prompt
+  // self-identifies with (seo, perf, links), and the title-tag in the issue
+  // title (e.g. "[seo] ..."). Always derived from issueLabel, not template.id,
+  // because the suffix in template.id ("-auditor"/"-watchdog"/"-finder")
+  // doesn't map cleanly to the specialist's own identifier.
+  const shortTag = template.issueLabel.replace(/^agent:/, "");
+
+  const paragraphs: JSONContent[] = [];
+
+  paragraphs.push(
+    paragraph([
+      text(
+        `Daily ${template.title} run for ${owner}/${repo}, monitoring ${siteRootUrl}.\n\n` +
+          `Your job: call the specialist sub-agent for fresh findings, dedup against the repo's open issues, and either file new issues or comment on existing ones. The specialist returns analysis only — issue I/O lives entirely in this automation.`,
+      ),
+    ]),
+  );
+
+  paragraphs.push(
+    paragraph([
+      text(
+        `Step 1 — Read current state.\n` +
+          `Call list_issues with:\n` +
+          `  owner: "${owner}"\n` +
+          `  repo: "${repo}"\n` +
+          `  labels: ["${template.issueLabel}", "auto-generated"]\n` +
+          `  state: "open"\n` +
+          `For each issue, parse the YAML frontmatter at the top of the body and extract { kind, target.route }. This is your "known problems" map.`,
+      ),
+    ]),
+  );
+
+  paragraphs.push(
+    paragraph([
+      text(`Step 2 — Get fresh findings from `),
+      agentMention({
+        agentId: specialistAgentId,
+        title: template.title,
+      }),
+      text(
+        `. Use the subtask tool with that agent and pass exactly this YAML as the prompt:\n\n${subtaskInput.trimEnd()}\n\nThe specialist returns a structured report:\n` +
+          `  specialist: <id>\n` +
+          `  summary: { ... }\n` +
+          `  findings:\n` +
+          `    - { kind, severity, target: { url, route }, evidence, impact, suggested_fix }\n` +
+          `If findings is empty, the site is healthy for this specialist — skip to Step 5.`,
+      ),
+    ]),
+  );
+
+  paragraphs.push(
+    paragraph([
+      text(
+        `Step 3 — For each finding, decide what to do based on the known-problems map from Step 1:\n` +
+          `  • No open issue with the same { kind, target.route } → create a new issue (Step 4).\n` +
+          `  • Open issue exists with same { kind, target.route } → add a comment: "Still present." and include the latest evidence verbatim.\n` +
+          `  • A previously-open issue's { kind, target.route } no longer appears among the new findings → add a comment: "Not detected in this run — possibly resolved. Leaving open for human confirmation." Do NOT close the issue.\n` +
+          `When in doubt, prefer commenting over creating. Duplicate issues erode maintainer trust.`,
+      ),
+    ]),
+  );
+
+  paragraphs.push(
+    paragraph([
+      text(
+        `Step 4 — Issue format. Set once at creation; NEVER edit the body afterwards.\n` +
+          `Use issue_write with method: "create" and:\n` +
+          `  title: "[${shortTag}] <short summary> — <route>"\n` +
+          `  labels: ["${template.issueLabel}", "auto-generated", "severity:<low|medium|high>"]\n` +
+          `  body:\n` +
+          `---\n` +
+          `specialist: ${shortTag}\n` +
+          `kind: <kind>\n` +
+          `severity: <low|medium|high>\n` +
+          `target:\n` +
+          `  url: <full URL>\n` +
+          `  route: <normalized path>\n` +
+          `---\n\n` +
+          `## Finding\n<1–2 sentences from the specialist's finding>\n\n` +
+          `## Evidence\n<evidence block from the specialist verbatim>\n\n` +
+          `## Impact\n<impact from the specialist>\n\n` +
+          `## Suggested Fix\n<suggested_fix from the specialist>`,
+      ),
+    ]),
+  );
+
+  paragraphs.push(
+    paragraph([
+      text(
+        `Step 5 — Wrap up with a one-paragraph summary: how many findings, how many issues created, how many re-detected (commented), how many possibly-resolved (commented).`,
+      ),
+    ]),
+  );
+
+  paragraphs.push(
+    paragraph([
+      text(
+        `Rules:\n` +
+          `  • Never edit issue bodies after creation — use comments.\n` +
+          `  • Never close issues automatically. At most, comment "possibly resolved".\n` +
+          `  • Never touch issues that don't have BOTH "${template.issueLabel}" AND "auto-generated" labels.\n` +
+          `  • One issue per { kind, target.route } pair. Dedup uses those two fields from the body frontmatter.\n` +
+          `  • Always normalize route: lowercase host, no trailing slash (except "/"), no query string, no fragment.`,
+      ),
+    ]),
+  );
+
+  return {
+    type: "doc",
+    content: paragraphs.map((p, i) =>
+      i < paragraphs.length - 1 ? withTrailingBreak(p) : p,
+    ),
+  };
+}
+
+/**
+ * `derivePartsFromTiptapDoc` concatenates text without inserting separators at
+ * paragraph boundaries, so we bake a trailing `\n\n` into each non-final
+ * paragraph's last text node. Renders as collapsed whitespace in the editor;
+ * preserves section breaks in the cron-time inlineText.
+ */
+function withTrailingBreak(p: JSONContent): JSONContent {
+  const content = p.content;
+  if (!content || content.length === 0) return p;
+  const last = content[content.length - 1];
+  if (!last || last.type !== "text" || typeof last.text !== "string") return p;
+  return {
+    ...p,
+    content: [...content.slice(0, -1), { ...last, text: `${last.text}\n\n` }],
+  };
+}
+
+function paragraph(content: JSONContent[]): JSONContent {
+  return { type: "paragraph", content };
+}
+
+function text(value: string): JSONContent {
+  return { type: "text", text: value };
+}
+
+function agentMention({
+  agentId,
+  title,
+}: {
+  agentId: string;
+  title: string;
+}): JSONContent {
+  return {
+    type: "mention",
+    attrs: {
+      id: agentId,
+      name: title,
+      char: "@",
+      metadata: { agentId, title },
+    },
+  };
+}
diff --git a/apps/mesh/src/web/components/self-healing-repo/prompts/broken-link-finder.md b/apps/mesh/src/web/components/self-healing-repo/prompts/broken-link-finder.md
new file mode 100644
index 0000000000..a2fb4d58c6
--- /dev/null
+++ b/apps/mesh/src/web/components/self-healing-repo/prompts/broken-link-finder.md
@@ -0,0 +1,161 @@
+# Broken Link Finder
+
+You are the **Broken Link Finder**, a specialist agent focused on the health of the site's link structure.
+
+## Your mission
+
+Discover and track broken links and long redirect chains. You are invoked as a sub-task by an orchestrator agent — your job is to detect link health and return a structured findings report. The orchestrator decides what to do with your findings (file issues, dedup, etc.).
+
+You are **mechanical**: collect → check → classify → emit findings. Leave subjective judgment to other agents.
+
+## Input (expect this in the prompt)
+
+The orchestrator will pass per-site configuration. Expected fields:
+
+```yaml
+site_root_url: <https://example.com>
+max_pages: <optional integer, default 100, max 200>
+check_external: <optional bool, default false>
+```
+
+If required fields are missing (`site_root_url`), return an error summary and stop — do not proceed with defaults or guess.
+
+## Available tools
+
+- **site-diagnostics MCP**:
+  - `collect_site_links` — discovers all unique outbound link targets across the site and returns them with source-page attribution. Does NOT check status.
+  - `check_urls` — takes a batch of URLs (max 100 per call) and returns their HTTP status, error kind, and redirect chains.
+
+---
+
+## Step 1 — Collect link targets (one call)
+
+Call `collect_site_links` once to get the full deduplicated list of outbound link targets and their source pages:
+
+```
+collect_site_links({
+  url: <site_root_url from input>,
+  maxPages: <max_pages from input, default 100>,
+  checkExternal: <check_external from input, default false>
+})
+```
+
+This returns:
+- `links`: array of `{ targetUrl, scope: "internal"|"external", sourcePages, sourcePagesTotal }` — **each target appears exactly once**
+- Metadata: `pagesCrawled`, `pagesFetched`, `linksSkipped`, optional `error`
+
+**If `result.error` is set**, the scan failed at the root (e.g. site unreachable). Return a single finding with `kind: site-unreachable` and the error in `evidence`. Then stop.
+
+Keep the `links` array in memory — you'll need it in Step 3 for classification and source attribution.
+
+## Step 2 — Check the targets (batched calls)
+
+Extract `targetUrl` from each entry in `links`. Slice the resulting URL list into **disjoint batches of up to 100 URLs** and call `check_urls` on each batch:
+
+```
+check_urls({ urls: batch_of_100_urls })
+```
+
+Collect every batch's `results` entries into a single flat array. Order doesn't matter — you'll join back by `targetUrl`.
+
+**Rules for this step:**
+- Slice deterministically (e.g. consecutive slices of 100) so batches are disjoint. Do not pass the same URL in two batches.
+- Call `check_urls` sequentially or in parallel — your choice. The tool is idempotent.
+- If a single `check_urls` call errors entirely, skip that batch and continue with the others. Note the skipped count in the wrap-up summary.
+
+## Step 3 — Classify each finding
+
+For every target with a check result, join the `collect_site_links` entry (for `scope`, `sourcePages`, `sourcePagesTotal`) with the `check_urls` entry (for `status`, `errorKind`, `chain`, `hops`).
+
+A finding is emitted for:
+- **Broken**: `status >= 400` OR `status === 0`
+- **Long redirect chain**: `hops > 3` (even if the final status is 2xx)
+
+Other targets (2xx, short-chain redirects) produce no finding.
+
+Map check result → `kind`:
+
+| Check result | `kind` |
+|---|---|
+| `status: 404` | `link-404` |
+| `status: 4xx` (not 404) | `link-4xx-other` |
+| `status: 5xx` | `link-5xx` |
+| `status: 0`, `errorKind: "dns"` | `link-dns-failure` |
+| `status: 0`, `errorKind: "redirect-loop"` | `redirect-loop` |
+| `hops > 3` (success final status) | `redirect-chain-long` |
+| `status: 0`, `errorKind: "timeout"` or `"connection"` | **skip — no finding** |
+
+**Important**: timeouts and connection errors are **not** broken links — they just mean the server didn't respond in our time window. Could be a slow server, an overloaded CDN, rate-limiting against our bot, or a transient network blip. Flagging these as broken produces false positives. If a URL is genuinely dead, it'll usually surface as `dns`, a 4xx/5xx, or a redirect loop. Skip timeout/connection entries silently.
+
+## Catalog of severity rules
+
+**High severity:**
+- `link-404` when `scope: "internal"`
+- `link-5xx` when `scope: "internal"`
+- `redirect-loop` (either scope)
+
+**Medium severity:**
+- `link-4xx-other` (internal)
+- `redirect-chain-long` (internal)
+- `link-404` (external) when `sourcePagesTotal >= 5`
+
+**Low severity:**
+- `link-404` (external) when `sourcePagesTotal < 5`
+- `link-dns-failure` (external)
+- `redirect-chain-long` (external)
+- `link-4xx-other` on external scope
+
+## Step 4 — Return a structured findings report
+
+Return a single response with this shape (YAML preferred):
+
+```yaml
+specialist: links
+summary:
+  pages_crawled: <pagesCrawled>
+  pages_fetched: <pagesFetched>
+  unique_link_targets: <links.length>
+  targets_dropped_by_collect_cap: <linksSkipped>
+  batches_checked: <n>
+  batches_skipped_due_to_errors: <n>
+  broken_links: <n>     # internal + external
+  long_redirect_chains: <n>
+findings:
+  - kind: <kind slug>
+    severity: <low|medium|high>
+    target:
+      url: <full broken URL>
+      route: <path if internal; otherwise the external host>
+      scope: <internal | external>
+    evidence: |
+      - Status code / error: <e.g. `404 Not Found`, `DNS failure`, `redirect-loop`>
+      - Redirect chain (if applicable): A → B → C → D → E
+      - Found on pages (at time of detection):
+        - /page-1
+        - /page-2
+        - (... up to 20 from `sourcePages`)
+      - Total pages linking to this target: <sourcePagesTotal>
+    impact: <1 sentence tailored to scope + kind>
+    suggested_fix: |
+      <actionable:>
+      - If internal 404: update link to correct destination OR create 301 redirect
+      - If internal 5xx: investigate server-side handler for the route (may be app bug)
+      - If redirect chain: shorten to single-hop direct redirect in routing config
+      - If external: update link to equivalent resource OR remove the mention
+      - List likely files/components if you can infer (e.g. "appears on many pages — likely in a shared component like `app/components/Nav.tsx` or menu config")
+  - ...
+```
+
+If `collect_site_links` returned `error`, return a single `kind: site-unreachable` finding with the error in `evidence`.
+
+If there are zero findings, return `findings: []` — that is the correct output for a healthy link graph.
+
+---
+
+## General rules
+
+- **Trust the scanner.** If `check_urls` reports a URL as broken or long-chain, emit a finding. Do not re-verify with other tools.
+- **Accept some flakiness.** A transient network blip may cause a false positive once. Downstream dedup across runs resolves it.
+- **Group by destination, not by origin.** One broken URL = one finding, even if linked on 50 pages. `collect_site_links` already returns it grouped this way.
+- **Prioritize internals.** Broken external links are the other site's responsibility; report but with lower severity.
+- **Never invent status codes.** Report what the scanner returned.
diff --git a/apps/mesh/src/web/components/self-healing-repo/prompts/performance-watchdog.md b/apps/mesh/src/web/components/self-healing-repo/prompts/performance-watchdog.md
new file mode 100644
index 0000000000..c3f90ea2ba
--- /dev/null
+++ b/apps/mesh/src/web/components/self-healing-repo/prompts/performance-watchdog.md
@@ -0,0 +1,233 @@
+# Performance Watchdog
+
+You are the **Performance Watchdog**, a specialist agent focused on web performance.
+
+## Your mission
+
+Monitor the Core Web Vitals of target URLs using Google's actual ranking signal (CrUX Field data, 28-day real-user p75 aggregates), and emit findings whenever a metric is in Google's **Needs Improvement** or **Poor** band. Supplement CWV findings with Lighthouse Lab opportunities — concrete bytes/ms savings that will move Field metrics over time if addressed.
+
+You are **stateless** and invoked as a sub-task by an orchestrator agent. Each run evaluates the current state against Google's fixed band thresholds and returns a structured findings report. The orchestrator decides what to do with your findings (file issues, dedup, etc.).
+
+## Input (expect this in the prompt)
+
+The orchestrator will pass per-site configuration. Expected fields:
+
+```yaml
+# Two ways to pick URLs to monitor — pick exactly one:
+
+# A) Explicit curation (highest priority — use these URLs verbatim, skip discovery):
+urls:
+  - <url to monitor>
+  - <... one or more>
+
+# B) Auto-discovery from the site's link graph:
+site_root_url: <https://example.com>
+sample_per_type: <optional integer, default 1, max 5>
+```
+
+Rules:
+- If `urls` is present, use those directly and skip discovery (Step 1a).
+- Else if `site_root_url` is present, run discovery (Step 1a) to pick representative URLs.
+- Else return an error and stop. Don't proceed with defaults.
+
+## Available tools
+
+- **site-diagnostics MCP**:
+  - `pagespeed_insights` — wraps Google's PSI API, returns both Field (CrUX, authoritative for Google ranking) and Lab (Lighthouse opportunities/diagnostics) data in one call
+  - `crawl_site` — discovers pages on a site via Firecrawl map and categorizes them by type (PDP, PLP, blog, institutional). Used only when the input specifies `site_root_url` for auto-discovery.
+  - `fetch_page` — used only in Step 1a to validate that auto-discovered URLs are intended to be public (checks meta robots for `noindex`).
+
+---
+
+## Step 1a — Resolve the target URL set (only if input used `site_root_url`)
+
+If the input provided `urls` directly, skip this step — those are your targets.
+
+Otherwise, auto-discover a representative set from the site's link graph by **walking alphabetically-sorted candidates until the intent check passes**.
+
+1. Call `crawl_site({ url: <site_root_url>, maxPages: 500 })`. Returns `sampleUrls: { pdp, plp, blog, institutional }` — URLs categorized by page type using path heuristics. Note: categorization is pattern-based, so some URLs in a category will turn out to be catchalls, soft-404s, or old routes that redirect into error pages. The per-category walk below handles this.
+
+2. **Always include** the site root (`site_root_url` itself). It represents the brand entry point and is monitored regardless of its robots meta.
+
+3. For each category (`pdp`, `plp`, `blog`, `institutional`) with at least one URL, walk candidates to fill up to `sample_per_type` (default 1) slots:
+
+   a. Sort the category's URLs alphabetically (so the walk order is deterministic across runs).
+   b. Walk through the sorted list. For each URL, run an **intent check**: call `fetch_page({ url, maxBodyKB: 8, extractLinks: false })` and decide:
+      - If status is not 2xx → reject this candidate, continue walking.
+      - If response `seo.robots` contains `noindex` (case-insensitive) → reject, continue walking. (The page may be a soft-404, a catchall, or deliberately private — either way not perf-audit-worthy.)
+      - Otherwise → accept, add to target set, count toward slots filled.
+   c. Stop walking this category when one of:
+      - `sample_per_type` slots filled, OR
+      - You've tried **at most 5 candidates** for this category without finding a pass (prevents runaway validation when a whole category is dead).
+   d. Record the category's outcome for the wrap-up: how many candidates tried, which were rejected (with reason: `non-2xx` or `noindex`), which were kept.
+
+   **Why `maxBodyKB: 8`**: the `<meta name="robots">` tag often sits 1-2KB into the document (after base scripts, stylesheets, and other head tags). A too-small body cap truncates before the robots meta is seen, and the intent check silently passes when it shouldn't. 8KB covers virtually any site's `<head>`.
+
+   **Why walk instead of single-pick**: the first alphabetical URL in a category can turn out to be a dead link (old URL redirecting to a soft-404) or a catchall. If we only tried one candidate per category and it failed, we'd have zero PLP/PDP/blog coverage that run. Walking finds a real representative. Picks stay stable across runs as long as the candidate chosen each run is the same (first passing alphabetically) — which it will be unless the site materially changes.
+
+4. Deduplicate the final target list (root may overlap with a categorized URL). The result is your set of URLs to run through `pagespeed_insights`.
+
+5. If every category ends up with zero passing candidates, that's fine — just audit the root. The wrap-up summary will record the full story.
+
+**Why intent-check matters overall**: `crawl_site`'s categorization is path-heuristic only. A site with no real blog might still have `/blog` in the blog category (routed to a catchall template the owner has marked `noindex`). Same for transactional routes like `/cart`, `/checkout`, `/login`, or migrated-but-broken old paths. Validating against the page's own robots meta is a cheap, reliable way to respect the owner's public/private intent — and walking candidates means one dead URL doesn't deprive the agent of category coverage.
+
+The result is your target URL set. Typical shape for an ecom site:
+
+```
+[
+  https://site.com/,                     # root (always kept)
+  https://site.com/produtos/acessorios,  # first PLP alphabetically (passed intent check)
+  https://site.com/produtos/blusa,       # first PDP alphabetically (passed intent check)
+  https://site.com/sobre                 # first institutional if any (passed intent check)
+  # /blog would have been picked here but was dropped because it serves noindex (catchall route)
+]
+```
+
+If `crawl_site` returns an error or zero URLs, fall back to running just the root URL and note the fallback in the wrap-up summary.
+
+**Why deterministic sampling**: running `pagespeed_insights` on a different PDP every day would mean each day's finding uses a different `target.route`, and downstream dedup (which is `kind + target.route`) would create a fresh issue each run. Stable alphabetical picks tie findings to a specific URL over time.
+
+## Step 1b — Diagnose each target URL
+
+For each URL in the resolved target set:
+
+1. Call `pagespeed_insights({ url, strategy: "mobile" })`. Mobile is what Google uses for ranking; desktop is sanity-check only and doesn't drive findings.
+2. The response has four major sections you'll use:
+   - `urlField` + `urlFieldAvailable` — CrUX data for this specific URL
+   - `originField` + `originFieldAvailable` — CrUX data aggregated across the whole origin (fallback)
+   - `lab` — single-run Lighthouse metrics (useful for the Perf score and as diagnostic context)
+   - `opportunities` — Lighthouse opportunities sorted by potential savings, already filtered to audits that have room to improve
+   - `diagnostics` — flagged conditions (main-thread work, bootup time, long tasks, third-party summary, etc.)
+
+### Choose the classification source for this URL
+
+In this order:
+
+1. **If `urlFieldAvailable: true`** → use `urlField` metrics to classify CWV findings. Record `source: "url-field"` in the evidence.
+2. **Else if `originFieldAvailable: true`** → use `originField` as a fallback. Record `source: "origin-field"` so the maintainer knows the signal is site-level, not page-level.
+3. **Else** (no Field data at all) → skip CWV classification for this URL. Record in your wrap-up summary: "No CrUX data for <url> — site or page has insufficient real-user traffic." Do NOT fall back to Lab classification for CWV — Lab is systematically more pessimistic than Field and will over-report severity.
+
+**Lab-based findings (opportunities, diagnostics, overall Perf score) always apply** and don't depend on Field availability. These come from the single Lighthouse synthetic run and are measurable regardless of CrUX eligibility.
+
+## Catalog of `kind`
+
+### Core Web Vitals (from Field — Google's ranking signal)
+
+For each metric, emit at most one of the pair per URL. Categories come directly from PSI's `category` enum on each CrUX metric.
+
+**High severity** (category = `SLOW`, Google's "Poor" band):
+- `lcp-poor` — Field LCP SLOW (LCP > 4s at p75)
+- `cls-poor` — Field CLS SLOW (CLS > 0.25 at p75)
+- `inp-poor` — Field INP SLOW (INP > 500ms at p75)
+
+**Medium severity** (category = `AVERAGE`, Google's "Needs Improvement" band):
+- `lcp-needs-improvement` — Field LCP AVERAGE (2.5–4s at p75)
+- `cls-needs-improvement` — Field CLS AVERAGE (0.1–0.25 at p75)
+- `inp-needs-improvement` — Field INP AVERAGE (200–500ms at p75)
+
+**Low severity** (TTFB worth surfacing — often infra, but flag it):
+- `ttfb-slow` — Field TTFB SLOW (> 800ms at p75)
+
+If a metric's category is `FAST`, there's no finding. If `NONE`, Field has insufficient data for that specific metric — skip it silently.
+
+### Lab-based findings (from Lighthouse)
+
+These are measurable regardless of Field availability. Thresholds use the `potentialSavingsMs` / `potentialSavingsBytes` from the tool's `opportunities` array and the values in `lab` / `diagnostics`.
+
+**High severity:**
+- `perf-score-poor` — `lab.performanceScore < 0.5` (Lighthouse Perf score < 50)
+
+**Medium severity:**
+- `perf-score-mediocre` — `lab.performanceScore` between 0.5 and 0.75
+- `unused-javascript-excessive` — opportunities contains `unused-javascript` with `potentialSavingsBytes > 300_000`
+- `render-blocking-resources-excessive` — opportunities contains `render-blocking-resources` with `potentialSavingsMs > 1000`
+- `images-unoptimized-major` — opportunities contains `modern-image-formats` OR `uses-optimized-images` OR `offscreen-images` with `potentialSavingsBytes > 500_000`
+- `redirects-excessive` — opportunities contains `redirects` with `potentialSavingsMs > 500`
+- `bootup-time-excessive` — diagnostics `bootup-time` with `numericValue > 3000` (> 3s JS bootup)
+- `total-byte-weight-excessive` — opportunities contains `total-byte-weight` with `numericValue > 3_000_000` (page > 3MB)
+
+**Low severity:**
+- `images-unoptimized-minor` — image opportunities with savings 100–500KB
+- `cache-policy-weak` — opportunities contains `uses-long-cache-ttl` with savings any
+- `compression-missing` — opportunities contains `uses-text-compression` with savings any
+
+---
+
+### Important classification rules
+
+- **Field drives CWV severity.** Never use Lab LCP/CLS numbers to assign severity. Lab is a single synthetic throttled run and paints a darker picture than real users experience. Using Lab for severity over-reports.
+- **Lab drives opportunity findings.** Lab is where you get the concrete "save 683KB of unused JS" numbers. These findings are valid independently of Field.
+- **Pick the highest-severity matching band per metric.** If Field LCP is in `SLOW`, emit `lcp-poor` (not also `lcp-needs-improvement`). They're mutually exclusive by threshold range.
+- **Don't invent kinds.** If a metric is in `FAST` or an opportunity has no savings above the threshold, there's nothing to emit. Absence of finding is the correct output for healthy metrics.
+- **Severity comes from the catalog.** A `lcp-poor` finding on a homepage vs a deep product page is still `severity: high`. The band determines severity, not the URL's importance.
+
+## Step 2 — Return a structured findings report
+
+Return a single response with this shape (YAML preferred):
+
+```yaml
+specialist: perf
+summary:
+  target_resolution: <"explicit urls" | "auto-discovery from site_root_url" | "fallback to root (crawl_site failed)">
+  category_walks:                             # only when auto-discovery was used
+    pdp: { tried: <n>, rejected: <n>, kept: <n>, rejection_reasons: [...] }
+    plp: { ... }
+    blog: { ... }
+    institutional: { ... }
+  urls_checked: <n>
+  classified_via_urlField: <n>
+  classified_via_originField: <n>
+  no_field_data: <n>                          # CWV classification skipped
+  diagnostic_failures: <n>                    # pagespeed_insights errored
+findings:
+  - kind: <kind slug>
+    severity: <low|medium|high>
+    target:
+      url: <full URL>
+      route: <normalized path>
+      form_factor: mobile
+    evidence: |
+      ### Field (CrUX 28-day p75, real users)
+      Source: <url-field | origin-field>
+      - LCP: <n>ms (<FAST | AVERAGE | SLOW>)
+      - CLS: <n> (<category>)
+      - INP: <n>ms (<category>)
+      - FCP: <n>ms (<category>)
+      - TTFB: <n>ms (<category>)
+
+      ### Lab (Lighthouse synthetic single-run)
+      - Performance score: <n>
+      - LCP: <display value>
+      - CLS: <display value>
+      - TBT: <display value>
+      - FCP: <display value>
+
+      ### Relevant opportunities / diagnostics (from Lab)
+      - <e.g. "Reduce unused JavaScript — Est savings of 683 KiB">
+      - <e.g. "Bootup time: 3.6s">
+    impact: <1-2 sentences connecting to UX/business>
+    suggested_fix: |
+      <pick bullets that fit this kind's root cause:>
+      - If lcp-* with render-blocking-resources-excessive co-occurring: defer/async scripts, inline critical CSS, preload LCP image
+      - If cls-*: reserve space for dynamic content (width/height on images, skeleton loaders)
+      - If inp-*: reduce main-thread work on interaction (break up long tasks, debounce handlers)
+      - If unused-javascript-excessive: code-split by route, lazy-load non-critical bundles
+      - If images-unoptimized-*: modern format (AVIF/WebP), correct intrinsic sizing
+  - ...
+```
+
+If **all** target URLs returned an error from `pagespeed_insights`, return a single `kind: diagnostic-failed` finding with the error in `evidence` instead of inventing data.
+
+If there are zero findings, return `findings: []` — that is the correct output for healthy targets.
+
+---
+
+## General rules
+
+- **Field beats Lab for CWV severity.** The CrUX data in `urlField` / `originField` is what Google actually assesses for Core Web Vitals ranking. Use that for classification, not Lab. Lab is diagnostic context.
+- **Mobile only.** Mobile is what Google ranks on. Don't emit desktop-specific findings.
+- **Highest band wins per metric.** LCP in SLOW emits `lcp-poor` only, not also `lcp-needs-improvement`.
+- **Severity comes from the catalog.** Don't escalate based on which URL is affected.
+- **Cause > symptom in evidence.** A `lcp-poor` finding with no cause clue (Lighthouse opportunity or diagnostic) is useless to the downstream consumer. Always include at least one likely contributor from the tool's `opportunities` or `diagnostics` arrays.
+- **Never invent metrics.** If `pagespeed_insights` returned an error for a URL, skip that URL and note it in the summary.
+- **Respect CrUX unavailability.** For URLs with no Field data (small pages, low traffic), silently skip CWV classification. Do not fall back to Lab thresholds — Lab is systematically more pessimistic.
diff --git a/apps/mesh/src/web/components/self-healing-repo/prompts/seo-auditor.md b/apps/mesh/src/web/components/self-healing-repo/prompts/seo-auditor.md
new file mode 100644
index 0000000000..1752dcdd07
--- /dev/null
+++ b/apps/mesh/src/web/components/self-healing-repo/prompts/seo-auditor.md
@@ -0,0 +1,185 @@
+# SEO Auditor
+
+You are the **SEO Auditor**, a specialist agent focused on technical SEO hygiene.
+
+## Your mission
+
+Audit the on-page SEO health of target URLs and return a structured findings report. You focus on **technical SEO** (meta tags, structured data, canonicals, sitemap/robots, heading structure, indexability) — not editorial content or keyword strategy (those are the scope of other agents).
+
+You are invoked as a sub-task by an orchestrator agent. Your job is to analyze and report. The orchestrator decides what to do with your findings (file issues, dedup against history, etc.).
+
+## Input (expect this in the prompt)
+
+The orchestrator will pass per-site configuration. Expected fields:
+
+```yaml
+urls:
+  - <url to audit>
+  - <... one or more>
+```
+
+If required fields are missing, return an error summary and stop — do not proceed with defaults or guess.
+
+## Available tools
+
+- **site-diagnostics MCP**: `audit_seo`, `fetch_page`, `render_page`, `crawl_site`
+
+---
+
+## Step 1 — Diagnostic
+
+For each target URL:
+
+1. **Structured audit**: call `audit_seo({ url })`. It returns a structured report — use it as your primary source.
+2. **Raw HTML check**: use `fetch_page({ url })` to see the HTML served (important for crawlers that don't execute JS). Confirm critical meta tags are in the initial HTML, not only after hydration.
+3. **Post-render check**: use `render_page({ url })` to see the final DOM. Problems like canonical being overwritten by JS show up here.
+4. **Site structure checks** (only if you have permission for broad crawling, or via sampling): use `crawl_site` to identify orphan pages, canonical loops, or excessive navigation depth.
+5. **Always check**: `/robots.txt` and `/sitemap.xml` via `fetch_page`. These two are root-level and affect the whole site.
+
+Organize findings into a list. Each finding must have:
+- `kind` (kebab-case slug, see catalog below)
+- `severity` (high | medium | low, see criteria below)
+- `target.url` and `target.route` (normalize: lowercase host, no query, no trailing slash except for `/`)
+- `evidence` (raw data: CSS selector, HTML snippet, observed value)
+- `impact` (1-2 sentences connecting to real metrics)
+- `suggested_fix` (actionable; include file/line if you can infer from framework patterns)
+
+## Step 1.5 — Validate page intent (critical; runs before classification)
+
+Before you emit *any* finding about a page's title, meta description, headings, or indexability, you must answer one question: **did the site owner intend this URL to be a public, indexable page?**
+
+If the answer is no, the observed "problems" are intentional configuration, not bugs. Reporting them wastes maintainer time and erodes this agent's credibility.
+
+### Three signals that the URL is NOT a real public page
+
+Check these in order. Hitting any one of them means **skip all SEO findings for this URL** except legitimately site-wide problems (e.g. broken sitemap, broken robots.txt).
+
+**Signal 1 — Not in sitemap.** Fetch `/sitemap.xml` (and its child sitemaps, if it's a sitemap index). If the URL doesn't appear in any sitemap, the owner didn't declare it as public. Common on e-commerce platforms where routes like `/p`, `/c`, `/blog` are catchall or routing prefixes, not real pages.
+
+**Signal 2 — Explicit `noindex` + not in sitemap.** If the page serves `<meta name="robots" content="noindex*">` **and** isn't in the sitemap, this is a deliberate double-lock by the owner. Respect it. Do **not** flag `noindex-on-important-page` in this case.
+
+**Signal 3 — Title is the URL slug (template fallback).** If `<title>` equals the last path segment (e.g. `<title>blog</title>` for `/blog`, `<title>p</title>` for `/p`), the page is being rendered by a fallback template — nobody configured real content for this route. Skip.
+
+### Platform-specific catchalls (especially Brazilian e-commerce / VTEX / deco-cx)
+
+These paths are routing prefixes, **not pages**. They may return HTTP 200 but are not meant to be indexable:
+
+- `/p`, `/c`, `/b` — VTEX product / category / brand route prefixes. Real pages live at `/<slug>/p`, `/<slug>/c`, etc. The bare prefixes are catchalls.
+- `/blog`, `/blogs`, `/editorial`, `/revista`, `/conteudo`, `/magazine`, `/noticias`, `/artigos` — common editorial prefixes. If the site doesn't have an editorial section, these hit a fallback.
+- `/search`, `/busca`, `/s` — search endpoints, not indexable pages.
+- `/departamento`, `/categoria` — category prefixes.
+- `/checkout`, `/cart`, `/carrinho`, `/login`, `/account`, `/minha-conta` — transactional/private routes. Intentionally `noindex`.
+
+### The "is this page actually important?" checklist
+
+Before emitting a finding that calls a page "important" (like `noindex-on-important-page` or `title-missing` on anything critical):
+
+1. Is the URL in `/sitemap.xml`? → If no, skip.
+2. Does the page have substantive, unique content (not a fallback with title = URL slug)? → If no, skip.
+3. Is the path a known platform catchall (see list above)? → If yes, skip.
+
+Only flag if all three pass.
+
+### What still counts as a finding even on non-indexable pages
+
+Site-wide SEO issues affect the whole domain and are worth reporting regardless of individual page intent:
+- `sitemap-missing` (the sitemap itself is broken)
+- `robots-blocking-important-path` (robots.txt blocks something that IS in the sitemap)
+- `structured-data-invalid` on pages that ARE in the sitemap
+- Duplicate titles / meta descriptions across pages that ARE in the sitemap
+
+## Catalog of `kind`
+
+Two flavors of finding:
+
+- **Per-page** kinds — emitted when auditing a specific URL (e.g. `audit_seo` of a single page OR when your targeted inspection of one of the input URLs finds the issue). Marked **[intent-gated]** — must pass Step 1.5 before being emitted. Target is the specific URL.
+- **Aggregate** kinds — emitted once per site-wide pattern detected by `audit_seo`. Marked **[aggregate]**. Target is the site root (`/`). Evidence MUST include the affected URL sample from `audit_seo.issues[].sampleUrls`. One finding per aggregate kind per site.
+
+**High severity (per-page):**
+- `noindex-on-important-page` **[intent-gated]** — meta robots `noindex` on a page that IS in the sitemap and should be indexed
+- `canonical-pointing-to-wrong-url` **[intent-gated]** — canonical points to a different URL that isn't the canonical equivalent
+- `canonical-missing-on-paginated-or-faceted` **[intent-gated]** — pagination/filters without canonical
+- `title-missing` **[intent-gated]** — no `<title>` or empty on a page that IS in the sitemap
+- `structured-data-invalid` **[intent-gated]** — JSON-LD with syntax error or invalid schema.org
+
+**High severity (site-wide):**
+- `sitemap-missing` — `/sitemap.xml` returns 404 or 5xx
+- `robots-blocking-important-path` — `/robots.txt` disallows a path that IS in the sitemap
+- `broken-links-site-wide` **[aggregate]** — `audit_seo` reports broken outbound links across the site
+- `non-indexable-pages-site-wide` **[aggregate]** — `audit_seo` reports many non-indexable pages (note: some non-indexable pages are intentional catchalls — only high severity if the absolute count is large relative to `totalPagesCrawled`, e.g. > 30%)
+
+**Medium severity (per-page):**
+- `meta-description-missing` **[intent-gated]** — no `<meta name="description">` on a sitemap page the agent audited directly
+- `h1-missing` **[intent-gated]** — no `<h1>` on a sitemap page the agent audited directly
+- `h1-duplicate` **[intent-gated]** — multiple `<h1>` on a single page
+- `og-tags-missing` **[intent-gated]** — `og:title` and/or `og:description` missing
+- `structured-data-missing` **[intent-gated]** — page-type (product, article, etc.) without relevant JSON-LD
+- `title-too-long` **[intent-gated]** — `<title>` > 60 characters (truncation in SERP)
+- `title-too-short` **[intent-gated]** — `<title>` < 10 characters (rare; usually means template fallback — double-check page intent)
+- `meta-description-too-long` **[intent-gated]** — description > 160 characters
+
+**Medium severity (site-wide):**
+- `pages-missing-h1` **[aggregate]** — `audit_seo` reports N pages without an H1 tag
+- `pages-missing-meta-description` **[aggregate]** — `audit_seo` reports N pages without a meta description
+- `duplicate-titles` **[aggregate]** — multiple pages share the same `<title>`
+- `duplicate-meta-descriptions` **[aggregate]** — multiple pages share the same meta description
+- `duplicate-content` **[aggregate]** — multiple pages share substantially identical content
+- `broken-resources-site-wide` **[aggregate]** — broken images / scripts across the site
+- `hreflang-broken` — `hreflang` attribute with invalid value or broken reciprocity
+
+**Low severity (per-page):**
+- `meta-description-too-short` **[intent-gated]** — description < 50 characters
+- `og-image-missing` **[intent-gated]** — `og:image` missing
+- `heading-hierarchy-skipped` **[intent-gated]** — jumps from H1 to H3, etc.
+
+**Low severity (site-wide):**
+- `internal-link-using-absolute-url` — internal links with absolute URLs
+
+### Evidence requirements for aggregate kinds
+
+When emitting an `[aggregate]` kind, the `evidence` of the finding MUST include:
+
+1. **Total count** — from `audit_seo.issues[].count`
+2. **Sample URLs** — from `audit_seo.issues[].sampleUrls`. Render up to all 20 entries as a bulleted list. If `count > sampleUrls.length`, add a line like `(and <count - sampleUrls.length> more)`.
+3. **If `sampleUrls` is empty** (the tool didn't expose per-URL detail — happens for `broken-links-site-wide`, `duplicate-content`, `broken-resources-site-wide`), note it explicitly: `Note: audit_seo did not return per-URL detail for this issue type. A human will need to inspect the full audit_seo report or re-run with deeper crawling.`
+
+An aggregate finding without either sample URLs or the note is **not actionable** and must not be emitted.
+
+Target for aggregate kinds stays `target.url: https://<host>/` and `target.route: /`.
+
+## Step 2 — Return a structured findings report
+
+Return a single response with this shape (YAML or JSON; YAML preferred for readability):
+
+```yaml
+specialist: seo
+summary:
+  urls_audited: <n>
+  findings: <n>
+  diagnostic_failures: <n>   # urls where audit tooling errored
+findings:
+  - kind: <kind slug>
+    severity: <low|medium|high>
+    target:
+      url: <full URL>
+      route: <normalized path>
+    evidence: |
+      <multi-line raw data: observed value, selector, HTML snippet, audit_seo output>
+    impact: <1-2 sentences connecting to ranking/indexation/CTR>
+    suggested_fix: <actionable; likely file/component, pseudo-code, correct value>
+  - ...
+```
+
+If a URL's diagnostic tooling errored entirely, emit a single `kind: diagnostic-failed` finding for that URL with the error in `evidence` instead of inventing data.
+
+If there are zero findings, return `findings: []` — that is the correct output for healthy targets.
+
+---
+
+## General rules
+
+- **Never invent data in `evidence`.** If a tool failed, report it via `kind: diagnostic-failed` and skip the finding.
+- Always normalize `route`: lowercase host, no trailing slash (except for `/`), no query string, no fragment.
+- Your credibility is your currency. False positives erode trust — if you're 50% sure, don't emit a finding; investigate further or mark as `severity:low`.
+- **Never report a page as broken when it's a known catchall.** URLs like `/p`, `/c`, `/blog`, `/search`, `/busca` on e-commerce sites are routing prefixes, not pages. If the title is the URL slug and the page carries `noindex`, the owner is deliberately hiding it. That's correct behavior, not a bug.
+- **Sitemap is the ground truth for "is this page public?"**. When in doubt about whether to emit a finding on a URL, fall back to: "Is this URL in /sitemap.xml?" If not, default to silence.
diff --git a/apps/mesh/src/web/components/self-healing-repo/self-healing-repo-flow.tsx b/apps/mesh/src/web/components/self-healing-repo/self-healing-repo-flow.tsx
new file mode 100644
index 0000000000..17b3d93cb8
--- /dev/null
+++ b/apps/mesh/src/web/components/self-healing-repo/self-healing-repo-flow.tsx
@@ -0,0 +1,570 @@
+import {
+  Dialog,
+  DialogContent,
+  DialogHeader,
+  DialogTitle,
+} from "@deco/ui/components/dialog.tsx";
+import { Button } from "@deco/ui/components/button.tsx";
+import { Switch } from "@deco/ui/components/switch.tsx";
+import { Input } from "@deco/ui/components/input.tsx";
+import { cn } from "@deco/ui/lib/utils.ts";
+import { useMutation } from "@tanstack/react-query";
+import { useState } from "react";
+import { toast } from "sonner";
+import {
+  SELF_MCP_ALIAS_ID,
+  useConnectionActions,
+  useMCPClient,
+  useProjectContext,
+} from "@decocms/mesh-sdk";
+import { useRegistryApp } from "@/web/hooks/use-registry-app";
+import { useNavigateToAgent } from "@/web/hooks/use-navigate-to-agent";
+import { AgentAvatar } from "@/web/components/agent-icon";
+import {
+  GitHubRepoPicker,
+  type GitHubImportPayload,
+} from "@/web/components/github-repo-picker";
+import { tiptapDocToMessages } from "@/web/components/chat/derive-parts";
+import {
+  COMING_SOON_SPECIALISTS,
+  SPECIALIST_TEMPLATES,
+  type SpecialistTemplate,
+} from "./specialist-templates";
+import { buildOrchestratorAutomationDoc } from "./orchestrator-automation";
+
+const SITE_DIAGNOSTICS_APP_ID = "deco/site-diagnostics";
+
+interface ConnectionRecord {
+  id: string;
+  app_id?: string | null;
+}
+
+interface VirtualMcpRecord {
+  id: string;
+  metadata?: { specialistId?: string } | null;
+}
+
+export function SelfHealingRepoFlow({
+  open,
+  onOpenChange,
+}: {
+  open: boolean;
+  onOpenChange: (next: boolean) => void;
+}) {
+  const [imported, setImported] = useState<GitHubImportPayload | null>(null);
+
+  const handleFullClose = () => {
+    setImported(null);
+    onOpenChange(false);
+  };
+
+  return (
+    <>
+      <GitHubRepoPicker
+        open={open && imported === null}
+        onOpenChange={(next) => {
+          if (!next && imported === null) {
+            onOpenChange(false);
+          }
+        }}
+        title="Set up self-healing repo"
+        hideAutoRespondCheckbox
+        onImportComplete={setImported}
+      />
+      <SpecialistsStep
+        open={open && imported !== null}
+        payload={imported}
+        onClose={handleFullClose}
+      />
+    </>
+  );
+}
+
+function SpecialistsStep({
+  open,
+  payload,
+  onClose,
+}: {
+  open: boolean;
+  payload: GitHubImportPayload | null;
+  onClose: () => void;
+}) {
+  const { org } = useProjectContext();
+  const navigateToAgent = useNavigateToAgent();
+  const connectionActions = useConnectionActions();
+  const selfClient = useMCPClient({
+    connectionId: SELF_MCP_ALIAS_ID,
+    orgId: org.id,
+    orgSlug: org.slug,
+  });
+
+  const [siteUrl, setSiteUrl] = useState("");
+  const [enabled, setEnabled] = useState<Record<string, boolean>>(() => {
+    const init: Record<string, boolean> = {};
+    for (const t of SPECIALIST_TEMPLATES) init[t.id] = true;
+    return init;
+  });
+
+  const { data: siteDiagnosticsRegistry } = useRegistryApp(
+    SITE_DIAGNOSTICS_APP_ID,
+    { enabled: open },
+  );
+
+  const setupMutation = useMutation({
+    mutationFn: async () => {
+      if (!payload) throw new Error("No imported repo payload");
+
+      const normalizedUrl = normalizeUrl(siteUrl);
+      if (!normalizedUrl) {
+        throw new Error("Enter a valid https:// URL");
+      }
+
+      const activeSpecialists = SPECIALIST_TEMPLATES.filter(
+        (t) => enabled[t.id],
+      );
+      if (activeSpecialists.length === 0) {
+        return { succeeded: [] as string[], failed: [] as string[] };
+      }
+
+      const siteDiagnosticsConnectionId = await ensureSiteDiagnosticsConnection(
+        {
+          selfClient,
+          createConnection: connectionActions.create.mutateAsync,
+          registry: siteDiagnosticsRegistry,
+        },
+      );
+
+      const succeeded: string[] = [];
+      const failed: string[] = [];
+
+      for (const template of activeSpecialists) {
+        try {
+          await setupSpecialistOrchestration({
+            template,
+            selfClient,
+            siteDiagnosticsConnectionId,
+            projectAgentId: payload.virtualMcpId,
+            owner: payload.repo.owner,
+            repo: payload.repo.name,
+            siteRootUrl: normalizedUrl,
+          });
+          succeeded.push(template.title);
+        } catch (err) {
+          console.error(`Failed to set up ${template.title}:`, err);
+          failed.push(template.title);
+        }
+      }
+
+      return { succeeded, failed };
+    },
+    onSuccess: ({ succeeded, failed }) => {
+      if (succeeded.length > 0) {
+        toast.success(
+          `Self-healing repo ready — ${succeeded.length} specialist${succeeded.length > 1 ? "s" : ""} set up`,
+        );
+      } else if (failed.length === 0) {
+        // No specialists toggled on — repo is imported, user opted to skip.
+        toast.success("Repo imported. Add specialists later from automations.");
+      }
+      if (failed.length > 0) {
+        toast.warning(
+          `Could not set up: ${failed.join(", ")}. You can add them later from the automations view.`,
+        );
+      }
+      const id = payload?.virtualMcpId;
+      onClose();
+      localStorage.setItem("mesh:sidebar-open", JSON.stringify(false));
+      if (id) navigateToAgent(id);
+    },
+    onError: (error) => {
+      toast.error(
+        "Failed to set up specialists: " +
+          (error instanceof Error ? error.message : "Unknown error"),
+      );
+    },
+  });
+
+  const canSubmit = normalizeUrl(siteUrl) !== null && !setupMutation.isPending;
+
+  return (
+    <Dialog
+      open={open}
+      onOpenChange={(next) => {
+        if (!next && !setupMutation.isPending) onClose();
+      }}
+    >
+      <DialogContent className="sm:max-w-[560px] max-h-[85svh] p-0 gap-0 overflow-hidden flex flex-col">
+        <DialogHeader className="h-12 border-b border-border px-4 flex flex-row items-center shrink-0 space-y-0">
+          <DialogTitle className="text-sm font-medium text-foreground">
+            Add specialist monitors
+          </DialogTitle>
+        </DialogHeader>
+
+        <div className="flex-1 overflow-y-auto px-4 py-4 flex flex-col gap-4">
+          <p className="text-sm text-muted-foreground">
+            Specialists run on a daily schedule. Your repo agent collects their
+            findings and opens GitHub issues, then writes the fixes.
+          </p>
+
+          <div className="flex flex-col gap-1.5">
+            <label
+              htmlFor="self-healing-site-url"
+              className="text-xs font-medium text-foreground"
+            >
+              Production URL
+            </label>
+            <Input
+              id="self-healing-site-url"
+              type="url"
+              placeholder="https://example.com"
+              value={siteUrl}
+              onChange={(e) => setSiteUrl(e.target.value)}
+              autoFocus
+            />
+            <p className="text-xs text-muted-foreground">
+              The site the specialists will monitor.
+            </p>
+          </div>
+
+          <div className="flex flex-col gap-2">
+            {SPECIALIST_TEMPLATES.map((template) => (
+              <SpecialistRow
+                key={template.id}
+                template={template}
+                enabled={enabled[template.id] ?? false}
+                onToggle={(next) =>
+                  setEnabled((prev) => ({ ...prev, [template.id]: next }))
+                }
+              />
+            ))}
+            {COMING_SOON_SPECIALISTS.map((template) => (
+              <ComingSoonRow
+                key={template.id}
+                title={template.title}
+                description={template.description}
+                icon={template.icon}
+              />
+            ))}
+            <MoreSoonRow />
+          </div>
+        </div>
+
+        <div className="border-t border-border px-4 py-3 flex items-center justify-between gap-3 shrink-0">
+          <button
+            type="button"
+            onClick={() => {
+              if (!setupMutation.isPending) {
+                const id = payload?.virtualMcpId;
+                onClose();
+                if (id) navigateToAgent(id);
+              }
+            }}
+            disabled={setupMutation.isPending}
+            className="text-xs text-muted-foreground hover:text-foreground transition-colors disabled:opacity-50 cursor-pointer"
+          >
+            Skip for now
+          </button>
+          <Button
+            onClick={() => setupMutation.mutate()}
+            disabled={!canSubmit}
+            size="sm"
+          >
+            {setupMutation.isPending ? "Setting up..." : "Set up specialists"}
+          </Button>
+        </div>
+      </DialogContent>
+    </Dialog>
+  );
+}
+
+function SpecialistRow({
+  template,
+  enabled,
+  onToggle,
+}: {
+  template: SpecialistTemplate;
+  enabled: boolean;
+  onToggle: (next: boolean) => void;
+}) {
+  return (
+    <label
+      className={cn(
+        "flex items-center gap-3 rounded-lg border border-border px-3 py-3 cursor-pointer transition-colors",
+        enabled ? "bg-accent/30" : "hover:bg-accent/30",
+      )}
+    >
+      <AgentAvatar
+        icon={template.icon}
+        name={template.title}
+        size="sm"
+        className="shrink-0"
+      />
+      <div className="flex flex-col min-w-0 flex-1">
+        <span className="text-sm font-medium text-foreground leading-tight">
+          {template.title}
+        </span>
+        <span className="text-xs text-muted-foreground line-clamp-2">
+          {template.description}
+        </span>
+      </div>
+      <Switch
+        checked={enabled}
+        onCheckedChange={onToggle}
+        className="shrink-0"
+      />
+    </label>
+  );
+}
+
+function ComingSoonRow({
+  title,
+  description,
+  icon,
+}: {
+  title: string;
+  description: string;
+  icon: string;
+}) {
+  return (
+    <div className="flex items-center gap-3 rounded-lg border border-dashed border-border px-3 py-3 opacity-60">
+      <AgentAvatar icon={icon} name={title} size="sm" className="shrink-0" />
+      <div className="flex flex-col min-w-0 flex-1">
+        <span className="text-sm font-medium text-foreground leading-tight">
+          {title}
+        </span>
+        <span className="text-xs text-muted-foreground line-clamp-2">
+          {description}
+        </span>
+      </div>
+      <span className="text-[10px] font-medium uppercase tracking-wide text-muted-foreground shrink-0">
+        Coming soon
+      </span>
+    </div>
+  );
+}
+
+function MoreSoonRow() {
+  return (
+    <div className="flex items-center justify-center rounded-lg border border-dashed border-border px-3 py-3 text-xs text-muted-foreground">
+      More specialists coming soon
+    </div>
+  );
+}
+
+function normalizeUrl(raw: string): string | null {
+  const trimmed = raw.trim();
+  if (!trimmed) return null;
+  try {
+    const parsed = new URL(trimmed);
+    if (parsed.protocol !== "https:" && parsed.protocol !== "http:")
+      return null;
+    return parsed.origin + (parsed.pathname === "/" ? "" : parsed.pathname);
+  } catch {
+    return null;
+  }
+}
+
+async function ensureSiteDiagnosticsConnection({
+  selfClient,
+  createConnection,
+  registry,
+}: {
+  selfClient: ReturnType<typeof useMCPClient>;
+  createConnection: ReturnType<
+    typeof useConnectionActions
+  >["create"]["mutateAsync"];
+  registry: ReturnType<typeof useRegistryApp>["data"];
+}): Promise<string> {
+  const existing = (await selfClient.callTool({
+    name: "COLLECTION_CONNECTIONS_LIST",
+    arguments: {
+      where: {
+        field: ["app_id"],
+        operator: "eq",
+        value: SITE_DIAGNOSTICS_APP_ID,
+      },
+      limit: 1,
+      offset: 0,
+    },
+  })) as { structuredContent?: { items?: ConnectionRecord[] } };
+
+  const match = existing.structuredContent?.items?.find(
+    (c) => c.app_id === SITE_DIAGNOSTICS_APP_ID,
+  );
+  if (match) return match.id;
+
+  const remoteUrl = registry?.server?.remotes?.[0]?.url;
+  if (!remoteUrl) {
+    throw new Error(
+      "Site Diagnostics MCP is not available in the registry right now.",
+    );
+  }
+
+  const appTitle =
+    registry?.title ??
+    registry?.server?.title ??
+    registry?.server?.name ??
+    "Site Diagnostics";
+  const appIcon = registry?.server?.icons?.[0]?.src ?? null;
+  const appDescription = registry?.server?.description ?? null;
+
+  const created = await createConnection({
+    title: appTitle,
+    description: appDescription,
+    icon: appIcon,
+    connection_type: "HTTP",
+    connection_url: remoteUrl,
+    app_name: registry?.server?.name ?? "site-diagnostics",
+    app_id: SITE_DIAGNOSTICS_APP_ID,
+    metadata: {
+      type: "site-diagnostics",
+      source: "store",
+      registry_item_id: SITE_DIAGNOSTICS_APP_ID,
+      verified: true,
+    },
+  });
+
+  return created.id;
+}
+
+async function setupSpecialistOrchestration({
+  template,
+  selfClient,
+  siteDiagnosticsConnectionId,
+  projectAgentId,
+  owner,
+  repo,
+  siteRootUrl,
+}: {
+  template: SpecialistTemplate;
+  selfClient: ReturnType<typeof useMCPClient>;
+  siteDiagnosticsConnectionId: string;
+  projectAgentId: string;
+  owner: string;
+  repo: string;
+  siteRootUrl: string;
+}) {
+  const automationName = `${repo}: ${template.title}`;
+
+  // Look for a previous run's automation. If it exists AND already has a
+  // trigger, this is a no-op rerun — skip. If it exists with no trigger,
+  // a previous attempt failed mid-flow (CREATE succeeded, TRIGGER_ADD
+  // failed); reuse the orphan and just add the missing cron trigger
+  // instead of creating a duplicate automation.
+  const existing = (await selfClient.callTool({
+    name: "AUTOMATION_LIST",
+    arguments: { virtual_mcp_id: projectAgentId },
+  })) as {
+    structuredContent?: {
+      automations?: Array<{ id: string; name: string; trigger_count: number }>;
+    };
+  };
+  const existingMatch = existing.structuredContent?.automations?.find(
+    (a) => a.name === automationName,
+  );
+
+  let automationId: string;
+
+  if (existingMatch && existingMatch.trigger_count > 0) {
+    return;
+  }
+
+  if (existingMatch) {
+    automationId = existingMatch.id;
+  } else {
+    const specialistAgentId = await findOrCreateSpecialistVirtualMcp({
+      template,
+      selfClient,
+      siteDiagnosticsConnectionId,
+    });
+
+    const tiptapDoc = buildOrchestratorAutomationDoc({
+      template,
+      specialistAgentId,
+      owner,
+      repo,
+      siteRootUrl,
+    });
+    const messages = tiptapDocToMessages(tiptapDoc);
+
+    const automationResult = (await selfClient.callTool({
+      name: "AUTOMATION_CREATE",
+      arguments: {
+        name: automationName,
+        virtual_mcp_id: projectAgentId,
+        messages,
+        active: true,
+      },
+    })) as { structuredContent?: unknown };
+
+    const automationPayload = (automationResult.structuredContent ??
+      automationResult) as { id: string };
+    automationId = automationPayload.id;
+  }
+
+  await selfClient.callTool({
+    name: "AUTOMATION_TRIGGER_ADD",
+    arguments: {
+      automation_id: automationId,
+      type: "cron",
+      cron_expression: template.cron,
+    },
+  });
+}
+
+async function findOrCreateSpecialistVirtualMcp({
+  template,
+  selfClient,
+  siteDiagnosticsConnectionId,
+}: {
+  template: SpecialistTemplate;
+  selfClient: ReturnType<typeof useMCPClient>;
+  siteDiagnosticsConnectionId: string;
+}): Promise<string> {
+  const existing = (await selfClient.callTool({
+    name: "COLLECTION_VIRTUAL_MCP_LIST",
+    arguments: {
+      where: {
+        field: ["metadata", "specialistId"],
+        operator: "eq",
+        value: template.id,
+      },
+      limit: 1,
+      offset: 0,
+    },
+  })) as { structuredContent?: { items?: VirtualMcpRecord[] } };
+
+  const match = existing.structuredContent?.items?.find(
+    (item) => item.metadata?.specialistId === template.id,
+  );
+  if (match) return match.id;
+
+  const created = (await selfClient.callTool({
+    name: "COLLECTION_VIRTUAL_MCP_CREATE",
+    arguments: {
+      data: {
+        title: template.title,
+        description: template.description,
+        icon: template.icon,
+        pinned: false,
+        metadata: {
+          specialistId: template.id,
+          instructions: template.instructions,
+        },
+        connections: [
+          {
+            connection_id: siteDiagnosticsConnectionId,
+            selected_tools: template.siteDiagnosticsTools,
+            selected_resources: null,
+            selected_prompts: null,
+          },
+        ],
+      },
+    },
+  })) as { structuredContent?: unknown };
+
+  const payload = (created.structuredContent ?? created) as {
+    item: { id: string };
+  };
+  return payload.item.id;
+}
diff --git a/apps/mesh/src/web/components/self-healing-repo/specialist-templates.ts b/apps/mesh/src/web/components/self-healing-repo/specialist-templates.ts
new file mode 100644
index 0000000000..5bc3656836
--- /dev/null
+++ b/apps/mesh/src/web/components/self-healing-repo/specialist-templates.ts
@@ -0,0 +1,77 @@
+import brokenLinkFinderInstructions from "./prompts/broken-link-finder.md?raw";
+import seoAuditorInstructions from "./prompts/seo-auditor.md?raw";
+import performanceWatchdogInstructions from "./prompts/performance-watchdog.md?raw";
+
+const DAILY_9AM_UTC = "0 9 * * *";
+
+export interface SpecialistTemplate {
+  id: string;
+  title: string;
+  description: string;
+  icon: string;
+  instructions: string;
+  siteDiagnosticsTools: string[];
+  cron: string;
+  /** GitHub label the orchestrator uses to filter open issues for this specialist. */
+  issueLabel: string;
+  /** Body of the SUBTASK prompt for the specialist (input the specialist parses). */
+  buildSubtaskInput: (args: { siteRootUrl: string }) => string;
+}
+
+export const SPECIALIST_TEMPLATES: SpecialistTemplate[] = [
+  {
+    id: "seo-auditor",
+    title: "SEO Auditor",
+    description: "Monitors websites for SEO improvements.",
+    icon: "icon://FileSearch02?color=purple",
+    instructions: seoAuditorInstructions,
+    siteDiagnosticsTools: [
+      "audit_seo",
+      "fetch_page",
+      "crawl_site",
+      "render_page",
+    ],
+    cron: DAILY_9AM_UTC,
+    issueLabel: "agent:seo",
+    buildSubtaskInput: ({ siteRootUrl }) => `urls:\n  - ${siteRootUrl}\n`,
+  },
+  {
+    id: "performance-watchdog",
+    title: "Performance Watchdog",
+    description: "Monitors websites for Core Web Vitals problems.",
+    icon: "icon://Speedometer03?color=emerald",
+    instructions: performanceWatchdogInstructions,
+    siteDiagnosticsTools: ["fetch_page", "pagespeed_insights", "crawl_site"],
+    cron: DAILY_9AM_UTC,
+    issueLabel: "agent:perf",
+    buildSubtaskInput: ({ siteRootUrl }) => `site_root_url: ${siteRootUrl}\n`,
+  },
+  {
+    id: "broken-link-finder",
+    title: "Broken Link Finder",
+    description: "Monitors websites for broken links.",
+    icon: "icon://LinkBroken01?color=rose",
+    instructions: brokenLinkFinderInstructions,
+    siteDiagnosticsTools: ["collect_site_links", "check_urls"],
+    cron: DAILY_9AM_UTC,
+    issueLabel: "agent:links",
+    buildSubtaskInput: ({ siteRootUrl }) => `site_root_url: ${siteRootUrl}\n`,
+  },
+];
+
+export interface ComingSoonSpecialist {
+  id: string;
+  title: string;
+  description: string;
+  icon: string;
+}
+
+export const COMING_SOON_SPECIALISTS: ComingSoonSpecialist[] = [
+  {
+    id: "log-monitor",
+    title: "Log Monitor",
+    description:
+      "Monitors websites for errors and warnings on the server. Outputs GitHub issues.",
+    icon: "icon://MessageAlertCircle?color=amber",
+  },
+];
diff --git a/apps/mesh/src/web/components/settings/default-home-agents-form.tsx b/apps/mesh/src/web/components/settings/default-home-agents-form.tsx
new file mode 100644
index 0000000000..9ea915a8be
--- /dev/null
+++ b/apps/mesh/src/web/components/settings/default-home-agents-form.tsx
@@ -0,0 +1,462 @@
+/**
+ * Default Home Agents Form
+ *
+ * Org-wide config for which agents appear on the home view.
+ * Stored in `organization_settings.default_home_agents` as { ids: string[] }.
+ *
+ * IDs are either WELL_KNOWN_AGENT_TEMPLATES ids ("site-editor", "ai-image", …)
+ * or custom virtual MCP ids (UUIDs). The home view resolves both at render time.
+ *
+ * When the org has never configured this, the form pre-fills with
+ * `DEFAULT_HOME_AGENT_IDS` so admins start from today's defaults.
+ */
+
+import { Suspense, useState } from "react";
+import {
+  DndContext,
+  closestCenter,
+  KeyboardSensor,
+  PointerSensor,
+  useSensor,
+  useSensors,
+  type DragEndEvent,
+} from "@dnd-kit/core";
+import {
+  SortableContext,
+  sortableKeyboardCoordinates,
+  useSortable,
+  verticalListSortingStrategy,
+  arrayMove,
+} from "@dnd-kit/sortable";
+import { CSS } from "@dnd-kit/utilities";
+import {
+  isDecopilot,
+  WELL_KNOWN_AGENT_TEMPLATES,
+  useVirtualMCPs,
+} from "@decocms/mesh-sdk";
+import { Button } from "@deco/ui/components/button.tsx";
+import {
+  Popover,
+  PopoverContent,
+  PopoverTrigger,
+} from "@deco/ui/components/popover.tsx";
+import { CollectionSearch } from "@deco/ui/components/collection-search.tsx";
+import { Skeleton } from "@deco/ui/components/skeleton.tsx";
+import { cn } from "@deco/ui/lib/utils.ts";
+import { Plus, RefreshCw01, Menu02, X, Users03 } from "@untitledui/icons";
+import { toast } from "sonner";
+import { IntegrationIcon } from "@/web/components/integration-icon.tsx";
+import {
+  SettingsCard,
+  SettingsCardActions,
+  SettingsSection,
+} from "@/web/components/settings/settings-section";
+import {
+  useDefaultHomeAgents,
+  useUpdateDefaultHomeAgents,
+} from "@/web/hooks/use-organization-settings";
+import { track } from "@/web/lib/posthog-client";
+
+/**
+ * IDs that appear in the home view today before any admin config exists.
+ * Order matches what the home view currently renders.
+ */
+const DEFAULT_HOME_AGENT_IDS: readonly string[] = [
+  "site-editor",
+  "site-diagnostics",
+  "ai-image",
+  "ai-research",
+];
+
+/**
+ * Visible cap on the home view. The admin can add more, but only the first
+ * HOME_VIEW_DISPLAY_LIMIT will be rendered.
+ */
+const HOME_VIEW_DISPLAY_LIMIT = 8;
+
+interface ResolvedAgent {
+  id: string;
+  title: string;
+  icon: string | null | undefined;
+  kind: "template" | "custom" | "missing";
+}
+
+function resolveAgent(
+  id: string,
+  templates: typeof WELL_KNOWN_AGENT_TEMPLATES,
+  customAgents: ReadonlyArray<{
+    id: string | null;
+    title: string;
+    icon?: string | null;
+  }>,
+): ResolvedAgent {
+  const template = templates.find((t) => t.id === id);
+  if (template) {
+    return {
+      id: template.id,
+      title: template.title,
+      icon: template.icon,
+      kind: "template",
+    };
+  }
+  const custom = customAgents.find((a) => a.id === id);
+  if (custom) {
+    return {
+      id,
+      title: custom.title,
+      icon: custom.icon ?? null,
+      kind: "custom",
+    };
+  }
+  return { id, title: id, icon: null, kind: "missing" };
+}
+
+function SortableAgentRow({
+  agent,
+  onRemove,
+}: {
+  agent: ResolvedAgent;
+  onRemove: () => void;
+}) {
+  const {
+    attributes,
+    listeners,
+    setNodeRef,
+    transform,
+    transition,
+    isDragging,
+  } = useSortable({ id: agent.id });
+
+  const style = {
+    transform: CSS.Transform.toString(transform),
+    transition,
+    opacity: isDragging ? 0.5 : undefined,
+    zIndex: isDragging ? 100 : undefined,
+  };
+
+  return (
+    <div
+      ref={setNodeRef}
+      style={style}
+      className={cn(
+        "flex items-center gap-3 px-3 py-2 rounded-lg border border-border bg-background",
+        isDragging && "shadow-lg",
+      )}
+    >
+      <button
+        type="button"
+        {...attributes}
+        {...listeners}
+        className="text-muted-foreground hover:text-foreground cursor-grab active:cursor-grabbing"
+        aria-label={`Drag to reorder ${agent.title}`}
+      >
+        <Menu02 size={14} />
+      </button>
+      <IntegrationIcon
+        icon={agent.icon}
+        name={agent.title}
+        size="xs"
+        fallbackIcon={<Users03 size={14} />}
+      />
+      <div className="flex flex-col min-w-0 flex-1">
+        <span className="text-sm text-foreground truncate">{agent.title}</span>
+        <span className="text-xs text-muted-foreground">
+          {agent.kind === "template"
+            ? "Template"
+            : agent.kind === "custom"
+              ? "Custom agent"
+              : "Unavailable"}
+        </span>
+      </div>
+      <button
+        type="button"
+        onClick={onRemove}
+        className="text-muted-foreground hover:text-foreground p-1 rounded"
+        aria-label={`Remove ${agent.title}`}
+      >
+        <X size={14} />
+      </button>
+    </div>
+  );
+}
+
+function AddAgentPopover({
+  selectedIds,
+  onAdd,
+}: {
+  selectedIds: string[];
+  onAdd: (id: string) => void;
+}) {
+  const [open, setOpen] = useState(false);
+  const [search, setSearch] = useState("");
+  const customAgents = useVirtualMCPs();
+
+  const selectedSet = new Set(selectedIds);
+  const lowerSearch = search.toLowerCase();
+
+  const availableTemplates = WELL_KNOWN_AGENT_TEMPLATES.filter(
+    (t) =>
+      !selectedSet.has(t.id) &&
+      (!search || t.title.toLowerCase().includes(lowerSearch)),
+  );
+
+  const availableCustom = customAgents
+    .filter(
+      (a): a is typeof a & { id: string } =>
+        a.id !== null && !isDecopilot(a.id) && !selectedSet.has(a.id),
+    )
+    .filter((a) => !search || a.title.toLowerCase().includes(lowerSearch));
+
+  const handlePick = (id: string) => {
+    onAdd(id);
+    setOpen(false);
+    setSearch("");
+  };
+
+  return (
+    <Popover open={open} onOpenChange={setOpen}>
+      <PopoverTrigger asChild>
+        <Button type="button" variant="outline" size="sm">
+          <Plus size={14} />
+          Add agent
+        </Button>
+      </PopoverTrigger>
+      <PopoverContent className="w-[320px] p-0 overflow-hidden" align="start">
+        <CollectionSearch
+          value={search}
+          onChange={setSearch}
+          placeholder="Search agents..."
+        />
+        <div className="max-h-[320px] overflow-y-auto p-2 flex flex-col gap-3">
+          {availableTemplates.length > 0 && (
+            <div className="flex flex-col gap-1">
+              <span className="text-xs font-medium text-muted-foreground px-1">
+                Templates
+              </span>
+              {availableTemplates.map((t) => (
+                <button
+                  key={t.id}
+                  type="button"
+                  onClick={() => handlePick(t.id)}
+                  className="flex items-center gap-2 px-2 py-1.5 rounded-md hover:bg-accent text-left"
+                >
+                  <IntegrationIcon icon={t.icon} name={t.title} size="xs" />
+                  <span className="text-sm truncate">{t.title}</span>
+                </button>
+              ))}
+            </div>
+          )}
+          {availableCustom.length > 0 && (
+            <div className="flex flex-col gap-1">
+              <span className="text-xs font-medium text-muted-foreground px-1">
+                Custom agents
+              </span>
+              {availableCustom.map((a) => (
+                <button
+                  key={a.id}
+                  type="button"
+                  onClick={() => handlePick(a.id)}
+                  className="flex items-center gap-2 px-2 py-1.5 rounded-md hover:bg-accent text-left"
+                >
+                  <IntegrationIcon
+                    icon={a.icon}
+                    name={a.title}
+                    size="xs"
+                    fallbackIcon={<Users03 size={14} />}
+                  />
+                  <span className="text-sm truncate">{a.title}</span>
+                </button>
+              ))}
+            </div>
+          )}
+          {availableTemplates.length === 0 && availableCustom.length === 0 && (
+            <div className="text-xs text-muted-foreground text-center py-6">
+              {search ? "No agents found" : "All agents are already added"}
+            </div>
+          )}
+        </div>
+      </PopoverContent>
+    </Popover>
+  );
+}
+
+function DefaultHomeAgentsFormContent() {
+  const saved = useDefaultHomeAgents();
+  const customAgents = useVirtualMCPs();
+  const updateMutation = useUpdateDefaultHomeAgents();
+
+  const initialIds = saved?.ids ?? [...DEFAULT_HOME_AGENT_IDS];
+  const [draftIds, setDraftIds] = useState<string[]>(initialIds);
+
+  const isDirty =
+    draftIds.length !== initialIds.length ||
+    draftIds.some((id, i) => id !== initialIds[i]);
+
+  const sensors = useSensors(
+    useSensor(PointerSensor, { activationConstraint: { distance: 5 } }),
+    useSensor(KeyboardSensor, {
+      coordinateGetter: sortableKeyboardCoordinates,
+    }),
+  );
+
+  const handleDragEnd = (event: DragEndEvent) => {
+    const { active, over } = event;
+    if (!over || active.id === over.id) return;
+    const oldIndex = draftIds.indexOf(active.id as string);
+    const newIndex = draftIds.indexOf(over.id as string);
+    if (oldIndex === -1 || newIndex === -1) return;
+    setDraftIds(arrayMove([...draftIds], oldIndex, newIndex));
+  };
+
+  const handleAdd = (id: string) => {
+    if (draftIds.includes(id)) return;
+    setDraftIds([...draftIds, id]);
+  };
+
+  const handleRemove = (id: string) => {
+    setDraftIds(draftIds.filter((existing) => existing !== id));
+  };
+
+  const handleResetDefaults = () => {
+    setDraftIds([...DEFAULT_HOME_AGENT_IDS]);
+  };
+
+  const handleSave = () => {
+    updateMutation.mutate(
+      { ids: draftIds },
+      {
+        onSuccess: () => {
+          track("default_home_agents_updated", {
+            count: draftIds.length,
+            template_count: draftIds.filter((id) =>
+              WELL_KNOWN_AGENT_TEMPLATES.some((t) => t.id === id),
+            ).length,
+          });
+          toast.success("Default home agents updated");
+        },
+        onError: (error) => {
+          toast.error(
+            error instanceof Error
+              ? error.message
+              : "Failed to update default home agents",
+          );
+        },
+      },
+    );
+  };
+
+  const resolvedDraft = draftIds.map((id) =>
+    resolveAgent(id, WELL_KNOWN_AGENT_TEMPLATES, customAgents),
+  );
+
+  const overflowCount = Math.max(0, draftIds.length - HOME_VIEW_DISPLAY_LIMIT);
+
+  return (
+    <SettingsSection
+      title="Default home agents"
+      actions={
+        <Button
+          type="button"
+          variant="ghost"
+          size="sm"
+          onClick={handleResetDefaults}
+          disabled={updateMutation.isPending}
+        >
+          <RefreshCw01 size={14} />
+          Reset defaults
+        </Button>
+      }
+    >
+      <SettingsCard>
+        <div className="px-5 py-5 flex flex-col gap-3">
+          {resolvedDraft.length === 0 ? (
+            <div className="rounded-lg border border-dashed border-border p-6 text-center text-xs text-muted-foreground">
+              No agents selected. The home view will only show "Create agent".
+            </div>
+          ) : (
+            <DndContext
+              sensors={sensors}
+              collisionDetection={closestCenter}
+              onDragEnd={handleDragEnd}
+            >
+              <SortableContext
+                items={draftIds}
+                strategy={verticalListSortingStrategy}
+              >
+                <div className="flex flex-col gap-1.5">
+                  {resolvedDraft.map((agent, i) => (
+                    <div key={agent.id} className="flex flex-col gap-1.5">
+                      {i === HOME_VIEW_DISPLAY_LIMIT && (
+                        <div className="flex items-center gap-2 px-1 py-1 text-xs text-muted-foreground">
+                          <div className="flex-1 h-px bg-border" />
+                          <span>
+                            Below this line is hidden on the home view
+                          </span>
+                          <div className="flex-1 h-px bg-border" />
+                        </div>
+                      )}
+                      <SortableAgentRow
+                        agent={agent}
+                        onRemove={() => handleRemove(agent.id)}
+                      />
+                    </div>
+                  ))}
+                </div>
+              </SortableContext>
+            </DndContext>
+          )}
+          <div className="flex items-center justify-between">
+            <AddAgentPopover selectedIds={draftIds} onAdd={handleAdd} />
+            {overflowCount > 0 && (
+              <span className="text-xs text-muted-foreground">
+                {overflowCount} agent{overflowCount === 1 ? "" : "s"} won&apos;t
+                fit on the home view
+              </span>
+            )}
+          </div>
+        </div>
+        {isDirty && (
+          <SettingsCardActions>
+            <Button
+              type="button"
+              variant="outline"
+              onClick={() => setDraftIds(initialIds)}
+              disabled={updateMutation.isPending}
+            >
+              Cancel
+            </Button>
+            <Button
+              type="button"
+              onClick={handleSave}
+              disabled={updateMutation.isPending}
+            >
+              {updateMutation.isPending ? "Saving…" : "Save"}
+            </Button>
+          </SettingsCardActions>
+        )}
+      </SettingsCard>
+    </SettingsSection>
+  );
+}
+
+function DefaultHomeAgentsFormSkeleton() {
+  return (
+    <SettingsSection title="Default home agents">
+      <SettingsCard>
+        <div className="px-5 py-5 flex flex-col gap-2">
+          {Array.from({ length: 4 }).map((_, i) => (
+            <Skeleton key={i} className="h-12 w-full rounded-lg" />
+          ))}
+        </div>
+      </SettingsCard>
+    </SettingsSection>
+  );
+}
+
+export function DefaultHomeAgentsForm() {
+  return (
+    <Suspense fallback={<DefaultHomeAgentsFormSkeleton />}>
+      <DefaultHomeAgentsFormContent />
+    </Suspense>
+  );
+}
diff --git a/apps/mesh/src/web/components/settings/domain-settings.tsx b/apps/mesh/src/web/components/settings/domain-settings.tsx
index d3961392e7..ca767e392f 100644
--- a/apps/mesh/src/web/components/settings/domain-settings.tsx
+++ b/apps/mesh/src/web/components/settings/domain-settings.tsx
@@ -7,17 +7,15 @@ import {
   useProjectContext,
 } from "@decocms/mesh-sdk";
 import { Button } from "@deco/ui/components/button.tsx";
-import {
-  Card,
-  CardContent,
-  CardDescription,
-  CardHeader,
-  CardTitle,
-} from "@deco/ui/components/card.tsx";
-import { Label } from "@deco/ui/components/label.tsx";
 import { Switch } from "@deco/ui/components/switch.tsx";
 import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query";
 import { toast } from "sonner";
+import { track } from "@/web/lib/posthog-client";
+import {
+  SettingsCard,
+  SettingsCardItem,
+  SettingsSection,
+} from "@/web/components/settings/settings-section";
 
 interface DomainData {
   domain: string | null;
@@ -31,6 +29,7 @@ export function DomainSettings() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const { data, isPending } = useQuery<DomainData>({
@@ -64,10 +63,19 @@ export function DomainSettings() {
       return unwrapToolResult(result);
     },
     onSuccess: () => {
+      track("organization_domain_claimed", {
+        organization_id: org.id,
+        email_domain: userDomain,
+      });
       invalidate();
       toast.success("Domain claimed");
     },
     onError: (err) => {
+      track("organization_domain_claim_failed", {
+        organization_id: org.id,
+        email_domain: userDomain,
+        error: err instanceof Error ? err.message : String(err),
+      });
       toast.error(
         err instanceof Error ? err.message : "Failed to claim domain",
       );
@@ -83,10 +91,19 @@ export function DomainSettings() {
       return unwrapToolResult(result);
     },
     onSuccess: () => {
+      track("organization_domain_cleared", {
+        organization_id: org.id,
+        email_domain: currentDomain,
+      });
       invalidate();
       toast.success("Domain removed");
     },
     onError: (err) => {
+      track("organization_domain_clear_failed", {
+        organization_id: org.id,
+        email_domain: currentDomain,
+        error: err instanceof Error ? err.message : String(err),
+      });
       toast.error(
         err instanceof Error ? err.message : "Failed to remove domain",
       );
@@ -96,6 +113,10 @@ export function DomainSettings() {
   const toggleAutoJoinMutation = useMutation({
     mutationFn: async (enabled: boolean) => {
       if (!currentDomain) return;
+      track("organization_auto_join_toggled", {
+        organization_id: org.id,
+        enabled,
+      });
       const result = await client.callTool({
         name: "ORGANIZATION_DOMAIN_UPDATE",
         arguments: { autoJoinEnabled: enabled },
@@ -107,6 +128,10 @@ export function DomainSettings() {
       toast.success("Auto-join setting updated");
     },
     onError: (err) => {
+      track("organization_auto_join_toggle_failed", {
+        organization_id: org.id,
+        error: err instanceof Error ? err.message : String(err),
+      });
       toast.error(
         err instanceof Error ? err.message : "Failed to update auto-join",
       );
@@ -118,25 +143,13 @@ export function DomainSettings() {
   }
 
   return (
-    <Card className="p-6">
-      <CardHeader className="p-0">
-        <CardTitle className="text-sm">Email Domain</CardTitle>
-        <CardDescription className="text-xs">
-          Claim your company's email domain so new users with matching emails
-          can automatically join this organization.
-        </CardDescription>
-      </CardHeader>
-
-      <CardContent className="flex flex-col gap-4 p-0 pt-4">
-        {currentDomain ? (
-          <>
-            <div className="flex items-center gap-3">
-              <div className="flex-1">
-                <Label className="text-xs text-muted-foreground">
-                  Claimed domain
-                </Label>
-                <p className="text-sm font-medium">{currentDomain}</p>
-              </div>
+    <SettingsSection title="Email domain">
+      {currentDomain ? (
+        <SettingsCard>
+          <SettingsCardItem
+            title={currentDomain}
+            description="Claimed domain"
+            action={
               <Button
                 variant="outline"
                 size="sm"
@@ -145,16 +158,12 @@ export function DomainSettings() {
               >
                 Remove
               </Button>
-            </div>
-
-            <div className="flex items-center justify-between">
-              <div>
-                <Label className="text-xs">Auto-join</Label>
-                <p className="text-xs text-muted-foreground">
-                  Users with @{currentDomain} emails will automatically join
-                  this organization on signup.
-                </p>
-              </div>
+            }
+          />
+          <SettingsCardItem
+            title="Auto-join"
+            description={`Users with @${currentDomain} emails will automatically join this organization on signup.`}
+            action={
               <Switch
                 checked={autoJoinEnabled}
                 onCheckedChange={(checked) =>
@@ -162,30 +171,33 @@ export function DomainSettings() {
                 }
                 disabled={toggleAutoJoinMutation.isPending}
               />
-            </div>
-          </>
-        ) : canClaim ? (
-          <div className="flex items-center gap-3">
-            <div className="flex-1">
-              <Label className="text-xs text-muted-foreground">
-                Your domain
-              </Label>
-              <p className="text-sm font-medium">{userDomain}</p>
-            </div>
-            <Button
-              size="sm"
-              onClick={() => setDomainMutation.mutate()}
-              disabled={setDomainMutation.isPending}
-            >
-              {setDomainMutation.isPending ? "Claiming..." : "Claim Domain"}
-            </Button>
-          </div>
-        ) : (
-          <p className="text-xs text-muted-foreground">
-            No corporate email domain detected.
-          </p>
-        )}
-      </CardContent>
-    </Card>
+            }
+          />
+        </SettingsCard>
+      ) : canClaim ? (
+        <SettingsCard>
+          <SettingsCardItem
+            title={userDomain}
+            description="Let new users with matching emails auto-join this org."
+            action={
+              <Button
+                size="sm"
+                onClick={() => setDomainMutation.mutate()}
+                disabled={setDomainMutation.isPending}
+              >
+                {setDomainMutation.isPending ? "Claiming..." : "Claim domain"}
+              </Button>
+            }
+          />
+        </SettingsCard>
+      ) : (
+        <SettingsCard>
+          <SettingsCardItem
+            title="No domain detected"
+            description="Sign in with a corporate email to claim a domain for your organization."
+          />
+        </SettingsCard>
+      )}
+    </SettingsSection>
   );
 }
diff --git a/apps/mesh/src/web/components/settings/organization-form.tsx b/apps/mesh/src/web/components/settings/organization-form.tsx
index fb5ecc6d58..54b767c089 100644
--- a/apps/mesh/src/web/components/settings/organization-form.tsx
+++ b/apps/mesh/src/web/components/settings/organization-form.tsx
@@ -1,24 +1,22 @@
-import { authClient } from "@/web/lib/auth-client";
+import { useOrgAuthClient } from "@/web/hooks/use-org-auth-client";
+import { useDebouncedAutosave } from "@/web/hooks/use-debounced-autosave.ts";
 import { KEYS } from "@/web/lib/query-keys";
 import { useProjectContext } from "@decocms/mesh-sdk";
-import { Button } from "@deco/ui/components/button.tsx";
-import {
-  Card,
-  CardContent,
-  CardFooter,
-  CardHeader,
-  CardTitle,
-} from "@deco/ui/components/card.tsx";
+import { Avatar } from "@deco/ui/components/avatar.tsx";
 import { Input } from "@deco/ui/components/input.tsx";
-import { Label } from "@deco/ui/components/label.tsx";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { useMutation, useQueryClient } from "@tanstack/react-query";
 import { useNavigate } from "@tanstack/react-router";
-import { LogoUpload } from "@/web/components/logo-upload";
-import { useState } from "react";
-import { useForm } from "react-hook-form";
+import {
+  SettingsCard,
+  SettingsCardItem,
+  SettingsSection,
+} from "@/web/components/settings/settings-section";
+import { useRef } from "react";
+import { Controller, useForm } from "react-hook-form";
 import { toast } from "sonner";
 import { z } from "zod";
+import { track } from "@/web/lib/posthog-client";
 
 const organizationSettingsSchema = z.object({
   name: z.string().min(1, "Name is required").max(255, "Name is too long"),
@@ -37,11 +35,68 @@ type OrganizationSettingsFormValues = z.infer<
   typeof organizationSettingsSchema
 >;
 
+function CompactLogoUpload({
+  value,
+  onChange,
+  name,
+  disabled,
+}: {
+  value?: string | null;
+  onChange: (value: string) => void;
+  name?: string;
+  disabled?: boolean;
+}) {
+  const inputRef = useRef<HTMLInputElement>(null);
+
+  const handlePick = () => inputRef.current?.click();
+
+  const handleFile = (e: React.ChangeEvent<HTMLInputElement>) => {
+    const file = e.target.files?.[0];
+    if (!file) return;
+    if (file.size > 2 * 1024 * 1024) {
+      toast.error("Image must be smaller than 2MB");
+      return;
+    }
+    const reader = new FileReader();
+    reader.onerror = () => toast.error("Failed to read image");
+    reader.onloadend = () => {
+      if (reader.result) onChange(reader.result as string);
+      if (inputRef.current) inputRef.current.value = "";
+    };
+    reader.readAsDataURL(file);
+  };
+
+  return (
+    <button
+      type="button"
+      onClick={handlePick}
+      disabled={disabled}
+      className="rounded-lg overflow-hidden hover:ring-2 hover:ring-border transition-all disabled:opacity-50"
+      aria-label="Upload organization logo"
+    >
+      <input
+        ref={inputRef}
+        type="file"
+        accept="image/*"
+        onChange={handleFile}
+        className="hidden"
+        disabled={disabled}
+      />
+      <Avatar
+        url={value || undefined}
+        fallback={name ?? "?"}
+        shape="square"
+        size="base"
+      />
+    </button>
+  );
+}
+
 export function OrganizationForm() {
   const navigate = useNavigate();
   const { org } = useProjectContext();
+  const orgAuth = useOrgAuthClient();
   const queryClient = useQueryClient();
-  const [isSaving, setIsSaving] = useState(false);
 
   const form = useForm<OrganizationSettingsFormValues>({
     resolver: zodResolver(organizationSettingsSchema),
@@ -63,8 +118,7 @@ export function OrganizationForm() {
         updateData.logo = data.logo;
       }
 
-      const result = await authClient.organization.update({
-        organizationId: org.id,
+      const result = await orgAuth.organization.update({
         data: updateData,
       });
 
@@ -76,12 +130,16 @@ export function OrganizationForm() {
 
       return result;
     },
-    onSuccess: (data) => {
+    onSuccess: (data, variables) => {
+      track("organization_settings_updated", {
+        organization_id: org.id,
+        fields: Object.keys(variables),
+      });
       queryClient.invalidateQueries({ queryKey: KEYS.organizations() });
       queryClient.invalidateQueries({
         queryKey: KEYS.activeOrganization(org.slug),
       });
-      toast.success("Organization settings updated successfully");
+      toast.success("Organization updated successfully");
 
       if (data?.data?.slug && data.data.slug !== org.slug) {
         navigate({
@@ -90,126 +148,152 @@ export function OrganizationForm() {
         });
       }
     },
-    onError: (error) => {
+    onError: (error, variables) => {
+      track("organization_settings_update_failed", {
+        organization_id: org.id,
+        fields: Object.keys(variables),
+        error: error instanceof Error ? error.message : String(error),
+      });
       toast.error(
         error instanceof Error
           ? error.message
           : "Failed to update organization",
       );
     },
-    onSettled: () => {
-      setIsSaving(false);
-    },
   });
 
-  const onSubmit = (data: OrganizationSettingsFormValues) => {
-    setIsSaving(true);
-    updateOrgMutation.mutate(data);
-  };
+  const { schedule: scheduleSave, flush: flushAndSave } = useDebouncedAutosave({
+    save: async () => {
+      // Read live dirty state from control._formState (Proxy lag workaround).
+      const liveDirtyFields = (
+        form.control as unknown as {
+          _formState: { dirtyFields: Record<string, unknown> };
+        }
+      )._formState.dirtyFields;
+      if (Object.keys(liveDirtyFields).length === 0) return;
+      const valid = await form.trigger();
+      if (!valid) return;
+
+      const values = form.getValues();
+      const previousDefaults = (
+        form.control as unknown as {
+          _defaultValues: OrganizationSettingsFormValues;
+        }
+      )._defaultValues;
+
+      // Rebase pre-mutate so edits during the in-flight save are tracked
+      // against the snapshot we're sending, not the pre-save baseline.
+      form.reset(values, { keepValues: true });
+
+      try {
+        await updateOrgMutation.mutateAsync(values);
+      } catch {
+        form.reset(previousDefaults, { keepValues: true });
+      }
+    },
+  });
 
-  const hasChanges = form.formState.isDirty;
   const errors = form.formState.errors;
+  const urlOrigin =
+    typeof window !== "undefined" ? `${window.location.host}/` : "";
 
   return (
-    <form
-      onSubmit={form.handleSubmit(onSubmit)}
-      className="flex flex-col gap-6"
-    >
-      <Card className="p-6">
-        <CardHeader className="p-0">
-          <CardTitle className="text-sm">Overview</CardTitle>
-        </CardHeader>
-
-        <CardContent className="flex flex-col gap-6 p-0">
-          {/* Logo */}
-          <div className="flex flex-col gap-1.5">
-            <Label className="text-xs text-muted-foreground">Logo</Label>
-            <LogoUpload
+    <SettingsSection>
+      <SettingsCard>
+        <SettingsCardItem
+          title="Logo"
+          description="Recommended size is 256x256px"
+          action={
+            <CompactLogoUpload
               value={form.watch("logo")}
-              onChange={(val) =>
-                form.setValue("logo", val ?? "", { shouldDirty: true })
-              }
+              onChange={(val) => {
+                form.setValue("logo", val ?? "", { shouldDirty: true });
+                flushAndSave();
+              }}
               name={form.watch("name")}
-              disabled={isSaving}
             />
-            {errors.logo && (
-              <p className="text-xs text-destructive">{errors.logo.message}</p>
-            )}
-          </div>
-
-          {/* Name + Slug side by side */}
-          <div className="grid grid-cols-2 gap-5">
-            <div className="flex flex-col gap-1.5">
-              <Label
-                htmlFor="org-name"
-                className="text-xs text-muted-foreground"
-              >
-                Organization name
-              </Label>
-              <Input
-                id="org-name"
-                {...form.register("name")}
-                placeholder="Organization name"
-                disabled={isSaving}
-              />
-              {errors.name && (
-                <p className="text-xs text-destructive">
-                  {errors.name.message}
-                </p>
+          }
+        />
+        <SettingsCardItem
+          title="Name"
+          action={
+            <Controller
+              control={form.control}
+              name="name"
+              render={({ field }) => (
+                <Input
+                  id="org-name"
+                  {...field}
+                  onChange={(e) => {
+                    field.onChange(e);
+                    scheduleSave();
+                  }}
+                  onBlur={() => {
+                    field.onBlur();
+                    flushAndSave();
+                  }}
+                  placeholder="Organization name"
+                  className="w-[280px]"
+                />
               )}
-            </div>
-
-            <div className="flex flex-col gap-1.5">
-              <Label
-                htmlFor="org-slug"
-                className="text-xs text-muted-foreground"
-              >
-                Slug
-              </Label>
-              <Input
-                id="org-slug"
-                {...form.register("slug")}
-                placeholder="my-organization"
-                disabled={isSaving}
-                onChange={(e) => {
-                  const sanitized = e.target.value
-                    .toLowerCase()
-                    .replace(/[^a-z0-9-]/g, "");
-                  form.setValue("slug", sanitized, {
-                    shouldDirty: true,
-                    shouldTouch: true,
-                    shouldValidate: true,
-                  });
-                }}
-              />
-              <p className="text-xs text-muted-foreground">
-                Only lowercase letters, numbers, and hyphens.
-              </p>
-              {errors.slug && (
-                <p className="text-xs text-destructive">
-                  {errors.slug.message}
-                </p>
+            />
+          }
+        />
+        <SettingsCardItem
+          title="URL"
+          action={
+            <div className="flex items-center w-[280px] rounded-md border border-input bg-input/30 focus-within:ring-2 focus-within:ring-ring/50 overflow-hidden">
+              {urlOrigin && (
+                <span className="pl-3 text-sm text-muted-foreground select-none">
+                  {urlOrigin}
+                </span>
               )}
+              <Controller
+                control={form.control}
+                name="slug"
+                render={({ field }) => (
+                  <input
+                    id="org-slug"
+                    value={field.value ?? ""}
+                    name={field.name}
+                    ref={field.ref}
+                    placeholder="my-organization"
+                    className="flex-1 min-w-0 bg-transparent px-2 py-1.5 text-sm text-foreground placeholder:text-muted-foreground/60 outline-none"
+                    onChange={(e) => {
+                      const sanitized = e.target.value
+                        .toLowerCase()
+                        .replace(/[^a-z0-9-]/g, "");
+                      form.setValue("slug", sanitized, {
+                        shouldDirty: true,
+                        shouldTouch: true,
+                        shouldValidate: true,
+                      });
+                      scheduleSave();
+                    }}
+                    onBlur={() => {
+                      field.onBlur();
+                      flushAndSave();
+                    }}
+                  />
+                )}
+              />
             </div>
+          }
+        />
+        {(errors.name || errors.slug || errors.logo) && (
+          <div className="px-5 pb-3 flex flex-col gap-1">
+            {errors.name && (
+              <p className="text-xs text-destructive">{errors.name.message}</p>
+            )}
+            {errors.slug && (
+              <p className="text-xs text-destructive">{errors.slug.message}</p>
+            )}
+            {errors.logo && (
+              <p className="text-xs text-destructive">{errors.logo.message}</p>
+            )}
           </div>
-        </CardContent>
-
-        {hasChanges && (
-          <CardFooter className="p-0 pt-2 gap-2">
-            <Button type="submit" disabled={isSaving}>
-              {isSaving ? "Saving…" : "Save"}
-            </Button>
-            <Button
-              type="button"
-              variant="outline"
-              onClick={() => form.reset()}
-              disabled={isSaving}
-            >
-              Cancel
-            </Button>
-          </CardFooter>
         )}
-      </Card>
-    </form>
+      </SettingsCard>
+    </SettingsSection>
   );
 }
diff --git a/apps/mesh/src/web/components/settings/project-plugins-form.tsx b/apps/mesh/src/web/components/settings/project-plugins-form.tsx
index 7676ebcaff..e3de146b43 100644
--- a/apps/mesh/src/web/components/settings/project-plugins-form.tsx
+++ b/apps/mesh/src/web/components/settings/project-plugins-form.tsx
@@ -1,156 +1,42 @@
-import { type ReactNode } from "react";
-import { useMutation, useQueryClient } from "@tanstack/react-query";
-import {
-  useProjectContext,
-  useMCPClient,
-  SELF_MCP_ALIAS_ID,
-} from "@decocms/mesh-sdk";
+import { useQueryClient } from "@tanstack/react-query";
+import { useProjectContext } from "@decocms/mesh-sdk";
 import { KEYS } from "@/web/lib/query-keys";
+import { useUpdateOrganizationSettings } from "@/web/hooks/use-organization-settings";
 import { Switch } from "@deco/ui/components/switch.tsx";
 import { toast } from "sonner";
 import { Container } from "@untitledui/icons";
 import { sourcePlugins } from "@/web/plugins";
 import { pluginSidebarGroups, pluginSettingsSidebarItems } from "@/web/index";
-import type { AnyClientPlugin } from "@decocms/bindings/plugins";
-
-type ToolTextResponse = { type?: string; text?: string };
-type ToolErrorEnvelope = {
-  isError?: boolean;
-  content?: Array<ToolTextResponse>;
-};
-
-const isToolTextError = (payload: unknown): payload is ToolTextResponse => {
-  if (!payload || typeof payload !== "object") return false;
-  const candidate = payload as ToolTextResponse;
-  return (
-    candidate.type === "text" &&
-    typeof candidate.text === "string" &&
-    candidate.text.trim().toLowerCase().startsWith("error")
-  );
-};
-
-const unwrapToolResult = <T,>(result: unknown): T => {
-  const payload =
-    (result as { structuredContent?: unknown }).structuredContent ?? result;
-  const maybeErrorEnvelope =
-    payload && typeof payload === "object"
-      ? (payload as ToolErrorEnvelope)
-      : null;
-  const contentText =
-    maybeErrorEnvelope?.content?.[0]?.text &&
-    typeof maybeErrorEnvelope.content[0].text === "string"
-      ? maybeErrorEnvelope.content[0].text
-      : null;
-  if (maybeErrorEnvelope?.isError) {
-    throw new Error(contentText ?? "Tool call failed");
-  }
-  if (isToolTextError(payload)) {
-    throw new Error(payload.text);
-  }
-  return payload as T;
-};
-
-type PluginRowProps = {
-  plugin: AnyClientPlugin;
-  isEnabled: boolean;
-  isSaving: boolean;
-  description: string | null;
-  label: string;
-  icon?: ReactNode;
-  onToggle: (pluginId: string, enabled: boolean) => void;
-};
-
-function PluginRow({
-  plugin,
-  isEnabled,
-  isSaving,
-  description,
-  label,
-  icon,
-  onToggle,
-}: PluginRowProps) {
-  return (
-    <div
-      className="flex flex-col border-b border-border last:border-0"
-      onClick={() => !isSaving && onToggle(plugin.id, !isEnabled)}
-      style={{ cursor: isSaving ? undefined : "pointer" }}
-    >
-      <div className="flex items-center justify-between gap-6 py-4">
-        <div className="flex items-start gap-3 min-w-0 flex-1">
-          {icon && (
-            <span className="text-muted-foreground mt-0.5 shrink-0 [&>svg]:size-4">
-              {icon}
-            </span>
-          )}
-          <div className="min-w-0">
-            <p className="text-sm font-medium text-foreground">{label}</p>
-            {description && (
-              <p className="text-xs text-muted-foreground mt-0.5 leading-relaxed">
-                {description}
-              </p>
-            )}
-          </div>
-        </div>
-        <div onClick={(e) => e.stopPropagation()} className="shrink-0">
-          <Switch
-            checked={isEnabled}
-            onCheckedChange={(checked) => onToggle(plugin.id, checked)}
-            disabled={isSaving}
-          />
-        </div>
-      </div>
-    </div>
-  );
-}
+import {
+  SettingsCard,
+  SettingsCardItem,
+  SettingsSection,
+} from "@/web/components/settings/settings-section";
 
 export function ProjectPluginsForm() {
   const { org, project } = useProjectContext();
   const queryClient = useQueryClient();
 
-  const client = useMCPClient({
-    connectionId: SELF_MCP_ALIAS_ID,
-    orgId: org.id,
-  });
-
   const serverPlugins = project.enabledPlugins ?? [];
 
-  const mutation = useMutation({
-    mutationFn: async (input: { enabledPlugins: string[] }) => {
-      const result = await client.callTool({
-        name: "ORGANIZATION_SETTINGS_UPDATE",
-        arguments: {
-          organizationId: org.id,
-          enabled_plugins: input.enabledPlugins,
-        },
-      });
-      return unwrapToolResult<unknown>(result);
-    },
-    onSuccess: () => {
-      queryClient.invalidateQueries({
-        queryKey: KEYS.project(org.id, project.slug),
-      });
-      queryClient.invalidateQueries({
-        queryKey: KEYS.projects(org.id),
-      });
-      queryClient.invalidateQueries({
-        predicate: (query) => {
-          const k = query.queryKey;
-          return (
-            k[1] === org.id && k[3] === "collection" && k[4] === "VIRTUAL_MCP"
-          );
-        },
-      });
-      queryClient.invalidateQueries({
-        queryKey: KEYS.organizationSettings(org.id),
-      });
-    },
-    onError: (error) => {
-      toast.error(
-        "Failed to update plugin: " +
-          (error instanceof Error ? error.message : "Unknown error"),
-      );
-    },
-  });
+  const mutation = useUpdateOrganizationSettings();
+
+  const invalidateDependentCaches = () => {
+    queryClient.invalidateQueries({
+      queryKey: KEYS.project(org.id, project.slug),
+    });
+    queryClient.invalidateQueries({
+      queryKey: KEYS.projects(org.id),
+    });
+    queryClient.invalidateQueries({
+      predicate: (query) => {
+        const k = query.queryKey;
+        return (
+          k[1] === org.id && k[3] === "collection" && k[4] === "VIRTUAL_MCP"
+        );
+      },
+    });
+  };
 
   const handleTogglePlugin = (pluginId: string, enabled: boolean) => {
     const current = new Set(serverPlugins);
@@ -159,7 +45,18 @@ export function ProjectPluginsForm() {
     } else {
       current.delete(pluginId);
     }
-    mutation.mutate({ enabledPlugins: Array.from(current) });
+    mutation.mutate(
+      { enabled_plugins: Array.from(current) },
+      {
+        onSuccess: invalidateDependentCaches,
+        onError: (error) => {
+          toast.error(
+            "Failed to update plugin: " +
+              (error instanceof Error ? error.message : "Unknown error"),
+          );
+        },
+      },
+    );
   };
 
   // Get plugin metadata from sidebar groups or settings sidebar items
@@ -187,25 +84,40 @@ export function ProjectPluginsForm() {
   }
 
   return (
-    <div className="flex flex-col">
-      {sourcePlugins.map((plugin) => {
-        const meta = getPluginMeta(plugin.id);
-        const description = getPluginDescription(plugin.id);
-        const isEnabled = serverPlugins.includes(plugin.id);
+    <SettingsSection>
+      <SettingsCard>
+        {sourcePlugins.map((plugin) => {
+          const meta = getPluginMeta(plugin.id);
+          const description = getPluginDescription(plugin.id);
+          const isEnabled = serverPlugins.includes(plugin.id);
 
-        return (
-          <PluginRow
-            key={plugin.id}
-            plugin={plugin}
-            isEnabled={isEnabled}
-            isSaving={mutation.isPending}
-            description={description}
-            label={meta?.label ?? plugin.id}
-            icon={meta?.icon ?? <Container size={14} />}
-            onToggle={handleTogglePlugin}
-          />
-        );
-      })}
-    </div>
+          return (
+            <SettingsCardItem
+              key={plugin.id}
+              title={meta?.label ?? plugin.id}
+              description={description ?? undefined}
+              icon={
+                <span className="text-muted-foreground [&>svg]:size-4">
+                  {meta?.icon ?? <Container size={14} />}
+                </span>
+              }
+              onClick={() =>
+                !mutation.isPending && handleTogglePlugin(plugin.id, !isEnabled)
+              }
+              action={
+                <Switch
+                  checked={isEnabled}
+                  onCheckedChange={(checked) =>
+                    handleTogglePlugin(plugin.id, checked)
+                  }
+                  disabled={mutation.isPending}
+                  onClick={(e) => e.stopPropagation()}
+                />
+              }
+            />
+          );
+        })}
+      </SettingsCard>
+    </SettingsSection>
   );
 }
diff --git a/apps/mesh/src/web/components/settings/settings-section.tsx b/apps/mesh/src/web/components/settings/settings-section.tsx
new file mode 100644
index 0000000000..7f73329ce5
--- /dev/null
+++ b/apps/mesh/src/web/components/settings/settings-section.tsx
@@ -0,0 +1,166 @@
+import { Card } from "@deco/ui/components/card.tsx";
+import { cn } from "@deco/ui/lib/utils.ts";
+import { ArrowUpRight } from "@untitledui/icons";
+import { Children, isValidElement, type ReactNode } from "react";
+
+interface SettingsSectionProps {
+  title?: ReactNode;
+  description?: ReactNode;
+  docsHref?: string;
+  actions?: ReactNode;
+  className?: string;
+  children: ReactNode;
+}
+
+export function SettingsSection({
+  title,
+  description,
+  docsHref,
+  actions,
+  className,
+  children,
+}: SettingsSectionProps) {
+  return (
+    <section className={cn("flex flex-col gap-3", className)}>
+      {(title || description || docsHref || actions) && (
+        <div className="flex items-center justify-between gap-3 px-4">
+          <div className="flex flex-col gap-1 min-w-0">
+            {title && (
+              <h2 className="text-[15px] font-medium leading-tight">{title}</h2>
+            )}
+            {(description || docsHref) && (
+              <p className="text-sm text-muted-foreground leading-snug">
+                {description}
+                {docsHref && (
+                  <a
+                    href={docsHref}
+                    target="_blank"
+                    rel="noreferrer"
+                    className="inline-flex items-center gap-0.5 ml-1 text-foreground hover:underline"
+                  >
+                    Docs <ArrowUpRight size={12} />
+                  </a>
+                )}
+              </p>
+            )}
+          </div>
+          {actions && <div className="shrink-0">{actions}</div>}
+        </div>
+      )}
+      {children}
+    </section>
+  );
+}
+
+interface SettingsCardProps {
+  className?: string;
+  children: ReactNode;
+}
+
+export function SettingsCard({ className, children }: SettingsCardProps) {
+  const items = Children.toArray(children).filter(isValidElement);
+  return (
+    <Card className={cn("p-0 gap-0 overflow-hidden", className)}>
+      {items.map((child, idx) => (
+        <div key={idx}>
+          {idx > 0 && <div className="h-px bg-border mx-5" />}
+          {child}
+        </div>
+      ))}
+    </Card>
+  );
+}
+
+interface SettingsCardItemProps {
+  icon?: ReactNode;
+  title: ReactNode;
+  description?: ReactNode;
+  action?: ReactNode;
+  onClick?: () => void;
+  className?: string;
+  children?: ReactNode;
+}
+
+export function SettingsCardItem({
+  icon,
+  title,
+  description,
+  action,
+  onClick,
+  className,
+  children,
+}: SettingsCardItemProps) {
+  return (
+    <div
+      className={cn(
+        children
+          ? "flex items-start gap-3 px-4 py-4"
+          : "flex items-center gap-3 px-4 py-4",
+        onClick && "hover:bg-muted/50 cursor-pointer",
+        className,
+      )}
+      onClick={onClick}
+      role={onClick ? "button" : undefined}
+      tabIndex={onClick ? 0 : undefined}
+      onKeyDown={
+        onClick
+          ? (e) => {
+              if (e.key === "Enter" || e.key === " ") {
+                e.preventDefault();
+                onClick();
+              }
+            }
+          : undefined
+      }
+    >
+      {icon && (
+        <div className="size-8 shrink-0 rounded-lg bg-muted/60 flex items-center justify-center text-muted-foreground">
+          {icon}
+        </div>
+      )}
+      <div className="flex-1 min-w-0">
+        <div className="text-sm font-medium">{title}</div>
+        {description && (
+          <p className="text-xs text-muted-foreground mt-0.5 leading-relaxed">
+            {description}
+          </p>
+        )}
+        {children}
+      </div>
+      {action && (
+        <div className="shrink-0" onClick={(e) => e.stopPropagation()}>
+          {action}
+        </div>
+      )}
+    </div>
+  );
+}
+
+interface SettingsCardActionsProps {
+  children: ReactNode;
+  className?: string;
+}
+
+export function SettingsCardActions({
+  children,
+  className,
+}: SettingsCardActionsProps) {
+  return (
+    <div
+      className={cn("flex items-center justify-end gap-2 px-4 py-4", className)}
+    >
+      {children}
+    </div>
+  );
+}
+
+interface SettingsPageProps {
+  className?: string;
+  children: ReactNode;
+}
+
+export function SettingsPage({ className, children }: SettingsPageProps) {
+  return (
+    <div className={cn("flex flex-col gap-10", className)}>{children}</div>
+  );
+}
diff --git a/apps/mesh/src/web/components/sidebar/agents-section.tsx b/apps/mesh/src/web/components/sidebar/agents-section.tsx
index 8f88fa5353..5e48f678cb 100644
--- a/apps/mesh/src/web/components/sidebar/agents-section.tsx
+++ b/apps/mesh/src/web/components/sidebar/agents-section.tsx
@@ -1,6 +1,13 @@
 import { Suspense, useState, useRef } from "react";
 import { createPortal } from "react-dom";
-import { Link, useNavigate, useRouterState } from "@tanstack/react-router";
+import {
+  Link,
+  useNavigate,
+  useParams,
+  useRouterState,
+  useSearch,
+} from "@tanstack/react-router";
+import { useQueryClient } from "@tanstack/react-query";
 import {
   DndContext,
   closestCenter,
@@ -57,7 +64,7 @@ import {
 import type { VirtualMCPEntity } from "@decocms/mesh-sdk/types";
 import { usePinnedAgents } from "@/web/hooks/use-pinned-agents";
 import { useCreateVirtualMCP } from "@/web/hooks/use-create-virtual-mcp";
-import { useCreateTaskAndNavigate } from "@/web/hooks/use-create-task-and-navigate";
+import { track } from "@/web/lib/posthog-client";
 import { useNavigateToAgent } from "@/web/hooks/use-navigate-to-agent";
 import { AgentAvatar } from "@/web/components/agent-icon";
 import { GitHubIcon } from "@/web/components/icons/github-icon";
@@ -65,9 +72,59 @@ import { usePreferences } from "@/web/hooks/use-preferences.ts";
 import { cn } from "@deco/ui/lib/utils.ts";
 import { ImportFromDecoDialog } from "@/web/components/import-from-deco-dialog.tsx";
 import { GitHubRepoPicker } from "@/web/components/github-repo-picker.tsx";
+import { SelfHealingRepoFlow } from "@/web/components/self-healing-repo/self-healing-repo-flow.tsx";
 import { SiteDiagnosticsRecruitModal } from "@/web/components/home/site-diagnostics-recruit-modal.tsx";
 import { StudioPackRecruitModal } from "@/web/components/home/studio-pack-recruit-modal.tsx";
 import { LeanCanvasRecruitModal } from "@/web/components/home/lean-canvas-recruit-modal.tsx";
+import { AiImageRecruitModal } from "@/web/components/home/ai-image-recruit-modal.tsx";
+import { AiResearchRecruitModal } from "@/web/components/home/ai-research-recruit-modal.tsx";
+import { useTaskActions } from "@/web/hooks/use-tasks";
+import { readCachedTaskBranch } from "@/web/lib/read-cached-task-branch";
+import { useNavigateToAgentThread } from "@/web/hooks/use-navigate-to-agent-thread";
+
+/**
+ * Hook for "spawn task on this vMCP" buttons (used by the browse-agents
+ * popover). When the user clicks a vMCP that matches the URL's current
+ * virtualmcpid, the active task's branch is carried into the new thread
+ * so the new task lands on the same warm sandbox. When the clicked vMCP
+ * differs, no branch is passed and the server picks the most-recently-
+ * touched vmMap entry for that vMCP.
+ *
+ * The sidebar pinned-agent click uses `useNavigateToAgentThread` instead,
+ * which resumes the user's last thread when one exists.
+ */
+function useNavigateToNewTaskWithBranchCarry(orgSlug: string) {
+  const navigate = useNavigate();
+  const queryClient = useQueryClient();
+  const taskActions = useTaskActions();
+  const { locator } = useProjectContext();
+  const params = useParams({ strict: false }) as { taskId?: string };
+  const search = useSearch({ strict: false }) as { virtualmcpid?: string };
+
+  return async (clickedVirtualMcpId: string) => {
+    const taskId = crypto.randomUUID();
+    const carryBranch =
+      clickedVirtualMcpId === search.virtualmcpid
+        ? readCachedTaskBranch(queryClient, locator, params.taskId ?? "")
+        : null;
+    try {
+      await taskActions.create.mutateAsync({
+        id: taskId,
+        virtual_mcp_id: clickedVirtualMcpId,
+        ...(carryBranch ? { branch: carryBranch } : {}),
+      });
+    } catch {
+      // Toast already fired; navigate anyway so the route loader's
+      // ensure-fallback can retry.
+    }
+    navigate({
+      to: "/$org/$taskId",
+      params: { org: orgSlug, taskId },
+      search: { virtualmcpid: clickedVirtualMcpId },
+    });
+  };
+}
+
 function AgentListItem({
   agent,
   org,
@@ -81,7 +138,7 @@ function AgentListItem({
 }) {
   const navigate = useNavigate();
   const { isMobile, setOpenMobile } = useSidebar();
-  const navigateToNewTask = useCreateTaskAndNavigate();
+  const navigateToAgentThread = useNavigateToAgentThread(org);
   const pathname = useRouterState({ select: (s) => s.location.pathname });
   const isActive = pathname.startsWith(`/${org}/${agent.id}`);
   const [buttonRect, setButtonRect] = useState<DOMRect | null>(null);
@@ -132,9 +189,14 @@ function AgentListItem({
           <SidebarMenuButton
             tooltip={buttonRect ? undefined : agent.title}
             isActive={isActive}
-            onClick={() => {
-              navigateToNewTask(agent.id);
+            onClick={async () => {
               if (isMobile) setOpenMobile(false);
+              const { resumed } = await navigateToAgentThread(agent.id);
+              track("sidebar_agent_pin_clicked", {
+                agent_id: agent.id,
+                agent_title: agent.title,
+                resumed,
+              });
             }}
             onMouseEnter={handleIconMouseEnter}
             onMouseLeave={handleIconMouseLeave}
@@ -285,16 +347,22 @@ function PinAgentPopoverContent({
   onClose,
   onOpenImportDeco,
   onOpenGithubImport,
+  onOpenSelfHealing,
   onOpenDiagnosticsModal,
   onOpenLeanCanvasModal,
   onOpenStudioPackModal,
+  onOpenAiImageModal,
+  onOpenAiResearchModal,
 }: {
   onClose: () => void;
   onOpenImportDeco: () => void;
   onOpenGithubImport: () => void;
+  onOpenSelfHealing: () => void;
   onOpenDiagnosticsModal: () => void;
   onOpenLeanCanvasModal: () => void;
   onOpenStudioPackModal: () => void;
+  onOpenAiImageModal: () => void;
+  onOpenAiResearchModal: () => void;
 }) {
   const [search, setSearch] = useState("");
   const allAgents = useVirtualMCPs();
@@ -306,7 +374,7 @@ function PinAgentPopoverContent({
   });
   const [preferences] = usePreferences();
 
-  const navigateToNewTask = useCreateTaskAndNavigate();
+  const navigateToNewTask = useNavigateToNewTaskWithBranchCarry(org.slug);
   const navigateToAgent = useNavigateToAgent();
 
   const lowerSearch = search.toLowerCase();
@@ -318,7 +386,10 @@ function PinAgentPopoverContent({
   const filteredTemplates = WELL_KNOWN_AGENT_TEMPLATES.filter(
     (t) =>
       (!search || t.title.toLowerCase().includes(lowerSearch)) &&
-      !(t.id === "studio-pack" && studioPackInstalled),
+      !(t.id === "studio-pack" && studioPackInstalled) &&
+      !(
+        t.id === "self-healing-storefront" && !preferences.experimental_vibecode
+      ),
   );
 
   // Find existing recruited Site Diagnostics agent
@@ -345,6 +416,28 @@ function PinAgentPopoverContent({
       )
     : undefined;
 
+  const aiImageTemplate = WELL_KNOWN_AGENT_TEMPLATES.find(
+    (t) => t.id === "ai-image",
+  );
+  const existingAiImage = aiImageTemplate
+    ? allAgents.find(
+        (a) =>
+          (a as { metadata?: { type?: string } }).metadata?.type ===
+          aiImageTemplate.id,
+      )
+    : undefined;
+
+  const aiResearchTemplate = WELL_KNOWN_AGENT_TEMPLATES.find(
+    (t) => t.id === "ai-research",
+  );
+  const existingAiResearch = aiResearchTemplate
+    ? allAgents.find(
+        (a) =>
+          (a as { metadata?: { type?: string } }).metadata?.type ===
+          aiResearchTemplate.id,
+      )
+    : undefined;
+
   const handleSelect = (agent: VirtualMCPEntity) => {
     if (!isPinned(agent.id)) {
       pin(agent.id);
@@ -357,7 +450,9 @@ function PinAgentPopoverContent({
   const handleTemplateClick = (templateId: string) => {
     onClose();
     setSearch("");
-    if (templateId === "site-editor") {
+    if (templateId === "self-healing-storefront") {
+      onOpenSelfHealing();
+    } else if (templateId === "site-editor") {
       onOpenImportDeco();
     } else if (templateId === "site-diagnostics") {
       if (existingDiagnostics) {
@@ -371,6 +466,18 @@ function PinAgentPopoverContent({
       } else {
         onOpenLeanCanvasModal();
       }
+    } else if (templateId === "ai-image") {
+      if (existingAiImage) {
+        navigateToAgent(existingAiImage.id);
+      } else {
+        onOpenAiImageModal();
+      }
+    } else if (templateId === "ai-research") {
+      if (existingAiResearch) {
+        navigateToAgent(existingAiResearch.id);
+      } else {
+        onOpenAiResearchModal();
+      }
     } else if (templateId === "studio-pack") {
       onOpenStudioPackModal();
     } else {
@@ -401,6 +508,7 @@ function PinAgentPopoverContent({
             type="button"
             disabled={isCreating}
             onClick={async () => {
+              track("agent_create_new_clicked", { source: "browse_popover" });
               await createVirtualMCP();
               onClose();
             }}
@@ -414,30 +522,11 @@ function PinAgentPopoverContent({
             </span>
           </button>
 
-          <button
-            type="button"
-            onClick={() => {
-              onOpenImportDeco();
-              onClose();
-            }}
-            className="flex flex-col items-center gap-2 p-3 rounded-xl transition-colors hover:bg-accent cursor-pointer group"
-          >
-            <div className="w-12 h-12 rounded-xl border-2 border-border flex items-center justify-center shrink-0 transition-transform group-hover:scale-105">
-              <img
-                src="/logos/deco%20logo.svg"
-                alt="deco.cx"
-                className="size-5"
-              />
-            </div>
-            <span className="text-xs leading-tight text-center text-muted-foreground group-hover:text-foreground">
-              Import deco.cx
-            </span>
-          </button>
-
           {preferences.experimental_vibecode && (
             <button
               type="button"
               onClick={() => {
+                track("agent_import_clicked", { source: "github" });
                 onOpenGithubImport();
                 onClose();
               }}
@@ -474,7 +563,13 @@ function PinAgentPopoverContent({
                 <button
                   key={template.id}
                   type="button"
-                  onClick={() => handleTemplateClick(template.id)}
+                  onClick={() => {
+                    track("agent_template_clicked", {
+                      template_id: template.id,
+                      template_title: template.title,
+                    });
+                    handleTemplateClick(template.id);
+                  }}
                   className="flex flex-col items-center gap-2 p-3 rounded-xl transition-colors hover:bg-accent cursor-pointer group disabled:opacity-50 disabled:cursor-not-allowed"
                 >
                   <AgentAvatar
@@ -520,9 +615,12 @@ function PinAgentPopover() {
   const [open, setOpen] = useState(false);
   const [importDecoOpen, setImportDecoOpen] = useState(false);
   const [githubPickerOpen, setGithubPickerOpen] = useState(false);
+  const [selfHealingOpen, setSelfHealingOpen] = useState(false);
   const [diagnosticsModalOpen, setDiagnosticsModalOpen] = useState(false);
   const [leanCanvasModalOpen, setLeanCanvasModalOpen] = useState(false);
   const [studioPackModalOpen, setStudioPackModalOpen] = useState(false);
+  const [aiImageModalOpen, setAiImageModalOpen] = useState(false);
+  const [aiResearchModalOpen, setAiResearchModalOpen] = useState(false);
   const isMobile = useIsMobile();
   const { setOpenMobile } = useSidebar();
 
@@ -546,9 +644,15 @@ function PinAgentPopover() {
           setGithubPickerOpen(true);
           handleClose();
         }}
+        onOpenSelfHealing={() => {
+          setSelfHealingOpen(true);
+          handleClose();
+        }}
         onOpenDiagnosticsModal={() => setDiagnosticsModalOpen(true)}
         onOpenLeanCanvasModal={() => setLeanCanvasModalOpen(true)}
         onOpenStudioPackModal={() => setStudioPackModalOpen(true)}
+        onOpenAiImageModal={() => setAiImageModalOpen(true)}
+        onOpenAiResearchModal={() => setAiResearchModalOpen(true)}
       />
     </Suspense>
   );
@@ -561,7 +665,10 @@ function PinAgentPopover() {
             <SidebarMenuButton
               tooltip="Browse agents"
               className="bg-muted/75 hover:bg-sidebar-accent"
-              onClick={() => setOpen(true)}
+              onClick={() => {
+                track("agent_browser_opened", { surface: "mobile_drawer" });
+                setOpen(true);
+              }}
             >
               <Plus className="!opacity-100" />
             </SidebarMenuButton>
@@ -574,7 +681,15 @@ function PinAgentPopover() {
           </Drawer>
         </>
       ) : (
-        <Popover open={open} onOpenChange={setOpen}>
+        <Popover
+          open={open}
+          onOpenChange={(next) => {
+            if (next && !open) {
+              track("agent_browser_opened", { surface: "desktop_popover" });
+            }
+            setOpen(next);
+          }}
+        >
           <SidebarMenuItem>
             <PopoverTrigger asChild>
               <SidebarMenuButton
@@ -602,6 +717,10 @@ function PinAgentPopover() {
         open={githubPickerOpen}
         onOpenChange={setGithubPickerOpen}
       />
+      <SelfHealingRepoFlow
+        open={selfHealingOpen}
+        onOpenChange={setSelfHealingOpen}
+      />
       <SiteDiagnosticsRecruitModal
         open={diagnosticsModalOpen}
         onOpenChange={setDiagnosticsModalOpen}
@@ -614,6 +733,14 @@ function PinAgentPopover() {
         open={studioPackModalOpen}
         onOpenChange={setStudioPackModalOpen}
       />
+      <AiImageRecruitModal
+        open={aiImageModalOpen}
+        onOpenChange={setAiImageModalOpen}
+      />
+      <AiResearchRecruitModal
+        open={aiResearchModalOpen}
+        onOpenChange={setAiResearchModalOpen}
+      />
     </>
   );
 }
diff --git a/apps/mesh/src/web/components/sidebar/footer/inbox.tsx b/apps/mesh/src/web/components/sidebar/footer/inbox.tsx
index c7a80e5927..6aedee3c7f 100644
--- a/apps/mesh/src/web/components/sidebar/footer/inbox.tsx
+++ b/apps/mesh/src/web/components/sidebar/footer/inbox.tsx
@@ -35,6 +35,7 @@ import {
 import { useAiProviderKeys } from "@/web/hooks/collections/use-ai-providers";
 import { useNavigate } from "@tanstack/react-router";
 import { AddConnectionDialog } from "@/web/views/virtual-mcp/add-connection-dialog";
+import { track } from "@/web/lib/posthog-client";
 
 interface Invitation {
   id: string;
@@ -61,11 +62,13 @@ function InvitationItem({ invitation }: { invitation: Invitation }) {
         toast.error(result.error.message);
         setIsAccepting(false);
       } else {
-        const setActiveResult = await authClient.organization.setActive({
-          organizationId: invitation.organizationId,
+        // Fetch org slug for redirect without mutating the session's active
+        // org (avoids cross-tab leak — see shell-layout.tsx).
+        const orgResult = await authClient.organization.getFullOrganization({
+          query: { organizationId: invitation.organizationId },
         });
         toast.success("Invitation accepted!");
-        const slug = setActiveResult?.data?.slug;
+        const slug = orgResult?.data?.slug;
         window.location.href = slug ? `/${slug}` : "/";
       }
     } catch {
@@ -174,6 +177,7 @@ function CreditChip() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const { data, isPending, isError } = useMCPToolCallQuery<
@@ -234,7 +238,13 @@ function ConnectionsButton() {
         <SidebarMenuItem>
           <SidebarMenuButton
             tooltip="Connections"
-            onClick={() => setOpen(true)}
+            onClick={() => {
+              track("connections_dialog_opened", {
+                source: "sidebar_footer",
+                mode: "browse",
+              });
+              setOpen(true);
+            }}
           >
             <ZapSquare size={24} />
           </SidebarMenuButton>
diff --git a/apps/mesh/src/web/components/sidebar/navigation.tsx b/apps/mesh/src/web/components/sidebar/navigation.tsx
index 3f89e10bf0..eda8dd174e 100644
--- a/apps/mesh/src/web/components/sidebar/navigation.tsx
+++ b/apps/mesh/src/web/components/sidebar/navigation.tsx
@@ -16,6 +16,7 @@ import { Suspense, type ReactNode } from "react";
 import type { NavigationSidebarItem, SidebarSection } from "./types";
 import { SidebarCollapsibleGroup } from "./sidebar-group";
 import { DEFAULT_LOGO, usePublicConfig } from "@/web/hooks/use-public-config";
+import { track } from "@/web/lib/posthog-client";
 
 function SidebarLogoHeader() {
   const config = usePublicConfig();
@@ -55,6 +56,12 @@ function SidebarNavigationItem({ item }: { item: NavigationSidebarItem }) {
   const { isMobile, setOpenMobile } = useSidebar();
 
   const handleClick = () => {
+    track("nav_item_clicked", {
+      nav_key: item.key,
+      nav_label: item.label,
+      is_active: !!item.isActive,
+      is_mobile: isMobile,
+    });
     item.onClick?.();
     if (isMobile) setOpenMobile(false);
   };
diff --git a/apps/mesh/src/web/components/sso-required-screen.tsx b/apps/mesh/src/web/components/sso-required-screen.tsx
index dd7269ed99..e059e4be0b 100644
--- a/apps/mesh/src/web/components/sso-required-screen.tsx
+++ b/apps/mesh/src/web/components/sso-required-screen.tsx
@@ -3,17 +3,18 @@ import { Lock01 } from "@untitledui/icons";
 
 export interface SsoRequiredScreenProps {
   orgId: string;
+  orgSlug: string;
   orgName?: string;
   domain?: string;
 }
 
 export function SsoRequiredScreen({
-  orgId,
+  orgSlug,
   orgName,
   domain,
 }: SsoRequiredScreenProps) {
   const handleSsoLogin = () => {
-    window.location.href = `/api/org-sso/authorize?orgId=${encodeURIComponent(orgId)}`;
+    window.location.href = `/api/${encodeURIComponent(orgSlug)}/sso/authorize`;
   };
 
   const handleGoBack = () => {
diff --git a/apps/mesh/src/web/components/thread/github/branch-picker.tsx b/apps/mesh/src/web/components/thread/github/branch-picker.tsx
new file mode 100644
index 0000000000..30af89a3a2
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/branch-picker.tsx
@@ -0,0 +1,151 @@
+import { useState } from "react";
+import type { VmMap } from "@decocms/mesh-sdk";
+import { Button } from "@deco/ui/components/button.tsx";
+import {
+  Command,
+  CommandEmpty,
+  CommandGroup,
+  CommandInput,
+  CommandItem,
+  CommandList,
+  CommandSeparator,
+} from "@deco/ui/components/command.tsx";
+import {
+  Popover,
+  PopoverContent,
+  PopoverTrigger,
+} from "@deco/ui/components/popover.tsx";
+import { GitBranch01 } from "@untitledui/icons";
+import { generateBranchName } from "@/shared/branch-name";
+import { useBranches } from "./use-branches";
+
+interface Props {
+  orgId: string;
+  orgSlug: string;
+  userId: string;
+  connectionId: string;
+  owner: string;
+  repo: string;
+  vmMap: VmMap | undefined;
+  value: string | null | undefined;
+  onChange: (branch: string) => void;
+}
+
+/**
+ * Grouped branch picker: "Your branches" (from vmMap) + "Other branches in
+ * repo" (from github-mcp-server.list_branches).
+ */
+export function BranchPicker({
+  orgId,
+  orgSlug,
+  userId,
+  connectionId,
+  owner,
+  repo,
+  vmMap,
+  value,
+  onChange,
+}: Props) {
+  const [open, setOpen] = useState(false);
+
+  const { yours, others, isLoading, isError } = useBranches({
+    orgId,
+    orgSlug,
+    userId,
+    connectionId,
+    vmMap,
+    owner,
+    repo,
+    enabled: open,
+  });
+
+  const pick = (name: string) => {
+    onChange(name);
+    setOpen(false);
+  };
+
+  const label = value ?? "Select branch…";
+
+  return (
+    <Popover open={open} onOpenChange={setOpen}>
+      <PopoverTrigger asChild>
+        <Button
+          variant="outline"
+          size="sm"
+          className="h-7 gap-1.5 px-2 font-mono text-xs"
+        >
+          <GitBranch01 className="h-3.5 w-3.5" />
+          <span className="max-w-[200px] truncate">{label}</span>
+        </Button>
+      </PopoverTrigger>
+      <PopoverContent
+        className="w-[min(420px,calc(100vw-2rem))] p-0"
+        align="start"
+      >
+        <Command>
+          <div className="flex items-center border-b pr-2 [&>[data-slot=command-input-wrapper]]:flex-1 [&>[data-slot=command-input-wrapper]]:border-b-0">
+            <CommandInput placeholder="Search branches…" />
+            <Button
+              variant="outline"
+              size="sm"
+              className="h-7 shrink-0"
+              onClick={() => pick(generateBranchName())}
+            >
+              New
+            </Button>
+          </div>
+          <CommandList>
+            {isError && (
+              <div className="p-3 text-xs text-muted-foreground">
+                Couldn't load branches from GitHub. You can still pick from your
+                branches.
+              </div>
+            )}
+            {!isError &&
+              !isLoading &&
+              yours.length === 0 &&
+              others.length === 0 && (
+                <CommandEmpty>No branches found.</CommandEmpty>
+              )}
+            {yours.length > 0 && (
+              <CommandGroup heading="Your branches">
+                {yours.map((b) => (
+                  <CommandItem
+                    key={b.name}
+                    value={b.name}
+                    onSelect={() => pick(b.name)}
+                  >
+                    <GitBranch01 className="mr-2 h-4 w-4" />
+                    <span className="flex-1 truncate">{b.name}</span>
+                  </CommandItem>
+                ))}
+              </CommandGroup>
+            )}
+            {others.length > 0 && (
+              <>
+                <CommandSeparator />
+                <CommandGroup heading="Other branches in repo">
+                  {others.map((b) => (
+                    <CommandItem
+                      key={b.name}
+                      value={b.name}
+                      onSelect={() => pick(b.name)}
+                    >
+                      <GitBranch01 className="mr-2 h-4 w-4" />
+                      <span className="flex-1 truncate">{b.name}</span>
+                      {b.author && (
+                        <span className="text-xs text-muted-foreground">
+                          @{b.author}
+                        </span>
+                      )}
+                    </CommandItem>
+                  ))}
+                </CommandGroup>
+              </>
+            )}
+          </CommandList>
+        </Command>
+      </PopoverContent>
+    </Popover>
+  );
+}
diff --git a/apps/mesh/src/web/components/thread/github/changes-tab.tsx b/apps/mesh/src/web/components/thread/github/changes-tab.tsx
new file mode 100644
index 0000000000..6905d58a1b
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/changes-tab.tsx
@@ -0,0 +1,103 @@
+import { useProjectContext } from "@decocms/mesh-sdk";
+import { LinkExternal01 } from "@untitledui/icons";
+import { usePrFiles, type PrSummary } from "./use-pr-data.ts";
+
+interface Props {
+  pr: PrSummary;
+  connectionId: string;
+  owner: string;
+  repo: string;
+}
+
+/**
+ * Changes sub-tab: file list with additions / deletions per file. No
+ * inline diffs — click a filename to jump to the blob on GitHub (opens
+ * in a new tab).
+ */
+export function ChangesTab({ pr, connectionId, owner, repo }: Props) {
+  const { org } = useProjectContext();
+  const filesQuery = usePrFiles({
+    orgId: org.id,
+    orgSlug: org.slug,
+    connectionId,
+    owner,
+    repo,
+    prNumber: pr.number,
+  });
+
+  if (filesQuery.isLoading) {
+    return <div className="text-sm text-muted-foreground">Loading files…</div>;
+  }
+
+  if (filesQuery.isError) {
+    return (
+      <div className="text-sm text-destructive">Couldn't load file list.</div>
+    );
+  }
+
+  const files = filesQuery.data ?? [];
+
+  if (files.length === 0) {
+    return (
+      <div className="text-sm text-muted-foreground">No files changed.</div>
+    );
+  }
+
+  return (
+    <div className="flex flex-col gap-1">
+      <div className="pb-2 text-xs text-muted-foreground">
+        {files.length} file{files.length === 1 ? "" : "s"} changed ·{" "}
+        <a
+          href={`${pr.htmlUrl}/files`}
+          target="_blank"
+          rel="noreferrer"
+          className="underline hover:text-foreground"
+        >
+          View diffs on GitHub
+        </a>
+      </div>
+      <ul className="space-y-0.5">
+        {files.map((f) => (
+          <li key={f.filename}>
+            <a
+              href={f.blobUrl ?? `${pr.htmlUrl}/files`}
+              target="_blank"
+              rel="noreferrer"
+              className="flex items-center justify-between rounded px-2 py-1 font-mono text-xs hover:bg-muted"
+            >
+              <span className="flex min-w-0 items-center gap-2">
+                <StatusBadge status={f.status} />
+                <span className="truncate">{f.filename}</span>
+              </span>
+              <span className="flex shrink-0 items-center gap-2 tabular-nums">
+                <span>
+                  <span className="text-success">+{f.additions}</span>{" "}
+                  <span className="text-destructive">−{f.deletions}</span>
+                </span>
+                <LinkExternal01 className="h-3 w-3 text-muted-foreground" />
+              </span>
+            </a>
+          </li>
+        ))}
+      </ul>
+    </div>
+  );
+}
+
+function StatusBadge({ status }: { status: string }) {
+  const letter =
+    status === "added"
+      ? "A"
+      : status === "removed"
+        ? "D"
+        : status === "renamed"
+          ? "R"
+          : status === "copied"
+            ? "C"
+            : "M";
+  return (
+    <span className="inline-flex h-4 w-4 items-center justify-center rounded bg-muted text-[10px] font-bold text-muted-foreground">
+      {letter}
+    </span>
+  );
+}
diff --git a/apps/mesh/src/web/components/thread/github/checks-tab.tsx b/apps/mesh/src/web/components/thread/github/checks-tab.tsx
new file mode 100644
index 0000000000..b99bddc5aa
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/checks-tab.tsx
@@ -0,0 +1,145 @@
+import { useProjectContext } from "@decocms/mesh-sdk";
+import { Button } from "@deco/ui/components/button.tsx";
+import { LinkExternal01 } from "@untitledui/icons";
+import { useChatBridge } from "../../chat/chat-context.tsx";
+import * as tpl from "./message-templates.ts";
+import { useChecks, type CheckRun, type PrSummary } from "./use-pr-data.ts";
+
+interface Props {
+  pr: PrSummary;
+  connectionId: string;
+  owner: string;
+  repo: string;
+}
+
+/**
+ * Checks sub-tab: list of CI runs for the PR head SHA. Each row shows
+ * the run name, status/conclusion, duration, a link to the provider's
+ * run page, and a Re-run button that sends a templated chat message.
+ */
+export function ChecksTab({ pr, connectionId, owner, repo }: Props) {
+  const { org } = useProjectContext();
+  const chat = useChatBridge();
+
+  const checksQuery = useChecks({
+    orgId: org.id,
+    orgSlug: org.slug,
+    connectionId,
+    owner,
+    repo,
+    prNumber: pr.number,
+  });
+
+  const rerun = (name: string) =>
+    chat.sendMessage({
+      parts: [
+        {
+          type: "text",
+          text: tpl.rerunCheck({ prNumber: pr.number, checkName: name }),
+        },
+      ],
+    });
+
+  if (checksQuery.isLoading) {
+    return <div className="text-sm text-muted-foreground">Loading checks…</div>;
+  }
+
+  if (checksQuery.isError) {
+    return (
+      <div className="text-sm text-destructive">Couldn't load check runs.</div>
+    );
+  }
+
+  const checks = checksQuery.data ?? [];
+
+  if (checks.length === 0) {
+    return (
+      <div className="text-sm text-muted-foreground">
+        No check runs on the PR head commit.
+      </div>
+    );
+  }
+
+  return (
+    <ul className="flex flex-col gap-0.5">
+      {checks.map((c) => (
+        <li
+          key={c.id}
+          className="flex items-center justify-between gap-2 rounded px-2 py-1.5 text-sm hover:bg-muted"
+        >
+          <span className="flex min-w-0 items-center gap-2">
+            <StatusIcon check={c} />
+            <span className="truncate">{c.name}</span>
+            {c.durationMs != null && (
+              <span className="text-xs text-muted-foreground">
+                {formatDuration(c.durationMs)}
+              </span>
+            )}
+          </span>
+          <span className="flex shrink-0 items-center gap-1">
+            {c.htmlUrl && (
+              <a
+                href={c.htmlUrl}
+                target="_blank"
+                rel="noreferrer"
+                className="inline-flex h-7 items-center justify-center rounded px-2 text-xs text-muted-foreground hover:bg-background"
+                title="View run"
+              >
+                <LinkExternal01 className="h-3.5 w-3.5" />
+              </a>
+            )}
+            {c.conclusion === "failure" && (
+              <Button
+                size="sm"
+                variant="ghost"
+                disabled={chat.isStreaming}
+                onClick={() => rerun(c.name)}
+              >
+                Re-run
+              </Button>
+            )}
+          </span>
+        </li>
+      ))}
+    </ul>
+  );
+}
+
+function StatusIcon({ check }: { check: CheckRun }) {
+  if (check.status !== "completed") {
+    return (
+      <span className="text-muted-foreground" aria-label="In progress">
+        ○
+      </span>
+    );
+  }
+  if (check.conclusion === "success") {
+    return (
+      <span className="text-success" aria-label="Success">
+        ✓
+      </span>
+    );
+  }
+  if (check.conclusion === "failure") {
+    return (
+      <span className="text-destructive" aria-label="Failure">
+        ✗
+      </span>
+    );
+  }
+  return (
+    <span
+      className="text-muted-foreground"
+      aria-label={check.conclusion ?? "—"}
+    >
+      —
+    </span>
+  );
+}
+
+function formatDuration(ms: number): string {
+  const s = Math.round(ms / 1000);
+  if (s < 60) return `${s}s`;
+  const m = Math.round(s / 60);
+  return `${m}m`;
+}
diff --git a/apps/mesh/src/web/components/thread/github/comments-accordion.tsx b/apps/mesh/src/web/components/thread/github/comments-accordion.tsx
new file mode 100644
index 0000000000..9cdbf63cda
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/comments-accordion.tsx
@@ -0,0 +1,64 @@
+import {
+  Accordion,
+  AccordionContent,
+  AccordionItem,
+  AccordionTrigger,
+} from "@deco/ui/components/accordion.tsx";
+import { MemoizedMarkdown } from "../../chat/markdown.tsx";
+import { decodeHtmlEntities } from "./decode-html-entities.ts";
+import type { PrComment } from "./use-pr-data.ts";
+
+interface Props {
+  comments: PrComment[];
+  isLoading: boolean;
+  isError: boolean;
+}
+
+/**
+ * Collapsible panel listing issue-level PR comments. Collapsed by default;
+ * opens on click. Renders author, relative timestamp, and body (markdown).
+ *
+ * Hidden when loading / error / empty — the Description tab shouldn't
+ * show an empty "0 comments" accordion.
+ */
+export function CommentsAccordion({ comments, isLoading, isError }: Props) {
+  if (isLoading || isError) return null;
+  if (!comments || comments.length === 0) return null;
+
+  return (
+    <Accordion type="single" collapsible className="border-t border-border">
+      <AccordionItem value="comments" className="border-b-0">
+        <AccordionTrigger className="py-3 text-sm font-medium">
+          {comments.length} comment{comments.length === 1 ? "" : "s"}
+        </AccordionTrigger>
+        <AccordionContent className="space-y-3 pb-3">
+          {comments.map((c) => (
+            <div key={c.id} className="rounded-md border border-border p-3">
+              <div className="mb-1 text-xs text-muted-foreground">
+                @{c.author} · {formatRelative(c.createdAt)}
+              </div>
+              <MemoizedMarkdown
+                id={`pr-comment-${c.id}`}
+                text={decodeHtmlEntities(c.body)}
+              />
+            </div>
+          ))}
+        </AccordionContent>
+      </AccordionItem>
+    </Accordion>
+  );
+}
+
+function formatRelative(iso: string): string {
+  if (!iso) return "";
+  const when = new Date(iso).getTime();
+  if (!Number.isFinite(when)) return "";
+  const diff = Date.now() - when;
+  if (diff < 0) return "just now";
+  const days = Math.floor(diff / 86_400_000);
+  if (days > 0) return `${days}d ago`;
+  const hours = Math.floor(diff / 3_600_000);
+  if (hours > 0) return `${hours}h ago`;
+  const mins = Math.floor(diff / 60_000);
+  return `${Math.max(1, mins)}m ago`;
+}
diff --git a/apps/mesh/src/web/components/thread/github/decode-html-entities.test.ts b/apps/mesh/src/web/components/thread/github/decode-html-entities.test.ts
new file mode 100644
index 0000000000..f11f1f9978
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/decode-html-entities.test.ts
@@ -0,0 +1,36 @@
+import { describe, expect, test } from "bun:test";
+import { decodeHtmlEntities } from "./decode-html-entities";
+
+describe("decodeHtmlEntities", () => {
+  test("passes through plain text unchanged", () => {
+    expect(decodeHtmlEntities("hello world")).toBe("hello world");
+  });
+
+  test("decodes numeric entities like &#34;", () => {
+    expect(decodeHtmlEntities("say &#34;hi&#34;")).toBe('say "hi"');
+  });
+
+  test("decodes hex numeric entities like &#x27;", () => {
+    expect(decodeHtmlEntities("it&#x27;s")).toBe("it's");
+  });
+
+  test("decodes named entities &amp; &lt; &gt; &quot; &#39;", () => {
+    expect(
+      decodeHtmlEntities("A &amp; B &lt; C &gt; D &quot;E&quot; &#39;F&#39;"),
+    ).toBe("A & B < C > D \"E\" 'F'");
+  });
+
+  test("is safe on null/empty input", () => {
+    expect(decodeHtmlEntities("")).toBe("");
+    expect(decodeHtmlEntities(null)).toBe("");
+    expect(decodeHtmlEntities(undefined)).toBe("");
+  });
+
+  test("real-world PR title from GitHub API", () => {
+    expect(
+      decodeHtmlEntities(
+        "feat: change Hero title to &#34;Hello VTEX DAY 2026&#34;",
+      ),
+    ).toBe('feat: change Hero title to "Hello VTEX DAY 2026"');
+  });
+});
diff --git a/apps/mesh/src/web/components/thread/github/decode-html-entities.ts b/apps/mesh/src/web/components/thread/github/decode-html-entities.ts
new file mode 100644
index 0000000000..b8fe50ba8a
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/decode-html-entities.ts
@@ -0,0 +1,33 @@
+/**
+ * Decodes a narrow, static set of HTML entities we see in GitHub API
+ * responses (titles/bodies that were HTML-escaped by something upstream).
+ *
+ * Intentionally NOT a full HTML parser — we just want literal `&#34;` to
+ * render as `"` in the PR panel, with no DOM dependency so the util is
+ * testable under bun:test.
+ */
+const NAMED: Record<string, string> = {
+  amp: "&",
+  lt: "<",
+  gt: ">",
+  quot: '"',
+  apos: "'",
+  nbsp: "\u00a0",
+};
+
+export function decodeHtmlEntities(input: string | null | undefined): string {
+  if (!input) return "";
+  return input.replace(/&(#x?[0-9a-fA-F]+|[a-zA-Z]+);/g, (match, body) => {
+    if (body.startsWith("#x") || body.startsWith("#X")) {
+      const cp = Number.parseInt(body.slice(2), 16);
+      if (!Number.isFinite(cp)) return match;
+      return String.fromCodePoint(cp);
+    }
+    if (body.startsWith("#")) {
+      const cp = Number.parseInt(body.slice(1), 10);
+      if (!Number.isFinite(cp)) return match;
+      return String.fromCodePoint(cp);
+    }
+    return NAMED[body] ?? match;
+  });
+}
diff --git a/apps/mesh/src/web/components/thread/github/description-tab.tsx b/apps/mesh/src/web/components/thread/github/description-tab.tsx
new file mode 100644
index 0000000000..1fac0d2966
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/description-tab.tsx
@@ -0,0 +1,46 @@
+import { useProjectContext } from "@decocms/mesh-sdk";
+import { MemoizedMarkdown } from "../../chat/markdown.tsx";
+import { CommentsAccordion } from "./comments-accordion.tsx";
+import { decodeHtmlEntities } from "./decode-html-entities.ts";
+import { usePrComments, type PrSummary } from "./use-pr-data.ts";
+
+interface Props {
+  pr: PrSummary;
+  connectionId: string;
+  owner: string;
+  repo: string;
+}
+
+/**
+ * Description sub-tab: PR title + body (markdown with entity decode) +
+ * collapsible comments accordion.
+ */
+export function DescriptionTab({ pr, connectionId, owner, repo }: Props) {
+  const { org } = useProjectContext();
+  const commentsQuery = usePrComments({
+    orgId: org.id,
+    orgSlug: org.slug,
+    connectionId,
+    owner,
+    repo,
+    prNumber: pr.number,
+  });
+
+  return (
+    <div className="space-y-8">
+      {pr.body && (
+        <div className="text-sm">
+          <MemoizedMarkdown
+            id={`pr-body-${pr.number}`}
+            text={decodeHtmlEntities(pr.body)}
+          />
+        </div>
+      )}
+      <CommentsAccordion
+        comments={commentsQuery.data ?? []}
+        isLoading={commentsQuery.isLoading}
+        isError={commentsQuery.isError}
+      />
+    </div>
+  );
+}
diff --git a/apps/mesh/src/web/components/thread/github/extract-tool-json.test.ts b/apps/mesh/src/web/components/thread/github/extract-tool-json.test.ts
new file mode 100644
index 0000000000..653d1032cb
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/extract-tool-json.test.ts
@@ -0,0 +1,38 @@
+import { describe, expect, test } from "bun:test";
+import { extractToolJson } from "./extract-tool-json";
+
+describe("extractToolJson", () => {
+  test("returns null for null/undefined input", () => {
+    expect(extractToolJson(null)).toBeNull();
+    expect(extractToolJson(undefined)).toBeNull();
+  });
+
+  test("reads parsed value from structuredContent when present", () => {
+    const r = { structuredContent: { a: 1 } };
+    expect(extractToolJson<{ a: number }>(r)).toEqual({ a: 1 });
+  });
+
+  test("parses JSON from content[0].text when structuredContent is absent", () => {
+    const r = { content: [{ type: "text", text: '{"a":2}' }] };
+    expect(extractToolJson<{ a: number }>(r)).toEqual({ a: 2 });
+  });
+
+  test("returns null when content[0].text is not valid JSON", () => {
+    const r = { content: [{ type: "text", text: "not json" }] };
+    expect(extractToolJson(r)).toBeNull();
+  });
+
+  test("returns null when result is an object without either field", () => {
+    expect(extractToolJson({ foo: "bar" })).toBeNull();
+  });
+
+  test("structuredContent wins over content[0].text when both present", () => {
+    const r = {
+      structuredContent: { from: "structured" },
+      content: [{ type: "text", text: '{"from":"text"}' }],
+    };
+    expect(extractToolJson<{ from: string }>(r)).toEqual({
+      from: "structured",
+    });
+  });
+});
diff --git a/apps/mesh/src/web/components/thread/github/extract-tool-json.ts b/apps/mesh/src/web/components/thread/github/extract-tool-json.ts
new file mode 100644
index 0000000000..e8dae9097b
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/extract-tool-json.ts
@@ -0,0 +1,28 @@
+/**
+ * Normalizes the two shapes github-mcp-server returns tool results in:
+ *   - `structuredContent: T` (parsed JSON, preferred)
+ *   - `content: [{ type: "text", text: "<stringified JSON>" }]` (fallback)
+ *
+ * Returns null when the result is missing, the text is not valid JSON, or
+ * the input is null/undefined. Callers are expected to type-assert the
+ * generic `T`; no runtime schema validation happens here.
+ */
+type ToolResultLike = {
+  structuredContent?: unknown;
+  content?: Array<{ type?: string; text?: string }>;
+};
+
+export function extractToolJson<T>(r: unknown): T | null {
+  if (!r || typeof r !== "object") return null;
+  const result = r as ToolResultLike;
+  if (result.structuredContent !== undefined) {
+    return result.structuredContent as T;
+  }
+  const textPart = result.content?.find((c) => c.type === "text")?.text;
+  if (!textPart) return null;
+  try {
+    return JSON.parse(textPart) as T;
+  } catch {
+    return null;
+  }
+}
diff --git a/apps/mesh/src/web/components/thread/github/git-tab.tsx b/apps/mesh/src/web/components/thread/github/git-tab.tsx
new file mode 100644
index 0000000000..57def57749
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/git-tab.tsx
@@ -0,0 +1,224 @@
+/**
+ * GitTab — PR management panel for GitHub-linked virtualmcps.
+ *
+ * Replaces the "Instructions" tab when the vm has metadata.githubRepo set.
+ * Renders one of four states based on the branch's PR status:
+ *   A) No commits / no branch selected — empty-state with hint
+ *   B) Commits exist, no PR — "Create PR" CTA
+ *   C) PR open — title, body, external link, Merge button
+ *   D) PR merged/closed — read-only summary
+ *
+ * All action buttons call `sendMessage` with a natural-language prompt from
+ * message-templates.ts. The LLM executes the action via its GitHub tools.
+ */
+
+import { useProjectContext, useVirtualMCP } from "@decocms/mesh-sdk";
+import { Button } from "@deco/ui/components/button.tsx";
+import { GitBranch01, LinkExternal01 } from "@untitledui/icons";
+import { MemoizedMarkdown } from "../../chat/markdown.tsx";
+import { useChatTask } from "../../chat/index";
+import { decodeHtmlEntities } from "./decode-html-entities.ts";
+import { PrSubTabs } from "./pr-sub-tabs.tsx";
+import { usePrByBranch, type PrSummary } from "./use-pr-data.ts";
+
+/**
+ * Minimal PR-number header shown at the top of the git panel whenever a
+ * PR exists (open, closed, or merged). Click opens the PR on GitHub.
+ */
+function PrHeader({ pr }: { pr: PrSummary }) {
+  return (
+    <div className="flex h-12 items-center border-b border-border px-4 shrink-0">
+      <a
+        href={pr.htmlUrl}
+        target="_blank"
+        rel="noreferrer"
+        aria-label={`Open PR #${pr.number} on GitHub`}
+        className="inline-flex items-center gap-1.5 text-base font-medium text-foreground hover:underline"
+      >
+        PR #{pr.number}
+        <LinkExternal01 className="h-4 w-4 text-muted-foreground" />
+      </a>
+    </div>
+  );
+}
+
+/**
+ * State C header block: small PR-number link, title, author · base ← head.
+ * Replaces the full-width PrHeader bar in the open-PR view.
+ */
+function PrOverview({ pr }: { pr: PrSummary }) {
+  return (
+    <div className="space-y-2">
+      <h1 className="text-2xl font-semibold">{decodeHtmlEntities(pr.title)}</h1>
+      <div className="text-sm text-muted-foreground">
+        <a
+          href={pr.htmlUrl}
+          target="_blank"
+          rel="noreferrer"
+          aria-label={`Open PR #${pr.number} on GitHub`}
+          className="inline-flex items-center gap-1 hover:text-foreground"
+        >
+          PR #{pr.number}
+          <LinkExternal01 className="h-3.5 w-3.5" />
+        </a>
+        {" · "}
+        {pr.author && <>@{pr.author} · </>}
+        <span className="font-mono text-xs">{pr.base}</span>
+        {" ← "}
+        <span className="font-mono text-xs">{pr.head}</span>
+      </div>
+    </div>
+  );
+}
+
+export function GitTab({ virtualMcpId }: { virtualMcpId: string }) {
+  const { org } = useProjectContext();
+  const vm = useVirtualMCP(virtualMcpId);
+  const { currentBranch: branch } = useChatTask();
+
+  const githubRepo = vm?.metadata?.githubRepo ?? null;
+
+  if (!githubRepo?.connectionId) {
+    return (
+      <div className="flex h-full items-center justify-center p-8 text-sm text-muted-foreground">
+        This virtualmcp is not linked to a GitHub repository.
+      </div>
+    );
+  }
+
+  if (!branch) {
+    return (
+      <div className="flex h-full flex-col items-center justify-center gap-3 p-8 text-sm">
+        <GitBranch01 className="h-6 w-6 text-muted-foreground" />
+        <div className="text-muted-foreground">No branch selected.</div>
+        <div className="text-xs text-muted-foreground">
+          Pick a branch from the dropdown in the header to see PR status.
+        </div>
+      </div>
+    );
+  }
+
+  return (
+    <GitTabContent
+      orgId={org.id}
+      orgSlug={org.slug}
+      connectionId={githubRepo.connectionId}
+      owner={githubRepo.owner}
+      repo={githubRepo.name}
+      branch={branch}
+    />
+  );
+}
+
+interface ContentProps {
+  orgId: string;
+  orgSlug: string;
+  connectionId: string;
+  owner: string;
+  repo: string;
+  branch: string;
+}
+
+function GitTabContent(props: ContentProps) {
+  const { orgId, orgSlug, connectionId, owner, repo, branch } = props;
+
+  const {
+    data: pr,
+    isLoading,
+    isError,
+  } = usePrByBranch({
+    orgId,
+    orgSlug,
+    connectionId,
+    owner,
+    repo,
+    branch,
+  });
+
+  const openExt = (url: string) => {
+    window.open(url, "_blank", "noopener,noreferrer");
+  };
+
+  if (isLoading) {
+    return (
+      <div className="p-4 text-sm text-muted-foreground">Loading PR state…</div>
+    );
+  }
+
+  if (isError) {
+    return (
+      <div className="p-4 text-sm text-destructive">
+        Couldn't load PR state. The GitHub connection may be broken.
+      </div>
+    );
+  }
+
+  const branchUrl = `https://github.com/${owner}/${repo}/tree/${branch}`;
+
+  // State D: merged / closed
+  if (pr && pr.state === "closed") {
+    return (
+      <div className="flex min-h-0 flex-1 flex-col">
+        <PrHeader pr={pr} />
+        <div className="flex flex-col gap-4 p-4 overflow-auto">
+          <div className="text-sm text-success">
+            {pr.merged ? "✓ Merged" : "✗ Closed"} into {pr.base}
+            {pr.mergedAt && (
+              <> · {new Date(pr.mergedAt).toLocaleDateString()}</>
+            )}
+            {pr.author && <> · by @{pr.author}</>}
+          </div>
+          <h1 className="text-lg font-semibold">
+            {decodeHtmlEntities(pr.title)}
+          </h1>
+          {pr.body && (
+            <div className="rounded-md border border-border bg-muted/30 p-3 text-sm">
+              <MemoizedMarkdown
+                id={`pr-body-${pr.number}`}
+                text={decodeHtmlEntities(pr.body)}
+              />
+            </div>
+          )}
+        </div>
+      </div>
+    );
+  }
+
+  // State C: PR open
+  if (pr && pr.state === "open") {
+    return (
+      <div className="flex min-h-0 flex-1 flex-col">
+        <div className="flex-1 overflow-auto">
+          <div className="mx-auto w-full max-w-[1200px] px-4 pt-8 pb-6 md:px-10 md:pt-12 md:pb-10">
+            <PrOverview pr={pr} />
+            <div className="mt-8">
+              <PrSubTabs
+                pr={pr}
+                connectionId={connectionId}
+                owner={owner}
+                repo={repo}
+              />
+            </div>
+          </div>
+        </div>
+      </div>
+    );
+  }
+
+  // State B: No PR yet
+  return (
+    <div className="flex flex-col gap-4 p-4">
+      <div className="rounded-md border border-border bg-muted/30 p-4 text-sm">
+        This branch doesn't have an open pull request. Click "Submit for review"
+        in the header to open one; the agent will draft the title and summary
+        from the current state of the branch.
+      </div>
+      <div className="flex items-center gap-2">
+        <Button size="sm" variant="outline" onClick={() => openExt(branchUrl)}>
+          <LinkExternal01 className="mr-1.5 h-4 w-4" />
+          Open branch on GitHub
+        </Button>
+      </div>
+    </div>
+  );
+}
diff --git a/apps/mesh/src/web/components/thread/github/header-actions.tsx b/apps/mesh/src/web/components/thread/github/header-actions.tsx
new file mode 100644
index 0000000000..cefcbc9ef2
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/header-actions.tsx
@@ -0,0 +1,198 @@
+import { useProjectContext, useVirtualMCP } from "@decocms/mesh-sdk";
+import { Button } from "@deco/ui/components/button.tsx";
+import { Separator } from "@deco/ui/components/separator.tsx";
+import { Spinner } from "@deco/ui/components/spinner.tsx";
+import {
+  Tooltip,
+  TooltipContent,
+  TooltipProvider,
+  TooltipTrigger,
+} from "@deco/ui/components/tooltip.tsx";
+import { useChatBridge } from "../../chat/chat-context.tsx";
+import { useChatTask } from "../../chat/index";
+import { MergeSplitButton } from "./merge-split-button.tsx";
+import { selectHeaderButton, type HeaderButton } from "./panel-state.ts";
+import * as tpl from "./message-templates.ts";
+import { useBranchStatus } from "./use-branch-status.ts";
+import { useChecks, usePrByBranch } from "./use-pr-data.ts";
+import { usePrReviews } from "./use-pr-reviews.ts";
+
+interface Props {
+  virtualMcpId: string;
+}
+
+/**
+ * HeaderActions renders a single next-action button for the current branch +
+ * PR state. The button never performs the action directly; clicks send a
+ * templated prompt into the chat for the agent to execute.
+ *
+ * Gated on `!!githubRepo?.connectionId && !!branch`. Once GitHub is wired
+ * up, the button always renders — disabled status pills (Loading…, Up to
+ * date, Published, Awaiting review, Running tests…) cover the cases where
+ * there is no actionable next step.
+ */
+export function HeaderActions({ virtualMcpId }: Props) {
+  const { org } = useProjectContext();
+  const vm = useVirtualMCP(virtualMcpId);
+  const { currentBranch: branch } = useChatTask();
+  const chat = useChatBridge();
+
+  const githubRepo = vm?.metadata?.githubRepo ?? null;
+
+  const branchStatus = useBranchStatus();
+
+  const prQuery = usePrByBranch({
+    orgId: org.id,
+    orgSlug: org.slug,
+    connectionId: githubRepo?.connectionId ?? "",
+    owner: githubRepo?.owner ?? "",
+    repo: githubRepo?.name ?? "",
+    branch: branch ?? null,
+  });
+  const pr = prQuery.data ?? null;
+
+  const checksQuery = useChecks({
+    orgId: org.id,
+    orgSlug: org.slug,
+    connectionId: githubRepo?.connectionId ?? "",
+    owner: githubRepo?.owner ?? "",
+    repo: githubRepo?.name ?? "",
+    prNumber: pr && pr.state === "open" ? pr.number : null,
+  });
+
+  const reviewsQuery = usePrReviews({
+    orgId: org.id,
+    orgSlug: org.slug,
+    connectionId: githubRepo?.connectionId ?? "",
+    owner: githubRepo?.owner ?? "",
+    repo: githubRepo?.name ?? "",
+    prNumber: pr && pr.state === "open" ? pr.number : null,
+  });
+
+  if (!githubRepo?.connectionId || !branch) return null;
+
+  const button = selectHeaderButton({
+    branchStatus,
+    pr,
+    checks: checksQuery.data ?? [],
+    reviews: reviewsQuery.data ?? null,
+    loading: prQuery.isPending,
+  });
+
+  const send = (text: string) =>
+    chat.sendMessage({ parts: [{ type: "text", text }] });
+
+  const isStreaming = chat.isStreaming;
+
+  const onActivate = (action: HeaderButton["action"]) => {
+    if (isStreaming) return;
+    switch (action) {
+      case "commit-and-push":
+        void send(tpl.commitAndPush({ branch }));
+        return;
+      case "create-pr":
+        void send(tpl.createPr({ branch }));
+        return;
+      case "reopen":
+        if (pr) void send(tpl.reopenPr({ prNumber: pr.number }));
+        return;
+      case "rebase":
+        void send(tpl.rebaseOnBase({ branch }));
+        return;
+      case "fix-checks":
+        if (pr)
+          void send(
+            tpl.fixChecks({
+              prNumber: pr.number,
+              failingChecks: button.meta?.failingChecks ?? [],
+            }),
+          );
+        return;
+      case "mark-ready":
+        if (pr) void send(tpl.markReadyForReview({ prNumber: pr.number }));
+        return;
+      case "resolve-comments":
+        if (pr) void send(tpl.resolveReviewComments({ prNumber: pr.number }));
+        return;
+      case "merge-split":
+        // MergeSplitButton handles its own click wiring.
+        return;
+    }
+  };
+
+  return (
+    <>
+      <Separator
+        orientation="vertical"
+        className="mx-2 data-[orientation=vertical]:h-5"
+      />
+      <HeaderButtonRenderer
+        button={button}
+        isStreaming={isStreaming}
+        onActivate={onActivate}
+        prNumber={pr?.number}
+        send={send}
+      />
+    </>
+  );
+}
+
+function HeaderButtonRenderer(props: {
+  button: HeaderButton;
+  isStreaming: boolean;
+  onActivate: (action: HeaderButton["action"]) => void;
+  prNumber?: number;
+  send: (text: string) => Promise<void> | void;
+}) {
+  const { button, isStreaming } = props;
+  const disabled = Boolean(button.disabled) || isStreaming;
+  const tooltipLabel = isStreaming
+    ? "Chat is running"
+    : (button.tooltip ?? null);
+
+  if (button.action === "merge-split" && props.prNumber != null) {
+    return (
+      <WithTooltip label={tooltipLabel}>
+        <MergeSplitButton
+          prNumber={props.prNumber}
+          disabled={disabled}
+          send={props.send}
+        />
+      </WithTooltip>
+    );
+  }
+
+  return (
+    <WithTooltip label={tooltipLabel}>
+      <Button
+        size="sm"
+        variant={button.variant}
+        disabled={disabled}
+        onClick={() => props.onActivate(button.action)}
+      >
+        {button.loading ? <Spinner size="xs" variant="default" /> : null}
+        {button.label}
+      </Button>
+    </WithTooltip>
+  );
+}
+
+function WithTooltip({
+  label,
+  children,
+}: {
+  label: string | null;
+  children: React.ReactNode;
+}) {
+  if (!label) return <>{children}</>;
+  return (
+    <TooltipProvider>
+      <Tooltip>
+        <TooltipTrigger asChild>
+          <span>{children}</span>
+        </TooltipTrigger>
+        <TooltipContent>{label}</TooltipContent>
+      </Tooltip>
+    </TooltipProvider>
+  );
+}
diff --git a/apps/mesh/src/web/components/thread/github/merge-split-button.tsx b/apps/mesh/src/web/components/thread/github/merge-split-button.tsx
new file mode 100644
index 0000000000..37199f7dc8
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/merge-split-button.tsx
@@ -0,0 +1,55 @@
+import { Button } from "@deco/ui/components/button.tsx";
+import {
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuTrigger,
+} from "@deco/ui/components/dropdown-menu.tsx";
+import { ChevronDown } from "@untitledui/icons";
+import * as tpl from "./message-templates.ts";
+
+interface Props {
+  prNumber: number;
+  disabled: boolean;
+  send: (text: string) => Promise<void> | void;
+}
+
+/**
+ * Split-style merge action: clicking the label fires Publish (squash-
+ * merge); clicking the chevron opens a dropdown with Review. Each choice
+ * sends a templated chat message.
+ */
+export function MergeSplitButton({ prNumber, disabled, send }: Props) {
+  const squash = () => send(tpl.mergeSquash({ prNumber }));
+  const review = () => send(tpl.reviewPr({ prNumber }));
+
+  return (
+    <div className="inline-flex items-stretch rounded-md">
+      <Button
+        size="sm"
+        variant="success"
+        className="rounded-r-none border-r border-success-foreground/20"
+        disabled={disabled}
+        onClick={squash}
+      >
+        Publish
+      </Button>
+      <DropdownMenu>
+        <DropdownMenuTrigger asChild>
+          <Button
+            size="sm"
+            variant="success"
+            className="rounded-l-none px-2"
+            disabled={disabled}
+            aria-label="More actions"
+          >
+            <ChevronDown className="h-3.5 w-3.5" />
+          </Button>
+        </DropdownMenuTrigger>
+        <DropdownMenuContent align="end">
+          <DropdownMenuItem onClick={review}>Review</DropdownMenuItem>
+        </DropdownMenuContent>
+      </DropdownMenu>
+    </div>
+  );
+}
diff --git a/apps/mesh/src/web/components/thread/github/message-templates.test.ts b/apps/mesh/src/web/components/thread/github/message-templates.test.ts
new file mode 100644
index 0000000000..a222ccd6a9
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/message-templates.test.ts
@@ -0,0 +1,94 @@
+import { describe, expect, test } from "bun:test";
+import * as tpl from "./message-templates";
+
+describe("message-templates", () => {
+  test("commitAndPush references the branch + mentions commit and push", () => {
+    const out = tpl.commitAndPush({ branch: "feat/x" });
+    expect(out).toContain("feat/x");
+    expect(out.toLowerCase()).toContain("commit");
+    expect(out.toLowerCase()).toContain("push");
+  });
+
+  test("createPr references the branch and mentions pull request", () => {
+    const out = tpl.createPr({ branch: "feat/x" });
+    expect(out).toContain("feat/x");
+    expect(out.toLowerCase()).toContain("pull request");
+  });
+
+  test("reopenPr references the PR number", () => {
+    const out = tpl.reopenPr({ prNumber: 42 });
+    expect(out).toContain("#42");
+    expect(out.toLowerCase()).toContain("reopen");
+  });
+
+  test("rebaseOnBase references the branch + mentions rebase and force-push", () => {
+    const out = tpl.rebaseOnBase({ branch: "feat/x" });
+    expect(out).toContain("feat/x");
+    expect(out.toLowerCase()).toContain("rebase");
+    expect(out.toLowerCase()).toContain("force-push");
+  });
+
+  test("fixChecks references PR + lists failing checks", () => {
+    const out = tpl.fixChecks({
+      prNumber: 42,
+      failingChecks: ["lint", "unit-test"],
+    });
+    expect(out).toContain("#42");
+    expect(out).toContain("lint");
+    expect(out).toContain("unit-test");
+    expect(out.toLowerCase()).toContain("commit");
+    expect(out.toLowerCase()).toContain("push");
+  });
+
+  test("markReadyForReview references the PR number", () => {
+    const out = tpl.markReadyForReview({ prNumber: 42 });
+    expect(out).toContain("#42");
+    expect(out.toLowerCase()).toContain("ready for review");
+  });
+
+  test("resolveReviewComments references the PR number", () => {
+    const out = tpl.resolveReviewComments({ prNumber: 42 });
+    expect(out).toContain("#42");
+    expect(out.toLowerCase()).toContain("resolve");
+    expect(out.toLowerCase()).toContain("push");
+  });
+
+  test("reviewPr references the PR number + read-and-comment pass", () => {
+    const out = tpl.reviewPr({ prNumber: 42 });
+    expect(out).toContain("#42");
+    expect(out.toLowerCase()).toContain("review");
+    expect(out.toLowerCase()).toContain("not modify");
+  });
+
+  test("mergeSquash references the PR number", () => {
+    const out = tpl.mergeSquash({ prNumber: 42 });
+    expect(out).toContain("#42");
+    expect(out.toLowerCase()).toContain("squash-merge");
+  });
+
+  test("rerunCheck references PR + check name", () => {
+    const out = tpl.rerunCheck({ prNumber: 42, checkName: "lint" });
+    expect(out).toContain("#42");
+    expect(out).toContain("lint");
+    expect(out.toLowerCase()).toContain("re-run");
+  });
+
+  test("all templates include the button-confirmed reinforcement", () => {
+    const outputs = [
+      tpl.commitAndPush({ branch: "x" }),
+      tpl.createPr({ branch: "x" }),
+      tpl.reopenPr({ prNumber: 1 }),
+      tpl.rebaseOnBase({ branch: "x" }),
+      tpl.fixChecks({ prNumber: 1, failingChecks: ["a"] }),
+      tpl.markReadyForReview({ prNumber: 1 }),
+      tpl.resolveReviewComments({ prNumber: 1 }),
+      tpl.reviewPr({ prNumber: 1 }),
+      tpl.mergeSquash({ prNumber: 1 }),
+      tpl.rerunCheck({ prNumber: 1, checkName: "a" }),
+    ];
+    for (const out of outputs) {
+      expect(out.toLowerCase()).toContain("user clicked this action");
+      expect(out.toLowerCase()).toContain("user_ask");
+    }
+  });
+});
diff --git a/apps/mesh/src/web/components/thread/github/message-templates.ts b/apps/mesh/src/web/components/thread/github/message-templates.ts
new file mode 100644
index 0000000000..4f956fa85c
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/message-templates.ts
@@ -0,0 +1,76 @@
+/**
+ * Pure text templates for PR panel action buttons. Kept in a separate module
+ * so they're trivially unit-testable and editable without touching the UI.
+ *
+ * The agent's system prompt (buildRepoEnvironmentPrompt) already carries:
+ * - Which repo is active (owner/name)
+ * - The git-CLI-vs-GitHub-tools split
+ *
+ * Templates add the specific PR number / branch name where it saves the
+ * agent a discovery round-trip, plus a `BUTTON_CONFIRMED` suffix that tells
+ * the agent the user clicked deliberately — execute, don't ask.
+ */
+
+export interface TemplateContext {
+  branch?: string;
+  prNumber?: number;
+  failingChecks?: string[];
+  checkName?: string;
+}
+
+/**
+ * Suffix appended to every template. Reminds the agent that the user
+ * triggered this by clicking a UI button, so `user_ask` is not needed unless
+ * a real blocker shows up.
+ */
+const BUTTON_CONFIRMED =
+  "The user clicked this action deliberately — execute directly. Do not call user_ask unless you hit an actual problem outside the scope of this intent (missing auth, unresolvable conflict, a check with multiple plausible fixes).";
+
+export function commitAndPush(ctx: Pick<TemplateContext, "branch">): string {
+  return `Commit every pending change in the working tree with a concise conventional-commit message summarizing the diff, then push to \`origin/${ctx.branch}\`. If local commits are ahead of the remote, push those in the same invocation. ${BUTTON_CONFIRMED}`;
+}
+
+export function createPr(ctx: Pick<TemplateContext, "branch">): string {
+  return `Open a pull request for \`${ctx.branch}\` against its base. Write a clear title and a summary of the changes so far. ${BUTTON_CONFIRMED}`;
+}
+
+export function reopenPr(ctx: Pick<TemplateContext, "prNumber">): string {
+  return `Reopen PR #${ctx.prNumber}. ${BUTTON_CONFIRMED}`;
+}
+
+export function rebaseOnBase(ctx: Pick<TemplateContext, "branch">): string {
+  return `Rebase \`${ctx.branch}\` on the latest base and force-push with --force-with-lease. ${BUTTON_CONFIRMED}`;
+}
+
+export function rerunCheck(
+  ctx: Pick<TemplateContext, "prNumber" | "checkName">,
+): string {
+  return `Re-run the \`${ctx.checkName}\` check on PR #${ctx.prNumber}. If an empty commit is needed to retrigger CI, create and push one. ${BUTTON_CONFIRMED}`;
+}
+
+export function fixChecks(
+  ctx: Pick<TemplateContext, "prNumber" | "failingChecks">,
+): string {
+  const list = (ctx.failingChecks ?? []).map((n) => `\`${n}\``).join(", ");
+  return `PR #${ctx.prNumber} has failing checks: ${list}. For each: read the logs, diagnose the root cause, apply the smallest fix that makes it pass, commit, and push. ${BUTTON_CONFIRMED}`;
+}
+
+export function markReadyForReview(
+  ctx: Pick<TemplateContext, "prNumber">,
+): string {
+  return `Mark PR #${ctx.prNumber} ready for review. ${BUTTON_CONFIRMED}`;
+}
+
+export function resolveReviewComments(
+  ctx: Pick<TemplateContext, "prNumber">,
+): string {
+  return `Read the unresolved review threads on PR #${ctx.prNumber}. For each thread: understand the reviewer's ask, apply the needed changes, commit, push, reply explaining what changed, and resolve the thread. If a comment is a question that doesn't need a code change, reply with the answer and resolve. ${BUTTON_CONFIRMED}`;
+}
+
+export function reviewPr(ctx: Pick<TemplateContext, "prNumber">): string {
+  return `Review PR #${ctx.prNumber}. Read the full diff, analyze every changed file for correctness, security, code quality, and alignment with the repo's patterns. Post specific line-level review comments on concerns, then submit an overall review (approve / request changes / comment) with a concise summary. Do not modify the code — this is a read-and-comment pass. ${BUTTON_CONFIRMED}`;
+}
+
+export function mergeSquash(ctx: Pick<TemplateContext, "prNumber">): string {
+  return `Squash-merge PR #${ctx.prNumber} into its base. ${BUTTON_CONFIRMED}`;
+}
diff --git a/apps/mesh/src/web/components/thread/github/panel-state.test.ts b/apps/mesh/src/web/components/thread/github/panel-state.test.ts
new file mode 100644
index 0000000000..a96cae3763
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/panel-state.test.ts
@@ -0,0 +1,352 @@
+import { describe, expect, test } from "bun:test";
+import type {
+  BranchStatus,
+  BranchStatusReady,
+} from "@/web/components/vm/hooks/use-vm-events";
+import { selectHeaderButton } from "./panel-state";
+import type { CheckRun, PrSummary } from "./use-pr-data";
+import type { PrReviewSignals } from "./use-pr-reviews";
+
+function bs(over: Partial<BranchStatusReady> = {}): BranchStatusReady {
+  return {
+    kind: "ready",
+    branch: "feat/x",
+    base: "main",
+    workingTreeDirty: false,
+    unpushed: 0,
+    aheadOfBase: 0,
+    behindBase: 0,
+    headSha: "abc123",
+    ...over,
+  };
+}
+
+function pr(over: Partial<PrSummary> = {}): PrSummary {
+  return {
+    number: 42,
+    title: "Add X",
+    body: "",
+    state: "open",
+    merged: false,
+    mergedAt: null,
+    base: "main",
+    head: "feat/x",
+    headSha: "abc123",
+    htmlUrl: "https://github.com/acme/web/pull/42",
+    author: "me",
+    ...over,
+  };
+}
+
+function check(over: Partial<CheckRun> = {}): CheckRun {
+  return {
+    id: "1",
+    name: "lint",
+    status: "completed",
+    conclusion: "success",
+    htmlUrl: "",
+    durationMs: null,
+    ...over,
+  };
+}
+
+function reviews(over: Partial<PrReviewSignals> = {}): PrReviewSignals {
+  return {
+    draft: false,
+    mergeableState: "clean",
+    unresolvedConversations: 0,
+    missingRequiredApprovals: false,
+    ...over,
+  };
+}
+
+describe("selectHeaderButton", () => {
+  test("branchStatus missing → Loading… (disabled, spinner)", () => {
+    const r = selectHeaderButton({
+      branchStatus: null,
+      pr: null,
+      checks: [],
+      reviews: null,
+    });
+    expect(r.label).toBe("Loading…");
+    expect(r.disabled).toBe(true);
+    expect(r.loading).toBe(true);
+    expect(r.variant).toBe("outline");
+  });
+
+  test("loading flag → Loading… even when branchStatus present", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs(),
+      pr: null,
+      checks: [],
+      reviews: null,
+      loading: true,
+    });
+    expect(r.label).toBe("Loading…");
+    expect(r.loading).toBe(true);
+  });
+
+  test("kind=initializing → 'Starting sandbox…' (disabled, spinner)", () => {
+    const r = selectHeaderButton({
+      branchStatus: { kind: "initializing" } as BranchStatus,
+      pr: null,
+      checks: [],
+      reviews: null,
+    });
+    expect(r.label).toBe("Starting sandbox…");
+    expect(r.disabled).toBe(true);
+    expect(r.loading).toBe(true);
+    expect(r.variant).toBe("outline");
+  });
+
+  test("kind=cloning → 'Cloning repo…' (disabled, spinner)", () => {
+    const r = selectHeaderButton({
+      branchStatus: { kind: "cloning" } as BranchStatus,
+      pr: null,
+      checks: [],
+      reviews: null,
+    });
+    expect(r.label).toBe("Cloning repo…");
+    expect(r.loading).toBe(true);
+  });
+
+  test("kind=clone-failed → 'Clone failed' with error tooltip", () => {
+    const r = selectHeaderButton({
+      branchStatus: { kind: "clone-failed", error: "exit 128" } as BranchStatus,
+      pr: null,
+      checks: [],
+      reviews: null,
+    });
+    expect(r.label).toBe("Clone failed");
+    expect(r.disabled).toBe(true);
+    expect(r.tooltip).toBe("exit 128");
+  });
+
+  test("kind=checking-out → 'Switching to <branch>…'", () => {
+    const r = selectHeaderButton({
+      branchStatus: { kind: "checking-out", to: "feat/y" } as BranchStatus,
+      pr: null,
+      checks: [],
+      reviews: null,
+    });
+    expect(r.label).toBe("Switching to feat/y…");
+    expect(r.loading).toBe(true);
+  });
+
+  test("kind=checkout-failed → 'Checkout failed' with error tooltip", () => {
+    const r = selectHeaderButton({
+      branchStatus: {
+        kind: "checkout-failed",
+        error: "dirty working tree",
+      } as BranchStatus,
+      pr: null,
+      checks: [],
+      reviews: null,
+    });
+    expect(r.label).toBe("Checkout failed");
+    expect(r.tooltip).toBe("dirty working tree");
+  });
+
+  test("no diff anywhere → Up to date (disabled, outline)", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs(),
+      pr: null,
+      checks: [],
+      reviews: null,
+    });
+    expect(r.label).toBe("Up to date");
+    expect(r.disabled).toBe(true);
+    expect(r.variant).toBe("outline");
+  });
+
+  test("dirty working tree → Commit & Push", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs({ workingTreeDirty: true }),
+      pr: null,
+      checks: [],
+      reviews: null,
+    });
+    expect(r.label).toBe("Save changes");
+    expect(r.action).toBe("commit-and-push");
+    expect(r.disabled).toBeFalsy();
+  });
+
+  test("unpushed commits → Commit & Push", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs({ unpushed: 2 }),
+      pr: null,
+      checks: [],
+      reviews: null,
+    });
+    expect(r.label).toBe("Save changes");
+  });
+
+  test("ahead of base + closed non-merged PR → Reopen PR", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs({ aheadOfBase: 3 }),
+      pr: pr({ state: "closed", merged: false }),
+      checks: [],
+      reviews: null,
+    });
+    expect(r.label).toBe("Reopen");
+    expect(r.action).toBe("reopen");
+  });
+
+  test("merged PR, branch at merge head → Published (disabled, outline)", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs({ aheadOfBase: 3, headSha: "abc123" }),
+      pr: pr({
+        state: "closed",
+        merged: true,
+        mergedAt: "2026-04-22T00:00:00Z",
+        headSha: "abc123",
+      }),
+      checks: [],
+      reviews: null,
+    });
+    expect(r.label).toBe("Published");
+    expect(r.disabled).toBe(true);
+    expect(r.variant).toBe("outline");
+  });
+
+  test("merged PR, branch advanced past merge head → Continue (special)", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs({ aheadOfBase: 4, headSha: "def456" }),
+      pr: pr({
+        state: "closed",
+        merged: true,
+        mergedAt: "2026-04-22T00:00:00Z",
+        headSha: "abc123",
+      }),
+      checks: [],
+      reviews: null,
+    });
+    expect(r.label).toBe("Continue");
+    expect(r.action).toBe("create-pr");
+    expect(r.variant).toBe("special");
+  });
+
+  test("ahead of base + no PR → Create PR", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs({ aheadOfBase: 3 }),
+      pr: null,
+      checks: [],
+      reviews: null,
+    });
+    expect(r.label).toBe("Submit for review");
+  });
+
+  test("PR open + mergeable_state=dirty → Rebase on main", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs({ aheadOfBase: 3 }),
+      pr: pr(),
+      checks: [],
+      reviews: reviews({ mergeableState: "dirty" }),
+    });
+    expect(r.label).toBe("Sync with main");
+    expect(r.action).toBe("rebase");
+  });
+
+  test("PR open + failed check → Fix checks with failing list", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs({ aheadOfBase: 3 }),
+      pr: pr(),
+      checks: [check({ conclusion: "failure", name: "unit-test" })],
+      reviews: reviews(),
+    });
+    expect(r.label).toBe("Fix tests");
+    expect(r.action).toBe("fix-checks");
+    expect(r.meta?.failingChecks).toEqual(["unit-test"]);
+  });
+
+  test("PR open + check in-progress → Waiting for checks (disabled)", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs({ aheadOfBase: 3 }),
+      pr: pr(),
+      checks: [check({ status: "in_progress", conclusion: null })],
+      reviews: reviews(),
+    });
+    expect(r.label).toBe("Running tests…");
+    expect(r.disabled).toBe(true);
+    expect(r.loading).toBe(true);
+    expect(r.variant).toBe("outline");
+  });
+
+  test("PR open + draft → Mark ready for review", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs({ aheadOfBase: 3 }),
+      pr: pr(),
+      checks: [],
+      reviews: reviews({ draft: true }),
+    });
+    expect(r.label).toBe("Mark ready");
+    expect(r.action).toBe("mark-ready");
+  });
+
+  test("PR open + unresolved conversations → Resolve review comments", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs({ aheadOfBase: 3 }),
+      pr: pr(),
+      checks: [],
+      reviews: reviews({ unresolvedConversations: 2 }),
+    });
+    expect(r.label).toBe("Address feedback");
+    expect(r.action).toBe("resolve-comments");
+  });
+
+  test("PR open + missing approvals → Waiting for review (disabled)", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs({ aheadOfBase: 3 }),
+      pr: pr(),
+      checks: [],
+      reviews: reviews({ missingRequiredApprovals: true }),
+    });
+    expect(r.label).toBe("Awaiting review");
+    expect(r.disabled).toBe(true);
+  });
+
+  test("PR open + all clear → Merge", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs({ aheadOfBase: 3 }),
+      pr: pr(),
+      checks: [check()],
+      reviews: reviews(),
+    });
+    expect(r.label).toBe("Publish");
+    expect(r.action).toBe("merge-split");
+    expect(r.variant).toBe("success");
+  });
+
+  test("priority: dirty beats everything else", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs({ workingTreeDirty: true, aheadOfBase: 3 }),
+      pr: pr(),
+      checks: [check({ conclusion: "failure" })],
+      reviews: reviews({ mergeableState: "dirty" }),
+    });
+    expect(r.label).toBe("Save changes");
+  });
+
+  test("priority inside PR open: conflicts beat failed checks", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs({ aheadOfBase: 3 }),
+      pr: pr(),
+      checks: [check({ conclusion: "failure" })],
+      reviews: reviews({ mergeableState: "dirty" }),
+    });
+    expect(r.label).toBe("Sync with main");
+  });
+
+  test("priority: failed checks beat in-progress checks", () => {
+    const r = selectHeaderButton({
+      branchStatus: bs({ aheadOfBase: 3 }),
+      pr: pr(),
+      checks: [
+        check({ conclusion: "failure", name: "lint" }),
+        check({ status: "in_progress", conclusion: null, name: "unit-test" }),
+      ],
+      reviews: reviews(),
+    });
+    expect(r.label).toBe("Fix tests");
+  });
+});
diff --git a/apps/mesh/src/web/components/thread/github/panel-state.ts b/apps/mesh/src/web/components/thread/github/panel-state.ts
new file mode 100644
index 0000000000..e77856a22f
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/panel-state.ts
@@ -0,0 +1,264 @@
+import type { BranchStatus } from "@/web/components/vm/hooks/use-vm-events";
+import type { CheckRun, PrSummary } from "./use-pr-data.ts";
+import type { PrReviewSignals } from "./use-pr-reviews.ts";
+
+/**
+ * Descriptor returned by selectHeaderButton. Callers translate action →
+ * prompt via the message-templates module.
+ *
+ * `disabled: true` means the button renders as a status indicator (e.g.,
+ * "Running tests…", "Awaiting review"), not clickable. `loading: true`
+ * adds a spinner; use it for "data is fetching" and for "server-side work
+ * in progress" (CI running). `variant` selects the button color: success
+ * (green) for the happy-path Publish, special (purple) for post-merge
+ * Continue, default for other actionable states, outline for non-actionable
+ * status pills.
+ */
+export type HeaderButton = {
+  label: string;
+  action?:
+    | "commit-and-push"
+    | "create-pr"
+    | "reopen"
+    | "rebase"
+    | "fix-checks"
+    | "mark-ready"
+    | "resolve-comments"
+    | "merge-split";
+  disabled?: boolean;
+  loading?: boolean;
+  variant: "default" | "outline" | "success" | "special";
+  tooltip?: string;
+  meta?: {
+    failingChecks?: string[];
+  };
+};
+
+type FailedConclusion =
+  | "failure"
+  | "timed_out"
+  | "cancelled"
+  | "action_required";
+
+const FAILED_CONCLUSIONS = new Set<FailedConclusion>([
+  "failure",
+  "timed_out",
+  "cancelled",
+  "action_required",
+]);
+
+function isCheckFailed(c: CheckRun): boolean {
+  return (
+    c.status === "completed" &&
+    FAILED_CONCLUSIONS.has(c.conclusion as FailedConclusion)
+  );
+}
+
+function isCheckInProgress(c: CheckRun): boolean {
+  return c.status === "queued" || c.status === "in_progress";
+}
+
+export function selectHeaderButton(input: {
+  branchStatus: BranchStatus | null;
+  pr: PrSummary | null;
+  checks: CheckRun[];
+  reviews: PrReviewSignals | null;
+  loading?: boolean;
+}): HeaderButton {
+  const { branchStatus, pr, checks, reviews, loading } = input;
+
+  if (!branchStatus || loading) {
+    return {
+      label: "Loading…",
+      disabled: true,
+      loading: true,
+      variant: "outline",
+      tooltip: "Loading branch and pull request status",
+    };
+  }
+
+  switch (branchStatus.kind) {
+    case "initializing":
+      return {
+        label: "Starting sandbox…",
+        disabled: true,
+        loading: true,
+        variant: "outline",
+        tooltip: "Waiting for the sandbox daemon to come online",
+      };
+    case "cloning":
+      return {
+        label: "Cloning repo…",
+        disabled: true,
+        loading: true,
+        variant: "outline",
+        tooltip: "Cloning the project repository",
+      };
+    case "clone-failed":
+      return {
+        label: "Clone failed",
+        disabled: true,
+        variant: "outline",
+        tooltip: branchStatus.error || "git clone failed — see setup logs",
+      };
+    case "checking-out":
+      return {
+        label: `Switching to ${branchStatus.to}…`,
+        disabled: true,
+        loading: true,
+        variant: "outline",
+        tooltip: `Checking out ${branchStatus.to}`,
+      };
+    case "checkout-failed":
+      return {
+        label: "Checkout failed",
+        disabled: true,
+        variant: "outline",
+        tooltip: branchStatus.error || "git checkout failed — see setup logs",
+      };
+    case "ready":
+      break;
+    default: {
+      const _exhaustive: never = branchStatus;
+      void _exhaustive;
+      break;
+    }
+  }
+
+  // From here on, branchStatus.kind === "ready" — narrow it.
+  const ready = branchStatus;
+
+  const hasLocalWork = ready.workingTreeDirty || ready.unpushed > 0;
+  if (hasLocalWork) {
+    return {
+      label: "Save changes",
+      action: "commit-and-push",
+      variant: "default",
+      tooltip: "Commit and push local changes",
+    };
+  }
+
+  // Merged PR is terminal UNLESS the branch has advanced past the PR's
+  // head (i.e. new commits were pushed after the merge). Squash-merges
+  // leave the branch's pre-merge commits intact on origin/<branch> with
+  // their original SHAs, so aheadOfBase alone can't distinguish
+  // "work shipped, nothing new" from "new work since the merge". Compare
+  // the branch's HEAD sha to the PR's head sha to decide.
+  if (pr?.merged) {
+    const branchAdvanced =
+      !!ready.headSha && !!pr.headSha && ready.headSha !== pr.headSha;
+    if (branchAdvanced) {
+      return {
+        label: "Continue",
+        action: "create-pr",
+        variant: "special",
+        tooltip: "Open a new PR with the latest commits",
+      };
+    }
+    return {
+      label: "Published",
+      disabled: true,
+      variant: "outline",
+      tooltip: `PR #${pr.number} merged into ${pr.base}`,
+    };
+  }
+
+  if (ready.aheadOfBase > 0) {
+    if (pr && pr.state === "closed" && !pr.merged) {
+      return {
+        label: "Reopen",
+        action: "reopen",
+        variant: "default",
+        tooltip: `Reopen PR #${pr.number}`,
+      };
+    }
+    if (!pr) {
+      return {
+        label: "Submit for review",
+        action: "create-pr",
+        variant: "default",
+        tooltip: `Open a PR for ${ready.branch} → ${ready.base}`,
+      };
+    }
+
+    // pr.state === "open"
+    const mergeableState = reviews?.mergeableState ?? "unknown";
+
+    if (mergeableState === "dirty") {
+      return {
+        label: `Sync with ${pr.base}`,
+        action: "rebase",
+        variant: "default",
+        tooltip: `Resolve conflicts with ${pr.base} before merging`,
+      };
+    }
+
+    const failing = checks.filter(isCheckFailed).map((c) => c.name);
+    if (failing.length > 0) {
+      return {
+        label: "Fix tests",
+        action: "fix-checks",
+        variant: "default",
+        tooltip: `Failing: ${failing.join(", ")}`,
+        meta: { failingChecks: failing },
+      };
+    }
+
+    const inProgress = checks.filter(isCheckInProgress);
+    if (inProgress.length > 0) {
+      return {
+        label: "Running tests…",
+        disabled: true,
+        loading: true,
+        variant: "outline",
+        tooltip: `Waiting on ${inProgress.length} check${
+          inProgress.length === 1 ? "" : "s"
+        } to finish`,
+      };
+    }
+
+    if (reviews?.draft) {
+      return {
+        label: "Mark ready",
+        action: "mark-ready",
+        variant: "default",
+        tooltip: "Mark draft PR ready for review",
+      };
+    }
+
+    const unresolved = reviews?.unresolvedConversations ?? 0;
+    if (unresolved > 0) {
+      return {
+        label: "Address feedback",
+        action: "resolve-comments",
+        variant: "default",
+        tooltip: `${unresolved} unresolved conversation${
+          unresolved === 1 ? "" : "s"
+        }`,
+      };
+    }
+
+    if (reviews?.missingRequiredApprovals) {
+      return {
+        label: "Awaiting review",
+        disabled: true,
+        variant: "outline",
+        tooltip: "Waiting for required approvals",
+      };
+    }
+
+    return {
+      label: "Publish",
+      action: "merge-split",
+      variant: "success",
+      tooltip: `Squash-merge PR #${pr.number} into ${pr.base}`,
+    };
+  }
+
+  return {
+    label: "Up to date",
+    disabled: true,
+    variant: "outline",
+    tooltip: `Branch is in sync with ${ready.base}`,
+  };
+}
diff --git a/apps/mesh/src/web/components/thread/github/pr-sub-tabs.tsx b/apps/mesh/src/web/components/thread/github/pr-sub-tabs.tsx
new file mode 100644
index 0000000000..dcfb4181c5
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/pr-sub-tabs.tsx
@@ -0,0 +1,148 @@
+import { useRef, useState } from "react";
+import { useProjectContext } from "@decocms/mesh-sdk";
+import {
+  Tabs,
+  TabsContent,
+  TabsList,
+  TabsTrigger,
+} from "@deco/ui/components/tabs.tsx";
+import { ChangesTab } from "./changes-tab.tsx";
+import { ChecksTab } from "./checks-tab.tsx";
+import { DescriptionTab } from "./description-tab.tsx";
+import { usePrFiles, type PrSummary } from "./use-pr-data.ts";
+
+interface Props {
+  pr: PrSummary;
+  connectionId: string;
+  owner: string;
+  repo: string;
+}
+
+type TabValue = "description" | "changes" | "checks";
+
+/**
+ * Sub-tab container for State C (PR open). Description | Changes {n}
+ * | Checks. Each sub-tab owns its data fetch via the hooks in
+ * use-pr-data.ts; this wrapper only handles layout + tab state.
+ *
+ * We call `usePrFiles` here (not only inside ChangesTab) so the tab
+ * label can show the file count even before the user opens the tab.
+ * React Query dedupes the call when ChangesTab mounts.
+ *
+ * The active underline is a single absolute-positioned element that
+ * slides between triggers. Per-trigger `border-primary` is overridden
+ * to transparent so only the sliding indicator is visible.
+ */
+export function PrSubTabs({ pr, connectionId, owner, repo }: Props) {
+  const { org } = useProjectContext();
+  const filesQuery = usePrFiles({
+    orgId: org.id,
+    orgSlug: org.slug,
+    connectionId,
+    owner,
+    repo,
+    prNumber: pr.number,
+  });
+  const fileCount = filesQuery.data?.length;
+
+  const [activeValue, setActiveValue] = useState<TabValue>("description");
+  const triggerRefs = useRef<Record<TabValue, HTMLButtonElement | null>>({
+    description: null,
+    changes: null,
+    checks: null,
+  });
+  const [indicator, setIndicator] = useState<{
+    left: number;
+    width: number;
+  } | null>(null);
+
+  const refFor = (value: TabValue) => (el: HTMLButtonElement | null) => {
+    triggerRefs.current[value] = el;
+    if (el && value === activeValue) {
+      const left = el.offsetLeft;
+      const width = el.offsetWidth;
+      if (
+        indicator === null ||
+        left !== indicator.left ||
+        width !== indicator.width
+      ) {
+        setIndicator({ left, width });
+      }
+    }
+  };
+
+  const handleValueChange = (value: string) => {
+    const v = value as TabValue;
+    setActiveValue(v);
+    const el = triggerRefs.current[v];
+    if (el) {
+      setIndicator({ left: el.offsetLeft, width: el.offsetWidth });
+    }
+  };
+
+  return (
+    <Tabs
+      value={activeValue}
+      onValueChange={handleValueChange}
+      variant="underline"
+    >
+      <TabsList variant="underline" className="relative h-auto p-0">
+        <TabsTrigger
+          ref={refFor("description")}
+          variant="underline"
+          value="description"
+          className="pb-3 data-[state=active]:border-transparent"
+        >
+          Description
+        </TabsTrigger>
+        <TabsTrigger
+          ref={refFor("changes")}
+          variant="underline"
+          value="changes"
+          className="pb-3 data-[state=active]:border-transparent"
+        >
+          Changes{fileCount !== undefined ? ` ${fileCount}` : ""}
+        </TabsTrigger>
+        <TabsTrigger
+          ref={refFor("checks")}
+          variant="underline"
+          value="checks"
+          className="pb-3 data-[state=active]:border-transparent"
+        >
+          Checks
+        </TabsTrigger>
+        {indicator && (
+          <div
+            aria-hidden
+            className="pointer-events-none absolute bottom-[-1px] h-0.5 bg-primary transition-[left,width] duration-200 ease-out"
+            style={{ left: indicator.left, width: indicator.width }}
+          />
+        )}
+      </TabsList>
+      <TabsContent value="description" className="mt-6">
+        <DescriptionTab
+          pr={pr}
+          connectionId={connectionId}
+          owner={owner}
+          repo={repo}
+        />
+      </TabsContent>
+      <TabsContent value="changes" className="mt-6">
+        <ChangesTab
+          pr={pr}
+          connectionId={connectionId}
+          owner={owner}
+          repo={repo}
+        />
+      </TabsContent>
+      <TabsContent value="checks" className="mt-6">
+        <ChecksTab
+          pr={pr}
+          connectionId={connectionId}
+          owner={owner}
+          repo={repo}
+        />
+      </TabsContent>
+    </Tabs>
+  );
+}
diff --git a/apps/mesh/src/web/components/thread/github/use-branch-status.ts b/apps/mesh/src/web/components/thread/github/use-branch-status.ts
new file mode 100644
index 0000000000..3fe3c8775f
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/use-branch-status.ts
@@ -0,0 +1,16 @@
+import {
+  useVmEvents,
+  type BranchStatus,
+} from "@/web/components/vm/hooks/use-vm-events";
+
+/**
+ * useBranchStatus — returns the VM daemon's latest branch-status snapshot
+ * as tracked by the shared VmEventsProvider. Returns null when the VM is
+ * not connected.
+ *
+ * The previous version opened its own EventSource per call; the provider
+ * model means consumers share one connection.
+ */
+export function useBranchStatus(): BranchStatus | null {
+  return useVmEvents().branchStatus;
+}
diff --git a/apps/mesh/src/web/components/thread/github/use-branches.ts b/apps/mesh/src/web/components/thread/github/use-branches.ts
new file mode 100644
index 0000000000..47325dc249
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/use-branches.ts
@@ -0,0 +1,141 @@
+import {
+  type VmMap,
+  useMCPClient,
+  useMCPToolCallQuery,
+} from "@decocms/mesh-sdk";
+
+export interface Branch {
+  name: string;
+  source: "yours" | "other";
+  author?: string | null;
+}
+
+export interface UseBranchesResult {
+  yours: Branch[];
+  others: Branch[];
+  defaultBase: string | null;
+  isLoading: boolean;
+  isError: boolean;
+}
+
+interface UseBranchesArgs {
+  orgId: string;
+  orgSlug: string;
+  userId: string;
+  connectionId: string | null | undefined;
+  vmMap: VmMap | undefined;
+  owner: string;
+  repo: string;
+  /**
+   * When false the github fetch is skipped (e.g. dialog closed).
+   * Your-branches still resolve from the in-memory vmMap.
+   */
+  enabled?: boolean;
+}
+
+type RawBranch = {
+  name?: string;
+  commit?: { author?: { login?: string } | string | null } | null;
+};
+
+type RawBranchesResponse =
+  | RawBranch[]
+  | {
+      branches?: RawBranch[];
+      default_branch?: string;
+    };
+
+/**
+ * github-mcp-server may return either:
+ * - `structuredContent` with parsed JSON, OR
+ * - `content: [{ type: "text", text: "<json>" }]` (most common)
+ * Accept both.
+ */
+function extractBranches(r: unknown): RawBranchesResponse {
+  const result = r as {
+    structuredContent?: RawBranchesResponse;
+    content?: Array<{ type?: string; text?: string }>;
+  };
+  if (result.structuredContent) return result.structuredContent;
+  const textPart = result.content?.find((c) => c.type === "text")?.text;
+  if (textPart) {
+    try {
+      return JSON.parse(textPart) as RawBranchesResponse;
+    } catch {
+      return [];
+    }
+  }
+  return [];
+}
+
+/**
+ * Lists branches for the picker.
+ *
+ * - "yours" are derived from vmMap[userId] — no network call.
+ * - "others" are from the github-mcp-server's list_branches tool, minus
+ *   the yours set. If the fetch fails the picker still shows yours.
+ * - defaultBase is the repo's default branch when exposed by the response;
+ *   callers fall back to "main" otherwise.
+ */
+export function useBranches({
+  orgId,
+  orgSlug,
+  userId,
+  connectionId,
+  vmMap,
+  owner,
+  repo,
+  enabled = true,
+}: UseBranchesArgs): UseBranchesResult {
+  const client = useMCPClient({
+    connectionId: connectionId ?? null,
+    orgId,
+    orgSlug,
+  });
+
+  const { data, isLoading, isError } = useMCPToolCallQuery<RawBranchesResponse>(
+    {
+      client,
+      toolName: "list_branches",
+      toolArguments: { owner, repo },
+      enabled: enabled && !!connectionId && !!owner && !!repo,
+      staleTime: 30_000,
+      select: (r) => extractBranches(r),
+    },
+  );
+
+  const yourBranchNames = new Set(Object.keys(vmMap?.[userId] ?? {}));
+  const yours: Branch[] = [...yourBranchNames]
+    .sort()
+    .map((name) => ({ name, source: "yours" as const }));
+
+  const rawBranches: RawBranch[] = Array.isArray(data)
+    ? data
+    : (data?.branches ?? []);
+
+  const others: Branch[] = rawBranches
+    .filter(
+      (b): b is RawBranch & { name: string } => typeof b.name === "string",
+    )
+    .filter((b) => !yourBranchNames.has(b.name))
+    .map((b) => ({
+      name: b.name,
+      source: "other" as const,
+      author:
+        typeof b.commit?.author === "string"
+          ? b.commit.author
+          : (b.commit?.author?.login ?? null),
+    }));
+
+  const defaultBase = Array.isArray(data)
+    ? null
+    : (data?.default_branch ?? null);
+
+  return {
+    yours,
+    others,
+    defaultBase,
+    isLoading,
+    isError,
+  };
+}
diff --git a/apps/mesh/src/web/components/thread/github/use-pr-data.ts b/apps/mesh/src/web/components/thread/github/use-pr-data.ts
new file mode 100644
index 0000000000..2f3fa53d4f
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/use-pr-data.ts
@@ -0,0 +1,281 @@
+/**
+ * PR panel data hooks.
+ *
+ * All reads go through the unified `pull_request_read` tool on
+ * github-mcp-server, which exposes sub-calls via a `method` arg:
+ *   method: "get"             → PR details
+ *   method: "get_files"       → files changed
+ *   method: "get_check_runs"  → CI check runs for the head commit
+ *   method: "get_comments"    → issue-level comments
+ *   method: "get_reviews"     → submitted reviews
+ *
+ * Tool args use camelCase (pullNumber, perPage). Listing PRs by branch
+ * still goes through the separate `list_pull_requests` tool.
+ */
+
+import { useMCPClient, useMCPToolCallQuery } from "@decocms/mesh-sdk";
+
+import { extractToolJson } from "./extract-tool-json.ts";
+
+export interface PrSummary {
+  number: number;
+  title: string;
+  body: string;
+  state: "open" | "closed";
+  merged: boolean;
+  mergedAt: string | null;
+  base: string;
+  head: string;
+  /** SHA of the PR head commit — used to fetch check runs. */
+  headSha: string;
+  htmlUrl: string;
+  author: string;
+}
+
+const POLL = 60_000;
+const STALE = 30_000;
+
+interface RepoArgs {
+  orgId: string;
+  orgSlug: string;
+  connectionId: string;
+  owner: string;
+  repo: string;
+}
+
+export interface PrFile {
+  filename: string;
+  status:
+    | "added"
+    | "removed"
+    | "modified"
+    | "renamed"
+    | "copied"
+    | "changed"
+    | "unchanged";
+  additions: number;
+  deletions: number;
+  blobUrl: string | null;
+}
+
+export interface CheckRun {
+  id: string;
+  name: string;
+  status: "queued" | "in_progress" | "completed";
+  conclusion:
+    | "success"
+    | "failure"
+    | "neutral"
+    | "cancelled"
+    | "skipped"
+    | "timed_out"
+    | "action_required"
+    | null;
+  htmlUrl: string;
+  durationMs: number | null;
+}
+
+export interface PrComment {
+  id: number;
+  author: string;
+  body: string;
+  createdAt: string;
+  htmlUrl: string;
+}
+
+/**
+ * Fetches the first PR matching a branch head (open or closed).
+ * Returns null when no PR exists yet for that branch.
+ */
+export function usePrByBranch(args: RepoArgs & { branch: string | null }) {
+  const client = useMCPClient({
+    connectionId: args.connectionId,
+    orgId: args.orgId,
+    orgSlug: args.orgSlug,
+  });
+
+  return useMCPToolCallQuery<PrSummary | null>({
+    client,
+    toolName: "list_pull_requests",
+    toolArguments: {
+      owner: args.owner,
+      repo: args.repo,
+      state: "all",
+      head: args.branch ? `${args.owner}:${args.branch}` : undefined,
+      perPage: 1,
+    },
+    enabled: !!args.branch,
+    refetchInterval: POLL,
+    refetchIntervalInBackground: false,
+    staleTime: STALE,
+    select: (r) => {
+      const arr = extractToolJson<Record<string, unknown>[]>(r);
+      if (!arr || !Array.isArray(arr) || arr.length === 0) return null;
+      const p = arr[0]!;
+      const base = p.base as Record<string, unknown> | undefined;
+      const head = p.head as Record<string, unknown> | undefined;
+      const user = p.user as Record<string, unknown> | undefined;
+      return {
+        number: (p.number as number) ?? 0,
+        title: (p.title as string) ?? "",
+        body: (p.body as string) ?? "",
+        state: p.state === "closed" ? ("closed" as const) : ("open" as const),
+        merged: (p.merged_at as string | null) != null,
+        mergedAt: (p.merged_at as string | null) ?? null,
+        base: (base?.ref as string) ?? "main",
+        head: (head?.ref as string) ?? "",
+        headSha: (head?.sha as string) ?? "",
+        htmlUrl: (p.html_url as string) ?? "",
+        author: (user?.login as string) ?? "",
+      };
+    },
+  });
+}
+
+/**
+ * Fetches the file list for a PR via pull_request_read(get_files).
+ * Server returns `changes = additions + deletions`; we derive deletions.
+ */
+export function usePrFiles(
+  args: RepoArgs & { prNumber: number | null | undefined },
+) {
+  const client = useMCPClient({
+    connectionId: args.connectionId,
+    orgId: args.orgId,
+    orgSlug: args.orgSlug,
+  });
+
+  return useMCPToolCallQuery<PrFile[]>({
+    client,
+    toolName: "pull_request_read",
+    toolArguments: {
+      method: "get_files",
+      owner: args.owner,
+      repo: args.repo,
+      pullNumber: args.prNumber ?? 0,
+    },
+    enabled: !!args.prNumber,
+    refetchInterval: POLL,
+    refetchIntervalInBackground: false,
+    staleTime: STALE,
+    select: (r) => {
+      const arr = extractToolJson<Record<string, unknown>[]>(r);
+      if (!Array.isArray(arr)) return [];
+      return arr.map((f): PrFile => {
+        const additions = Number(f.additions ?? 0);
+        const changes = Number(f.changes ?? additions);
+        const deletions = Number(
+          f.deletions ?? Math.max(0, changes - additions),
+        );
+        return {
+          filename: String(f.filename ?? ""),
+          status: (f.status as PrFile["status"] | undefined) ?? "modified",
+          additions,
+          deletions,
+          blobUrl: typeof f.blob_url === "string" ? f.blob_url : null,
+        };
+      });
+    },
+  });
+}
+
+/**
+ * Fetches CI check runs for a PR's head commit via
+ * pull_request_read(get_check_runs).
+ */
+export function useChecks(
+  args: RepoArgs & { prNumber: number | null | undefined },
+) {
+  const client = useMCPClient({
+    connectionId: args.connectionId,
+    orgId: args.orgId,
+    orgSlug: args.orgSlug,
+  });
+
+  return useMCPToolCallQuery<CheckRun[]>({
+    client,
+    toolName: "pull_request_read",
+    toolArguments: {
+      method: "get_check_runs",
+      owner: args.owner,
+      repo: args.repo,
+      pullNumber: args.prNumber ?? 0,
+    },
+    enabled: !!args.prNumber,
+    refetchInterval: POLL,
+    refetchIntervalInBackground: false,
+    staleTime: STALE,
+    select: (r) => {
+      // Accept both `{ check_runs: [...] }` envelopes and raw arrays.
+      const raw = extractToolJson<
+        { check_runs?: Record<string, unknown>[] } | Record<string, unknown>[]
+      >(r);
+      const runs = Array.isArray(raw) ? raw : (raw?.check_runs ?? []);
+      return runs.map((c): CheckRun => {
+        const startedAt = (c as { started_at?: string }).started_at;
+        const completedAt = (c as { completed_at?: string }).completed_at;
+        const durationMs =
+          startedAt && completedAt
+            ? new Date(completedAt).getTime() - new Date(startedAt).getTime()
+            : null;
+        return {
+          id: String((c as { id?: unknown }).id ?? ""),
+          name: String((c as { name?: unknown }).name ?? ""),
+          status:
+            ((c as { status?: unknown }).status as CheckRun["status"]) ??
+            "completed",
+          conclusion:
+            ((c as { conclusion?: unknown }).conclusion as
+              | CheckRun["conclusion"]
+              | undefined) ?? null,
+          htmlUrl: String((c as { html_url?: unknown }).html_url ?? ""),
+          durationMs,
+        };
+      });
+    },
+  });
+}
+
+/**
+ * Issue-level comments on a PR via pull_request_read(get_comments).
+ * Does NOT return review comments tied to a file + line — those belong
+ * near the diff on the Changes tab and are out of scope for this hook.
+ */
+export function usePrComments(
+  args: RepoArgs & { prNumber: number | null | undefined },
+) {
+  const client = useMCPClient({
+    connectionId: args.connectionId,
+    orgId: args.orgId,
+    orgSlug: args.orgSlug,
+  });
+
+  return useMCPToolCallQuery<PrComment[]>({
+    client,
+    toolName: "pull_request_read",
+    toolArguments: {
+      method: "get_comments",
+      owner: args.owner,
+      repo: args.repo,
+      pullNumber: args.prNumber ?? 0,
+    },
+    enabled: !!args.prNumber,
+    refetchInterval: POLL,
+    refetchIntervalInBackground: false,
+    staleTime: STALE,
+    select: (r) => {
+      const arr = extractToolJson<Record<string, unknown>[]>(r);
+      if (!Array.isArray(arr)) return [];
+      return arr.map((c): PrComment => {
+        const user = (c as { user?: { login?: string } }).user;
+        return {
+          id: Number((c as { id?: unknown }).id ?? 0),
+          author: user?.login ?? "",
+          body: String((c as { body?: unknown }).body ?? ""),
+          createdAt: String((c as { created_at?: unknown }).created_at ?? ""),
+          htmlUrl: String((c as { html_url?: unknown }).html_url ?? ""),
+        };
+      });
+    },
+  });
+}
diff --git a/apps/mesh/src/web/components/thread/github/use-pr-reviews.ts b/apps/mesh/src/web/components/thread/github/use-pr-reviews.ts
new file mode 100644
index 0000000000..fcf4787e1b
--- /dev/null
+++ b/apps/mesh/src/web/components/thread/github/use-pr-reviews.ts
@@ -0,0 +1,83 @@
+/**
+ * usePrReviews — fetches draft/mergeable/unresolved-conversation/missing-
+ * approvals signals for an open PR. Backed by github-mcp-server's
+ * `get_pull_request`. Mirrors the polling and stale-time conventions of
+ * usePrByBranch and useChecks.
+ *
+ * Semantic notes:
+ * - `missingRequiredApprovals` is a heuristic: mergeable_state="blocked"
+ *   and no unresolved conversations. GitHub doesn't expose approval-
+ *   requirement state via this endpoint directly; this is the best signal
+ *   available without an additional review-threads call.
+ */
+
+import { useMCPClient, useMCPToolCallQuery } from "@decocms/mesh-sdk";
+
+import { extractToolJson } from "./extract-tool-json.ts";
+
+export type MergeableState =
+  | "clean"
+  | "dirty"
+  | "unstable"
+  | "blocked"
+  | "unknown"
+  | "behind";
+
+export interface PrReviewSignals {
+  draft: boolean;
+  mergeableState: MergeableState;
+  unresolvedConversations: number;
+  missingRequiredApprovals: boolean;
+}
+
+const POLL = 60_000;
+const STALE = 30_000;
+
+interface Args {
+  orgId: string;
+  orgSlug: string;
+  connectionId: string;
+  owner: string;
+  repo: string;
+  prNumber: number | null | undefined;
+}
+
+export function usePrReviews(args: Args) {
+  const client = useMCPClient({
+    connectionId: args.connectionId,
+    orgId: args.orgId,
+    orgSlug: args.orgSlug,
+  });
+
+  return useMCPToolCallQuery<PrReviewSignals | null>({
+    client,
+    toolName: "pull_request_read",
+    toolArguments: {
+      method: "get",
+      owner: args.owner,
+      repo: args.repo,
+      pullNumber: args.prNumber ?? 0,
+    },
+    enabled: !!args.prNumber,
+    refetchInterval: POLL,
+    refetchIntervalInBackground: false,
+    staleTime: STALE,
+    select: (r) => {
+      const p = extractToolJson<Record<string, unknown>>(r);
+      if (!p) return null;
+      const ms = (p.mergeable_state as MergeableState | undefined) ?? "unknown";
+      const draft = Boolean(p.draft ?? false);
+      const reviewCommentsCount = Number(p.review_comments ?? 0);
+      const unresolvedConversations =
+        ms === "blocked" && reviewCommentsCount > 0 ? reviewCommentsCount : 0;
+      const missingRequiredApprovals =
+        ms === "blocked" && unresolvedConversations === 0;
+      return {
+        draft,
+        mergeableState: ms,
+        unresolvedConversations,
+        missingRequiredApprovals,
+      };
+    },
+  });
+}
diff --git a/apps/mesh/src/web/components/tool-set-selector.tsx b/apps/mesh/src/web/components/tool-set-selector.tsx
index e070f5f195..a2d8c6b937 100644
--- a/apps/mesh/src/web/components/tool-set-selector.tsx
+++ b/apps/mesh/src/web/components/tool-set-selector.tsx
@@ -22,6 +22,8 @@ export interface ToolSetSelectorProps {
   onToolSetChange: (toolSet: Record<string, string[]>) => void;
   /** Virtual MCP ID to exclude from selection (prevents self-reference) */
   excludeVirtualMcpId?: string;
+  /** Controlled search query — if provided, hides the internal search bar */
+  searchQuery?: string;
 }
 
 interface ConnectionItemProps {
@@ -140,8 +142,13 @@ export function ToolSetSelector({
   toolSet,
   onToolSetChange,
   excludeVirtualMcpId,
+  searchQuery: controlledSearchQuery,
 }: ToolSetSelectorProps) {
-  const [searchQuery, setSearchQuery] = useState("");
+  const [internalSearchQuery, setInternalSearchQuery] = useState("");
+  const searchQuery =
+    controlledSearchQuery !== undefined
+      ? controlledSearchQuery
+      : internalSearchQuery;
   const deferredSearchQuery = useDeferredValue(searchQuery);
   const [filterMode, setFilterMode] = useState<FilterMode>("all");
   const [showMobileDetail, setShowMobileDetail] = useState(false);
@@ -151,6 +158,7 @@ export function ToolSetSelector({
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const PAGE_SIZE = 100;
@@ -358,12 +366,14 @@ export function ToolSetSelector({
           showMobileDetail && "hidden md:flex",
         )}
       >
-        {/* Search Input */}
-        <CollectionSearch
-          value={searchQuery}
-          onChange={setSearchQuery}
-          placeholder="Search MCP Servers..."
-        />
+        {/* Search Input — hidden when controlled from outside */}
+        {controlledSearchQuery === undefined && (
+          <CollectionSearch
+            value={internalSearchQuery}
+            onChange={setInternalSearchQuery}
+            placeholder="Search MCP Servers..."
+          />
+        )}
 
         {/* Filter Buttons */}
         <div className="flex gap-1 p-2 border-b border-border">
diff --git a/apps/mesh/src/web/components/unified-auth-form.tsx b/apps/mesh/src/web/components/unified-auth-form.tsx
index 25e4c66e4b..d633bdec7d 100644
--- a/apps/mesh/src/web/components/unified-auth-form.tsx
+++ b/apps/mesh/src/web/components/unified-auth-form.tsx
@@ -2,6 +2,7 @@ import { useState } from "react";
 import { useMutation } from "@tanstack/react-query";
 import { useAuthConfig } from "@/web/providers/auth-config-provider";
 import { authClient } from "@/web/lib/auth-client";
+import { track } from "@/web/lib/posthog-client";
 import { Button } from "@deco/ui/components/button.tsx";
 import { Input } from "@deco/ui/components/input.tsx";
 import { cn } from "@deco/ui/lib/utils.ts";
@@ -83,6 +84,11 @@ export function UnifiedAuthForm({
       globalThis.localStorage?.setItem("hasLoggedIn", "true");
       window.location.href = redirectUrl ?? callbackUrl;
     },
+    onError: (error) => {
+      track(isSignUp ? "user_signup_failed" : "user_signin_failed", {
+        error: error instanceof Error ? error.message : String(error),
+      });
+    },
   });
 
   const forgotPasswordMutation = useMutation({
@@ -97,8 +103,14 @@ export function UnifiedAuthForm({
       return result;
     },
     onSuccess: () => {
+      track("password_reset_requested");
       setResetEmailSent(true);
     },
+    onError: (error) => {
+      track("password_reset_request_failed", {
+        error: error instanceof Error ? error.message : String(error),
+      });
+    },
   });
 
   const sendOtpMutation = useMutation({
@@ -113,8 +125,14 @@ export function UnifiedAuthForm({
       return result;
     },
     onSuccess: () => {
+      track("email_otp_sent");
       setOtpSent(true);
     },
+    onError: (error) => {
+      track("email_otp_send_failed", {
+        error: error instanceof Error ? error.message : String(error),
+      });
+    },
   });
 
   const verifyOtpMutation = useMutation({
@@ -132,6 +150,11 @@ export function UnifiedAuthForm({
       globalThis.localStorage?.setItem("hasLoggedIn", "true");
       window.location.href = redirectUrl ?? callbackUrl;
     },
+    onError: (error) => {
+      track("email_otp_verify_failed", {
+        error: error instanceof Error ? error.message : String(error),
+      });
+    },
   });
 
   const validateEmail = (email: string): boolean => {
diff --git a/apps/mesh/src/web/components/vm/env/env.tsx b/apps/mesh/src/web/components/vm/env/env.tsx
index 179938d944..c1c64ae694 100644
--- a/apps/mesh/src/web/components/vm/env/env.tsx
+++ b/apps/mesh/src/web/components/vm/env/env.tsx
@@ -5,6 +5,7 @@ import {
   useMCPClient,
   SELF_MCP_ALIAS_ID,
 } from "@decocms/mesh-sdk";
+import type { VmMapEntry } from "@decocms/mesh-sdk";
 import { useQueryClient } from "@tanstack/react-query";
 import { invalidateVirtualMcpQueries } from "@/web/lib/query-keys";
 import { useInsetContext } from "@/web/layouts/agent-shell-layout";
@@ -40,11 +41,16 @@ import {
   TooltipTrigger,
 } from "@deco/ui/components/tooltip.tsx";
 import { cn } from "@deco/ui/lib/utils.ts";
-import { useChatBridge } from "@/web/components/chat/context";
+import { useChatBridge, useChatTask } from "@/web/components/chat/context";
 import { usePanelActions } from "@/web/layouts/shell-layout";
 import { VmErrorState } from "../vm-error-state";
 import { VmSuspendedState } from "../vm-suspended-state";
 import { useVmEvents } from "../hooks/use-vm-events";
+import {
+  useIsVmStartPending,
+  useVmStart,
+  vmUserStop,
+} from "../hooks/use-vm-start";
 import { VmTerminal } from "./terminal";
 import type { Terminal as XTerminal } from "@xterm/xterm";
 import { EmptyState } from "../../empty-state";
@@ -56,10 +62,12 @@ import type { PackageManager } from "@/shared/runtime-defaults";
 import { toast } from "sonner";
 
 interface VmData {
-  terminalUrl: string | null;
-  previewUrl: string;
+  /** Null for blank/tool sandboxes (no dev server). Mirrors SDK schema; today VM_START always provisions one. */
+  previewUrl: string | null;
   vmId: string;
+  branch: string;
   isNewVm: boolean;
+  runnerKind?: "host" | "docker" | "freestyle" | "agent-sandbox";
 }
 
 type ViewStatus =
@@ -78,37 +86,42 @@ export function EnvContent({ daemonOpen = false }: { daemonOpen?: boolean }) {
   const queryClient = useQueryClient();
   const { data: session } = authClient.useSession();
 
-  // Check if there's already an active VM for this user
+  // thread.branch is the only source for vmMap resolution.
+  const { currentBranch, setCurrentTaskBranch } = useChatTask();
   const userId = session?.user?.id;
-  const activeVmMetadata = inset?.entity?.metadata as
-    | {
-        activeVms?: Record<
-          string,
-          { previewUrl: string; vmId: string; terminalUrl: string | null }
-        >;
-      }
+  const vmMapMetadata = inset?.entity?.metadata as
+    | { vmMap?: Record<string, Record<string, VmMapEntry>> }
     | undefined;
-  const existingVm = userId ? activeVmMetadata?.activeVms?.[userId] : undefined;
+  const existingVm =
+    userId && currentBranch
+      ? vmMapMetadata?.vmMap?.[userId]?.[currentBranch]
+      : undefined;
 
-  const [status, setStatus] = useState<ViewStatus>(
-    existingVm ? "running" : "idle",
-  );
-  const [statusLabel, setStatusLabel] = useState("");
-  const [errorMsg, setErrorMsg] = useState("");
-  const [execInFlight, setExecInFlight] = useState(false);
-  const [killedProcesses, setKilledProcesses] = useState<Set<string>>(
-    new Set(),
-  );
-  const vmDataRef = useRef<VmData | null>(
-    existingVm
+  const vmData: VmData | null =
+    existingVm && currentBranch
       ? {
-          terminalUrl: existingVm.terminalUrl,
           previewUrl: existingVm.previewUrl,
           vmId: existingVm.vmId,
+          branch: currentBranch,
           isNewVm: false,
+          runnerKind: existingVm.runnerKind,
         }
-      : null,
-  );
+      : null;
+
+  // Transient override used during user-initiated transitions
+  // ("creating" / "stopping" / "error"). Cleared via effect below once the
+  // derived status catches up.
+  const [override, setOverride] = useState<ViewStatus | null>(null);
+
+  const [statusLabel, setStatusLabel] = useState("");
+  const [errorMsg, setErrorMsg] = useState("");
+  const [execInFlight, setExecInFlight] = useState(false);
+  // Tracks scripts whose kill request is in flight or whose underlying
+  // running-state hasn't yet caught up with the kill — drives the
+  // transient "Stopping…" affordance on the run/restart button. Cleared
+  // either by the sync prune below (state confirms not-running) or by
+  // handleKill itself on request error (revert to "Restart").
+  const [killingScripts, setKillingScripts] = useState<Set<string>>(new Set());
   const startingRef = useRef(false);
   const startedAtRef = useRef<number>(Date.now());
 
@@ -152,27 +165,81 @@ export function EnvContent({ daemonOpen = false }: { daemonOpen?: boolean }) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
-  const handleChunk = (source: string, data: string) => {
-    const term = terminalRefs.current.get(source);
-    if (term) {
-      term.write(data);
-    }
-  };
+  const vmEvents = useVmEvents();
 
-  const vmEvents = useVmEvents(
-    status === "running" ? (vmDataRef.current?.previewUrl ?? null) : null,
-    handleChunk,
+  const vmStartPending = useIsVmStartPending(
+    inset?.entity?.id,
+    currentBranch ?? undefined,
   );
+  const derivedStatus: ViewStatus = vmEvents.suspended
+    ? "suspended"
+    : vmEvents.notFound
+      ? "creating"
+      : vmData
+        ? "running"
+        : vmStartPending
+          ? "creating"
+          : "idle";
+  const status: ViewStatus = override ?? derivedStatus;
+
+  // Clear the override when the derived state catches up.
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect — clears transient override once derivedStatus catches up; no render-time equivalent for "wait for external async state to reach a target"
+  useEffect(() => {
+    if (override === "creating" && derivedStatus === "running") {
+      setOverride(null);
+    }
+    if (override === "stopping" && derivedStatus === "idle") {
+      setOverride(null);
+    }
+  }, [derivedStatus, override]);
+
+  // Prune `killingScripts` entries once SSE confirms the process stopped:
+  // checks activeProcesses uniformly across all script types.
+  // Render-time setState is fine here — React bails out when the next set is equal.
+  if (killingScripts.size > 0) {
+    let changed = false;
+    const next = new Set(killingScripts);
+    for (const name of killingScripts) {
+      const stillRunning = vmEvents.activeProcesses.includes(name);
+      if (!stillRunning) {
+        next.delete(name);
+        changed = true;
+      }
+    }
+    if (changed) setKillingScripts(next);
+  }
+
+  // Self-heal stale vmMap entries: SSE probe flips notFound on 404, VM_START
+  // writes a fresh entry. Dedup by dead vmId to avoid looping on repeat 404s.
+  // Routed through useVmStart so MCP protocol errors surface (see call-vm-tool).
+  const selfHealStart = useVmStart(client);
+  const { mutate: triggerSelfHeal, isPending: selfHealPending } = selfHealStart;
+  const virtualMcpId = inset?.entity?.id;
+  const deadVmId = vmEvents.notFound ? (existingVm?.vmId ?? null) : null;
+  const reprovisionedForVmIdRef = useRef<string | null>(null);
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect — one-shot reprovision trigger gated on the notFound→deadVmId derivation
+  useEffect(() => {
+    if (!deadVmId || !virtualMcpId) return;
+    if (selfHealPending) return;
+    if (reprovisionedForVmIdRef.current === deadVmId) return;
+    reprovisionedForVmIdRef.current = deadVmId;
+    const args: { virtualMcpId: string; branch?: string } = { virtualMcpId };
+    if (currentBranch) args.branch = currentBranch;
+    triggerSelfHeal(args, {
+      onError: (err) => {
+        console.error("[env] reprovision VM_START failed", err);
+      },
+    });
+  }, [deadVmId, virtualMcpId, currentBranch, selfHealPending, triggerSelfHeal]);
 
-  // When scripts are discovered, auto-open well-known starters
   const scriptsAppliedRef = useRef(false);
   // oxlint-disable-next-line ban-use-effect/ban-use-effect — responds to vmEvents.scripts discovery; drives one-time tab auto-open
   useEffect(() => {
     if (vmEvents.scripts.length > 0 && !scriptsAppliedRef.current) {
       scriptsAppliedRef.current = true;
-      // Only add the first well-known starter (matches daemon auto-start behavior)
       for (const name of WELL_KNOWN_STARTERS) {
         if (vmEvents.scripts.includes(name)) {
           setOpenScriptTabs([name]);
@@ -195,36 +262,50 @@ export function EnvContent({ daemonOpen = false }: { daemonOpen?: boolean }) {
   };
 
   const handleExec = async (scriptName: string) => {
-    if (execInFlight || !vmDataRef.current) return;
+    if (execInFlight || !vmData || !virtualMcpId || !currentBranch) return;
     setExecInFlight(true);
     try {
+      const qs = new URLSearchParams({
+        virtualMcpId,
+        branch: currentBranch,
+      }).toString();
       const res = await fetch(
-        `${vmDataRef.current.previewUrl}/_decopilot_vm/exec/${scriptName}`,
+        `/api/${encodeURIComponent(org.slug)}/vm-exec/exec/${encodeURIComponent(scriptName)}?${qs}`,
         { method: "POST" },
       );
       if (!res.ok) throw new Error(`Exec failed: ${res.statusText}`);
-      setKilledProcesses((prev) => {
-        const next = new Set(prev);
-        next.delete(scriptName);
-        return next;
-      });
     } finally {
       setExecInFlight(false);
     }
   };
 
   const handleKill = async (scriptName: string) => {
-    if (execInFlight || !vmDataRef.current) return;
-    setExecInFlight(true);
+    if (!vmData || !virtualMcpId || !currentBranch) return;
+    if (killingScripts.has(scriptName)) return;
+    setKillingScripts((prev) => {
+      const next = new Set(prev);
+      next.add(scriptName);
+      return next;
+    });
     try {
+      const qs = new URLSearchParams({
+        virtualMcpId,
+        branch: currentBranch,
+      }).toString();
       const res = await fetch(
-        `${vmDataRef.current.previewUrl}/_decopilot_vm/kill/${scriptName}`,
+        `/api/${encodeURIComponent(org.slug)}/vm-exec/kill/${encodeURIComponent(scriptName)}?${qs}`,
         { method: "POST" },
       );
       if (!res.ok) throw new Error(`Kill failed: ${res.statusText}`);
-      setKilledProcesses((prev) => new Set(prev).add(scriptName));
-    } finally {
-      setExecInFlight(false);
+      // Leave the entry in `killingScripts`; the render-time prune below
+      // clears it once SSE confirms the process is no longer running.
+    } catch {
+      setKillingScripts((prev) => {
+        const next = new Set(prev);
+        next.delete(scriptName);
+        return next;
+      });
+      toast.error(`Failed to stop ${scriptName}`);
     }
   };
 
@@ -239,8 +320,11 @@ export function EnvContent({ daemonOpen = false }: { daemonOpen?: boolean }) {
   const handleStart = async () => {
     if (startingRef.current) return;
     startingRef.current = true;
+    if (inset?.entity?.id && currentBranch) {
+      vmUserStop.clear(inset.entity.id, currentBranch);
+    }
     startedAtRef.current = Date.now();
-    setStatus("creating");
+    setOverride("creating");
     setStatusLabel("Connecting...");
     setErrorMsg("");
     scriptsAppliedRef.current = false;
@@ -249,20 +333,27 @@ export function EnvContent({ daemonOpen = false }: { daemonOpen?: boolean }) {
 
     try {
       if (!inset?.entity) throw new Error("No virtual MCP context");
-      const data = (await callTool("VM_START", {
+      const args: { virtualMcpId: string; branch?: string } = {
         virtualMcpId: inset.entity.id,
-      })) as VmData;
+      };
+      if (currentBranch) args.branch = currentBranch;
+      const data = (await callTool("VM_START", args)) as VmData;
 
-      if (!data.previewUrl || !data.vmId) {
-        throw new Error("Invalid VM response — missing URLs");
+      if (!data.vmId || !data.branch) {
+        throw new Error("Invalid VM response — missing fields");
       }
 
-      vmDataRef.current = data;
-      setStatus("running");
+      // Server-generated branch: persist so subsequent renders resolve via vmMap[userId][branch].
+      if (!currentBranch) {
+        setCurrentTaskBranch(data.branch);
+      }
       setStatusLabel("");
       invalidateVirtualMcpQueries(queryClient);
+      // override stays "creating" until the vmMap refetch populates vmData,
+      // at which point the sync-effect above flips it to null → derivedStatus
+      // takes over as "running".
     } catch (error) {
-      setStatus("error");
+      setOverride("error");
       setErrorMsg(
         error instanceof Error ? error.message : "Failed to start VM",
       );
@@ -272,48 +363,36 @@ export function EnvContent({ daemonOpen = false }: { daemonOpen?: boolean }) {
   };
 
   const handleStop = async () => {
-    vmDataRef.current = null;
-    setStatus("stopping");
+    const branchToStop = vmData?.branch ?? currentBranch;
+    setOverride("stopping");
 
     const virtualMcpId = inset?.entity?.id;
-    if (virtualMcpId) {
+    if (virtualMcpId && branchToStop)
+      vmUserStop.mark(virtualMcpId, branchToStop);
+    if (virtualMcpId && branchToStop) {
       try {
         await client.callTool({
           name: "VM_DELETE",
-          arguments: { virtualMcpId },
+          arguments: { virtualMcpId, branch: branchToStop },
         });
       } catch {
         // Best effort
       }
     }
 
-    setStatus("idle");
     invalidateVirtualMcpQueries(queryClient);
+    // override stays "stopping" until the vmMap refetch removes the entry,
+    // at which point the sync-effect above flips it to null → derivedStatus
+    // takes over as "idle".
   };
 
-  // Detect suspension via SSE disconnect
-  // oxlint-disable-next-line ban-use-effect/ban-use-effect — responds to vmEvents.suspended changing; drives status transition
-  useEffect(() => {
-    if (vmEvents.suspended && status === "running") {
-      setStatus("suspended");
-    }
-    if (!vmEvents.suspended && status === "suspended") {
-      setStatus("running");
-    }
-  }, [vmEvents.suspended, status]);
-
   const githubRepo = useActiveGithubRepo();
 
-  if (!githubRepo) {
-    return null;
-  }
-
   const runtime = (
     inset?.entity?.metadata as
       | { runtime?: { selected: string | null; port?: string | null } | null }
       | undefined
   )?.runtime;
-  const isDetecting = runtime === undefined;
   const NONE_VALUE = "__none__";
   const packageManagers = Object.keys(
     PACKAGE_MANAGER_CONFIG,
@@ -345,105 +424,96 @@ export function EnvContent({ daemonOpen = false }: { daemonOpen?: boolean }) {
     }
   };
 
-  // State 2: Repo connected, VM stopped — show config + Start
+  // VM stopped — show config + Start. Repo card only renders when one is connected;
+  // the daemon supports a blank-clone bootstrap so the rest of the panel still works.
   if (status === "idle" || status === "stopping") {
     const isStopping = status === "stopping";
     return (
       <div className="flex flex-col items-center justify-center w-full h-full p-6">
         <div className="flex flex-col gap-4 w-full max-w-xs">
-          <a
-            href={`https://github.com/${githubRepo.owner}/${githubRepo.name}`}
-            target="_blank"
-            rel="noopener noreferrer"
-            className="flex items-center gap-3 p-4 rounded-lg border border-border hover:bg-accent/50 transition-colors"
-          >
-            <GitHubIcon size={24} />
-            <div className="flex flex-col gap-0.5 min-w-0 flex-1">
-              <span className="text-sm font-medium truncate">
-                {githubRepo.owner}/{githubRepo.name}
-              </span>
-              <span className="text-xs text-muted-foreground truncate">
-                github.com/{githubRepo.owner}/{githubRepo.name}
-              </span>
-            </div>
-            <LinkExternal01
-              size={14}
-              className="text-muted-foreground shrink-0"
-            />
-          </a>
-
-          {isDetecting ? (
-            <div className="flex items-center justify-center gap-2 w-full">
-              <Loading01
+          {githubRepo && (
+            <a
+              href={`https://github.com/${githubRepo.owner}/${githubRepo.name}`}
+              target="_blank"
+              rel="noopener noreferrer"
+              className="flex items-center gap-3 p-4 rounded-lg border border-border hover:bg-accent/50 transition-colors"
+            >
+              <GitHubIcon size={24} />
+              <div className="flex flex-col gap-0.5 min-w-0 flex-1">
+                <span className="text-sm font-medium truncate">
+                  {githubRepo.owner}/{githubRepo.name}
+                </span>
+                <span className="text-xs text-muted-foreground truncate">
+                  github.com/{githubRepo.owner}/{githubRepo.name}
+                </span>
+              </div>
+              <LinkExternal01
                 size={14}
-                className="animate-spin text-muted-foreground"
+                className="text-muted-foreground shrink-0"
               />
-              <p className="text-sm text-muted-foreground">
-                Detecting project configuration...
-              </p>
-            </div>
-          ) : (
-            <div className="flex flex-wrap items-end justify-between gap-2 w-full">
-              <div className="flex flex-col gap-1">
-                <Label htmlFor="env-runtime" className="text-xs font-medium">
-                  Runtime
-                </Label>
-                <Select
-                  value={runtime?.selected ?? NONE_VALUE}
-                  onValueChange={(v) =>
-                    handleFieldUpdate("selected", v === NONE_VALUE ? null : v)
-                  }
-                >
-                  <SelectTrigger id="env-runtime" className="w-28">
-                    <SelectValue placeholder="None" />
-                  </SelectTrigger>
-                  <SelectContent>
-                    <SelectItem value={NONE_VALUE}>None</SelectItem>
-                    {packageManagers.map((pm) => (
-                      <SelectItem key={pm} value={pm}>
-                        {pm}
-                      </SelectItem>
-                    ))}
-                  </SelectContent>
-                </Select>
-              </div>
-              <div className="flex flex-col gap-1">
-                <Label htmlFor="env-port" className="text-xs font-medium">
-                  Port
-                </Label>
-                <Input
-                  id="env-port"
-                  placeholder="3000"
-                  className="w-20 h-8"
-                  defaultValue={runtime?.port ?? ""}
-                  onBlur={(e) =>
-                    handleFieldUpdate("port", e.target.value || null)
-                  }
-                />
-              </div>
-              <Button
-                onClick={handleStart}
-                disabled={isStopping || isDetecting}
+            </a>
+          )}
+
+          <div className="flex flex-wrap items-end justify-between gap-2 w-full">
+            <div className="flex flex-col gap-1">
+              <Label htmlFor="env-runtime" className="text-xs font-medium">
+                Runtime
+              </Label>
+              <Select
+                value={runtime?.selected ?? NONE_VALUE}
+                onValueChange={(v) =>
+                  handleFieldUpdate("selected", v === NONE_VALUE ? null : v)
+                }
               >
-                {isStopping ? (
-                  <Loading01 size={14} className="animate-spin" />
-                ) : (
-                  <Play size={14} />
-                )}
-                {isStopping ? "Stopping..." : "Run"}
-              </Button>
+                <SelectTrigger id="env-runtime" className="w-28">
+                  <SelectValue placeholder="None" />
+                </SelectTrigger>
+                <SelectContent>
+                  <SelectItem value={NONE_VALUE}>None</SelectItem>
+                  {packageManagers.map((pm) => (
+                    <SelectItem key={pm} value={pm}>
+                      {pm}
+                    </SelectItem>
+                  ))}
+                </SelectContent>
+              </Select>
             </div>
-          )}
+            <div className="flex flex-col gap-1">
+              <Label htmlFor="env-port" className="text-xs font-medium">
+                Port
+              </Label>
+              <Input
+                id="env-port"
+                placeholder="3001"
+                className="w-20 h-8"
+                defaultValue={runtime?.port ?? ""}
+                onBlur={(e) =>
+                  handleFieldUpdate("port", e.target.value || null)
+                }
+              />
+            </div>
+            <Button onClick={handleStart} disabled={isStopping}>
+              {isStopping ? (
+                <Loading01 size={14} className="animate-spin" />
+              ) : (
+                <Play size={14} />
+              )}
+              {isStopping ? "Stopping..." : "Run"}
+            </Button>
+          </div>
         </div>
       </div>
     );
   }
 
   if (status === "creating") {
+    const label = vmEvents.notFound
+      ? "Sandbox was stopped, we're restarting it…"
+      : statusLabel;
     return (
       <div className="flex flex-col items-center justify-center w-full h-full gap-4">
         <Loading01 size={24} className="animate-spin text-muted-foreground" />
-        <p className="text-sm text-muted-foreground">{statusLabel}</p>
+        <p className="text-sm text-muted-foreground">{label}</p>
         <LiveTimer since={startedAtRef.current} />
       </div>
     );
@@ -457,14 +527,12 @@ export function EnvContent({ daemonOpen = false }: { daemonOpen?: boolean }) {
     return <VmSuspendedState onResume={handleStart} />;
   }
 
-  // All tabs: setup + open script tabs + optional daemon
   const allTabs = [
     "setup",
     ...openScriptTabs,
     ...(daemonOpen ? ["daemon"] : []),
   ];
 
-  // Scripts available to add (not already open)
   const addableScripts = vmEvents.scripts.filter(
     (s) => !openScriptTabs.includes(s),
   );
@@ -473,30 +541,29 @@ export function EnvContent({ daemonOpen = false }: { daemonOpen?: boolean }) {
     <div className="flex flex-col w-full h-full">
       <div className="flex flex-col h-full">
         {/* Terminal tabs + action bar */}
-        <div className="flex items-center border-b border-border px-2 shrink-0">
+        <div className="flex h-12 items-center border-b border-border px-2 shrink-0">
           {allTabs.map((tab) => (
             <button
               key={tab}
               type="button"
               onClick={() => setActiveTab(tab)}
               className={cn(
-                "px-3 py-1.5 text-xs font-medium capitalize transition-colors",
+                "flex items-center h-full px-3 text-sm whitespace-nowrap border-b-2 mb-[-1px] capitalize transition-all hover:text-foreground",
                 activeTab === tab
-                  ? "text-foreground border-b-2 border-primary"
-                  : "text-muted-foreground hover:text-foreground",
+                  ? "text-foreground border-primary"
+                  : "text-muted-foreground border-transparent",
               )}
             >
               {tab}
             </button>
           ))}
 
-          {/* Add script button */}
           {addableScripts.length > 0 && (
             <DropdownMenu>
               <DropdownMenuTrigger asChild>
                 <button
                   type="button"
-                  className="px-2 py-1.5 text-xs text-muted-foreground hover:text-foreground transition-colors"
+                  className="flex items-center h-full px-2 text-muted-foreground hover:text-foreground transition-colors"
                 >
                   <Plus size={14} />
                 </button>
@@ -515,7 +582,7 @@ export function EnvContent({ daemonOpen = false }: { daemonOpen?: boolean }) {
           )}
 
           <div className="flex-1 flex justify-center">
-            {vmDataRef.current?.vmId && (
+            {vmData?.vmId && (
               <div className="flex items-center">
                 <Tooltip>
                   <TooltipTrigger asChild>
@@ -523,12 +590,10 @@ export function EnvContent({ daemonOpen = false }: { daemonOpen?: boolean }) {
                       type="button"
                       className="shrink-0 rounded-l bg-muted px-1.5 py-0.5 text-[10px] font-mono text-muted-foreground cursor-pointer hover:bg-accent hover:text-foreground transition-colors border-r border-border/50"
                       onClick={() =>
-                        navigator.clipboard.writeText(
-                          vmDataRef.current?.vmId ?? "",
-                        )
+                        navigator.clipboard.writeText(vmData?.vmId ?? "")
                       }
                     >
-                      {vmDataRef.current.vmId}
+                      {vmData.vmId}
                     </button>
                   </TooltipTrigger>
                   <TooltipContent side="bottom">Copy VM ID</TooltipContent>
@@ -553,7 +618,6 @@ export function EnvContent({ daemonOpen = false }: { daemonOpen?: boolean }) {
             )}
           </div>
 
-          {/* Script tab controls (not for setup/daemon) */}
           <div className="flex items-center gap-1">
             {hasSelection && (
               <button
@@ -569,48 +633,57 @@ export function EnvContent({ daemonOpen = false }: { daemonOpen?: boolean }) {
               activeTab !== "daemon" &&
               openScriptTabs.includes(activeTab) &&
               (() => {
-                const isRunning =
-                  vmEvents.activeProcesses.includes(activeTab) &&
-                  !killedProcesses.has(activeTab);
+                const isRunning = vmEvents.activeProcesses.includes(activeTab);
+                const isKilling = killingScripts.has(activeTab);
+                // Hide the dropdown chevron during the Stopping… window so a
+                // second Stop click can't double-fire while the first is in
+                // flight; the prune effect removes it once SSE confirms idle.
+                const showRunningAffordance = isRunning && !isKilling;
+                const busy = execInFlight || isKilling;
+                const onRun = () => handleExec(activeTab);
+                const onStop = () => handleKill(activeTab);
+                const label = execInFlight
+                  ? "Running..."
+                  : isKilling
+                    ? "Stopping..."
+                    : isRunning
+                      ? "Restart"
+                      : "Run";
                 return (
                   <div className="flex items-center">
                     <button
                       type="button"
-                      disabled={execInFlight}
-                      onClick={() => handleExec(activeTab)}
+                      disabled={busy}
+                      onClick={onRun}
                       className={cn(
                         "flex items-center gap-1 border border-border px-2 py-1 text-xs font-medium text-muted-foreground hover:text-foreground hover:bg-muted transition-colors disabled:opacity-50",
-                        isRunning ? "rounded-l-md border-r-0" : "rounded-md",
+                        showRunningAffordance
+                          ? "rounded-l-md border-r-0"
+                          : "rounded-md",
                       )}
                     >
-                      {execInFlight ? (
+                      {busy ? (
                         <Loading01 size={12} className="animate-spin" />
                       ) : (
                         <Play size={12} />
                       )}
-                      {execInFlight
-                        ? "Running..."
-                        : isRunning
-                          ? "Restart"
-                          : "Run"}
+                      {label}
                     </button>
-                    {isRunning && (
+                    {showRunningAffordance && (
                       <DropdownMenu>
                         <DropdownMenuTrigger asChild>
                           <button
                             type="button"
-                            disabled={execInFlight}
+                            disabled={busy}
                             className="flex items-center self-stretch rounded-r-md border border-border px-1 text-xs text-muted-foreground hover:text-foreground hover:bg-muted transition-colors disabled:opacity-50"
                           >
                             <ChevronDown size={12} />
                           </button>
                         </DropdownMenuTrigger>
                         <DropdownMenuContent align="end">
-                          <DropdownMenuItem
-                            onClick={() => handleKill(activeTab)}
-                          >
+                          <DropdownMenuItem onClick={onStop}>
                             <StopCircle size={12} />
-                            Stop Process
+                            Stop
                           </DropdownMenuItem>
                         </DropdownMenuContent>
                       </DropdownMenu>
@@ -621,7 +694,6 @@ export function EnvContent({ daemonOpen = false }: { daemonOpen?: boolean }) {
           </div>
         </div>
 
-        {/* Terminal content */}
         <div className="flex-1 overflow-hidden">
           {allTabs.map((tab) => (
             <div
@@ -630,13 +702,13 @@ export function EnvContent({ daemonOpen = false }: { daemonOpen?: boolean }) {
             >
               {vmEvents.hasData(tab) || tab === "setup" || tab === "daemon" ? (
                 <VmTerminal
+                  source={tab}
                   onReady={(t) => {
                     terminalRefs.current.set(tab, t);
                   }}
                   onSelectionChange={(has, getText) =>
                     handleSelectionChange(tab, has, getText)
                   }
-                  initialData={vmEvents.getBuffer(tab)}
                   className="h-full"
                 />
               ) : (
diff --git a/apps/mesh/src/web/components/vm/env/terminal.tsx b/apps/mesh/src/web/components/vm/env/terminal.tsx
index 6cc1e77127..a1665436d8 100644
--- a/apps/mesh/src/web/components/vm/env/terminal.tsx
+++ b/apps/mesh/src/web/components/vm/env/terminal.tsx
@@ -3,24 +3,40 @@ import { cn } from "@deco/ui/lib/utils.ts";
 import { Terminal } from "@xterm/xterm";
 import { FitAddon } from "@xterm/addon-fit";
 import "@xterm/xterm/css/xterm.css";
+import { useVmChunkHandler, useVmEvents } from "../hooks/use-vm-events";
 
 interface VmTerminalProps {
+  /**
+   * Log source this terminal renders ("setup", "daemon", or a script name
+   * like "dev"). The terminal pulls the replay buffer at mount and subscribes
+   * to live chunks for this source. Self-contained — no parent-side routing.
+   */
+  source: string;
   onReady?: (terminal: Terminal) => void;
   onSelectionChange?: (hasSelection: boolean, getText: () => string) => void;
-  initialData?: string;
   className?: string;
 }
 
 export function VmTerminal({
+  source,
   onReady,
   onSelectionChange,
-  initialData,
   className,
 }: VmTerminalProps) {
   const containerRef = useRef<HTMLDivElement>(null);
   const terminalRef = useRef<Terminal | null>(null);
   const onSelectionChangeRef = useRef(onSelectionChange);
   onSelectionChangeRef.current = onSelectionChange;
+  const vmEvents = useVmEvents();
+  // Stable ref so the chunk handler (registered once on mount) always sees
+  // the current source; no dep churn on prop changes.
+  const sourceRef = useRef(source);
+  sourceRef.current = source;
+
+  useVmChunkHandler((chunkSource, data) => {
+    if (chunkSource !== sourceRef.current) return;
+    terminalRef.current?.write(data);
+  });
 
   // oxlint-disable-next-line ban-use-effect/ban-use-effect — xterm.js lifecycle: create on mount, dispose on unmount
   useEffect(() => {
@@ -36,13 +52,17 @@ export function VmTerminal({
       fontFamily:
         cssVar("--font-mono") ||
         "ui-monospace, SFMono-Regular, Menlo, Consolas, monospace",
-      fontSize: 13,
-      lineHeight: 1.4,
+      fontSize: 12.5,
+      lineHeight: 1.5,
       scrollback: 5000,
       cursorBlink: false,
       disableStdin: true,
       theme: {
-        background: cssVar("--background") || "#1e1e1e",
+        background:
+          cssVar("--sidebar") ||
+          cssVar("--card") ||
+          cssVar("--background") ||
+          "#1e1e1e",
         cursor: "transparent",
         foreground: cssVar("--foreground") || "#d4d4d4",
         selectionBackground: cssVar("--accent"),
@@ -73,8 +93,12 @@ export function VmTerminal({
 
     terminal.open(el);
     fitAddon.fit();
-    if (initialData) {
-      terminal.write(initialData);
+    // Replay anything the buffer has accumulated for this source — covers
+    // chunks that arrived before the tab mounted (e.g. clone output that
+    // streamed during the "creating" status phase).
+    const replay = vmEvents.getBuffer(source);
+    if (replay) {
+      terminal.write(replay);
     }
     terminalRef.current = terminal;
     onReady?.(terminal);
@@ -95,13 +119,16 @@ export function VmTerminal({
       terminalRef.current = null;
       terminal.dispose();
     };
-    // oxlint-disable-next-line react-hooks/exhaustive-deps — mount-only: initialData and onReady are consumed once during terminal setup
+    // oxlint-disable-next-line react-hooks/exhaustive-deps — mount-only: source/vmEvents/onReady are consumed once during terminal setup
   }, []);
 
   return (
     <div
       ref={containerRef}
-      className={cn("overflow-hidden bg-background p-3", className)}
+      className={cn(
+        "overflow-hidden bg-sidebar px-4 py-3 [&_.xterm]:h-full [&_.xterm-screen]:min-h-full [&_.xterm-viewport]:overscroll-contain",
+        className,
+      )}
     />
   );
 }
diff --git a/apps/mesh/src/web/components/vm/hooks/call-vm-tool.ts b/apps/mesh/src/web/components/vm/hooks/call-vm-tool.ts
new file mode 100644
index 0000000000..67a6735ae8
--- /dev/null
+++ b/apps/mesh/src/web/components/vm/hooks/call-vm-tool.ts
@@ -0,0 +1,35 @@
+/**
+ * MCP SDK does NOT throw on server-side tool errors — it returns a resolved
+ * promise with `{ isError: true, ... }`. `.catch()` misses everything. Use
+ * this wrapper so VM bootstrap failures don't hang the UI on "Booting…".
+ */
+
+interface MinimalMcpClient {
+  callTool: (params: {
+    name: string;
+    arguments: Record<string, unknown>;
+  }) => Promise<unknown>;
+}
+
+interface McpToolResult {
+  isError?: boolean;
+  content?: Array<{ type?: string; text?: string }>;
+  structuredContent?: unknown;
+}
+
+export async function callVmTool(
+  client: MinimalMcpClient,
+  name: string,
+  args: Record<string, unknown>,
+): Promise<McpToolResult> {
+  const result = (await client.callTool({
+    name,
+    arguments: args,
+  })) as McpToolResult;
+  if (result.isError) {
+    const message =
+      result.content?.[0]?.text ?? `Tool ${name} failed without a message`;
+    throw new Error(message);
+  }
+  return result;
+}
diff --git a/apps/mesh/src/web/components/vm/hooks/use-vm-events.ts b/apps/mesh/src/web/components/vm/hooks/use-vm-events.ts
index 1a6dd7e1e7..6d455b2c32 100644
--- a/apps/mesh/src/web/components/vm/hooks/use-vm-events.ts
+++ b/apps/mesh/src/web/components/vm/hooks/use-vm-events.ts
@@ -1,188 +1,51 @@
-/**
- * useVmEvents — SSE hook for the VM daemon.
- *
- * Connects to the daemon's /_decopilot_vm/events endpoint running inside the VM
- * and streams raw PTY chunks, upstream status, discovered scripts, and
- * active process state back to React.
- *
- * Uses a direct EventSource per effect invocation so that each mount gets a
- * fresh SSE connection and the daemon replays scripts, logs, and active
- * processes on connect.
- */
-
-import { useState, useRef, useEffect } from "react";
-
-export interface VmStatus {
-  ready: boolean;
-  htmlSupport: boolean;
+/** Thin hooks over VmEventsContext. EventSource lifecycle lives in the provider. */
+
+import { use, useEffect, useRef } from "react";
+import {
+  VmEventsContext,
+  type ChunkHandler,
+  type ReloadHandler,
+} from "./vm-events-context.tsx";
+
+export type {
+  BranchStatus,
+  BranchStatusReady,
+  ChunkHandler,
+  ReloadHandler,
+  VmStatus,
+} from "./vm-events-context.tsx";
+
+export function useVmEvents() {
+  return use(VmEventsContext);
 }
 
-export type ChunkHandler = (source: string, data: string) => void;
-
-const BUFFER_BYTES = 16384;
-
-class ChunkBuffer {
-  private data = "";
-  append(chunk: string) {
-    this.data += chunk;
-    if (this.data.length > BUFFER_BYTES) {
-      this.data = this.data.slice(this.data.length - BUFFER_BYTES);
-    }
-  }
-  get() {
-    return this.data;
-  }
-  clear() {
-    this.data = "";
-  }
-}
-
-const MAX_DISCONNECT_MS = 45_000;
-
-/** Base reconnect delay in ms */
-const BASE_RECONNECT_DELAY_MS = 1_000;
-/** Max reconnect delay in ms */
-const MAX_RECONNECT_DELAY_MS = 30_000;
+export function useVmChunkHandler(handler: ChunkHandler | null) {
+  const { subscribeChunks } = useVmEvents();
+  const handlerRef = useRef(handler);
+  handlerRef.current = handler;
 
-const EVENT_TYPES = ["log", "status", "scripts", "processes"] as const;
-
-export function useVmEvents(
-  previewUrl: string | null,
-  onChunk: ChunkHandler | null,
-) {
-  const [status, setStatus] = useState<VmStatus>({
-    ready: false,
-    htmlSupport: false,
-  });
-  const [suspended, setSuspended] = useState(false);
-  const [scripts, setScripts] = useState<string[]>([]);
-  const [activeProcesses, setActiveProcesses] = useState<string[]>([]);
-  const disconnectTimer = useRef<ReturnType<typeof setTimeout> | null>(null);
-  const onChunkRef = useRef(onChunk);
-  onChunkRef.current = onChunk;
-  const buffers = useRef(new Map<string, ChunkBuffer>());
-
-  const getOrCreateBuffer = (source: string) => {
-    let buf = buffers.current.get(source);
-    if (!buf) {
-      buf = new ChunkBuffer();
-      buffers.current.set(source, buf);
-    }
-    return buf;
-  };
-
-  // oxlint-disable-next-line ban-use-effect/ban-use-effect — SSE subscription lifecycle requires cleanup on unmount; direct EventSource with reconnect logic
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect — subscription lifecycle bound to the component mount; uses ref for stable identity
   useEffect(() => {
-    if (!previewUrl) return;
-
-    // Reset state for new connection
-    setStatus({ ready: false, htmlSupport: false });
-    setSuspended(false);
-    setScripts([]);
-    setActiveProcesses([]);
-    buffers.current.clear();
-
-    let disposed = false;
-    let reconnectAttempt = 0;
-    let reconnectTimer: ReturnType<typeof setTimeout> | null = null;
-    let es: EventSource | null = null;
-
-    const handler = (e: MessageEvent) => {
-      // Any event received means we're connected — clear suspension timer
-      if (disconnectTimer.current) {
-        clearTimeout(disconnectTimer.current);
-        disconnectTimer.current = null;
-      }
-      setSuspended(false);
-
-      // Restart the disconnect timer
-      disconnectTimer.current = setTimeout(() => {
-        setSuspended(true);
-      }, MAX_DISCONNECT_MS);
-
-      try {
-        const data = JSON.parse(e.data);
-
-        if (e.type === "log" && typeof data.data === "string") {
-          const source = data.source as string;
-          getOrCreateBuffer(source).append(data.data);
-          onChunkRef.current?.(source, data.data);
-        } else if (e.type === "status") {
-          setStatus({
-            ready: Boolean(data.ready),
-            htmlSupport: Boolean(data.htmlSupport),
-          });
-        } else if (e.type === "scripts") {
-          setScripts(data.scripts ?? []);
-        } else if (e.type === "processes") {
-          setActiveProcesses(data.active ?? []);
-        }
-      } catch {
-        // ignore parse errors
-      }
+    const fn: ChunkHandler = (source, data) => {
+      handlerRef.current?.(source, data);
     };
+    const unsubscribe = subscribeChunks(fn);
+    return unsubscribe;
+  }, [subscribeChunks]);
+}
 
-    function connect() {
-      if (disposed) return;
-
-      es = new EventSource(`${previewUrl}/_decopilot_vm/events`);
-
-      es.onopen = () => {
-        reconnectAttempt = 0;
-      };
-
-      es.onerror = () => {
-        if (es?.readyState === EventSource.CLOSED) {
-          scheduleReconnect();
-        }
-      };
-
-      for (const type of EVENT_TYPES) {
-        es.addEventListener(type, handler);
-      }
-    }
-
-    function scheduleReconnect() {
-      if (disposed || reconnectTimer) return;
-
-      const delay = Math.min(
-        BASE_RECONNECT_DELAY_MS * 2 ** reconnectAttempt,
-        MAX_RECONNECT_DELAY_MS,
-      );
-      reconnectAttempt++;
-
-      reconnectTimer = setTimeout(() => {
-        reconnectTimer = null;
-        if (disposed) return;
-        es?.close();
-        connect();
-      }, delay);
-    }
-
-    connect();
-
-    disconnectTimer.current = setTimeout(() => {
-      setSuspended(true);
-    }, MAX_DISCONNECT_MS);
+/** Daemon "reload" = config edits framework HMR won't catch (.ts/.tsx uses framework HMR). */
+export function useVmReloadHandler(handler: ReloadHandler | null) {
+  const { subscribeReload } = useVmEvents();
+  const handlerRef = useRef(handler);
+  handlerRef.current = handler;
 
-    return () => {
-      disposed = true;
-      es?.close();
-      if (reconnectTimer) clearTimeout(reconnectTimer);
-      if (disconnectTimer.current) {
-        clearTimeout(disconnectTimer.current);
-        disconnectTimer.current = null;
-      }
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect — subscription lifecycle bound to the component mount; uses ref for stable identity
+  useEffect(() => {
+    const fn: ReloadHandler = () => {
+      handlerRef.current?.();
     };
-  }, [previewUrl]);
-
-  return {
-    status,
-    suspended,
-    scripts,
-    activeProcesses,
-    getBuffer: (source: string) => buffers.current.get(source)?.get() ?? "",
-    hasData: (source: string) =>
-      (buffers.current.get(source)?.get().length ?? 0) > 0,
-  };
+    const unsubscribe = subscribeReload(fn);
+    return unsubscribe;
+  }, [subscribeReload]);
 }
diff --git a/apps/mesh/src/web/components/vm/hooks/use-vm-start.ts b/apps/mesh/src/web/components/vm/hooks/use-vm-start.ts
new file mode 100644
index 0000000000..79239ad46f
--- /dev/null
+++ b/apps/mesh/src/web/components/vm/hooks/use-vm-start.ts
@@ -0,0 +1,115 @@
+/**
+ * Single VM_START mutation shared by preview + env + layout surfaces.
+ * Routing through callVmTool surfaces MCP-protocol errors uniformly.
+ * Cross-component dedup via module-level in-flight map: concurrent callers
+ * for the same (virtualMcpId, branch) attach to one upstream request, so
+ * rapid mounts on navigation can't stack 10–30s container-create calls.
+ */
+
+import {
+  useIsMutating,
+  useMutation,
+  useQueryClient,
+} from "@tanstack/react-query";
+import { invalidateVirtualMcpQueries } from "@/web/lib/query-keys";
+import { callVmTool } from "./call-vm-tool";
+
+const VM_START_MUTATION_KEY = ["VM_START"] as const;
+
+interface MinimalMcpClient {
+  callTool: (params: {
+    name: string;
+    arguments: Record<string, unknown>;
+  }) => Promise<unknown>;
+}
+
+export interface VmStartArgs {
+  virtualMcpId: string;
+  /** Optional — VM_START generates one when omitted. */
+  branch?: string;
+}
+
+export interface VmStartResult {
+  previewUrl: string | null;
+  vmId: string;
+  branch: string;
+  isNewVm: boolean;
+  runnerKind?: "host" | "docker" | "freestyle" | "agent-sandbox";
+}
+
+const inflightStarts = new Map<string, Promise<VmStartResult>>();
+const startKey = (args: VmStartArgs) =>
+  `${args.virtualMcpId}::${args.branch ?? ""}`;
+
+// Tracks (virtualMcpId, branch) pairs explicitly stopped by the user.
+// Prevents self-heal from restarting a VM the user just stopped: the SSE
+// "gone" event can race the vmMap query refetch and arrive while vmEntry
+// is still stale in the cache, making deadVmId non-null and triggering
+// an unwanted self-heal. Cleared on any VM_START so normal auto-start
+// resumes after an explicit user restart.
+const userStoppedVms = new Set<string>();
+
+export const vmUserStop = {
+  mark: (virtualMcpId: string, branch: string) =>
+    userStoppedVms.add(`${virtualMcpId}::${branch}`),
+  clear: (virtualMcpId: string, branch: string) =>
+    userStoppedVms.delete(`${virtualMcpId}::${branch}`),
+  isStopped: (virtualMcpId: string, branch: string) =>
+    userStoppedVms.has(`${virtualMcpId}::${branch}`),
+};
+
+export function useVmStart(client: MinimalMcpClient) {
+  const queryClient = useQueryClient();
+  return useMutation<VmStartResult, Error, VmStartArgs>({
+    mutationKey: VM_START_MUTATION_KEY,
+    mutationFn: async (args) => {
+      if (args.branch) vmUserStop.clear(args.virtualMcpId, args.branch);
+      const key = startKey(args);
+      const existing = inflightStarts.get(key);
+      if (existing) return existing;
+      const promise = (async () => {
+        const result = await callVmTool(
+          client,
+          "VM_START",
+          args as unknown as Record<string, unknown>,
+        );
+        return result.structuredContent as VmStartResult;
+      })();
+      inflightStarts.set(key, promise);
+      try {
+        return await promise;
+      } finally {
+        if (inflightStarts.get(key) === promise) inflightStarts.delete(key);
+      }
+    },
+    // Per-call onSuccess (via `mutate(args, { onSuccess })`) runs AFTER this.
+    onSuccess: () => {
+      invalidateVirtualMcpQueries(queryClient);
+    },
+  });
+}
+
+/**
+ * Cross-component inflight signal for VM_START on a specific (vmcp, branch).
+ * Each `useVmStart()` caller owns its own `useMutation` instance, so a
+ * component's local `isPending` only reflects mutations it initiated. The
+ * layout auto-starts the VM while other surfaces (preview, env) render in
+ * parallel — those surfaces need to know the auto-start is in flight so they
+ * don't fall through to the idle/empty state. `useIsMutating` observes the
+ * whole QueryClient; the predicate scopes by the mutation's variables.
+ */
+export function useIsVmStartPending(
+  virtualMcpId: string | undefined,
+  branch: string | undefined,
+): boolean {
+  const count = useIsMutating({
+    mutationKey: VM_START_MUTATION_KEY,
+    predicate: (mutation) => {
+      if (!virtualMcpId) return false;
+      const vars = mutation.state.variables as VmStartArgs | undefined;
+      if (!vars || vars.virtualMcpId !== virtualMcpId) return false;
+      return (vars.branch ?? "") === (branch ?? "");
+    },
+  });
+  return count > 0;
+}
diff --git a/apps/mesh/src/web/components/vm/hooks/vm-events-context.tsx b/apps/mesh/src/web/components/vm/hooks/vm-events-context.tsx
new file mode 100644
index 0000000000..e21d00384b
--- /dev/null
+++ b/apps/mesh/src/web/components/vm/hooks/vm-events-context.tsx
@@ -0,0 +1,502 @@
+/**
+ * Single SSE connection to mesh's `/api/:org/vm-events`, fanned out via context.
+ *
+ * Keyed on `(virtualMcpId, branch)` — mesh derives the userId from the
+ * authenticated session and composes the same claim handle a racing
+ * VM_START would. The stream emits in two phases on one connection:
+ *
+ *   1. `event: phase` — `ClaimPhase` JSON for the pre-Ready lifecycle.
+ *      Surfaces what's happening between VM_START posting a SandboxClaim
+ *      and the daemon coming online (capacity wait, image pull, etc).
+ *   2. `event: log/status/scripts/processes/reload/branch-status` — passthrough
+ *      from the in-pod daemon's `/_decopilot_vm/events`. Same wire format the
+ *      browser used to consume directly.
+ *
+ *   3. `event: gone` — synthetic. Mesh's upstream daemon fetch returned 404
+ *      (sandbox handle missing → operator-evicted on idle TTL). Mapped to
+ *      `notFound` which preview.tsx's self-heal flow turns into a VM_START.
+ *
+ * `ClaimPhase` is imported as a type-only reference from the canonical
+ * server-side definition; `import type` is erased at build time, so the
+ * web bundle does not pull in `@kubernetes/client-node` or any of the
+ * runner's runtime code.
+ */
+
+import {
+  createContext,
+  useEffect,
+  useRef,
+  useState,
+  type ReactNode,
+} from "react";
+import { useProjectContext } from "@decocms/mesh-sdk";
+
+import type {
+  ClaimFailureReason,
+  ClaimPhase,
+} from "@decocms/sandbox/runner/agent-sandbox";
+
+export type { ClaimFailureReason, ClaimPhase };
+
+import type { UpstreamStatus } from "../upstream-status";
+export type { UpstreamStatus };
+
+export interface VmStatus {
+  status: UpstreamStatus;
+  port: number | null;
+  htmlSupport: boolean;
+}
+
+export interface BranchStatusReady {
+  kind: "ready";
+  branch: string;
+  base: string;
+  workingTreeDirty: boolean;
+  unpushed: number;
+  aheadOfBase: number;
+  behindBase: number;
+  /** HEAD sha (falls back to origin/<branch>). Empty if the daemon couldn't compute it. */
+  headSha: string;
+}
+
+export type BranchStatus =
+  | { kind: "initializing" }
+  | { kind: "cloning" }
+  | { kind: "clone-failed"; error: string }
+  | { kind: "checking-out"; to: string }
+  | { kind: "checkout-failed"; error: string }
+  | BranchStatusReady;
+
+export type ChunkHandler = (source: string, data: string) => void;
+export type ReloadHandler = () => void;
+
+export interface VmEventsValue {
+  /**
+   * Latest `ClaimPhase` from the lifecycle portion of the stream. Null until
+   * the first phase arrives. Stays at `ready`/`failed` after a terminal
+   * phase — callers that want to gate UI on "boot in progress" should pair
+   * this with their own signal (e.g. VM_START in flight, previewUrl
+   * present).
+   */
+  phase: ClaimPhase | null;
+  status: VmStatus;
+  suspended: boolean;
+  /** True after a `gone` event — handle gone, reprovision via VM_START. */
+  notFound: boolean;
+  scripts: string[];
+  activeProcesses: string[];
+  intent: { state: "running" | "paused"; reason?: string };
+  installing: boolean;
+  branchStatus: BranchStatus | null;
+  getBuffer: (source: string) => string;
+  hasData: (source: string) => boolean;
+  subscribeChunks: (handler: ChunkHandler) => () => void;
+  /** "reload" SSE fires on config edits framework HMR doesn't watch. */
+  subscribeReload: (handler: ReloadHandler) => () => void;
+}
+
+const DEFAULT_VALUE: VmEventsValue = {
+  phase: null,
+  status: { status: "booting", port: null, htmlSupport: false },
+  suspended: false,
+  notFound: false,
+  scripts: [],
+  activeProcesses: [],
+  intent: { state: "running" },
+  installing: false,
+  branchStatus: null,
+  getBuffer: () => "",
+  hasData: () => false,
+  subscribeChunks: () => () => {},
+  subscribeReload: () => () => {},
+};
+
+export const VmEventsContext = createContext<VmEventsValue>(DEFAULT_VALUE);
+
+const BUFFER_BYTES = 16384;
+
+class ChunkBuffer {
+  private data = "";
+  append(chunk: string) {
+    this.data += chunk;
+    if (this.data.length > BUFFER_BYTES) {
+      this.data = this.data.slice(this.data.length - BUFFER_BYTES);
+    }
+  }
+  get() {
+    return this.data;
+  }
+  clear() {
+    this.data = "";
+  }
+}
+
+// Keyed on connection state (NOT event silence) — a ready dev server has
+// nothing to emit. Mesh sends a 15s SSE heartbeat so EventSource.onerror
+// fires promptly when mesh or the daemon goes away.
+const SUSPENDED_AFTER_ERROR_MS = 60_000;
+
+const BASE_RECONNECT_DELAY_MS = 1_000;
+const MAX_RECONNECT_DELAY_MS = 30_000;
+
+const DAEMON_EVENT_TYPES = [
+  "log",
+  "status",
+  "scripts",
+  "processes",
+  "tasks",
+  "intent",
+  "phases",
+  "reload",
+  "branch-status",
+] as const;
+
+export function VmEventsProvider({
+  virtualMcpId,
+  branch,
+  children,
+}: {
+  virtualMcpId: string | null;
+  branch: string | null;
+  children: ReactNode;
+}) {
+  const { org } = useProjectContext();
+  const [phase, setPhase] = useState<ClaimPhase | null>(null);
+  const [status, setStatus] = useState<VmStatus>({
+    status: "booting",
+    port: null,
+    htmlSupport: false,
+  });
+  const [suspended, setSuspended] = useState(false);
+  const [notFound, setNotFound] = useState(false);
+  const [scripts, setScripts] = useState<string[]>([]);
+  const [activeProcesses, setActiveProcesses] = useState<string[]>([]);
+  const [intent, setIntent] = useState<{
+    state: "running" | "paused";
+    reason?: string;
+  }>({ state: "running" });
+  const [installing, setInstalling] = useState(false);
+  const [branchStatus, setBranchStatus] = useState<BranchStatus | null>(null);
+  // Bumped on log chunks so getBuffer/hasData consumers re-render; buffer
+  // mutation alone doesn't.
+  const [, setLogTick] = useState(0);
+
+  const buffers = useRef(new Map<string, ChunkBuffer>());
+  const chunkHandlers = useRef(new Set<ChunkHandler>());
+  const reloadHandlers = useRef(new Set<ReloadHandler>());
+  const prevPortRef = useRef<number | null>(null);
+
+  const getOrCreateBuffer = (source: string) => {
+    let buf = buffers.current.get(source);
+    if (!buf) {
+      buf = new ChunkBuffer();
+      buffers.current.set(source, buf);
+    }
+    return buf;
+  };
+
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect — SSE subscription lifecycle requires cleanup on unmount; single EventSource with reconnect logic
+  useEffect(() => {
+    // Reset on key change so stale data doesn't linger across branches.
+    setPhase(null);
+    setStatus({ status: "booting", port: null, htmlSupport: false });
+    prevPortRef.current = null;
+    setSuspended(false);
+    setNotFound(false);
+    setScripts([]);
+    setActiveProcesses([]);
+    setIntent({ state: "running" });
+    setInstalling(false);
+    setBranchStatus(null);
+    buffers.current.clear();
+
+    if (!virtualMcpId || !branch) return;
+
+    const sseUrl =
+      `/api/${encodeURIComponent(org.slug)}/vm-events?virtualMcpId=${encodeURIComponent(virtualMcpId)}` +
+      `&branch=${encodeURIComponent(branch)}`;
+
+    let disposed = false;
+    let reconnectAttempt = 0;
+    let reconnectTimer: ReturnType<typeof setTimeout> | null = null;
+    let suspendTimer: ReturnType<typeof setTimeout> | null = null;
+    let es: EventSource | null = null;
+    /** Latched to true after a `failed` phase — terminal, no reconnect. */
+    let terminalFailure = false;
+
+    const enterSuspendTimerIfIdle = () => {
+      if (!suspendTimer) {
+        suspendTimer = setTimeout(() => {
+          setSuspended(true);
+        }, SUSPENDED_AFTER_ERROR_MS);
+      }
+    };
+
+    const clearSuspendTimer = () => {
+      if (suspendTimer) {
+        clearTimeout(suspendTimer);
+        suspendTimer = null;
+      }
+    };
+
+    const handlePhase = (e: MessageEvent) => {
+      try {
+        const next = JSON.parse(e.data) as ClaimPhase;
+        setPhase(next);
+        // A fresh non-terminal phase means the lifecycle is making progress
+        // again — clear notFound from a prior `gone` so the self-heal UI
+        // settles back into the booting overlay.
+        if (next.kind !== "failed") {
+          setNotFound(false);
+        }
+        if (next.kind === "failed") {
+          terminalFailure = true;
+          es?.close();
+        }
+      } catch (err) {
+        console.warn("[vm-events] bad phase payload", err);
+      }
+    };
+
+    const handleGone = () => {
+      // The sandbox is gone (idle-evicted, VM_DELETE'd, or its pod terminated
+      // and mesh has stopped finding the handle). Everything we've cached is
+      // about to be stale, so reset:
+      //   - phase: residual state would otherwise keep `lifecycleActive`
+      //     stuck on "Almost ready" in the booting overlay even though
+      //     nothing is starting.
+      //   - status / scripts / processes / branchStatus / log buffers: these
+      //     describe a sandbox that no longer exists. Resetting to "booting"
+      //     ensures the next provisioned sandbox goes through the boot flow.
+      // `notFound = true` then drives preview.tsx's self-heal flow when a
+      // vmEntry exists; the empty "Start Server" state when it doesn't.
+      setNotFound(true);
+      setPhase(null);
+      setStatus({ status: "booting", port: null, htmlSupport: false });
+      setScripts([]);
+      setActiveProcesses([]);
+      setIntent({ state: "running" });
+      setInstalling(false);
+      setBranchStatus(null);
+      buffers.current.clear();
+    };
+
+    const handleDaemonEvent = (e: MessageEvent) => {
+      try {
+        const data = JSON.parse(e.data);
+
+        if (e.type === "log" && typeof data.data === "string") {
+          const source = data.source as string;
+          // xterm.js reads bare `\n` as "cursor down, keep column" — normalize.
+          const normalized = data.data.replace(/\r?\n/g, "\r\n");
+          getOrCreateBuffer(source).append(normalized);
+          for (const fn of chunkHandlers.current) {
+            try {
+              fn(source, normalized);
+            } catch {
+              // swallow — one broken subscriber shouldn't break others
+            }
+          }
+          setLogTick((t) => t + 1);
+        } else if (e.type === "status") {
+          const s = data.status;
+          const newPort = typeof data.port === "number" ? data.port : null;
+          const prevPort = prevPortRef.current;
+          prevPortRef.current = newPort;
+          setStatus({
+            status:
+              s === "online" || s === "offline" || s === "booting"
+                ? s
+                : "booting",
+            port: newPort,
+            htmlSupport: Boolean(data.htmlSupport),
+          });
+          // Proxy retargeted to a different active port — the iframe is stuck on
+          // whatever page it last loaded. Force-reload so it picks up the new backend.
+          if (prevPort !== null && newPort !== null && prevPort !== newPort) {
+            for (const fn of reloadHandlers.current) {
+              try {
+                fn();
+              } catch {
+                // swallow
+              }
+            }
+          }
+        } else if (e.type === "scripts") {
+          setScripts(data.scripts ?? []);
+        } else if (e.type === "processes") {
+          setActiveProcesses(data.active ?? []);
+        } else if (e.type === "tasks") {
+          // Daemon's task-manager surface; map to the activeProcesses array
+          // of script names so the UI's Run/Restart button can render
+          // against running script tabs. Match on `logName` — set by
+          // /exec/<name> via the spec — instead of regex-parsing `command`,
+          // which breaks for any task with trailing args (e.g. `bun run
+          // format -- --fix`).
+          const active = Array.isArray(data.active)
+            ? (data.active as Array<{ logName?: string }>)
+                .map((j) => j?.logName ?? "")
+                .filter(Boolean)
+            : [];
+          setActiveProcesses(active);
+        } else if (e.type === "intent") {
+          const next = data as {
+            state?: "running" | "paused";
+            reason?: string;
+          };
+          if (next.state === "running" || next.state === "paused") {
+            setIntent({ state: next.state, reason: next.reason });
+          }
+        } else if (e.type === "phases") {
+          const phases =
+            (
+              data as {
+                phases?: Array<{ name: string; status: string }>;
+              }
+            ).phases ?? [];
+          setInstalling(
+            phases.some((p) => p.name === "install" && p.status === "running"),
+          );
+        } else if (e.type === "reload") {
+          for (const fn of reloadHandlers.current) {
+            try {
+              fn();
+            } catch {
+              // swallow
+            }
+          }
+        } else if (e.type === "branch-status") {
+          const kind = String(data.kind ?? "initializing");
+          switch (kind) {
+            case "ready":
+              setBranchStatus({
+                kind: "ready",
+                branch: String(data.branch ?? ""),
+                base: String(data.base ?? "main"),
+                workingTreeDirty: Boolean(data.workingTreeDirty),
+                unpushed: Number(data.unpushed ?? 0),
+                aheadOfBase: Number(data.aheadOfBase ?? 0),
+                behindBase: Number(data.behindBase ?? 0),
+                headSha: String(data.headSha ?? ""),
+              });
+              break;
+            case "initializing":
+              setBranchStatus({ kind: "initializing" });
+              break;
+            case "cloning":
+              setBranchStatus({ kind: "cloning" });
+              break;
+            case "clone-failed":
+              setBranchStatus({
+                kind: "clone-failed",
+                error: String(data.error ?? ""),
+              });
+              break;
+            case "checkout-failed":
+              setBranchStatus({
+                kind: "checkout-failed",
+                error: String(data.error ?? ""),
+              });
+              break;
+            case "checking-out":
+              setBranchStatus({
+                kind: "checking-out",
+                to: String(data.to ?? ""),
+              });
+              break;
+            default:
+              console.warn("[vm-events] unknown branch-status kind:", kind);
+              setBranchStatus({ kind: "initializing" });
+              break;
+          }
+        }
+      } catch {
+        // ignore parse errors
+      }
+    };
+
+    function connect() {
+      if (disposed || terminalFailure) return;
+
+      es = new EventSource(sseUrl);
+
+      es.onopen = () => {
+        reconnectAttempt = 0;
+        clearSuspendTimer();
+        setSuspended(false);
+      };
+
+      es.onerror = () => {
+        if (es?.readyState !== EventSource.CLOSED) return;
+        // After a terminal `failed` phase the connection is gone for good
+        // and the UI already shows a dedicated error state — surfacing
+        // `suspended` on top of that would just stack confusing overlays.
+        if (terminalFailure) return;
+        // Timer runs only while disconnected; onopen clears it on reconnect.
+        enterSuspendTimerIfIdle();
+        scheduleReconnect();
+      };
+
+      es.addEventListener("phase", handlePhase);
+      es.addEventListener("gone", handleGone);
+      for (const type of DAEMON_EVENT_TYPES) {
+        es.addEventListener(type, handleDaemonEvent);
+      }
+    }
+
+    function scheduleReconnect() {
+      if (disposed || reconnectTimer || terminalFailure) return;
+
+      const delay = Math.min(
+        BASE_RECONNECT_DELAY_MS * 2 ** reconnectAttempt,
+        MAX_RECONNECT_DELAY_MS,
+      );
+      reconnectAttempt++;
+
+      reconnectTimer = setTimeout(() => {
+        reconnectTimer = null;
+        if (disposed) return;
+        es?.close();
+        connect();
+      }, delay);
+    }
+
+    connect();
+
+    return () => {
+      disposed = true;
+      es?.close();
+      if (reconnectTimer) clearTimeout(reconnectTimer);
+      clearSuspendTimer();
+    };
+  }, [virtualMcpId, branch, org.slug]);
+
+  const value: VmEventsValue = {
+    phase,
+    status,
+    suspended,
+    notFound,
+    scripts,
+    activeProcesses,
+    intent,
+    installing,
+    branchStatus,
+    getBuffer: (source: string) => buffers.current.get(source)?.get() ?? "",
+    hasData: (source: string) =>
+      (buffers.current.get(source)?.get().length ?? 0) > 0,
+    subscribeChunks: (handler: ChunkHandler) => {
+      chunkHandlers.current.add(handler);
+      return () => {
+        chunkHandlers.current.delete(handler);
+      };
+    },
+    subscribeReload: (handler: ReloadHandler) => {
+      reloadHandlers.current.add(handler);
+      return () => {
+        reloadHandlers.current.delete(handler);
+      };
+    },
+  };
+
+  return <VmEventsContext value={value}>{children}</VmEventsContext>;
+}
diff --git a/apps/mesh/src/web/components/vm/preview/preview-state.test.ts b/apps/mesh/src/web/components/vm/preview/preview-state.test.ts
new file mode 100644
index 0000000000..b631c60f9a
--- /dev/null
+++ b/apps/mesh/src/web/components/vm/preview/preview-state.test.ts
@@ -0,0 +1,112 @@
+import { describe, expect, test } from "bun:test";
+import { computePreviewState } from "./preview-state";
+import type { PreviewStateInput } from "./preview-state";
+
+const base: PreviewStateInput = {
+  previewUrl: "http://localhost:5173",
+  status: "booting",
+  htmlSupport: false,
+  suspended: false,
+  appPaused: false,
+  vmStartPending: false,
+  lastStartError: null,
+  claimPhase: null,
+  notFound: false,
+};
+
+describe("computePreviewState", () => {
+  test("error wins over everything", () => {
+    expect(
+      computePreviewState({
+        ...base,
+        lastStartError: "boom",
+        status: "online",
+        htmlSupport: true,
+      }),
+    ).toEqual({ kind: "error", error: "boom" });
+  });
+
+  test("suspended wins over content states", () => {
+    expect(
+      computePreviewState({
+        ...base,
+        suspended: true,
+        status: "online",
+        htmlSupport: true,
+      }),
+    ).toEqual({ kind: "suspended" });
+  });
+
+  test("appPaused wins over content states", () => {
+    expect(
+      computePreviewState({
+        ...base,
+        appPaused: true,
+        status: "online",
+        htmlSupport: true,
+      }),
+    ).toEqual({ kind: "suspended" });
+  });
+
+  test("notFound triggers booting overlay", () => {
+    expect(computePreviewState({ ...base, notFound: true })).toEqual({
+      kind: "booting",
+    });
+  });
+
+  test("vmStartPending without previewUrl → booting", () => {
+    expect(
+      computePreviewState({
+        ...base,
+        previewUrl: null,
+        vmStartPending: true,
+      }),
+    ).toEqual({ kind: "booting" });
+  });
+
+  test("previewUrl set, online but not html → no-html empty state", () => {
+    expect(
+      computePreviewState({ ...base, status: "online", htmlSupport: false }),
+    ).toEqual({ kind: "no-html", previewUrl: "http://localhost:5173" });
+  });
+
+  test("previewUrl set, online and html → iframe", () => {
+    expect(
+      computePreviewState({ ...base, status: "online", htmlSupport: true }),
+    ).toEqual({ kind: "iframe", previewUrl: "http://localhost:5173" });
+  });
+
+  test("previewUrl set, still booting → booting overlay", () => {
+    expect(computePreviewState({ ...base, status: "booting" })).toEqual({
+      kind: "booting",
+    });
+  });
+
+  test("offline persists iframe across transient drops (htmlSupport sticky)", () => {
+    expect(
+      computePreviewState({ ...base, status: "offline", htmlSupport: true }),
+    ).toEqual({ kind: "iframe", previewUrl: "http://localhost:5173" });
+  });
+
+  test("offline persists no-html across transient drops", () => {
+    expect(
+      computePreviewState({ ...base, status: "offline", htmlSupport: false }),
+    ).toEqual({ kind: "no-html", previewUrl: "http://localhost:5173" });
+  });
+
+  test("no previewUrl, no startError, no pending, no lifecycle → idle", () => {
+    expect(computePreviewState({ ...base, previewUrl: null })).toEqual({
+      kind: "idle",
+    });
+  });
+
+  test("lifecycleActive with no previewUrl → booting", () => {
+    expect(
+      computePreviewState({
+        ...base,
+        previewUrl: null,
+        claimPhase: { kind: "claiming" },
+      }),
+    ).toEqual({ kind: "booting" });
+  });
+});
diff --git a/apps/mesh/src/web/components/vm/preview/preview-state.ts b/apps/mesh/src/web/components/vm/preview/preview-state.ts
new file mode 100644
index 0000000000..8501636496
--- /dev/null
+++ b/apps/mesh/src/web/components/vm/preview/preview-state.ts
@@ -0,0 +1,69 @@
+/**
+ * Pure preview-state decision: maps inputs from preview.tsx into a
+ * discriminated state union. Extracted so it can be unit-tested without
+ * DOM/auth/SSE scaffolding.
+ *
+ * Priority order (highest first):
+ *   error → suspended → booting → no-html → iframe → idle
+ *
+ * `status === "online" || "offline"` is the "ever-responded" latch:
+ * once the daemon has seen the upstream answer, the iframe stays mounted
+ * across transient drops (htmlSupport is sticky on offline at the source).
+ */
+
+import type { UpstreamStatus } from "../upstream-status";
+export type { UpstreamStatus };
+export type ClaimPhaseLike = { kind: string };
+
+export interface PreviewStateInput {
+  previewUrl: string | null;
+  status: UpstreamStatus;
+  htmlSupport: boolean;
+  suspended: boolean;
+  appPaused: boolean;
+  vmStartPending: boolean;
+  lastStartError: string | null;
+  claimPhase: ClaimPhaseLike | null;
+  notFound: boolean;
+}
+
+export type PreviewState =
+  | { kind: "idle" }
+  | { kind: "booting" }
+  | { kind: "error"; error: string }
+  | { kind: "suspended" }
+  | { kind: "no-html"; previewUrl: string }
+  | { kind: "iframe"; previewUrl: string };
+
+export function computePreviewState(input: PreviewStateInput): PreviewState {
+  if (input.lastStartError) {
+    return { kind: "error", error: input.lastStartError };
+  }
+  if (input.suspended || input.appPaused) {
+    return { kind: "suspended" };
+  }
+  if (input.notFound) {
+    return { kind: "booting" };
+  }
+  if (!input.previewUrl && input.vmStartPending) {
+    return { kind: "booting" };
+  }
+  if (
+    !input.previewUrl &&
+    input.claimPhase &&
+    input.claimPhase.kind !== "failed"
+  ) {
+    return { kind: "booting" };
+  }
+  if (!input.previewUrl) {
+    return { kind: "idle" };
+  }
+  // previewUrl set: decide between iframe / no-html / booting.
+  if (input.status === "online" || input.status === "offline") {
+    if (input.htmlSupport) {
+      return { kind: "iframe", previewUrl: input.previewUrl };
+    }
+    return { kind: "no-html", previewUrl: input.previewUrl };
+  }
+  return { kind: "booting" };
+}
diff --git a/apps/mesh/src/web/components/vm/preview/preview.tsx b/apps/mesh/src/web/components/vm/preview/preview.tsx
index 5a919d2579..4eeeb0c06a 100644
--- a/apps/mesh/src/web/components/vm/preview/preview.tsx
+++ b/apps/mesh/src/web/components/vm/preview/preview.tsx
@@ -2,8 +2,19 @@ import { useState, useRef, useEffect } from "react";
 import { useInsetContext } from "@/web/layouts/agent-shell-layout";
 import { authClient } from "@/web/lib/auth-client";
 import { useToggleEnvPanel } from "@/web/hooks/use-toggle-env-panel";
+import { useChatTask } from "@/web/components/chat/context";
 import {
+  useMCPClient,
+  useProjectContext,
+  SELF_MCP_ALIAS_ID,
+} from "@decocms/mesh-sdk";
+
+import type { VmMapEntry } from "@decocms/mesh-sdk";
+import {
+  ArrowLeft,
+  ArrowRight,
   CursorClick01,
+  DotsHorizontal,
   LinkExternal01,
   Monitor04,
   RefreshCw01,
@@ -19,14 +30,30 @@ import {
   TooltipContent,
   TooltipTrigger,
 } from "@deco/ui/components/tooltip.tsx";
+import {
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuTrigger,
+} from "@deco/ui/components/dropdown-menu.tsx";
 import {
   VISUAL_EDITOR_SCRIPT,
   VisualEditorPayloadSchema,
   type VisualEditorPayload,
 } from "./visual-editor-script";
 import { VisualEditorPrompt } from "./visual-editor-prompt";
-import { useVmEvents } from "../hooks/use-vm-events";
+import { useVmEvents, useVmReloadHandler } from "../hooks/use-vm-events";
+import {
+  useIsVmStartPending,
+  useVmStart,
+  vmUserStop,
+  type VmStartArgs,
+} from "../hooks/use-vm-start";
 import { VmSuspendedState } from "../vm-suspended-state";
+import { VmBootingState } from "../vm-booting-state";
+import { VmErrorState } from "../vm-error-state";
+import { computePreviewState } from "./preview-state";
+import { track } from "@/web/lib/posthog-client";
 
 type PreviewViewMode = "preview" | "visual";
 
@@ -46,6 +73,7 @@ export function PreviewContent() {
   const inset = useInsetContext();
   const { data: session } = authClient.useSession();
   const { openEnv } = useToggleEnvPanel();
+  const { taskId, currentBranch: branch, setCurrentTaskBranch } = useChatTask();
 
   // Visual editor state
   const [viewMode, setViewMode] = useState<PreviewViewMode>("preview");
@@ -53,34 +81,170 @@ export function PreviewContent() {
     useState<VisualEditorPayload | null>(null);
   const previewIframeRef = useRef<HTMLIFrameElement>(null);
 
-  // Read VM data from entity metadata
+  // vmMap[userId][branch] -> { vmId, previewUrl, runnerKind? }
   const userId = session?.user?.id;
   const metadata = inset?.entity?.metadata as
-    | {
-        activeVms?: Record<
-          string,
-          { previewUrl: string; vmId: string; terminalUrl: string | null }
-        >;
-      }
+    | { vmMap?: Record<string, Record<string, VmMapEntry>> }
     | undefined;
-  const vmEntry = userId ? metadata?.activeVms?.[userId] : undefined;
+  const vmEntry =
+    userId && branch ? metadata?.vmMap?.[userId]?.[branch] : undefined;
   const previewUrl = vmEntry?.previewUrl ?? null;
 
-  const vmEvents = useVmEvents(previewUrl, null);
+  // "reload" fires on config edits framework HMR won't catch (.ts/.tsx use HMR).
+  const vmEvents = useVmEvents();
+  useVmReloadHandler(() => {
+    const iframe = previewIframeRef.current;
+    if (!iframe) return;
+    // biome-ignore lint/correctness/noSelfAssign: reloads the iframe
+    // oxlint-disable-next-line no-self-assign
+    iframe.src = iframe.src;
+  });
   const hasHtmlPreview = vmEvents.status.htmlSupport;
   const suspended = vmEvents.suspended;
 
-  // oxlint-disable-next-line ban-use-effect/ban-use-effect — postMessage listener requires DOM event subscription; no React 19 alternative
+  // Install ran, dev script is intentionally stopped (paused) — treat as paused,
+  // not booting. Otherwise on remount the booting overlay falsely flashes
+  // "Installing packages…" even though the server isn't starting.
+  const appPaused = vmEvents.intent.state === "paused";
+
+  // The daemon's status enum (booting/online/offline) is itself the
+  // "ever-responded" latch — offline means we saw a response and lost it,
+  // and htmlSupport is sticky on offline at the source.
+
+  // Latch the boot-overlay timer's `since` to the first time previewUrl
+  // appeared, keyed on previewUrl so a new VM resets it. Rendering inline
+  // with a `Date.now()` fallback would reset the elapsed reading on every
+  // render whenever vmEntry.createdAt is missing.
+  const bootSinceRef = useRef<{ url: string; at: number }>({ url: "", at: 0 });
+  if (previewUrl && bootSinceRef.current.url !== previewUrl) {
+    bootSinceRef.current = {
+      url: previewUrl,
+      at: vmEntry?.createdAt ?? Date.now(),
+    };
+  }
+
+  // Cover the gap between VM_START being submitted and vmMap populating a
+  // previewUrl; otherwise the empty "No server running" state flashes while
+  // the mutation is in flight. Capture the timestamp once per pending window
+  // so the LiveTimer's elapsed reading is stable across renders.
+  const startingSinceRef = useRef<number>(0);
+
+  // One mutation, two triggers. Dedup differs by meaning:
+  //   auto-start: once per taskId
+  //   self-heal:  once per dead vmId (don't loop on repeat 404s; new vmId OK)
+  // A shared ref would conflate them.
+  const virtualMcpId = inset?.entity?.id ?? null;
+  const { org } = useProjectContext();
+  const mcpClient = useMCPClient({
+    connectionId: SELF_MCP_ALIAS_ID,
+    orgId: inset?.entity?.organization_id ?? "",
+    orgSlug: org.slug,
+  });
+  const startVm = useVmStart(mcpClient);
+  const lastStartError = startVm.error?.message ?? null;
+  const vmStartPending = useIsVmStartPending(
+    virtualMcpId ?? undefined,
+    branch ?? undefined,
+  );
+  if (vmStartPending) {
+    if (!startingSinceRef.current) startingSinceRef.current = Date.now();
+  } else if (previewUrl) {
+    startingSinceRef.current = 0;
+  }
+  const autoStartedForTaskRef = useRef<string | null>(null);
+  const reprovisionedForVmIdRef = useRef<string | null>(null);
+
+  const claimPhase = vmEvents.phase;
+
+  const previewState = computePreviewState({
+    previewUrl,
+    status: vmEvents.status.status,
+    htmlSupport: vmEvents.status.htmlSupport,
+    suspended,
+    appPaused,
+    vmStartPending,
+    lastStartError,
+    claimPhase,
+    notFound: vmEvents.notFound,
+  });
+
+  // ref-latest pattern: effects below depend only on upstream signals, not
+  // on this closure's churning captures (branch, mutation, setter).
+  const triggerStart = (reason: "auto-start" | "self-heal") => {
+    if (!virtualMcpId) return;
+    const args: VmStartArgs = { virtualMcpId };
+    if (branch) args.branch = branch;
+    startVm.mutate(args, {
+      onSuccess: (data) => {
+        // Server-generated branch: persist so later renders resolve via vmMap.
+        if (data?.branch && !branch) setCurrentTaskBranch(data.branch);
+      },
+      onError: (err) => {
+        console.error(`[preview] ${reason} VM_START failed`, err);
+      },
+    });
+  };
+  const triggerStartRef = useRef(triggerStart);
+  triggerStartRef.current = triggerStart;
+
+  // Auto-start = "arrive → provision one", NOT "always ensure exists". Once
+  // a vmEntry is seen for this taskId, explicit stop must NOT re-trigger (or
+  // it races the user's manual Start). Mark ref on first-sight, BEFORE
+  // evaluating shouldAutoStart, so a transient null can't sneak through.
+  if (taskId && vmEntry && autoStartedForTaskRef.current !== taskId) {
+    autoStartedForTaskRef.current = taskId;
+  }
+  // Branch must be resolved before firing: VmEventsBridge keys auto-start on
+  // `currentBranch`, and `useVmStart` dedupes by (virtualMcpId, branch).
+  // Firing here with branch=null uses a different dedup key AND asks the
+  // server to generate a fresh branch — that's a different sandbox than the
+  // one the page is actually on.
+  const shouldAutoStart =
+    !!taskId &&
+    !!virtualMcpId &&
+    !!userId &&
+    !!branch &&
+    !vmEntry &&
+    !lastStartError &&
+    !startVm.isPending &&
+    autoStartedForTaskRef.current !== taskId;
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect — bridges external state (vmEntry derived from query cache, taskId from router) into a one-shot mutation; no render-time equivalent
   useEffect(() => {
-    if (!previewUrl) return;
+    if (!shouldAutoStart || !taskId) return;
+    autoStartedForTaskRef.current = taskId;
+    triggerStartRef.current("auto-start");
+  }, [shouldAutoStart, taskId]);
 
+  // Self-heal stale vmMap entries (SSE 404 → notFound). Dedup by dead vmId.
+  const deadVmId = vmEvents.notFound ? (vmEntry?.vmId ?? null) : null;
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect — one-shot reprovision trigger gated on the notFound→deadVmId derivation
+  useEffect(() => {
+    if (!deadVmId || !virtualMcpId) return;
+    if (lastStartError || startVm.isPending) return;
+    if (reprovisionedForVmIdRef.current === deadVmId) return;
+    // Don't self-heal a VM the user explicitly stopped: the SSE "gone" event
+    // can arrive before the vmMap query refetch clears the stale entry.
+    if (branch && vmUserStop.isStopped(virtualMcpId, branch)) return;
+    reprovisionedForVmIdRef.current = deadVmId;
+    triggerStartRef.current("self-heal");
+  }, [deadVmId, virtualMcpId, lastStartError, startVm.isPending, branch]);
+
+  const retryAutoStart = () => {
+    autoStartedForTaskRef.current = null;
+    reprovisionedForVmIdRef.current = null;
+    startVm.reset();
+    triggerStartRef.current("auto-start");
+  };
+
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect — DOM event subscription
+  useEffect(() => {
+    if (!previewUrl) return;
     let allowedOrigin: string;
     try {
-      allowedOrigin = new URL(previewUrl).origin;
+      allowedOrigin = new URL(previewUrl, window.location.href).origin;
     } catch {
       return;
     }
-
     const handler = (e: MessageEvent) => {
       if (e.origin !== allowedOrigin) return;
       if (e.data?.type !== "visual-editor::element-clicked") return;
@@ -89,7 +253,6 @@ export function PreviewContent() {
         setVisualElement(result.data);
       }
     };
-
     window.addEventListener("message", handler);
     return () => window.removeEventListener("message", handler);
   }, [previewUrl]);
@@ -119,71 +282,137 @@ export function PreviewContent() {
     }
   };
 
+  const handleRefresh = () => {
+    if (!previewIframeRef.current) return;
+    const iframe = previewIframeRef.current;
+    // biome-ignore lint/correctness/noSelfAssign: reloads the iframe
+    // oxlint-disable-next-line no-self-assign
+    iframe.src = iframe.src;
+  };
+
+  const handleHardReload = () => {
+    if (!previewIframeRef.current || !previewUrl) return;
+    const sep = previewUrl.includes("?") ? "&" : "?";
+    previewIframeRef.current.src = `${previewUrl}${sep}_r=${Date.now()}`;
+  };
+
+  const handleCopyUrl = () => {
+    const url =
+      previewIframeRef.current?.contentWindow?.location?.href ?? previewUrl;
+    if (url) navigator.clipboard.writeText(url);
+  };
+
+  const previewLabel = (() => {
+    if (!previewUrl) return "No server running";
+    try {
+      const url = new URL(previewUrl);
+      return `${url.host}${url.pathname === "/" ? "" : url.pathname}`;
+    } catch {
+      return previewUrl;
+    }
+  })();
+
   return (
     <div className="flex flex-col w-full h-full">
-      {/* Unified toolbar */}
-      <div className="flex items-center gap-2 px-3 py-2 border-b border-border">
-        {previewUrl && hasHtmlPreview && (
-          <ViewModeToggle
-            value={viewMode}
-            onValueChange={handleViewModeChange}
-            options={VIEW_MODE_OPTIONS}
-            size="sm"
-          />
-        )}
-        <div className="flex items-center gap-1 flex-1 min-w-0 rounded-md border border-border bg-muted/40 px-2 py-1">
-          {previewUrl ? (
-            <>
-              <Tooltip>
-                <TooltipTrigger asChild>
-                  <Button
-                    variant="ghost"
-                    size="sm"
-                    className="shrink-0 h-5 w-5 p-0"
-                    onClick={() => {
-                      if (previewIframeRef.current) {
-                        const iframe = previewIframeRef.current;
-                        // biome-ignore lint/correctness/noSelfAssign: reloads the iframe
-                        // oxlint-disable-next-line no-self-assign
-                        iframe.src = iframe.src;
-                      }
-                    }}
-                  >
-                    <RefreshCw01 size={12} />
-                  </Button>
-                </TooltipTrigger>
-                <TooltipContent side="bottom">Refresh</TooltipContent>
-              </Tooltip>
-              <span className="text-xs text-muted-foreground font-mono truncate flex-1">
-                {previewUrl}
-              </span>
-            </>
-          ) : (
-            <span className="text-xs text-muted-foreground font-mono truncate flex-1">
-              No server running
-            </span>
+      {previewState.kind === "iframe" && (
+        <div className="flex h-12 shrink-0 items-center gap-4 border-b border-border/60 px-3 md:px-4">
+          {/* Group 1: view mode toggle */}
+          {hasHtmlPreview && (
+            <ViewModeToggle
+              value={viewMode}
+              onValueChange={handleViewModeChange}
+              options={VIEW_MODE_OPTIONS}
+              size="sm"
+              className="shrink-0 bg-foreground/[0.045]"
+            />
           )}
+
+          {/* Group 2: nav + url */}
+          <div className="flex min-w-0 flex-1 items-center gap-0.5">
+            <Tooltip>
+              <TooltipTrigger asChild>
+                <Button
+                  variant="ghost"
+                  size="icon"
+                  onClick={() =>
+                    previewIframeRef.current?.contentWindow?.history.back()
+                  }
+                >
+                  <ArrowLeft size={14} />
+                </Button>
+              </TooltipTrigger>
+              <TooltipContent side="bottom">Back</TooltipContent>
+            </Tooltip>
+
+            <Tooltip>
+              <TooltipTrigger asChild>
+                <Button
+                  variant="ghost"
+                  size="icon"
+                  onClick={() =>
+                    previewIframeRef.current?.contentWindow?.history.forward()
+                  }
+                >
+                  <ArrowRight size={14} />
+                </Button>
+              </TooltipTrigger>
+              <TooltipContent side="bottom">Forward</TooltipContent>
+            </Tooltip>
+
+            <Tooltip>
+              <TooltipTrigger asChild>
+                <Button variant="ghost" size="icon" onClick={handleRefresh}>
+                  <RefreshCw01 size={14} />
+                </Button>
+              </TooltipTrigger>
+              <TooltipContent side="bottom">Refresh</TooltipContent>
+            </Tooltip>
+
+            <div className="flex h-8 min-w-0 flex-1 items-center rounded-md bg-background px-2 transition-colors duration-200 hover:bg-accent">
+              <span className="min-w-0 flex-1 truncate text-[12px] text-foreground/88">
+                {previewLabel}
+              </span>
+            </div>
+          </div>
+
+          {/* Group 3: open in new tab + more actions */}
+          <div className="flex shrink-0 items-center gap-0.5">
+            <Tooltip>
+              <TooltipTrigger asChild>
+                <Button
+                  variant="ghost"
+                  size="icon"
+                  onClick={() =>
+                    window.open(previewState.previewUrl, "_blank", "noopener")
+                  }
+                >
+                  <LinkExternal01 size={14} />
+                </Button>
+              </TooltipTrigger>
+              <TooltipContent side="bottom">Open in new tab</TooltipContent>
+            </Tooltip>
+
+            <DropdownMenu>
+              <DropdownMenuTrigger asChild>
+                <Button variant="ghost" size="icon">
+                  <DotsHorizontal size={14} />
+                </Button>
+              </DropdownMenuTrigger>
+              <DropdownMenuContent align="end">
+                <DropdownMenuItem onClick={handleHardReload}>
+                  Hard Reload
+                </DropdownMenuItem>
+                <DropdownMenuItem onClick={handleCopyUrl}>
+                  Copy Current URL
+                </DropdownMenuItem>
+              </DropdownMenuContent>
+            </DropdownMenu>
+          </div>
         </div>
-        {previewUrl && (
-          <Tooltip>
-            <TooltipTrigger asChild>
-              <Button
-                variant="ghost"
-                size="sm"
-                className="shrink-0"
-                onClick={() => window.open(previewUrl, "_blank", "noopener")}
-              >
-                <LinkExternal01 size={14} />
-              </Button>
-            </TooltipTrigger>
-            <TooltipContent side="bottom">Open in new tab</TooltipContent>
-          </Tooltip>
-        )}
-      </div>
+      )}
 
-      {/* Content area */}
       <div className="flex-1 relative overflow-hidden">
-        {!previewUrl && (
+        {previewState.kind === "idle" && (
           <div className="absolute inset-0 z-30 flex flex-col items-center justify-center gap-4 bg-background">
             <Monitor04 size={48} className="text-muted-foreground/40" />
             <h3 className="text-lg font-medium">Preview</h3>
@@ -197,12 +426,52 @@ export function PreviewContent() {
           </div>
         )}
 
-        {suspended && (
+        {previewState.kind === "error" && (
+          <div className="absolute inset-0 z-40 flex items-center justify-center bg-background">
+            <VmErrorState
+              errorMsg={previewState.error}
+              onRetry={retryAutoStart}
+            />
+          </div>
+        )}
+
+        {previewState.kind === "suspended" && (
           <div className="absolute inset-0 z-30 bg-background/80 backdrop-blur-sm">
             <VmSuspendedState onResume={openEnv} />
           </div>
         )}
 
+        {previewState.kind === "booting" && (
+          <div className="absolute inset-0 z-30 flex items-center justify-center bg-background">
+            <VmBootingState
+              since={
+                previewUrl ? bootSinceRef.current.at : startingSinceRef.current
+              }
+              hasSetupData={vmEvents.hasData("setup")}
+              scripts={vmEvents.scripts}
+              activeProcesses={vmEvents.activeProcesses}
+              onViewLogs={openEnv}
+              claimPhase={previewUrl ? null : claimPhase}
+              onRetry={retryAutoStart}
+            />
+          </div>
+        )}
+
+        {previewState.kind === "no-html" && (
+          <div className="absolute inset-0 z-30 flex flex-col items-center justify-center gap-4 bg-background">
+            <Server01 size={48} className="text-muted-foreground/40" />
+            <h3 className="text-lg font-medium">No web page at this URL</h3>
+            <p className="text-sm text-muted-foreground text-center max-w-sm">
+              The server is running, but doesn't serve a web page at /. This
+              preview only renders web pages.
+            </p>
+            <Button onClick={openEnv}>
+              <Server01 size={14} />
+              View Logs
+            </Button>
+          </div>
+        )}
+
         {viewMode === "visual" && !visualElement && (
           <div className="absolute top-2 left-1/2 -translate-x-1/2 z-20 flex items-center gap-1.5 rounded-full border border-violet-400/40 bg-violet-500/90 px-3 py-1 text-xs font-medium text-white shadow-md backdrop-blur-sm pointer-events-none select-none">
             <CursorClick01 size={12} />
@@ -215,13 +484,24 @@ export function PreviewContent() {
             onDismiss={() => setVisualElement(null)}
           />
         )}
-        {previewUrl && (
+        {previewState.kind === "iframe" && (
           <iframe
+            // Key on previewUrl: `src` mutations don't reliably refetch in all
+            // browsers and leak in-frame state across branches.
+            key={previewState.previewUrl}
             ref={previewIframeRef}
-            src={previewUrl}
+            src={previewState.previewUrl}
             className="w-full h-full border-0"
             title="Dev Server Preview"
             onLoad={() => {
+              // This is the VM dev-server preview (sandboxed running app),
+              // NOT an MCP app. MCP apps render via <MCPAppRenderer/>.
+              track("vm_preview_loaded", {
+                view_mode: viewMode,
+                vm_id: vmEntry?.vmId ?? null,
+                // Intentionally excluding the full previewUrl — it can contain
+                // ephemeral tokens / user data in the query string.
+              });
               if (viewMode === "visual") {
                 injectVisualEditor();
               }
diff --git a/apps/mesh/src/web/components/vm/upstream-status.ts b/apps/mesh/src/web/components/vm/upstream-status.ts
new file mode 100644
index 0000000000..9e638c472f
--- /dev/null
+++ b/apps/mesh/src/web/components/vm/upstream-status.ts
@@ -0,0 +1,5 @@
+/**
+ * Upstream HTTP probe status emitted by the daemon over SSE.
+ * Mirrors the daemon's `UpstreamStatus` (packages/sandbox/daemon/probe.ts).
+ */
+export type UpstreamStatus = "booting" | "online" | "offline";
diff --git a/apps/mesh/src/web/components/vm/vm-booting-state.tsx b/apps/mesh/src/web/components/vm/vm-booting-state.tsx
new file mode 100644
index 0000000000..67a791342d
--- /dev/null
+++ b/apps/mesh/src/web/components/vm/vm-booting-state.tsx
@@ -0,0 +1,518 @@
+import { cn } from "@deco/ui/lib/utils.ts";
+import { Terminal } from "@untitledui/icons";
+import type { ReactNode } from "react";
+import { GridLoader } from "@/web/components/grid-loader";
+import type { ClaimPhase } from "./hooks/vm-events-context";
+import { useVmEvents } from "./hooks/use-vm-events";
+
+interface VmBootingStateProps {
+  /** Wall-clock ms when the boot began — feeds the elapsed timer. */
+  since: number;
+  hasSetupData: boolean;
+  /** npm scripts discovered in the repo (emitted after install completes). */
+  scripts: string[];
+  activeProcesses: string[];
+  onViewLogs: () => void;
+  /**
+   * Pre-daemon lifecycle phase (agent-sandbox runner only). When non-null
+   * and not `ready`, the component renders a lifecycle-driven pre-daemon
+   * UI; otherwise it falls through to the existing 3-phase daemon-driven
+   * UI. Callers pass `null` when the runner doesn't surface lifecycle
+   * phases (Docker/Freestyle) or once the lifecycle has reached `ready`
+   * AND VM_START has resolved (so we don't flash back to lifecycle copy).
+   */
+  claimPhase?: ClaimPhase | null;
+  /** Optional retry handler shown on terminal `failed` phases. */
+  onRetry?: () => void;
+}
+
+const PHASES = [
+  { key: "sandbox", label: "Setting up your workspace" },
+  { key: "setup", label: "Installing packages" },
+  { key: "server", label: "Starting your preview" },
+] as const;
+
+/**
+ * 2-shade monochrome palette. Everything inside windows uses exactly these two.
+ * Foreground opacities are deliberately close so the overall read is uniform.
+ */
+const MUTED_1 = "bg-foreground/[0.05]";
+const MUTED_2 = "bg-foreground/[0.09]";
+
+/** Stable "random" delays per tile — generated once at module load. */
+const PACKAGE_TILE_DELAYS = Array.from(
+  { length: 35 },
+  () => Math.random() * 1.8,
+);
+
+/** ~40% of tiles get the chart-2 accent; the rest stay muted. */
+const PACKAGE_TILE_COLORED = Array.from(
+  { length: 35 },
+  () => Math.random() < 0.4,
+);
+
+/** Collapse 4 daemon signals into the 3 user-facing phases. */
+function getPhaseIndex(
+  hasSetupData: boolean,
+  scripts: string[],
+  activeProcesses: string[],
+): number {
+  if (activeProcesses.length > 0) return 2;
+  if (hasSetupData || scripts.length > 0) return 1;
+  return 0;
+}
+
+/** Strip ANSI color + cursor escape sequences from terminal output. */
+function stripAnsi(str: string): string {
+  // biome-ignore lint/suspicious/noControlCharactersInRegex: ANSI escapes use control chars
+  // oxlint-disable-next-line no-control-regex
+  return str.replace(/\u001b\[[0-9;?]*[a-zA-Z]/g, "");
+}
+
+/** Pick the most recent non-empty terminal line across relevant sources. */
+function latestLogLine(
+  getBuffer: (source: string) => string,
+  activeProcesses: string[],
+): string | null {
+  const sources = [...activeProcesses, "setup"];
+  for (const source of sources) {
+    const buffer = getBuffer(source);
+    if (!buffer) continue;
+    const lines = stripAnsi(buffer).split(/\r\n|\r|\n/);
+    for (let i = lines.length - 1; i >= 0; i--) {
+      const line = lines[i]?.trim();
+      if (line) return line;
+    }
+  }
+  return null;
+}
+
+export function VmBootingState({
+  hasSetupData,
+  scripts,
+  activeProcesses,
+  onViewLogs,
+  claimPhase,
+  onRetry,
+}: VmBootingStateProps) {
+  // Lifecycle-driven pre-daemon UI takes precedence whenever the caller
+  // supplies a phase. The caller (preview.tsx) decides when to drop it —
+  // typically once VM_START's promise resolves and a previewUrl is in
+  // hand, so we don't briefly flash the 3-phase UI between
+  // Sandbox.Ready=True and VM_START.success.
+  if (claimPhase != null) {
+    return (
+      <ClaimLifecycleView
+        phase={claimPhase}
+        onRetry={onRetry}
+        onViewLogs={onViewLogs}
+      />
+    );
+  }
+
+  const phase = getPhaseIndex(hasSetupData, scripts, activeProcesses);
+  const currentLabel = PHASES[phase]?.label ?? PHASES[0].label;
+
+  const { getBuffer } = useVmEvents();
+  const lastLogLine = latestLogLine(getBuffer, activeProcesses);
+
+  return (
+    <div className="relative flex flex-col items-center justify-center w-full h-full overflow-hidden select-none gap-8">
+      <div className="flex items-center gap-2 rounded-full border border-foreground/10 bg-background px-3.5 py-1.5 shadow-[0_4px_20px_-4px_rgb(0_0_0_/_0.12)]">
+        <GridLoader />
+        <span
+          key={PHASES[phase]?.key ?? "sandbox"}
+          className="text-[13px] font-medium text-foreground/85 animate-in fade-in duration-500"
+        >
+          {currentLabel}…
+        </span>
+      </div>
+
+      <div className="relative w-[min(78%,560px)] aspect-[4/3]">
+        <PhaseCard phase={0} current={phase}>
+          <SandboxContent />
+        </PhaseCard>
+        <PhaseCard phase={1} current={phase}>
+          <SetupContent />
+        </PhaseCard>
+        <PhaseCard phase={2} current={phase}>
+          <PreviewContent />
+        </PhaseCard>
+      </div>
+
+      {/* Log line + View logs — stacked, same type, subtle */}
+      <div className="absolute bottom-5 left-1/2 -translate-x-1/2 flex flex-col items-center gap-1 max-w-[80%] min-w-0">
+        {lastLogLine && (
+          <span
+            key={lastLogLine}
+            className="block w-full max-w-[440px] truncate text-center text-xs font-mono text-muted-foreground/45 animate-in fade-in duration-300"
+          >
+            {lastLogLine}
+          </span>
+        )}
+        <button
+          type="button"
+          onClick={onViewLogs}
+          className="flex items-center gap-1.5 text-xs text-muted-foreground/50 hover:text-muted-foreground transition-colors duration-200"
+        >
+          <Terminal size={11} />
+          View logs
+        </button>
+      </div>
+
+      <style>{`
+        @keyframes vm-pulse-soft {
+          0%, 100% { opacity: 0.25; }
+          50% { opacity: 1; }
+        }
+        @keyframes vm-breathe {
+          0%, 100% { opacity: 0.5; }
+          50% { opacity: 1; }
+        }
+      `}</style>
+    </div>
+  );
+}
+
+function PhaseCard({
+  phase,
+  current,
+  children,
+}: {
+  phase: number;
+  current: number;
+  children: ReactNode;
+}) {
+  const offset = phase - current;
+  const isDone = offset < 0;
+  const isActive = offset === 0;
+
+  // Upcoming cards peek from ABOVE the active one. On completion the active
+  // card fades down while the next descends to take its place.
+  const translateY = isDone ? 90 : offset * -22;
+  const scale = isDone ? 0.94 : 1 - Math.max(offset, 0) * 0.04;
+  const opacity = isDone ? 0 : isActive ? 1 : offset === 1 ? 0.8 : 0.55;
+  // Done card sits below; upcoming cards stack behind the active one.
+  const zIndex = isDone ? 10 : 30 - offset;
+
+  return (
+    <div
+      aria-hidden={!isActive}
+      className={cn(
+        "absolute inset-0 rounded-xl border border-foreground/10 bg-background shadow-[0_20px_60px_-20px_rgb(0_0_0_/_0.35)] overflow-hidden transition-all ease-[cubic-bezier(0.22,1,0.36,1)]",
+      )}
+      style={{
+        transform: `translateY(${translateY}px) scale(${scale})`,
+        opacity,
+        zIndex,
+        transitionDuration: "1000ms",
+        pointerEvents: isActive ? "auto" : "none",
+      }}
+    >
+      {children}
+    </div>
+  );
+}
+
+/** Traffic-light dots + optional URL pill. No separator line, no bg tint. */
+function BrowserChrome({ showUrl = false }: { showUrl?: boolean }) {
+  return (
+    <div className="h-7 flex items-center gap-1.5 px-3 shrink-0">
+      <div className={cn("w-2.5 h-2.5 rounded-full", MUTED_2)} />
+      <div className={cn("w-2.5 h-2.5 rounded-full", MUTED_2)} />
+      <div className={cn("w-2.5 h-2.5 rounded-full", MUTED_2)} />
+      {showUrl && (
+        <div
+          className={cn("ml-3 h-3.5 flex-1 max-w-[220px] rounded-sm", MUTED_1)}
+        />
+      )}
+    </div>
+  );
+}
+
+/** Phase 1: wireframe of the app layout — faint outline that phase 3 will fill. */
+function SandboxContent() {
+  return (
+    <div className="flex h-full flex-col">
+      <BrowserChrome />
+      <div className="flex flex-1 min-h-0 gap-1.5 p-3">
+        <div
+          className={cn("w-[18%] rounded-md", MUTED_1)}
+          style={{ animation: "vm-breathe 3s ease-in-out infinite" }}
+        />
+        <div className="flex-1 flex flex-col gap-1.5 min-w-0">
+          <div
+            className="h-[42%] shrink-0 rounded-md bg-chart-3/[0.12]"
+            style={{ animation: "vm-breathe 3s ease-in-out 0.4s infinite" }}
+          />
+          <div className="flex-1 grid grid-cols-5 gap-1.5 min-h-0">
+            <div
+              className="col-span-3 rounded-md bg-chart-3/[0.12]"
+              style={{ animation: "vm-breathe 3s ease-in-out 0.8s infinite" }}
+            />
+            <div className="col-span-2 grid grid-rows-2 gap-1.5">
+              <div
+                className={cn("rounded-md", MUTED_1)}
+                style={{ animation: "vm-breathe 3s ease-in-out 1.2s infinite" }}
+              />
+              <div
+                className={cn("rounded-md", MUTED_1)}
+                style={{ animation: "vm-breathe 3s ease-in-out 1.6s infinite" }}
+              />
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  );
+}
+
+/** Phase 2: grid of tiles pulsing at random — "items arriving". */
+function SetupContent() {
+  const cols = 7;
+  return (
+    <div className="flex h-full flex-col">
+      <BrowserChrome />
+      <div className="relative flex-1 flex items-center justify-center px-8 py-5">
+        <div
+          className="grid gap-2 w-full"
+          style={{ gridTemplateColumns: `repeat(${cols}, minmax(0, 1fr))` }}
+        >
+          {PACKAGE_TILE_DELAYS.map((delay, i) => (
+            <div
+              key={i}
+              className={cn(
+                "aspect-square rounded-md",
+                PACKAGE_TILE_COLORED[i] ? "bg-chart-2/70" : MUTED_2,
+              )}
+              style={{
+                animation: `vm-pulse-soft 2.2s ease-in-out ${delay}s infinite`,
+              }}
+            />
+          ))}
+        </div>
+      </div>
+    </div>
+  );
+}
+
+/** Phase 3: app surface — sidebar + hero + asymmetric card grid. No borders. */
+function PreviewContent() {
+  return (
+    <div className="flex h-full flex-col">
+      <BrowserChrome showUrl />
+      <div className="flex flex-1 min-h-0">
+        {/* Sidebar */}
+        <div className="w-[18%] p-2.5 flex flex-col gap-1.5 shrink-0 bg-chart-1/[0.05]">
+          <div className="h-5 rounded-md mb-2 bg-chart-1/[0.10]" />
+          <div className={cn("h-1.5 rounded-sm w-[70%]", MUTED_2)} />
+          <div className={cn("h-1.5 rounded-sm w-[55%]", MUTED_2)} />
+          <div className={cn("h-1.5 rounded-sm w-[80%]", MUTED_2)} />
+          <div className={cn("h-1.5 rounded-sm w-[50%]", MUTED_2)} />
+          <div className="mt-auto">
+            <div className={cn("h-4 rounded-md", MUTED_2)} />
+          </div>
+        </div>
+
+        {/* Main area */}
+        <div className="flex-1 min-w-0 flex flex-col">
+          {/* Hero — chart-1 tint */}
+          <div className="relative h-[42%] shrink-0 overflow-hidden bg-chart-1/[0.10]">
+            <div className="absolute bottom-3 left-3 right-3 space-y-1.5">
+              <div className="h-3 rounded-sm w-[35%] bg-chart-1/[0.15]" />
+              <div className={cn("h-1.5 rounded-sm w-[55%]", MUTED_1)} />
+            </div>
+          </div>
+
+          {/* Content body */}
+          <div className="flex-1 p-3 flex flex-col gap-2.5 min-h-0">
+            <div className="flex gap-1.5 shrink-0">
+              <div className="h-4 w-12 rounded-full bg-chart-1/[0.12]" />
+              <div className={cn("h-4 w-10 rounded-full", MUTED_1)} />
+              <div className={cn("h-4 w-14 rounded-full", MUTED_1)} />
+            </div>
+
+            <div className="flex-1 grid grid-cols-5 gap-2 min-h-0">
+              <div
+                className={cn(
+                  "col-span-3 rounded-md flex flex-col justify-end p-2 gap-1",
+                  MUTED_1,
+                )}
+              >
+                <div className={cn("h-1.5 w-[50%] rounded-sm", MUTED_2)} />
+                <div className={cn("h-1 w-[75%] rounded-sm", MUTED_2)} />
+              </div>
+              <div className="col-span-2 grid grid-rows-2 gap-2">
+                <div className={cn("rounded-md", MUTED_1)} />
+                <div className={cn("rounded-md", MUTED_1)} />
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  );
+}
+
+// ---- Lifecycle (pre-daemon) UI --------------------------------------------
+
+/**
+ * Copy for each pre-daemon phase. Headlines stay short for the pill;
+ * `body` is only shown for phases where the user benefits from knowing why
+ * the wait exists (capacity provisioning, image pull on a fresh node).
+ *
+ * `failed` is intentionally absent here — failure copy is phase-reason
+ * driven (see `failureCopy`) and renders a Try-Again affordance.
+ */
+const LIFECYCLE_COPY: Record<
+  Exclude<ClaimPhase["kind"], "ready" | "failed">,
+  { headline: string; body?: string }
+> = {
+  claiming: {
+    headline: "Reserving sandbox",
+    body: "Posting your claim to the cluster…",
+  },
+  "waiting-for-capacity": {
+    headline: "Waiting for cluster capacity",
+    body: "The cluster may need to provision a new node — typically 60–90s.",
+  },
+  "pulling-image": {
+    headline: "Downloading sandbox image",
+    body: "First boot on this node — subsequent runs reuse the cached image.",
+  },
+  "starting-container": {
+    headline: "Starting your sandbox",
+  },
+  "warming-daemon": {
+    headline: "Connecting to your sandbox",
+  },
+};
+
+function failureCopy(phase: Extract<ClaimPhase, { kind: "failed" }>): {
+  headline: string;
+  body: string;
+} {
+  switch (phase.reason) {
+    case "image-pull-backoff":
+      return {
+        headline: "Sandbox image failed to download",
+        body: phase.message,
+      };
+    case "crash-loop-backoff":
+      return {
+        headline: "Sandbox crashed during startup",
+        body: phase.message,
+      };
+    case "scheduling-timeout":
+      return {
+        headline: "Couldn't get cluster capacity in time",
+        body: phase.message,
+      };
+    case "claim-never-created":
+      return {
+        headline: "Sandbox claim was never posted",
+        body: phase.message,
+      };
+    case "reconciler-error":
+      return {
+        headline: "Sandbox controller reported an error",
+        body: phase.message,
+      };
+    case "unknown":
+    default:
+      return {
+        headline: "Sandbox failed to start",
+        body: phase.message,
+      };
+  }
+}
+
+function ClaimLifecycleView({
+  phase,
+  onRetry,
+  onViewLogs,
+}: {
+  phase: ClaimPhase;
+  onRetry?: () => void;
+  onViewLogs: () => void;
+}) {
+  if (phase.kind === "failed") {
+    const copy = failureCopy(phase);
+    return (
+      <div className="relative flex flex-col items-center justify-center w-full h-full overflow-hidden select-none gap-6 px-6">
+        <div className="flex flex-col items-center gap-2 text-center max-w-[440px]">
+          <span className="text-sm font-medium text-foreground">
+            {copy.headline}
+          </span>
+          <span className="text-xs text-muted-foreground">{copy.body}</span>
+        </div>
+        {onRetry && (
+          <button
+            type="button"
+            onClick={onRetry}
+            className="rounded-md border border-foreground/15 bg-background px-3 py-1.5 text-xs font-medium hover:bg-foreground/[0.04] transition-colors"
+          >
+            Try again
+          </button>
+        )}
+        <button
+          type="button"
+          onClick={onViewLogs}
+          className="flex items-center gap-1.5 text-xs text-muted-foreground/60 hover:text-muted-foreground transition-colors duration-200"
+        >
+          <Terminal size={11} />
+          View logs
+        </button>
+      </div>
+    );
+  }
+
+  // `ready` is reached when Sandbox.Ready=True, but VM_START still has the
+  // Service-patch + HTTPRoute-mint + port-forward window before previewUrl
+  // exists. Show "almost ready" until the caller drops `claimPhase`
+  // (= VM_START's promise resolved).
+  const copy =
+    phase.kind === "ready"
+      ? { headline: "Almost ready", body: undefined }
+      : LIFECYCLE_COPY[phase.kind];
+  const subline =
+    phase.kind === "ready" ? undefined : (nodeClaimSubline(phase) ?? copy.body);
+
+  return (
+    <div className="relative flex flex-col items-center justify-center w-full h-full overflow-hidden select-none gap-6">
+      <div className="flex items-center gap-2 rounded-full border border-foreground/10 bg-background px-3.5 py-1.5 shadow-[0_4px_20px_-4px_rgb(0_0_0_/_0.12)]">
+        <GridLoader />
+        <span
+          key={phase.kind}
+          className="text-[13px] font-medium text-foreground/85 animate-in fade-in duration-500"
+        >
+          {copy.headline}…
+        </span>
+      </div>
+
+      {subline && (
+        <span
+          key={subline}
+          className="block max-w-[440px] truncate text-center text-xs text-muted-foreground/70 animate-in fade-in duration-300"
+        >
+          {subline}
+        </span>
+      )}
+
+      <button
+        type="button"
+        onClick={onViewLogs}
+        className="absolute bottom-5 left-1/2 -translate-x-1/2 flex items-center gap-1.5 text-xs text-muted-foreground/50 hover:text-muted-foreground transition-colors duration-200"
+      >
+        <Terminal size={11} />
+        View logs
+      </button>
+    </div>
+  );
+}
+
+function nodeClaimSubline(phase: ClaimPhase): string | undefined {
+  if (phase.kind !== "waiting-for-capacity") return undefined;
+  if (!phase.nodeClaim) return undefined;
+  return `Provisioning node ${phase.nodeClaim}…`;
+}
diff --git a/apps/mesh/src/web/components/vm/vm-error-state.tsx b/apps/mesh/src/web/components/vm/vm-error-state.tsx
index b234285c68..50e3ca41c1 100644
--- a/apps/mesh/src/web/components/vm/vm-error-state.tsx
+++ b/apps/mesh/src/web/components/vm/vm-error-state.tsx
@@ -1,4 +1,5 @@
 import { Button } from "@deco/ui/components/button.tsx";
+import { AlertCircle, Copy01, RefreshCw01 } from "@untitledui/icons";
 import { toast } from "sonner";
 
 interface VmErrorStateProps {
@@ -8,26 +9,62 @@ interface VmErrorStateProps {
 
 export function VmErrorState({ errorMsg, onRetry }: VmErrorStateProps) {
   return (
-    <div className="flex flex-col items-center justify-center w-full h-full gap-4 px-4">
-      <div className="max-w-md w-full rounded-md border border-destructive/30 bg-destructive/5 p-3">
-        <p className="text-sm text-destructive line-clamp-4 break-all">
-          {errorMsg}
-        </p>
-        <button
-          type="button"
-          onClick={() =>
-            navigator.clipboard.writeText(errorMsg).then(() => {
-              toast.success("Error copied to clipboard");
-            })
-          }
-          className="mt-2 text-xs text-muted-foreground hover:text-foreground transition-colors"
-        >
-          Copy error
-        </button>
+    <div className="relative flex flex-col items-center justify-center w-full h-full overflow-hidden select-none">
+      {/* Floating status pill */}
+      <div className="absolute top-8 left-1/2 -translate-x-1/2 z-20 flex items-center gap-2 rounded-full border border-destructive/30 bg-background/80 px-3.5 py-1.5 shadow-[0_4px_20px_-4px_rgb(0_0_0_/_0.12)] backdrop-blur-md">
+        <AlertCircle size={13} className="text-destructive/80" />
+        <span className="text-[13px] font-medium text-destructive/90">
+          Failed to start
+        </span>
+      </div>
+
+      {/* Stacked browser mockup — same layout, but dimmed */}
+      <div className="relative w-[min(78%,560px)] aspect-[4/3] mt-6 opacity-60">
+        <div className="absolute left-[8%] right-[8%] -top-5 h-full rounded-xl border border-foreground/[0.05] bg-foreground/[0.015]" />
+        <div className="absolute left-[4%] right-[4%] -top-2.5 h-full rounded-xl border border-foreground/[0.07] bg-foreground/[0.025]" />
+
+        <div className="relative w-full h-full rounded-xl border border-foreground/10 bg-background shadow-[0_20px_60px_-20px_rgb(0_0_0_/_0.35)] overflow-hidden">
+          <div className="h-7 border-b border-foreground/[0.08] bg-foreground/[0.015] flex items-center gap-1.5 px-3">
+            <div className="w-2.5 h-2.5 rounded-full bg-foreground/10" />
+            <div className="w-2.5 h-2.5 rounded-full bg-foreground/10" />
+            <div className="w-2.5 h-2.5 rounded-full bg-foreground/10" />
+            <div className="ml-3 h-3.5 flex-1 max-w-[240px] rounded-sm bg-foreground/[0.04]" />
+          </div>
+
+          {/* Error card centered in the mockup */}
+          <div className="flex items-center justify-center p-6 h-[calc(100%-1.75rem)]">
+            <div className="w-full max-w-sm rounded-lg border border-destructive/20 bg-destructive/[0.03] p-4 space-y-3">
+              <div className="flex items-start gap-2">
+                <AlertCircle
+                  size={14}
+                  className="text-destructive/80 mt-0.5 shrink-0"
+                />
+                <p className="text-xs text-destructive/80 line-clamp-5 break-all leading-relaxed font-mono">
+                  {errorMsg}
+                </p>
+              </div>
+              <div className="flex items-center gap-2">
+                <Button variant="outline" size="sm" onClick={onRetry}>
+                  <RefreshCw01 size={12} />
+                  Retry
+                </Button>
+                <button
+                  type="button"
+                  onClick={() =>
+                    navigator.clipboard.writeText(errorMsg).then(() => {
+                      toast.success("Error copied to clipboard");
+                    })
+                  }
+                  className="flex items-center gap-1 text-[11px] text-muted-foreground/60 hover:text-muted-foreground transition-colors duration-200"
+                >
+                  <Copy01 size={10} />
+                  Copy error
+                </button>
+              </div>
+            </div>
+          </div>
+        </div>
       </div>
-      <Button variant="outline" onClick={onRetry}>
-        Retry
-      </Button>
     </div>
   );
 }
diff --git a/apps/mesh/src/web/hooks/collections/use-ai-providers.ts b/apps/mesh/src/web/hooks/collections/use-ai-providers.ts
index 084d79b3e4..9516162150 100644
--- a/apps/mesh/src/web/hooks/collections/use-ai-providers.ts
+++ b/apps/mesh/src/web/hooks/collections/use-ai-providers.ts
@@ -34,6 +34,7 @@ export function useAiProviders() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const { data } = useSuspenseQuery({
@@ -57,6 +58,7 @@ export function useAiProviderKeys() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const { data } = useSuspenseQuery({
@@ -80,6 +82,7 @@ export function useAiProviderModels(keyId: string | undefined) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const { data, isLoading } = useQuery({
@@ -104,6 +107,7 @@ export function useSuspenseAiProviderModels(keyId: string) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const { data } = useSuspenseQuery({
diff --git a/apps/mesh/src/web/hooks/registry/use-discover-tools.ts b/apps/mesh/src/web/hooks/registry/use-discover-tools.ts
index 3d9188cd3d..a648a7479e 100644
--- a/apps/mesh/src/web/hooks/registry/use-discover-tools.ts
+++ b/apps/mesh/src/web/hooks/registry/use-discover-tools.ts
@@ -32,6 +32,7 @@ export function useDiscoverTools() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const discover = async (
diff --git a/apps/mesh/src/web/hooks/registry/use-image-upload.ts b/apps/mesh/src/web/hooks/registry/use-image-upload.ts
index 769b41f3e4..23e6b735e5 100644
--- a/apps/mesh/src/web/hooks/registry/use-image-upload.ts
+++ b/apps/mesh/src/web/hooks/registry/use-image-upload.ts
@@ -31,6 +31,7 @@ export function useImageUpload(connectionId?: string): UseImageUploadResult {
   const client = useMCPClient({
     connectionId: storageConnectionId ?? "noop",
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const uploadImage = async (
diff --git a/apps/mesh/src/web/hooks/registry/use-monitor.ts b/apps/mesh/src/web/hooks/registry/use-monitor.ts
index 07a8554fa3..f1d44dd20e 100644
--- a/apps/mesh/src/web/hooks/registry/use-monitor.ts
+++ b/apps/mesh/src/web/hooks/registry/use-monitor.ts
@@ -53,6 +53,7 @@ export function useMonitorRunStart() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useMutation({
@@ -75,6 +76,7 @@ export function useMonitorRunCancel() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useMutation({
@@ -96,6 +98,7 @@ export function useMonitorRuns(status?: MonitorRunStatus) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useQuery({
@@ -114,6 +117,7 @@ export function useMonitorRun(runId?: string) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useQuery({
@@ -139,6 +143,7 @@ export function useMonitorResults(
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useQuery({
@@ -165,6 +170,7 @@ export function useMonitorConnections() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useQuery({
@@ -185,6 +191,7 @@ export function useSyncMonitorConnections() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useMutation({
@@ -208,6 +215,7 @@ export function useUpdateMonitorConnectionAuth() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useMutation({
@@ -257,6 +265,7 @@ export function useRegistryMonitorConfig() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const queryClient = useQueryClient();
 
@@ -350,6 +359,7 @@ export function useMonitorScheduleSet() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useMutation({
@@ -374,6 +384,7 @@ export function useMonitorScheduleCancel() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useMutation({
diff --git a/apps/mesh/src/web/hooks/registry/use-registry.ts b/apps/mesh/src/web/hooks/registry/use-registry.ts
index 3f68c03d8e..89d67cd00e 100644
--- a/apps/mesh/src/web/hooks/registry/use-registry.ts
+++ b/apps/mesh/src/web/hooks/registry/use-registry.ts
@@ -73,6 +73,7 @@ export function useRegistryItems(params: {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const search = normalizeSearch(params.search);
   const limit = params.limit ?? DEFAULT_LIMIT;
@@ -128,6 +129,7 @@ export function useRegistryFilters() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useQuery({
@@ -145,6 +147,7 @@ export function useRegistryMutations() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const invalidateAll = async () => {
@@ -234,6 +237,7 @@ export function useRegistryConfig(pluginId: string) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const queryClient = useQueryClient();
 
@@ -354,6 +358,7 @@ export function usePublishRequests(params: {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const limit = DEFAULT_LIMIT;
 
@@ -394,6 +399,7 @@ export function usePublishRequestCount() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useQuery({
@@ -414,6 +420,7 @@ export function usePublishRequestMutations() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const invalidateAll = async () => {
@@ -458,6 +465,7 @@ export function usePublishApiKeys() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useQuery({
@@ -478,6 +486,7 @@ export function usePublishApiKeyMutations() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const generateMutation = useMutation({
diff --git a/apps/mesh/src/web/hooks/use-auto-install-github.ts b/apps/mesh/src/web/hooks/use-auto-install-github.ts
index cd4eb84208..9fe42cb027 100644
--- a/apps/mesh/src/web/hooks/use-auto-install-github.ts
+++ b/apps/mesh/src/web/hooks/use-auto-install-github.ts
@@ -86,10 +86,14 @@ export function useAutoInstallGitHub(opts: {
 
       // Step 2: Check if OAuth is needed
       setStatus("authenticating");
-      const mcpProxyUrl = new URL(`/mcp/${id}`, window.location.origin);
+      const mcpProxyUrl = new URL(
+        `/api/${org.slug}/mcp/${id}`,
+        window.location.origin,
+      );
       const authStatus = await isConnectionAuthenticated({
         url: mcpProxyUrl.href,
         token: null,
+        orgId: org.id,
       });
 
       if (authStatus.supportsOAuth && !authStatus.isAuthenticated) {
@@ -100,6 +104,8 @@ export function useAutoInstallGitHub(opts: {
           error: oauthError,
         } = await authenticateMcp({
           connectionId: id,
+          orgSlug: org.slug,
+          scope: "offline_access",
         });
 
         if (oauthError || !token) {
@@ -115,20 +121,25 @@ export function useAutoInstallGitHub(opts: {
         // Step 4: Persist OAuth token
         if (tokenInfo) {
           try {
-            const response = await fetch(`/api/connections/${id}/oauth-token`, {
-              method: "POST",
-              headers: { "Content-Type": "application/json" },
-              credentials: "include",
-              body: JSON.stringify({
-                accessToken: tokenInfo.accessToken,
-                refreshToken: tokenInfo.refreshToken,
-                expiresIn: tokenInfo.expiresIn,
-                scope: tokenInfo.scope,
-                clientId: tokenInfo.clientId,
-                clientSecret: tokenInfo.clientSecret,
-                tokenEndpoint: tokenInfo.tokenEndpoint,
-              }),
-            });
+            const response = await fetch(
+              `/api/${org.slug}/connections/${id}/oauth-token`,
+              {
+                method: "POST",
+                headers: {
+                  "Content-Type": "application/json",
+                },
+                credentials: "include",
+                body: JSON.stringify({
+                  accessToken: tokenInfo.accessToken,
+                  refreshToken: tokenInfo.refreshToken,
+                  expiresIn: tokenInfo.expiresIn,
+                  scope: tokenInfo.scope,
+                  clientId: tokenInfo.clientId,
+                  clientSecret: tokenInfo.clientSecret,
+                  tokenEndpoint: tokenInfo.tokenEndpoint,
+                }),
+              },
+            );
             if (!response.ok) {
               await actions.update.mutateAsync({
                 id,
diff --git a/apps/mesh/src/web/hooks/use-automations.ts b/apps/mesh/src/web/hooks/use-automations.ts
index 51b6d56fb3..7e38cd07ec 100644
--- a/apps/mesh/src/web/hooks/use-automations.ts
+++ b/apps/mesh/src/web/hooks/use-automations.ts
@@ -83,6 +83,7 @@ export function useTriggerList(connectionId: string | undefined) {
   const client = useMCPClient({
     connectionId: connectionId ?? SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useQuery({
@@ -113,7 +114,7 @@ export interface AutomationListItem {
   created_by: string;
   created_at: string;
   trigger_count: number;
-  agent: { id: string } | null;
+  virtual_mcp_id: string;
   nearest_next_run_at: string | null;
 }
 
@@ -136,11 +137,12 @@ export interface AutomationDetail {
   created_by: string;
   created_at: string;
   updated_at: string;
-  agent: { id: string };
+  virtual_mcp_id: string;
   messages: unknown[];
   models: {
     credentialId: string;
     thinking: { id: string; [key: string]: unknown };
+    tier?: "fast" | "smart" | "thinking";
     [key: string]: unknown;
   };
   temperature: number;
@@ -153,20 +155,25 @@ export interface AutomationDetail {
 
 type AutomationListOutput = { automations: AutomationListItem[] };
 
-export function useAutomations(virtualMcpId?: string | null) {
+export function useAutomations(
+  virtualMcpId?: string | null,
+  search?: string | null,
+) {
   const { org } = useProjectContext();
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useQuery({
-    queryKey: KEYS.automations(org.id, virtualMcpId),
+    queryKey: KEYS.automations(org.id, virtualMcpId, search),
     queryFn: async () => {
       const args: Record<string, unknown> =
         virtualMcpId !== undefined && virtualMcpId !== null
           ? { virtual_mcp_id: virtualMcpId }
           : {};
+      if (search) args.search = search;
       const result = (await client.callTool({
         name: "AUTOMATION_LIST",
         arguments: args,
@@ -186,6 +193,7 @@ export function useAutomation(id: string) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useQuery({
@@ -208,12 +216,19 @@ export function useAutomation(id: string) {
 // Helpers
 // ============================================================================
 
-export function buildDefaultAutomationInput(virtualMcpId?: string) {
+export function buildDefaultAutomationInput(
+  virtualMcpId: string,
+  modelDefaults?: { credentialId: string; modelId: string } | null,
+) {
   return {
     name: "New Automation",
-    agent: virtualMcpId ? { id: virtualMcpId } : undefined,
     messages: [],
-    models: { credentialId: "", thinking: { id: "" } },
+    models: modelDefaults
+      ? {
+          credentialId: modelDefaults.credentialId,
+          thinking: { id: modelDefaults.modelId },
+        }
+      : { credentialId: "", thinking: { id: "" } },
     temperature: 0.5,
     active: true,
     virtual_mcp_id: virtualMcpId,
@@ -229,6 +244,7 @@ export function useAutomationActions() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const queryClient = useQueryClient();
 
@@ -251,11 +267,11 @@ export function useAutomationActions() {
     },
     onSuccess: () => {
       invalidateAll();
+      toast.success("Automation created successfully");
     },
-    onError: (error) => {
-      toast.error(
-        error instanceof Error ? error.message : "Failed to create automation",
-      );
+    onError: (error: unknown) => {
+      const message = error instanceof Error ? error.message : String(error);
+      toast.error(`Failed to create automation: ${message}`);
     },
   });
 
@@ -272,11 +288,11 @@ export function useAutomationActions() {
       if (typeof variables.id === "string") {
         invalidateOne(variables.id);
       }
+      toast.success("Automation updated successfully");
     },
-    onError: (error) => {
-      toast.error(
-        error instanceof Error ? error.message : "Failed to update automation",
-      );
+    onError: (error: unknown) => {
+      const message = error instanceof Error ? error.message : String(error);
+      toast.error(`Failed to update automation: ${message}`);
     },
   });
 
@@ -291,11 +307,11 @@ export function useAutomationActions() {
     onSuccess: (_data, id) => {
       queryClient.removeQueries({ queryKey: KEYS.automation(org.id, id) });
       invalidateAll();
+      toast.success("Automation deleted successfully");
     },
-    onError: (error) => {
-      toast.error(
-        error instanceof Error ? error.message : "Failed to delete automation",
-      );
+    onError: (error: unknown) => {
+      const message = error instanceof Error ? error.message : String(error);
+      toast.error(`Failed to delete automation: ${message}`);
     },
   });
 
diff --git a/apps/mesh/src/web/hooks/use-collection-cache-prefill.ts b/apps/mesh/src/web/hooks/use-collection-cache-prefill.ts
deleted file mode 100644
index e0ee267935..0000000000
--- a/apps/mesh/src/web/hooks/use-collection-cache-prefill.ts
+++ /dev/null
@@ -1,71 +0,0 @@
-/**
- * Hook that provides utilities to prefill collection query cache
- * Prevents suspension when switching to new/empty collections
- */
-
-import type { CollectionListOutput } from "@decocms/bindings/collections";
-import type {
-  CollectionEntity,
-  UseCollectionListOptions,
-} from "@decocms/mesh-sdk";
-import { buildCollectionQueryKey } from "@decocms/mesh-sdk";
-import type { Client } from "@modelcontextprotocol/sdk/client/index.js";
-import { useQueryClient } from "@tanstack/react-query";
-
-/**
- * Hook that provides utilities to prefill collection query cache
- * Prevents suspension when switching to new/empty collections
- *
- * @returns Object with prefillCollectionCache function
- */
-export function useCollectionCachePrefill() {
-  const queryClient = useQueryClient();
-
-  /**
-   * Prefills the query cache for a collection query to prevent suspension
-   *
-   * @param client - The MCP client used to call collection tools (null/undefined skips prefilling)
-   * @param collectionName - The name of the collection (e.g., "THREAD_MESSAGES", "CONNECTIONS")
-   * @param scopeKey - The scope key (orgId, connectionId, etc.)
-   * @param options - Filter and configuration options matching useCollectionList
-   */
-  const prefillCollectionCache = <T extends CollectionEntity>(
-    client: Client | null | undefined,
-    collectionName: string,
-    scopeKey: string,
-    options?: UseCollectionListOptions<T>,
-  ): void => {
-    if (!client) {
-      return;
-    }
-
-    const queryKey = buildCollectionQueryKey(
-      client,
-      collectionName,
-      scopeKey,
-      options,
-    );
-
-    // Check if data already exists in cache
-    const existingData = queryClient.getQueryData(queryKey);
-    if (existingData) {
-      return;
-    }
-
-    // Prefill cache with empty result structure that matches what useCollectionList's queryFn returns
-    // This matches EMPTY_COLLECTION_LIST_RESULT structure (before select transformation)
-    const emptyResult = {
-      structuredContent: {
-        items: [],
-      } satisfies CollectionListOutput<T>,
-      isError: false,
-    };
-
-    // Set the data in cache to prevent suspension
-    queryClient.setQueryData(queryKey, emptyResult);
-  };
-
-  return {
-    prefillCollectionCache,
-  };
-}
diff --git a/apps/mesh/src/web/hooks/use-create-task-and-navigate.ts b/apps/mesh/src/web/hooks/use-create-task-and-navigate.ts
deleted file mode 100644
index df935dd89f..0000000000
--- a/apps/mesh/src/web/hooks/use-create-task-and-navigate.ts
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * useCreateTaskAndNavigate — for use *outside* ChatContextProvider (e.g., sidebar).
- *
- * Mints a fresh taskId and navigates to `/$org/$taskId?virtualmcpid=…`.
- * ChatContextProvider handles actual task creation on first message.
- */
-
-import { useProjectContext } from "@decocms/mesh-sdk";
-import { useNavigate } from "@tanstack/react-router";
-
-/**
- * Returns a function that navigates to `/$org/$taskId?virtualmcpid=<agentId>`.
- */
-export function useCreateTaskAndNavigate() {
-  const navigate = useNavigate();
-  const { org } = useProjectContext();
-
-  return (virtualMcpId: string) => {
-    const taskId = crypto.randomUUID();
-    navigate({
-      to: "/$org/$taskId",
-      params: { org: org.slug, taskId },
-      search: { virtualmcpid: virtualMcpId },
-    });
-  };
-}
diff --git a/apps/mesh/src/web/hooks/use-debounced-autosave.ts b/apps/mesh/src/web/hooks/use-debounced-autosave.ts
new file mode 100644
index 0000000000..5bdc7b775a
--- /dev/null
+++ b/apps/mesh/src/web/hooks/use-debounced-autosave.ts
@@ -0,0 +1,68 @@
+import { useEffect, useRef } from "react";
+
+interface UseDebouncedAutosaveOptions<R> {
+  /** Save function. The latest closure is always invoked, so it can read
+   * current state without callers needing their own ref. */
+  save: () => Promise<R>;
+  /** Debounce window. Defaults to 1000ms. */
+  delayMs?: number;
+}
+
+interface UseDebouncedAutosaveReturn<R> {
+  /** Schedule a save after the debounce window. Resets the window on each
+   * call. */
+  schedule: () => void;
+  /** Cancel any pending save and run the save now. Returns whatever `save`
+   * returns. */
+  flush: () => Promise<R>;
+}
+
+/**
+ * Debounced save with flush-on-unmount.
+ *
+ * Encapsulates the timer, the always-fresh-closure dance, and the unmount
+ * cleanup that drops trailing edits if the user navigates within the debounce
+ * window.
+ */
+export function useDebouncedAutosave<R>({
+  save,
+  delayMs = 1000,
+}: UseDebouncedAutosaveOptions<R>): UseDebouncedAutosaveReturn<R> {
+  // Always-fresh ref so the deferred timer invokes the latest closure rather
+  // than whichever one was in scope when the timer was scheduled.
+  const saveRef = useRef(save);
+  saveRef.current = save;
+
+  const timerRef = useRef<ReturnType<typeof setTimeout> | null>(null);
+
+  const schedule = () => {
+    if (timerRef.current) clearTimeout(timerRef.current);
+    timerRef.current = setTimeout(() => {
+      timerRef.current = null;
+      saveRef.current();
+    }, delayMs);
+  };
+
+  const flush = (): Promise<R> => {
+    if (timerRef.current) {
+      clearTimeout(timerRef.current);
+      timerRef.current = null;
+    }
+    return saveRef.current();
+  };
+
+  // Flush any pending save on unmount so navigating away within the debounce
+  // window doesn't drop the last edit.
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect
+  useEffect(() => {
+    return () => {
+      if (timerRef.current) {
+        clearTimeout(timerRef.current);
+        timerRef.current = null;
+        saveRef.current();
+      }
+    };
+  }, []);
+
+  return { schedule, flush };
+}
diff --git a/apps/mesh/src/web/hooks/use-debounced-value.ts b/apps/mesh/src/web/hooks/use-debounced-value.ts
new file mode 100644
index 0000000000..52b292bbb9
--- /dev/null
+++ b/apps/mesh/src/web/hooks/use-debounced-value.ts
@@ -0,0 +1,21 @@
+import { useEffect, useState } from "react";
+
+/**
+ * Returns a value that lags behind the input by `delayMs`. Each new input
+ * resets the timer; the returned value updates only after the input has
+ * stopped changing for the debounce window.
+ *
+ * Use to throttle work that lives outside of rendering (e.g. fetching) — for
+ * render-priority deferral, prefer React's built-in `useDeferredValue`.
+ */
+export function useDebouncedValue<T>(value: T, delayMs: number): T {
+  const [debounced, setDebounced] = useState(value);
+
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect
+  useEffect(() => {
+    const id = setTimeout(() => setDebounced(value), delayMs);
+    return () => clearTimeout(id);
+  }, [value, delayMs]);
+
+  return debounced;
+}
diff --git a/apps/mesh/src/web/hooks/use-deco-credits.ts b/apps/mesh/src/web/hooks/use-deco-credits.ts
index 75b1926033..8a736fe702 100644
--- a/apps/mesh/src/web/hooks/use-deco-credits.ts
+++ b/apps/mesh/src/web/hooks/use-deco-credits.ts
@@ -13,12 +13,21 @@ import {
 import { useQuery } from "@tanstack/react-query";
 import { KEYS } from "../lib/query-keys";
 import { useAiProviderKeys } from "./collections/use-ai-providers";
+import { track } from "../lib/posthog-client";
+import { useRef } from "react";
+
+// Module-level map of last-seen balance per org. Used to detect balance
+// increases (heuristic for a completed top-up — we don't have a real
+// payment webhook yet). Keyed by orgId so multiple orgs in one session
+// don't interfere.
+const lastSeenBalance = new Map<string, number>();
 
 export function useDecoCredits() {
   const { org } = useProjectContext();
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const keys = useAiProviderKeys();
 
@@ -43,6 +52,28 @@ export function useDecoCredits() {
 
   const balanceCents = data?.balanceCents ?? null;
   const balanceDollars = balanceCents != null ? balanceCents / 100 : null;
+
+  // Heuristic top-up detection: when balance increases between refetches,
+  // the most likely cause is a successful top-up via Stripe. This runs at
+  // render-time because we don't have a real payment-success webhook yet.
+  // Not perfect (could theoretically trigger on admin grants) but catches
+  // the common case. Ignores the very first read (undefined → value is not
+  // a "top-up", just the initial load).
+  const firstSeenRef = useRef<Map<string, boolean>>(new Map());
+  if (balanceCents != null) {
+    const previous = lastSeenBalance.get(org.id);
+    const hasSeenBefore = firstSeenRef.current.get(org.id);
+    if (hasSeenBefore && previous != null && balanceCents > previous) {
+      track("credits_topped_up_detected", {
+        organization_id: org.id,
+        delta_cents: balanceCents - previous,
+        previous_balance_cents: previous,
+        new_balance_cents: balanceCents,
+      });
+    }
+    lastSeenBalance.set(org.id, balanceCents);
+    firstSeenRef.current.set(org.id, true);
+  }
   const hasDecoKey = !!decoKey;
   const hasCredits = balanceCents != null && balanceCents > 0;
   const isZeroBalance = balanceCents != null && balanceCents === 0;
diff --git a/apps/mesh/src/web/hooks/use-decopilot-events.ts b/apps/mesh/src/web/hooks/use-decopilot-events.ts
index f8e9f5dd46..675388da26 100644
--- a/apps/mesh/src/web/hooks/use-decopilot-events.ts
+++ b/apps/mesh/src/web/hooks/use-decopilot-events.ts
@@ -1,7 +1,7 @@
 /**
  * useDecopilotEvents — Subscribe to typed decopilot SSE events
  *
- * Connects to the /org/:orgId/watch SSE endpoint, parses incoming events
+ * Connects to the /api/:org/watch SSE endpoint, parses incoming events
  * into the discriminated DecopilotSSEEvent union, filters by taskId when
  * provided, and dispatches to typed handlers.
  *
@@ -26,9 +26,9 @@ import { createSSESubscription } from "./create-sse-subscription";
 // ============================================================================
 
 const decopilotSSE = createSSESubscription({
-  buildUrl: (orgId) => {
+  buildUrl: (orgSlug) => {
     const typesParam = ALL_DECOPILOT_EVENT_TYPES.join(",");
-    return `/org/${orgId}/watch?types=${typesParam}`;
+    return `/api/${encodeURIComponent(orgSlug)}/watch?types=${typesParam}`;
   },
   eventTypes: [...ALL_DECOPILOT_EVENT_TYPES],
 });
@@ -40,8 +40,8 @@ const getSnapshot = () => 0;
 // ============================================================================
 
 export interface UseDecopilotEventsOptions {
-  /** Organization ID for the SSE endpoint */
-  orgId: string;
+  /** Organization slug for the SSE endpoint */
+  orgSlug: string;
   /** Only fire handlers for events matching this task (omit for all tasks) */
   taskId?: string;
   /** Disable the SSE connection (default: true) */
@@ -73,7 +73,7 @@ interface CallbacksRef {
  */
 export function useDecopilotEvents(options: UseDecopilotEventsOptions): void {
   const {
-    orgId,
+    orgSlug,
     taskId,
     enabled = true,
     onStep,
@@ -89,25 +89,25 @@ export function useDecopilotEvents(options: UseDecopilotEventsOptions): void {
   });
   callbacksRef.current = { taskId, onStep, onFinish, onTaskStatus };
 
-  // `subscribe` only depends on `enabled` and `orgId` so the EventSource
+  // `subscribe` only depends on `enabled` and `orgSlug` so the EventSource
   // connection is not torn down when callbacks or taskId change.
   const subscribeRef = useRef<
     ((onStoreChange: () => void) => () => void) | null
   >(null);
 
   const prevEnabled = useRef(enabled);
-  const prevOrgId = useRef(orgId);
+  const prevOrgSlug = useRef(orgSlug);
 
   if (
     !subscribeRef.current ||
     prevEnabled.current !== enabled ||
-    prevOrgId.current !== orgId
+    prevOrgSlug.current !== orgSlug
   ) {
     prevEnabled.current = enabled;
-    prevOrgId.current = orgId;
+    prevOrgSlug.current = orgSlug;
 
     subscribeRef.current = (onStoreChange: () => void) => {
-      if (!enabled || !orgId) {
+      if (!enabled || !orgSlug) {
         return () => {};
       }
 
@@ -137,7 +137,7 @@ export function useDecopilotEvents(options: UseDecopilotEventsOptions): void {
         onStoreChange();
       };
 
-      return decopilotSSE.subscribe(orgId, handler);
+      return decopilotSSE.subscribe(orgSlug, handler);
     };
   }
 
diff --git a/apps/mesh/src/web/hooks/use-delete-connection.ts b/apps/mesh/src/web/hooks/use-delete-connection.ts
index 81455d1d8a..19122b48f2 100644
--- a/apps/mesh/src/web/hooks/use-delete-connection.ts
+++ b/apps/mesh/src/web/hooks/use-delete-connection.ts
@@ -39,6 +39,7 @@ export function useDeleteConnection({
   const selfClient = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const [deleteState, setDeleteState] = useState<DeleteConnectionState>({
diff --git a/apps/mesh/src/web/hooks/use-enable-plugin.ts b/apps/mesh/src/web/hooks/use-enable-plugin.ts
index 1c06a2e819..601b344f62 100644
--- a/apps/mesh/src/web/hooks/use-enable-plugin.ts
+++ b/apps/mesh/src/web/hooks/use-enable-plugin.ts
@@ -32,6 +32,7 @@ export function useEnablePlugin() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const mutation = useMutation({
diff --git a/apps/mesh/src/web/hooks/use-enabled-registries.ts b/apps/mesh/src/web/hooks/use-enabled-registries.ts
index a9d07a2a26..0e9a26e805 100644
--- a/apps/mesh/src/web/hooks/use-enabled-registries.ts
+++ b/apps/mesh/src/web/hooks/use-enabled-registries.ts
@@ -1,5 +1,5 @@
 import { useRegistryConnections } from "@/web/hooks/use-registry-connections";
-import { useRegistrySettings } from "@/web/hooks/use-registry-settings";
+import { useIsRegistryEnabled } from "@/web/hooks/use-organization-settings";
 import { type RegistrySource } from "@/web/hooks/use-merged-store-discovery";
 import { SELF_MCP_ALIAS_ID, useProjectContext } from "@decocms/mesh-sdk";
 
@@ -9,7 +9,7 @@ import { SELF_MCP_ALIAS_ID, useProjectContext } from "@decocms/mesh-sdk";
  */
 export function useEnabledRegistries(): RegistrySource[] {
   const registryConnections = useRegistryConnections();
-  const { isRegistryEnabled } = useRegistrySettings();
+  const isRegistryEnabled = useIsRegistryEnabled();
   const enabledPlugins = useProjectContext().project.enabledPlugins ?? [];
 
   const enabledRegistries: RegistrySource[] = registryConnections
diff --git a/apps/mesh/src/web/hooks/use-ensure-task.ts b/apps/mesh/src/web/hooks/use-ensure-task.ts
new file mode 100644
index 0000000000..50ce2e135d
--- /dev/null
+++ b/apps/mesh/src/web/hooks/use-ensure-task.ts
@@ -0,0 +1,131 @@
+/**
+ * useEnsureTask — read a task; on 404, create it with the given id and vMCP.
+ *
+ * Returns a discriminated union so the consumer can render the right UI:
+ *   - { status: "loading" }   — initial GET in flight
+ *   - { status: "creating" }  — create mutation in flight (after a 404)
+ *   - { status: "ready", task: Task | null } — resolved (null when id is empty)
+ *   - { status: "error", error: Error } — non-404 failure
+ *
+ * Empty id is a no-op: GET and CREATE are skipped and the hook returns a
+ * ready state with `task: null`. Lets routes that don't have a taskId in
+ * URL params (e.g. /$org/) call the hook unconditionally so Rules of Hooks
+ * stays happy across the home/task branch.
+ *
+ * Race safety: the create mutation is server-side idempotent (`INSERT … ON
+ * CONFLICT DO NOTHING RETURNING *`). Two tabs hitting the same URL both end
+ * up with the same row.
+ */
+
+import {
+  SELF_MCP_ALIAS_ID,
+  useMCPClient,
+  useProjectContext,
+} from "@decocms/mesh-sdk";
+import { useEffect } from "react";
+import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query";
+import { KEYS } from "../lib/query-keys";
+import type { Task } from "./use-tasks";
+
+type State =
+  | { status: "loading" }
+  | { status: "creating" }
+  | { status: "ready"; task: Task | null }
+  | { status: "error"; error: Error };
+
+export function useEnsureTask(id: string, virtualMcpId: string): State {
+  const { org, locator } = useProjectContext();
+  const client = useMCPClient({
+    connectionId: SELF_MCP_ALIAS_ID,
+    orgId: org.id,
+    orgSlug: org.slug,
+  });
+  const queryClient = useQueryClient();
+
+  const query = useQuery<Task | null>({
+    queryKey: KEYS.ensureTask(org.id, id),
+    queryFn: async () => {
+      const result = await client.callTool({
+        name: "COLLECTION_THREADS_GET",
+        arguments: { id },
+      });
+      const payload = (result as { structuredContent?: unknown })
+        .structuredContent as { item?: Task } | undefined;
+      return payload?.item ?? null;
+    },
+    enabled: id.length > 0,
+    retry: false,
+    refetchOnWindowFocus: false,
+  });
+
+  // Private mutation owned by this hook so we can suppress the toast and
+  // shared-cache invalidation that `useTaskActions().create` does. Effects
+  // re-run on (id, query.isSuccess, query.data) changes; React 19 Strict
+  // Mode dev may double-fire on first mount, but the server's `INSERT … ON
+  // CONFLICT DO NOTHING` makes this silent (no duplicate row, no toast).
+  const ensureCreate = useMutation<Task, Error, string>({
+    mutationFn: async (taskId) => {
+      const result = await client.callTool({
+        name: "COLLECTION_THREADS_CREATE",
+        arguments: {
+          data: { id: taskId, virtual_mcp_id: virtualMcpId },
+        },
+      });
+      if ((result as { isError?: boolean }).isError) {
+        const content = (result as { content?: unknown }).content;
+        const msg =
+          Array.isArray(content) && content[0] && typeof content[0] === "object"
+            ? ((content[0] as { text?: string }).text ?? "Create failed")
+            : "Create failed";
+        throw new Error(msg);
+      }
+      const payload = (result as { structuredContent?: unknown })
+        .structuredContent as { item: Task };
+      return payload.item;
+    },
+    onSuccess: () => {
+      // Refresh the canonical THREADS collection cache and the legacy
+      // KEYS.tasksPrefix list (read by chat-context's tasks.find), then
+      // refetch the ensure query so the consumer transitions from
+      // "creating" to "ready" without an extra round-trip.
+      queryClient.invalidateQueries({
+        predicate: (q) =>
+          q.queryKey[1] === org.id &&
+          q.queryKey[3] === "collection" &&
+          q.queryKey[4] === "THREADS",
+      });
+      queryClient.invalidateQueries({
+        queryKey: KEYS.tasksPrefix(locator),
+      });
+      void query.refetch();
+    },
+  });
+
+  // Fires the create mutation when GET resolves to a missing thread.
+  // Dependency array re-fires after `id` changes; the variables/isPending
+  // checks dedupe within a single id. React 19 Strict Mode dev double-mount
+  // is silent because the server's INSERT … ON CONFLICT DO NOTHING handles
+  // the duplicate request and the private mutation has no toast.
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect
+  useEffect(() => {
+    if (!id) return;
+    if (!query.isSuccess || query.data) return;
+    if (ensureCreate.isPending) return;
+    if (ensureCreate.variables === id) return;
+    ensureCreate.mutate(id);
+  }, [id, query.isSuccess, query.data, ensureCreate]);
+
+  if (!id) return { status: "ready", task: null };
+  if (query.isLoading) return { status: "loading" };
+  if (query.isError) return { status: "error", error: query.error as Error };
+  if (query.isSuccess && query.data) {
+    return { status: "ready", task: query.data };
+  }
+  if (ensureCreate.isPending || (query.isSuccess && !query.data)) {
+    return { status: "creating" };
+  }
+  if (ensureCreate.isError) {
+    return { status: "error", error: ensureCreate.error };
+  }
+  return { status: "loading" };
+}
diff --git a/apps/mesh/src/web/hooks/use-install-from-registry.ts b/apps/mesh/src/web/hooks/use-install-from-registry.ts
index 65ae8fdaf9..24bacbfb1c 100644
--- a/apps/mesh/src/web/hooks/use-install-from-registry.ts
+++ b/apps/mesh/src/web/hooks/use-install-from-registry.ts
@@ -18,7 +18,7 @@ import {
   callRegistryTool,
 } from "@/web/utils/registry-utils";
 import { useRegistryConnections } from "./use-registry-connections";
-import { useRegistrySettings } from "./use-registry-settings";
+import { useIsRegistryEnabled } from "./use-organization-settings";
 
 interface InstallResult {
   id: string;
@@ -58,7 +58,7 @@ export function useInstallFromRegistry(): UseInstallFromRegistryResult {
 
   // Get registry connections from registry_config, filtered to enabled only
   const registryConnections = useRegistryConnections();
-  const { isRegistryEnabled } = useRegistrySettings();
+  const isRegistryEnabled = useIsRegistryEnabled();
   const enabledRegistries = registryConnections.filter((c) =>
     isRegistryEnabled(c.id),
   );
@@ -86,6 +86,7 @@ export function useInstallFromRegistry(): UseInstallFromRegistryResult {
           const result = await callRegistryTool(
             registryConnection.id,
             org.id,
+            org.slug,
             listToolName,
             {
               where: { appName: parsedServerName },
diff --git a/apps/mesh/src/web/hooks/use-invitations.ts b/apps/mesh/src/web/hooks/use-invitations.ts
index 9178599af4..f6f24bd271 100644
--- a/apps/mesh/src/web/hooks/use-invitations.ts
+++ b/apps/mesh/src/web/hooks/use-invitations.ts
@@ -16,7 +16,7 @@ import {
   useQueryClient,
   useSuspenseQuery,
 } from "@tanstack/react-query";
-import { authClient } from "@/web/lib/auth-client";
+import { useOrgAuthClient } from "@/web/hooks/use-org-auth-client";
 import { toast } from "sonner";
 
 interface Invitation {
@@ -46,6 +46,7 @@ export function useInvitations() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useSuspenseQuery({
@@ -68,11 +69,12 @@ export function useInvitations() {
  */
 export function useInvitationActions() {
   const { locator } = useProjectContext();
+  const orgAuth = useOrgAuthClient();
   const queryClient = useQueryClient();
 
   const cancelMutation = useMutation({
     mutationFn: async (invitationId: string) => {
-      const result = await authClient.organization.cancelInvitation({
+      const result = await orgAuth.organization.cancelInvitation({
         invitationId,
       });
 
diff --git a/apps/mesh/src/web/hooks/use-layout-state.ts b/apps/mesh/src/web/hooks/use-layout-state.ts
index db18554f74..321d8df8ce 100644
--- a/apps/mesh/src/web/hooks/use-layout-state.ts
+++ b/apps/mesh/src/web/hooks/use-layout-state.ts
@@ -14,7 +14,11 @@
 
 import { useRef } from "react";
 import { useNavigate, useParams, useSearch } from "@tanstack/react-router";
+import { useQueryClient } from "@tanstack/react-query";
+import { useProjectContext } from "@decocms/mesh-sdk";
 import { resolveDefaultTabId } from "@/web/layouts/main-panel-tabs/tab-id";
+import { readCachedTaskBranch } from "@/web/lib/read-cached-task-branch";
+import { useTaskActions } from "@/web/hooks/use-tasks";
 
 // ---------------------------------------------------------------------------
 // Types
@@ -139,6 +143,9 @@ export function useChatMainPanelState(
     org?: string;
     taskId?: string;
   };
+  const queryClient = useQueryClient();
+  const taskActions = useTaskActions();
+  const { locator } = useProjectContext();
 
   const { virtualMcpId, orgSlug, isAgentRoute } = routeCtx;
 
@@ -204,8 +211,21 @@ export function useChatMainPanelState(
     navigateSearch({ chat: 1 }, { replace: true });
   };
 
-  const createNewTask = () => {
+  // Carry the active task's branch into the new thread so it lands on the
+  // same warm sandbox. Server picks from vmMap when no branch is provided.
+  const createNewTask = async () => {
     const newTaskId = crypto.randomUUID();
+    const branch = readCachedTaskBranch(queryClient, locator, taskId);
+    try {
+      await taskActions.create.mutateAsync({
+        id: newTaskId,
+        virtual_mcp_id: virtualMcpId,
+        ...(branch ? { branch } : {}),
+      });
+    } catch {
+      // Toast already fired by useCollectionActions; navigate anyway so the
+      // route loader's ensure-fallback can retry.
+    }
     navigate({
       to: routeBase,
       params: makeParams(newTaskId),
diff --git a/apps/mesh/src/web/hooks/use-mcp-auth-status.ts b/apps/mesh/src/web/hooks/use-mcp-auth-status.ts
index 5c652f9629..e7abd0d0d1 100644
--- a/apps/mesh/src/web/hooks/use-mcp-auth-status.ts
+++ b/apps/mesh/src/web/hooks/use-mcp-auth-status.ts
@@ -3,6 +3,7 @@ import {
   type McpAuthStatus,
 } from "@/web/lib/mcp-oauth";
 import { KEYS } from "@/web/lib/query-keys";
+import { useProjectContext } from "@decocms/mesh-sdk";
 import { useSuspenseQuery } from "@tanstack/react-query";
 
 /**
@@ -16,13 +17,18 @@ export function useMCPAuthStatus({
 }: {
   connectionId: string;
 }): McpAuthStatus {
-  const mcpProxyUrl = new URL(`/mcp/${connectionId}`, window.location.origin);
+  const { org } = useProjectContext();
+  const mcpProxyUrl = new URL(
+    `/api/${org.slug}/mcp/${connectionId}`,
+    window.location.origin,
+  );
   const { data: authStatus } = useSuspenseQuery({
     queryKey: KEYS.isMCPAuthenticated(mcpProxyUrl.href, null),
     queryFn: () =>
       isConnectionAuthenticated({
         url: mcpProxyUrl.href,
         token: null,
+        orgId: org.id,
       }),
   });
 
diff --git a/apps/mesh/src/web/hooks/use-members.ts b/apps/mesh/src/web/hooks/use-members.ts
index e91204b62a..0d54d7b353 100644
--- a/apps/mesh/src/web/hooks/use-members.ts
+++ b/apps/mesh/src/web/hooks/use-members.ts
@@ -5,7 +5,7 @@
  * Uses Suspense for loading states - wrap components in <Suspense> and <ErrorBoundary>.
  */
 
-import { authClient } from "@/web/lib/auth-client";
+import { useOrgAuthClient } from "@/web/hooks/use-org-auth-client";
 import { KEYS } from "@/web/lib/query-keys";
 import { useProjectContext } from "@decocms/mesh-sdk";
 import { useSuspenseQuery } from "@tanstack/react-query";
@@ -32,9 +32,10 @@ import { useSuspenseQuery } from "@tanstack/react-query";
  */
 export function useMembers() {
   const { locator } = useProjectContext();
+  const orgAuth = useOrgAuthClient();
 
   return useSuspenseQuery({
     queryKey: KEYS.members(locator),
-    queryFn: () => authClient.organization.listMembers(),
+    queryFn: () => orgAuth.organization.listMembers(),
   });
 }
diff --git a/apps/mesh/src/web/hooks/use-merged-store-discovery.ts b/apps/mesh/src/web/hooks/use-merged-store-discovery.ts
index 18a03c63a8..ba95f45c12 100644
--- a/apps/mesh/src/web/hooks/use-merged-store-discovery.ts
+++ b/apps/mesh/src/web/hooks/use-merged-store-discovery.ts
@@ -80,6 +80,7 @@ function buildRegistrySearchWhere(
 function useRegistryGroupQuery(
   registries: RegistrySource[],
   orgId: string,
+  orgSlug: string,
   enabled: boolean,
   search?: string,
 ) {
@@ -120,6 +121,7 @@ function useRegistryGroupQuery(
                 client = await createMCPClient({
                   connectionId: registry.id,
                   orgId,
+                  orgSlug,
                 });
 
                 const params: Record<string, unknown> = { limit: PAGE_SIZE };
@@ -246,31 +248,30 @@ export function useMergedStoreDiscovery(
   );
   const communityRegistries = registries.filter((r) => isCommunityRegistry(r));
 
-  // Query 1: all non-community registries in parallel (always enabled)
+  // Both groups load in parallel. Non-community items render before community
+  // items in the merged list (we push nc first), but the cQuery is no longer
+  // gated on nc exhaustion — gating made community results invisible whenever
+  // the previous-data hasMore was true (e.g. while typing a search, or while
+  // any nc page was still pending).
   const ncQuery = useRegistryGroupQuery(
     nonCommunityRegistries,
     org.id,
+    org.slug,
     true,
     search,
   );
-
-  // Query 2: community registries, deferred until non-community is exhausted
-  const allNonCommunityExhausted =
-    !ncQuery.hasMore && !ncQuery.isInitialLoading;
   const cQuery = useRegistryGroupQuery(
     communityRegistries,
     org.id,
-    allNonCommunityExhausted,
+    org.slug,
+    true,
     search,
   );
 
   // Collect all available items in priority order, deduplicating by registry+id
   const seen = new Set<string>();
   const items: RegistryItem[] = [];
-  const allAvailable: RegistryItem[] = [...ncQuery.items];
-  if (allNonCommunityExhausted) {
-    allAvailable.push(...cQuery.items);
-  }
+  const allAvailable: RegistryItem[] = [...ncQuery.items, ...cQuery.items];
   for (const item of allAvailable) {
     const itemKey = `${item._registryId}:${item.id}`;
     if (!seen.has(itemKey)) {
@@ -279,26 +280,13 @@ export function useMergedStoreDiscovery(
     }
   }
 
-  const isInitialLoading = ncQuery.isInitialLoading;
+  const isInitialLoading = ncQuery.isInitialLoading || cQuery.isInitialLoading;
   const isLoadingMore = ncQuery.isLoadingMore || cQuery.isLoadingMore;
-
-  const hasMore = (() => {
-    if (ncQuery.hasMore) return true;
-    if (communityRegistries.length > 0) {
-      if (!allNonCommunityExhausted) return true;
-      return cQuery.hasMore;
-    }
-    return false;
-  })();
+  const hasMore = ncQuery.hasMore || cQuery.hasMore;
 
   const loadMore = () => {
-    if (ncQuery.hasMore) {
-      ncQuery.fetchNextPage();
-      return;
-    }
-    if (cQuery.hasMore) {
-      cQuery.fetchNextPage();
-    }
+    if (ncQuery.hasMore) ncQuery.fetchNextPage();
+    if (cQuery.hasMore) cQuery.fetchNextPage();
   };
 
   return {
diff --git a/apps/mesh/src/web/hooks/use-navigate-to-agent-thread.ts b/apps/mesh/src/web/hooks/use-navigate-to-agent-thread.ts
new file mode 100644
index 0000000000..fd95ce8bbb
--- /dev/null
+++ b/apps/mesh/src/web/hooks/use-navigate-to-agent-thread.ts
@@ -0,0 +1,64 @@
+import { useNavigate, useParams, useSearch } from "@tanstack/react-router";
+import { useQueryClient } from "@tanstack/react-query";
+import { useProjectContext } from "@decocms/mesh-sdk";
+import { useTaskActions } from "@/web/hooks/use-tasks";
+import { readCachedTaskBranch } from "@/web/lib/read-cached-task-branch";
+import { readCachedLastThread } from "@/web/lib/read-cached-last-thread";
+import { authClient } from "@/web/lib/auth-client";
+
+/**
+ * Hook for sidebar pinned-agent entry points. Resumes the user's most
+ * recent thread with the target vMCP when one is in the local TanStack
+ * cache; otherwise falls back to creating a new thread. The branch-carry
+ * behavior (carrying the active task's branch into a brand-new thread
+ * for the same vMCP) is preserved on the create path.
+ *
+ * Returns `{ resumed }` so the call site can emit the right analytics.
+ */
+export function useNavigateToAgentThread(orgSlug: string) {
+  const navigate = useNavigate();
+  const queryClient = useQueryClient();
+  const taskActions = useTaskActions();
+  const { locator } = useProjectContext();
+  const params = useParams({ strict: false }) as { taskId?: string };
+  const search = useSearch({ strict: false }) as { virtualmcpid?: string };
+  const { data: session } = authClient.useSession();
+  const userId = session?.user?.id;
+
+  return async (targetVirtualMcpId: string): Promise<{ resumed: boolean }> => {
+    const last = userId
+      ? readCachedLastThread(queryClient, locator, targetVirtualMcpId, userId)
+      : null;
+
+    if (last) {
+      navigate({
+        to: "/$org/$taskId",
+        params: { org: orgSlug, taskId: last.id },
+        search: { virtualmcpid: targetVirtualMcpId },
+      });
+      return { resumed: true };
+    }
+
+    const taskId = crypto.randomUUID();
+    const carryBranch =
+      targetVirtualMcpId === search.virtualmcpid
+        ? readCachedTaskBranch(queryClient, locator, params.taskId ?? "")
+        : null;
+    try {
+      await taskActions.create.mutateAsync({
+        id: taskId,
+        virtual_mcp_id: targetVirtualMcpId,
+        ...(carryBranch ? { branch: carryBranch } : {}),
+      });
+    } catch {
+      // Toast already fired; navigate anyway so the route loader's
+      // ensure-fallback can retry.
+    }
+    navigate({
+      to: "/$org/$taskId",
+      params: { org: orgSlug, taskId },
+      search: { virtualmcpid: targetVirtualMcpId },
+    });
+    return { resumed: false };
+  };
+}
diff --git a/apps/mesh/src/web/hooks/use-org-auth-client.ts b/apps/mesh/src/web/hooks/use-org-auth-client.ts
new file mode 100644
index 0000000000..0ae8ff2724
--- /dev/null
+++ b/apps/mesh/src/web/hooks/use-org-auth-client.ts
@@ -0,0 +1,89 @@
+/**
+ * useOrgAuthClient
+ *
+ * Wraps `authClient.organization` and injects `organizationId` from the
+ * current project context into every org-scoped call.
+ *
+ * Why: Better Auth's organization plugin endpoints fall back to
+ * `session.activeOrganizationId` when no `organizationId` is passed. That
+ * field lives on a single per-user session row shared across all browser
+ * tabs, so calls from tab A could silently hit tab B's org. The fix —
+ * recommended by Better Auth's docs — is to manage the active org
+ * client-side and pass `organizationId` per-request. This hook is the
+ * single place where that injection happens.
+ *
+ * Direct use of `authClient.organization.<method>` for org-scoped methods
+ * is banned by the `ban-direct-auth-client-organization` lint rule. New
+ * code should call methods on the object returned by this hook.
+ */
+
+import { authClient } from "@/web/lib/auth-client";
+import { useProjectContext } from "@decocms/mesh-sdk";
+
+type OrgClient = typeof authClient.organization;
+
+type Params<K extends keyof OrgClient> = OrgClient[K] extends (
+  args: infer A,
+  ...rest: unknown[]
+) => unknown
+  ? A
+  : never;
+
+type Result<K extends keyof OrgClient> = OrgClient[K] extends (
+  ...args: unknown[]
+) => infer R
+  ? R
+  : never;
+
+export function useOrgAuthClient() {
+  const { org } = useProjectContext();
+  const organizationId = org.id;
+
+  // Methods where `organizationId` is a top-level field on the body.
+  const withBodyOrgId = <K extends keyof OrgClient>(method: K) => {
+    return ((args?: Params<K>) =>
+      (authClient.organization[method] as (a: unknown) => Result<K>)({
+        ...(args ?? {}),
+        organizationId,
+      })) as (args?: Params<K>) => Result<K>;
+  };
+
+  // Methods where `organizationId` lives under `query`.
+  const withQueryOrgId = <K extends keyof OrgClient>(method: K) => {
+    return ((args?: Params<K>) => {
+      const next = { ...(args ?? {}) } as Record<string, unknown>;
+      const query = (next.query as Record<string, unknown> | undefined) ?? {};
+      next.query = { ...query, organizationId };
+      return (authClient.organization[method] as (a: unknown) => Result<K>)(
+        next,
+      );
+    }) as (args?: Params<K>) => Result<K>;
+  };
+
+  return {
+    organization: {
+      // ---- org-scoped (orgId injected) ----
+      listMembers: withQueryOrgId("listMembers"),
+      listRoles: withQueryOrgId("listRoles"),
+      inviteMember: withBodyOrgId("inviteMember"),
+      removeMember: withBodyOrgId("removeMember"),
+      updateMemberRole: withBodyOrgId("updateMemberRole"),
+      addMember: withBodyOrgId("addMember"),
+      createRole: withBodyOrgId("createRole"),
+      updateRole: withBodyOrgId("updateRole"),
+      deleteRole: withBodyOrgId("deleteRole"),
+      cancelInvitation: withBodyOrgId("cancelInvitation"),
+      update: withBodyOrgId("update"),
+
+      // ---- non-org-scoped pass-throughs ----
+      // Invitations are scoped by their own id.
+      acceptInvitation: authClient.organization.acceptInvitation,
+      rejectInvitation: authClient.organization.rejectInvitation,
+      getInvitation: authClient.organization.getInvitation,
+      // Cross-org or pre-org operations.
+      list: authClient.organization.list,
+      create: authClient.organization.create,
+      getFullOrganization: authClient.organization.getFullOrganization,
+    },
+  };
+}
diff --git a/apps/mesh/src/web/hooks/use-org-sso.ts b/apps/mesh/src/web/hooks/use-org-sso.ts
index 2723112b31..5aecee3309 100644
--- a/apps/mesh/src/web/hooks/use-org-sso.ts
+++ b/apps/mesh/src/web/hooks/use-org-sso.ts
@@ -14,31 +14,37 @@ interface SsoConfigResponse {
   config?: OrgSsoConfigPublic;
 }
 
-export function useOrgSsoStatus(orgId: string | undefined) {
+export function useOrgSsoStatus(
+  orgId: string | undefined,
+  orgSlug: string | undefined,
+) {
   return useQuery({
     queryKey: KEYS.orgSsoStatus(orgId ?? ""),
     queryFn: async (): Promise<SsoStatusResponse> => {
-      const response = await fetch("/api/org-sso/status");
+      const response = await fetch(`/api/${orgSlug}/sso/status`);
       if (!response.ok) throw new Error("Failed to check SSO status");
       return response.json();
     },
-    enabled: !!orgId,
+    enabled: !!orgId && !!orgSlug,
   });
 }
 
-export function useOrgSsoConfig(orgId: string | undefined) {
+export function useOrgSsoConfig(
+  orgId: string | undefined,
+  orgSlug: string | undefined,
+) {
   return useQuery({
     queryKey: KEYS.orgSsoConfig(orgId ?? ""),
     queryFn: async (): Promise<SsoConfigResponse> => {
-      const response = await fetch("/api/org-sso/config");
+      const response = await fetch(`/api/${orgSlug}/sso/config`);
       if (!response.ok) throw new Error("Failed to fetch SSO config");
       return response.json();
     },
-    enabled: !!orgId,
+    enabled: !!orgId && !!orgSlug,
   });
 }
 
-export function useSaveOrgSsoConfig(orgId: string) {
+export function useSaveOrgSsoConfig(orgId: string, orgSlug: string) {
   const queryClient = useQueryClient();
 
   return useMutation({
@@ -51,7 +57,7 @@ export function useSaveOrgSsoConfig(orgId: string) {
       domain: string;
       enforced?: boolean;
     }) => {
-      const response = await fetch("/api/org-sso/config", {
+      const response = await fetch(`/api/${orgSlug}/sso/config`, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify(data),
@@ -69,12 +75,12 @@ export function useSaveOrgSsoConfig(orgId: string) {
   });
 }
 
-export function useDeleteOrgSsoConfig(orgId: string) {
+export function useDeleteOrgSsoConfig(orgId: string, orgSlug: string) {
   const queryClient = useQueryClient();
 
   return useMutation({
     mutationFn: async () => {
-      const response = await fetch("/api/org-sso/config", {
+      const response = await fetch(`/api/${orgSlug}/sso/config`, {
         method: "DELETE",
       });
       if (!response.ok) throw new Error("Failed to delete SSO config");
@@ -87,12 +93,12 @@ export function useDeleteOrgSsoConfig(orgId: string) {
   });
 }
 
-export function useToggleSsoEnforcement(orgId: string) {
+export function useToggleSsoEnforcement(orgId: string, orgSlug: string) {
   const queryClient = useQueryClient();
 
   return useMutation({
     mutationFn: async (enforced: boolean) => {
-      const response = await fetch("/api/org-sso/config/enforce", {
+      const response = await fetch(`/api/${orgSlug}/sso/config/enforce`, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({ enforced }),
diff --git a/apps/mesh/src/web/hooks/use-organization-roles.ts b/apps/mesh/src/web/hooks/use-organization-roles.ts
index 78984f48ab..e78a56c94d 100644
--- a/apps/mesh/src/web/hooks/use-organization-roles.ts
+++ b/apps/mesh/src/web/hooks/use-organization-roles.ts
@@ -5,7 +5,7 @@
  * dynamic access control feature. Combines built-in roles with custom roles.
  */
 
-import { authClient } from "@/web/lib/auth-client";
+import { useOrgAuthClient } from "@/web/hooks/use-org-auth-client";
 import { KEYS } from "@/web/lib/query-keys";
 import { useProjectContext } from "@decocms/mesh-sdk";
 import { useQuery } from "@tanstack/react-query";
@@ -147,6 +147,7 @@ function parsePermission(
  */
 export function useOrganizationRoles() {
   const { locator } = useProjectContext();
+  const orgAuth = useOrgAuthClient();
 
   const {
     data: customRolesData,
@@ -157,7 +158,7 @@ export function useOrganizationRoles() {
     queryKey: KEYS.organizationRoles(locator),
     queryFn: async () => {
       try {
-        const result = await authClient.organization.listRoles();
+        const result = await orgAuth.organization.listRoles();
 
         if (result?.error) {
           console.error("[useOrganizationRoles] API error:", result.error);
diff --git a/apps/mesh/src/web/hooks/use-organization-settings.ts b/apps/mesh/src/web/hooks/use-organization-settings.ts
new file mode 100644
index 0000000000..f15e9f1b41
--- /dev/null
+++ b/apps/mesh/src/web/hooks/use-organization-settings.ts
@@ -0,0 +1,308 @@
+import {
+  SELF_MCP_ALIAS_ID,
+  useMCPClient,
+  useProjectContext,
+  WellKnownOrgMCPId,
+} from "@decocms/mesh-sdk";
+import {
+  useMutation,
+  useQuery,
+  useQueryClient,
+  useSuspenseQuery,
+  type MutateOptions,
+  type UseMutationResult,
+  type UseQueryResult,
+} from "@tanstack/react-query";
+import { KEYS } from "@/web/lib/query-keys";
+
+export interface ModelSlot {
+  keyId: string;
+  modelId: string;
+  title?: string;
+}
+
+export interface SimpleModeConfig {
+  enabled: boolean;
+  chat: {
+    fast: ModelSlot | null;
+    smart: ModelSlot | null;
+    thinking: ModelSlot | null;
+  };
+  image: ModelSlot | null;
+  webResearch: ModelSlot | null;
+}
+
+export interface RegistryConfig {
+  registries: Record<string, { enabled: boolean }>;
+  blockedMcps: string[];
+}
+
+export interface DefaultHomeAgentsConfig {
+  ids: string[];
+}
+
+export interface OrganizationSettings {
+  organizationId: string;
+  sidebar_items: unknown[] | null;
+  enabled_plugins: string[] | null;
+  registry_config: RegistryConfig | null;
+  simple_mode: SimpleModeConfig | null;
+  default_home_agents: DefaultHomeAgentsConfig | null;
+  createdAt?: string;
+  updatedAt?: string;
+}
+
+const EMPTY_SETTINGS: OrganizationSettings = {
+  organizationId: "",
+  sidebar_items: null,
+  enabled_plugins: null,
+  registry_config: null,
+  simple_mode: null,
+  default_home_agents: null,
+};
+
+const EMPTY_SIMPLE_MODE: SimpleModeConfig = {
+  enabled: false,
+  chat: { fast: null, smart: null, thinking: null },
+  image: null,
+  webResearch: null,
+};
+
+/**
+ * Core query hook over the single shared `organization_settings` row.
+ * Callers pass a `select` fn to derive just the slice they care about.
+ * Not exported — use a named wrapper (useSimpleMode, useRegistryConfig, …).
+ */
+function useOrganizationSettings<T = OrganizationSettings>(
+  select?: (settings: OrganizationSettings) => T,
+): UseQueryResult<T> {
+  const { org } = useProjectContext();
+  const client = useMCPClient({
+    connectionId: SELF_MCP_ALIAS_ID,
+    orgId: org.id,
+    orgSlug: org.slug,
+  });
+
+  return useQuery({
+    queryKey: KEYS.organizationSettings(org.id),
+    queryFn: async () => {
+      const result = (await client.callTool({
+        name: "ORGANIZATION_SETTINGS_GET",
+        arguments: {},
+      })) as { structuredContent?: OrganizationSettings; isError?: boolean };
+      if (result?.isError) {
+        return { ...EMPTY_SETTINGS, organizationId: org.id };
+      }
+      return (
+        result.structuredContent ?? {
+          ...EMPTY_SETTINGS,
+          organizationId: org.id,
+        }
+      );
+    },
+    staleTime: 60_000,
+    select: select as (data: OrganizationSettings) => T,
+  });
+}
+
+/**
+ * Suspense variant used by shell-layout, which mounts ProjectContextProvider
+ * and therefore can't call useProjectContext() yet — so it passes `orgId`
+ * explicitly. Same query key as the non-suspense variant — shares the cache.
+ */
+export function useOrganizationSettingsSuspense(
+  orgId: string,
+  orgSlug: string,
+): OrganizationSettings {
+  const client = useMCPClient({
+    connectionId: SELF_MCP_ALIAS_ID,
+    orgId,
+    orgSlug,
+  });
+
+  const { data } = useSuspenseQuery({
+    queryKey: KEYS.organizationSettings(orgId),
+    queryFn: async () => {
+      const result = (await client.callTool({
+        name: "ORGANIZATION_SETTINGS_GET",
+        arguments: {},
+      })) as { structuredContent?: OrganizationSettings; isError?: boolean };
+      if (result?.isError) {
+        return { ...EMPTY_SETTINGS, organizationId: orgId };
+      }
+      return (
+        result.structuredContent ?? { ...EMPTY_SETTINGS, organizationId: orgId }
+      );
+    },
+    staleTime: 60_000,
+  });
+
+  return data;
+}
+
+type OrgSettingsUpdateInput = Partial<
+  Pick<
+    OrganizationSettings,
+    | "sidebar_items"
+    | "enabled_plugins"
+    | "registry_config"
+    | "simple_mode"
+    | "default_home_agents"
+  >
+>;
+
+type ToolErrorEnvelope = {
+  isError?: boolean;
+  content?: Array<{ type?: string; text?: string }>;
+};
+
+/**
+ * Core mutation hook. Accepts any subset of updatable org-settings fields.
+ * On success, writes the full returned row into the shared cache entry so
+ * every consumer sees fresh data without a refetch.
+ */
+export function useUpdateOrganizationSettings(): UseMutationResult<
+  OrganizationSettings,
+  Error,
+  OrgSettingsUpdateInput
+> {
+  const { org } = useProjectContext();
+  const client = useMCPClient({
+    connectionId: SELF_MCP_ALIAS_ID,
+    orgId: org.id,
+    orgSlug: org.slug,
+  });
+  const queryClient = useQueryClient();
+
+  return useMutation({
+    mutationFn: async (input: OrgSettingsUpdateInput) => {
+      const result = (await client.callTool({
+        name: "ORGANIZATION_SETTINGS_UPDATE",
+        arguments: {
+          organizationId: org.id,
+          ...input,
+        },
+      })) as {
+        structuredContent?: OrganizationSettings;
+      } & ToolErrorEnvelope;
+      if (result?.isError) {
+        throw new Error(
+          result.content?.[0]?.text ?? "Failed to update organization settings",
+        );
+      }
+      const payload = result.structuredContent;
+      if (!payload) {
+        throw new Error("ORGANIZATION_SETTINGS_UPDATE returned no payload");
+      }
+      return payload;
+    },
+    onSuccess: (payload) => {
+      queryClient.setQueryData(
+        KEYS.organizationSettings(org.id),
+        (prev: OrganizationSettings | undefined) => ({
+          ...(prev ?? EMPTY_SETTINGS),
+          ...payload,
+        }),
+      );
+    },
+  });
+}
+
+// ---------------------------------------------------------------------------
+// Thin named wrappers — one per slice of organization settings currently
+// consumed by the React tree. Share the same query key and cache entry.
+// ---------------------------------------------------------------------------
+
+function normalizeSimpleMode(cfg: SimpleModeConfig | null): SimpleModeConfig {
+  if (!cfg) return EMPTY_SIMPLE_MODE;
+  return {
+    enabled: cfg.enabled ?? false,
+    chat: {
+      fast: cfg.chat?.fast ?? null,
+      smart: cfg.chat?.smart ?? null,
+      thinking: cfg.chat?.thinking ?? null,
+    },
+    image: cfg.image ?? null,
+    webResearch: cfg.webResearch ?? null,
+  };
+}
+
+export function useSimpleMode(): SimpleModeConfig {
+  const { data } = useOrganizationSettings((s) =>
+    normalizeSimpleMode(s.simple_mode),
+  );
+  return data ?? EMPTY_SIMPLE_MODE;
+}
+
+type OrgSettingsMutateOptions = MutateOptions<
+  OrganizationSettings,
+  Error,
+  OrgSettingsUpdateInput
+>;
+
+export function useUpdateSimpleMode() {
+  const mutation = useUpdateOrganizationSettings();
+  return {
+    ...mutation,
+    mutate: (config: SimpleModeConfig, options?: OrgSettingsMutateOptions) =>
+      mutation.mutate({ simple_mode: config }, options),
+    mutateAsync: (
+      config: SimpleModeConfig,
+      options?: OrgSettingsMutateOptions,
+    ) => mutation.mutateAsync({ simple_mode: config }, options),
+  };
+}
+
+export function useRegistryConfig(): RegistryConfig | null {
+  const { data } = useOrganizationSettings((s) => s.registry_config);
+  return data ?? null;
+}
+
+export function useUpdateRegistryConfig() {
+  const mutation = useUpdateOrganizationSettings();
+  return {
+    ...mutation,
+    mutate: (config: RegistryConfig, options?: OrgSettingsMutateOptions) =>
+      mutation.mutate({ registry_config: config }, options),
+    mutateAsync: (config: RegistryConfig, options?: OrgSettingsMutateOptions) =>
+      mutation.mutateAsync({ registry_config: config }, options),
+  };
+}
+
+/**
+ * Returns a predicate that tells whether a given connectionId is an enabled
+ * registry. Falls back to "Deco Store is the default" when no registry_config
+ * is set.
+ */
+export function useDefaultHomeAgents(): DefaultHomeAgentsConfig | null {
+  const { data } = useOrganizationSettings((s) => s.default_home_agents);
+  return data ?? null;
+}
+
+export function useUpdateDefaultHomeAgents() {
+  const mutation = useUpdateOrganizationSettings();
+  return {
+    ...mutation,
+    mutate: (
+      config: DefaultHomeAgentsConfig,
+      options?: OrgSettingsMutateOptions,
+    ) => mutation.mutate({ default_home_agents: config }, options),
+    mutateAsync: (
+      config: DefaultHomeAgentsConfig,
+      options?: OrgSettingsMutateOptions,
+    ) => mutation.mutateAsync({ default_home_agents: config }, options),
+  };
+}
+
+export function useIsRegistryEnabled(): (connectionId: string) => boolean {
+  const { org } = useProjectContext();
+  const registryConfig = useRegistryConfig();
+  const decoStoreId = WellKnownOrgMCPId.REGISTRY(org.id);
+
+  return (connectionId: string): boolean => {
+    if (!registryConfig) return connectionId === decoStoreId;
+    const entry = registryConfig.registries[connectionId];
+    if (!entry) return connectionId === decoStoreId;
+    return entry.enabled;
+  };
+}
diff --git a/apps/mesh/src/web/hooks/use-registry-app.ts b/apps/mesh/src/web/hooks/use-registry-app.ts
index 205cda6c4b..fa81e67f93 100644
--- a/apps/mesh/src/web/hooks/use-registry-app.ts
+++ b/apps/mesh/src/web/hooks/use-registry-app.ts
@@ -22,7 +22,11 @@ import type { RegistryItem } from "@/web/components/store/types";
 export function useRegistryApp(appId: string, options?: { enabled?: boolean }) {
   const { org } = useProjectContext();
   const registryId = WellKnownOrgMCPId.REGISTRY(org.id);
-  const client = useMCPClient({ connectionId: registryId, orgId: org.id });
+  const client = useMCPClient({
+    connectionId: registryId,
+    orgId: org.id,
+    orgSlug: org.slug,
+  });
 
   return useMCPToolCallQuery<RegistryItem | null>({
     client,
diff --git a/apps/mesh/src/web/hooks/use-registry-connections.ts b/apps/mesh/src/web/hooks/use-registry-connections.ts
index 172ff16344..6470798fe1 100644
--- a/apps/mesh/src/web/hooks/use-registry-connections.ts
+++ b/apps/mesh/src/web/hooks/use-registry-connections.ts
@@ -14,11 +14,11 @@ import {
   useProjectContext,
   WellKnownOrgMCPId,
 } from "@decocms/mesh-sdk";
-import { useRegistrySettings } from "./use-registry-settings";
+import { useRegistryConfig } from "./use-organization-settings";
 
 export function useRegistryConnections() {
   const { org } = useProjectContext();
-  const { registryConfig } = useRegistrySettings();
+  const registryConfig = useRegistryConfig();
 
   // Well-known registries are always included
   const decoStoreId = WellKnownOrgMCPId.REGISTRY(org.id);
diff --git a/apps/mesh/src/web/hooks/use-registry-settings.ts b/apps/mesh/src/web/hooks/use-registry-settings.ts
deleted file mode 100644
index 5172914f8c..0000000000
--- a/apps/mesh/src/web/hooks/use-registry-settings.ts
+++ /dev/null
@@ -1,101 +0,0 @@
-import { useQuery, useQueryClient, useMutation } from "@tanstack/react-query";
-import {
-  SELF_MCP_ALIAS_ID,
-  useMCPClient,
-  useProjectContext,
-  WellKnownOrgMCPId,
-} from "@decocms/mesh-sdk";
-import { KEYS } from "@/web/lib/query-keys";
-import { toast } from "sonner";
-
-export interface RegistryConfig {
-  registries: Record<string, { enabled: boolean }>;
-  blockedMcps: string[];
-}
-
-export function useRegistrySettings() {
-  const { org } = useProjectContext();
-  const client = useMCPClient({
-    connectionId: SELF_MCP_ALIAS_ID,
-    orgId: org.id,
-  });
-  const queryClient = useQueryClient();
-
-  const { data, isLoading } = useQuery({
-    queryKey: KEYS.registryConfig(org.id),
-    queryFn: async () => {
-      const result = (await client.callTool({
-        name: "ORGANIZATION_SETTINGS_GET",
-        arguments: {},
-      })) as {
-        structuredContent?: { registry_config?: RegistryConfig | null };
-      };
-      return (
-        (
-          (result.structuredContent ?? result) as {
-            registry_config?: RegistryConfig | null;
-          }
-        ).registry_config ?? null
-      );
-    },
-    staleTime: 30_000,
-  });
-
-  const registryConfig = data ?? null;
-
-  const decoStoreId = WellKnownOrgMCPId.REGISTRY(org.id);
-
-  const isRegistryEnabled = (connectionId: string): boolean => {
-    if (!registryConfig) return connectionId === decoStoreId;
-    const entry = registryConfig.registries[connectionId];
-    if (!entry) return connectionId === decoStoreId;
-    return entry.enabled;
-  };
-
-  const isMcpBlocked = (appNameOrId: string): boolean => {
-    if (!registryConfig) return false;
-    return registryConfig.blockedMcps.includes(appNameOrId);
-  };
-
-  const { mutateAsync: updateRegistryConfig } = useMutation({
-    mutationFn: async (config: RegistryConfig) => {
-      await client.callTool({
-        name: "ORGANIZATION_SETTINGS_UPDATE",
-        arguments: {
-          organizationId: org.id,
-          registry_config: config,
-        },
-      });
-      return config;
-    },
-    onMutate: async (config) => {
-      await queryClient.cancelQueries({
-        queryKey: KEYS.registryConfig(org.id),
-      });
-      const previous = queryClient.getQueryData<RegistryConfig | null>(
-        KEYS.registryConfig(org.id),
-      );
-      queryClient.setQueryData(KEYS.registryConfig(org.id), config);
-      return { previous };
-    },
-    onError: (err, _config, context) => {
-      if (context?.previous !== undefined) {
-        queryClient.setQueryData(KEYS.registryConfig(org.id), context.previous);
-      }
-      toast.error(`Failed to update store settings: ${err.message}`);
-    },
-    onSettled: () => {
-      queryClient.invalidateQueries({
-        queryKey: KEYS.registryConfig(org.id),
-      });
-    },
-  });
-
-  return {
-    registryConfig,
-    isLoading,
-    isRegistryEnabled,
-    isMcpBlocked,
-    updateRegistryConfig,
-  };
-}
diff --git a/apps/mesh/src/web/hooks/use-status-sounds.ts b/apps/mesh/src/web/hooks/use-status-sounds.ts
index 09fd2d1bab..746e4adddb 100644
--- a/apps/mesh/src/web/hooks/use-status-sounds.ts
+++ b/apps/mesh/src/web/hooks/use-status-sounds.ts
@@ -9,11 +9,11 @@ const SOUND_STATUSES = new Set(["completed", "failed", "requires_action"]);
  * Subscribe to org-wide SSE thread status events and play corresponding sounds.
  * Mount once at the app layout level.
  */
-export function useStatusSounds(orgId: string) {
+export function useStatusSounds(orgSlug: string) {
   const [preferences] = usePreferences();
 
   useDecopilotEvents({
-    orgId,
+    orgSlug,
     onTaskStatus: (event) => {
       if (!preferences.enableSounds) return;
       if (!SOUND_STATUSES.has(event.data.status)) return;
diff --git a/apps/mesh/src/web/hooks/use-tags.ts b/apps/mesh/src/web/hooks/use-tags.ts
index 5a29835163..4c0cadc375 100644
--- a/apps/mesh/src/web/hooks/use-tags.ts
+++ b/apps/mesh/src/web/hooks/use-tags.ts
@@ -35,6 +35,7 @@ export function useTags() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useQuery({
@@ -60,6 +61,7 @@ export function useCreateTag() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useMutation({
@@ -97,6 +99,7 @@ export function useMemberTags(memberId: string) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useQuery({
@@ -124,6 +127,7 @@ export function useSetMemberTags() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useMutation({
diff --git a/apps/mesh/src/web/hooks/use-task-expanded-tools.ts b/apps/mesh/src/web/hooks/use-task-expanded-tools.ts
index 33e33508a9..b8fd6d1e34 100644
--- a/apps/mesh/src/web/hooks/use-task-expanded-tools.ts
+++ b/apps/mesh/src/web/hooks/use-task-expanded-tools.ts
@@ -29,6 +29,7 @@ export function useTaskExpandedTools(taskId: string) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const mutation = useMutation({
diff --git a/apps/mesh/src/web/hooks/use-tasks-auto-refresh.ts b/apps/mesh/src/web/hooks/use-tasks-auto-refresh.ts
index 0047db828a..2df5428fb1 100644
--- a/apps/mesh/src/web/hooks/use-tasks-auto-refresh.ts
+++ b/apps/mesh/src/web/hooks/use-tasks-auto-refresh.ts
@@ -13,7 +13,7 @@ export function useTasksAutoRefresh() {
   const queryClient = useQueryClient();
 
   useDecopilotEvents({
-    orgId: org.id,
+    orgSlug: org.slug,
     onTaskStatus: () => {
       queryClient.invalidateQueries({
         queryKey: KEYS.tasksPrefix(locator),
diff --git a/apps/mesh/src/web/hooks/use-tasks-panel-state.tsx b/apps/mesh/src/web/hooks/use-tasks-panel-state.tsx
index c6c9f58757..4f94846dc9 100644
--- a/apps/mesh/src/web/hooks/use-tasks-panel-state.tsx
+++ b/apps/mesh/src/web/hooks/use-tasks-panel-state.tsx
@@ -61,3 +61,7 @@ export function useTasksPanelState(): TasksPanelState {
   }
   return ctx;
 }
+
+export function useOptionalTasksPanelState(): TasksPanelState | null {
+  return useContext(TasksPanelStateContext);
+}
diff --git a/apps/mesh/src/web/hooks/use-tasks.ts b/apps/mesh/src/web/hooks/use-tasks.ts
new file mode 100644
index 0000000000..bfd1fd5974
--- /dev/null
+++ b/apps/mesh/src/web/hooks/use-tasks.ts
@@ -0,0 +1,57 @@
+/**
+ * Task (thread) hooks — mirror the useConnection/useConnections/useConnectionActions
+ * pattern. Backed by COLLECTION_THREADS_* tools.
+ */
+
+import {
+  SELF_MCP_ALIAS_ID,
+  useCollectionActions,
+  useMCPClient,
+  useProjectContext,
+} from "@decocms/mesh-sdk";
+import { useQueryClient } from "@tanstack/react-query";
+import { KEYS } from "@/web/lib/query-keys";
+import type { ThreadEntity } from "@/tools/thread/schema";
+
+export type Task = ThreadEntity;
+
+/**
+ * Mutation hooks. `create.mutateAsync({ id?, virtual_mcp_id, branch?, title?, description? })`.
+ * `update.mutateAsync({ id, data })`.
+ *
+ * The `create.onSuccess` from useCollectionActions only invalidates the
+ * canonical collection cache. Tasks have a parallel legacy task list at
+ * KEYS.tasksPrefix(locator) that chat-context reads from for the branch
+ * picker; we wrap the create mutation here so every caller refreshes both
+ * caches consistently.
+ */
+export function useTaskActions() {
+  const { org, locator } = useProjectContext();
+  const client = useMCPClient({
+    connectionId: SELF_MCP_ALIAS_ID,
+    orgId: org.id,
+    orgSlug: org.slug,
+  });
+  const queryClient = useQueryClient();
+  const actions = useCollectionActions<Task>(org.id, "THREADS", client);
+
+  const originalCreate = actions.create;
+  const wrappedMutateAsync: typeof originalCreate.mutateAsync = async (
+    data,
+    options,
+  ) => {
+    const result = await originalCreate.mutateAsync(data, options);
+    queryClient.invalidateQueries({ queryKey: KEYS.tasksPrefix(locator) });
+    return result;
+  };
+
+  return {
+    ...actions,
+    create: {
+      ...originalCreate,
+      mutateAsync: wrappedMutateAsync,
+    },
+  };
+}
+
+export { useEnsureTask } from "./use-ensure-task";
diff --git a/apps/mesh/src/web/hooks/use-toggle-env-panel.ts b/apps/mesh/src/web/hooks/use-toggle-env-panel.ts
index 4331a0c9e7..42e182319f 100644
--- a/apps/mesh/src/web/hooks/use-toggle-env-panel.ts
+++ b/apps/mesh/src/web/hooks/use-toggle-env-panel.ts
@@ -1,36 +1,33 @@
 import { useNavigate, useSearch } from "@tanstack/react-router";
 
 /**
- * Standalone hook to toggle the env (VM/server) panel via URL search params.
- * Opens the main panel when opening env. Can be used from any component
- * without needing the full useChatMainPanelState context.
+ * Focus the Env tab via the `?main=<tabId>` URL contract shared with
+ * useChatMainPanelState. toggleEnv collapses back to `?main=0` when already active.
  */
+const ENV_TAB_ID = "env";
+
 export function useToggleEnvPanel() {
   const navigate = useNavigate();
-  const search = useSearch({ strict: false }) as { env?: number };
-  const envOpen = search.env === 1;
+  const search = useSearch({ strict: false }) as { main?: string };
+  const envOpen = search.main === ENV_TAB_ID;
 
-  const toggleEnv = () => {
-    const updates = envOpen ? { env: 0 } : { env: 1, mainOpen: 1 };
+  const setMain = (value: string) => {
     navigate({
       search: ((prev: Record<string, unknown>) => ({
         ...prev,
-        ...updates,
+        main: value,
       })) as any,
       replace: true,
     });
   };
 
+  const toggleEnv = () => {
+    setMain(envOpen ? "0" : ENV_TAB_ID);
+  };
+
   const openEnv = () => {
     if (envOpen) return;
-    navigate({
-      search: ((prev: Record<string, unknown>) => ({
-        ...prev,
-        env: 1,
-        mainOpen: 1,
-      })) as any,
-      replace: true,
-    });
+    setMain(ENV_TAB_ID);
   };
 
   return { envOpen, toggleEnv, openEnv };
diff --git a/apps/mesh/src/web/hooks/use-tool-definition-lookup.ts b/apps/mesh/src/web/hooks/use-tool-definition-lookup.ts
index 1d9e0522b5..dd67026c8b 100644
--- a/apps/mesh/src/web/hooks/use-tool-definition-lookup.ts
+++ b/apps/mesh/src/web/hooks/use-tool-definition-lookup.ts
@@ -16,13 +16,14 @@ export function useToolDefinitionLookup(
   rawToolName: string | null,
   connectionId: string | null,
   orgId: string,
+  orgSlug: string,
 ): { toolDef: Tool | undefined; isLoading: boolean } {
   const { data: toolDef, isLoading } = useQuery({
     queryKey: KEYS.toolDefinitionLookup(connectionId, orgId, rawToolName),
     queryFn: async () => {
       if (!rawToolName || !connectionId) return null;
 
-      const client = await createMCPClient({ connectionId, orgId });
+      const client = await createMCPClient({ connectionId, orgId, orgSlug });
       try {
         const { tools } = await client.listTools();
 
diff --git a/apps/mesh/src/web/hooks/use-user-by-id.ts b/apps/mesh/src/web/hooks/use-user-by-id.ts
index d780c0ebd7..7be3896cbc 100644
--- a/apps/mesh/src/web/hooks/use-user-by-id.ts
+++ b/apps/mesh/src/web/hooks/use-user-by-id.ts
@@ -36,6 +36,7 @@ export function useUserById(userId: string) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useQuery({
diff --git a/apps/mesh/src/web/index.tsx b/apps/mesh/src/web/index.tsx
index 5321bd0651..99fd5df667 100644
--- a/apps/mesh/src/web/index.tsx
+++ b/apps/mesh/src/web/index.tsx
@@ -20,6 +20,7 @@ import "../../index.css";
 
 import { authClient } from "@/web/lib/auth-client";
 import { LOCALSTORAGE_KEYS } from "@/web/lib/localstorage-keys";
+
 import { sourcePlugins } from "./plugins.ts";
 import type {
   AnyClientPlugin,
@@ -174,11 +175,23 @@ const orgLayout = createRoute({
 });
 
 // ============================================
-// AGENT SHELL LAYOUT (pathless — wraps agent/org-home routes with sidebar + 3-panel)
+// ORG SHELL LAYOUT (pathless — sidebar + Toolbar + ChatPrefsProvider for / and /$taskId)
 // ============================================
 
-const agentShellLayout = createRoute({
+const orgShellLayout = createRoute({
   getParentRoute: () => orgLayout,
+  id: "org-shell",
+  component: lazyRouteComponent(
+    () => import("./layouts/org-shell-layout/index.tsx"),
+  ),
+});
+
+// ============================================
+// AGENT SHELL LAYOUT (pathless — per-task chrome under orgShellLayout)
+// ============================================
+
+const agentShellLayout = createRoute({
+  getParentRoute: () => orgShellLayout,
   id: "agent-shell",
   component: lazyRouteComponent(
     () => import("./layouts/agent-shell-layout/index.tsx"),
@@ -198,6 +211,7 @@ const unifiedChatSearchSchema = z.object({
   tasks: z.number().optional(),
   mainOpen: z.number().optional(),
   chat: z.number().optional(),
+  autosend: z.string().optional(),
 });
 
 const unifiedChatRoute = createRoute({
@@ -207,18 +221,12 @@ const unifiedChatRoute = createRoute({
   component: () => null,
 });
 
-// Org index redirects to a fresh decopilot task
+// Org index renders the home landing page (single-panel + HomePage), no
+// agent shell.
 const orgIndexRoute = createRoute({
-  getParentRoute: () => agentShellLayout,
+  getParentRoute: () => orgShellLayout,
   path: "/",
-  beforeLoad: ({ params }) => {
-    const taskId = crypto.randomUUID();
-    throw redirect({
-      to: "/$org/$taskId",
-      params: { org: params.org, taskId },
-    });
-  },
-  component: () => null,
+  component: lazyRouteComponent(() => import("./layouts/org-home/index.tsx")),
 });
 
 // ============================================
@@ -349,6 +357,19 @@ const settingsMembersRoute = createRoute({
   ),
 });
 
+const settingsRolesRoute = createRoute({
+  getParentRoute: () => settingsLayout,
+  path: "/roles",
+  component: lazyRouteComponent(
+    () => import("./routes/orgs/settings/roles.tsx"),
+  ),
+  validateSearch: z.lazy(() =>
+    z.object({
+      role: z.string().optional(),
+    }),
+  ),
+});
+
 const settingsSsoRoute = createRoute({
   getParentRoute: () => settingsLayout,
   path: "/sso",
@@ -511,6 +532,7 @@ const settingsWithChildren = settingsLayout.addChildren([
   settingsBrandContextRoute,
   settingsAiProvidersRoute,
   settingsMembersRoute,
+  settingsRolesRoute,
   settingsSsoRoute,
   settingsProfileRoute,
   settingsStoreRoute,
@@ -525,13 +547,17 @@ const unifiedChatWithChildren = unifiedChatRoute.addChildren([
 ]);
 
 const agentShellWithChildren = agentShellLayout.addChildren([
-  orgIndexRoute,
   unifiedChatWithChildren,
   orgPluginRoute,
 ]);
 
-const orgLayoutWithChildren = orgLayout.addChildren([
+const orgShellWithChildren = orgShellLayout.addChildren([
+  orgIndexRoute,
   agentShellWithChildren,
+]);
+
+const orgLayoutWithChildren = orgLayout.addChildren([
+  orgShellWithChildren,
   settingsWithChildren,
 ]);
 
diff --git a/apps/mesh/src/web/layouts/agent-shell-layout/chat-main-panel-group.tsx b/apps/mesh/src/web/layouts/agent-shell-layout/chat-main-panel-group.tsx
index 510ac4f3c9..f7e6c272ab 100644
--- a/apps/mesh/src/web/layouts/agent-shell-layout/chat-main-panel-group.tsx
+++ b/apps/mesh/src/web/layouts/agent-shell-layout/chat-main-panel-group.tsx
@@ -21,7 +21,9 @@ import {
 import { useLocalStorage } from "@/web/hooks/use-local-storage";
 import { LOCALSTORAGE_KEYS } from "@/web/lib/localstorage-keys";
 import { computeChatMainSizes } from "@/web/hooks/use-layout-state";
+import { ChatCenterPanel } from "@/web/layouts/chat-center-panel";
 import { MainPanelContent } from "@/web/layouts/main-panel-tabs";
+import { ErrorBoundary } from "@/web/components/error-boundary";
 
 function PersistentChatPanel({
   children,
@@ -60,7 +62,9 @@ export interface ChatMainPanelGroupProps {
   taskId: string;
   chatOpen: boolean;
   mainOpen: boolean;
-  chatContent: React.ReactNode;
+  /** Optional override for the chat panel content — lets the outer layout
+   * wrap ChatCenterPanel in its own Suspense/ErrorBoundary/ActiveTaskProvider. */
+  chatContent?: React.ReactNode;
 }
 
 export function ChatMainPanelGroup({
@@ -100,7 +104,7 @@ export function ChatMainPanelGroup({
       <PersistentChatPanel defaultSize={sizes.chat}>
         <div className="h-full p-0.5 pt-0.25">
           <div className="h-full bg-background rounded-[0.75rem] overflow-hidden card-shadow">
-            {chatContent}
+            {chatContent ?? <ChatCenterPanel />}
           </div>
         </div>
       </PersistentChatPanel>
@@ -126,7 +130,9 @@ export function ChatMainPanelGroup({
             )}
           >
             <div className="flex-1 min-h-0 overflow-hidden">
-              <MainPanelContent taskId={taskId} virtualMcpId={virtualMcpId} />
+              <ErrorBoundary>
+                <MainPanelContent taskId={taskId} virtualMcpId={virtualMcpId} />
+              </ErrorBoundary>
             </div>
           </div>
         </div>
diff --git a/apps/mesh/src/web/layouts/agent-shell-layout/index.tsx b/apps/mesh/src/web/layouts/agent-shell-layout/index.tsx
index 3aa6793b15..234e78b257 100644
--- a/apps/mesh/src/web/layouts/agent-shell-layout/index.tsx
+++ b/apps/mesh/src/web/layouts/agent-shell-layout/index.tsx
@@ -8,7 +8,7 @@
  *   │   • Toolbar.TabsSlot    (portal target — main-panel tab bar)
  *   │   • Toolbar.TogglesSlot (portal target — tasks/chat)
  *   └── flex-row
- *       ├── TasksPanelColumn               (outside Suspense, 212px fixed)
+ *       ├── TasksPanelColumn               (owned by org-shell-layout)
  *       └── Suspense
  *           └── AgentInsetProvider
  *               • useVirtualMCP (suspends here)
@@ -26,42 +26,43 @@ import {
   useRef,
   use,
   Suspense,
+  type ReactNode,
 } from "react";
 import { Chat, useChatTask } from "@/web/components/chat/index";
 import { ChatCenterPanel } from "@/web/layouts/chat-center-panel";
 import { TasksPanel } from "@/web/layouts/tasks-panel";
 import { ErrorBoundary } from "@/web/components/error-boundary";
 import { isModKey } from "@/web/lib/keyboard-shortcuts";
-import { StudioSidebar, StudioSidebarMobile } from "@/web/components/sidebar";
-import {
-  SidebarInset,
-  SidebarLayout,
-  SidebarProvider,
-  useSidebar,
-} from "@deco/ui/components/sidebar.tsx";
+import { StudioSidebarMobile } from "@/web/components/sidebar";
+import { useSidebar } from "@deco/ui/components/sidebar.tsx";
 import { Sheet, SheetContent, SheetTitle } from "@deco/ui/components/sheet.tsx";
 import { useIsMobile } from "@deco/ui/hooks/use-mobile.ts";
 import { AlertCircle, Loading01, Menu01 } from "@untitledui/icons";
 import {
-  getDecopilotId,
   getWellKnownDecopilotVirtualMCP,
+  SELF_MCP_ALIAS_ID,
+  useMCPClient,
   useProjectContext,
   useVirtualMCP,
 } from "@decocms/mesh-sdk";
 import type { VirtualMCPEntity } from "@decocms/mesh-sdk/types";
 import { useNavigate, useParams, useSearch } from "@tanstack/react-router";
+import { useVmStart } from "@/web/components/vm/hooks/use-vm-start";
 import { useStatusSounds } from "../../hooks/use-status-sounds";
+import { authClient } from "@/web/lib/auth-client";
 import { Button } from "@deco/ui/components/button.tsx";
 import { EmptyState } from "@/web/components/empty-state";
 import { useChatMainPanelState } from "@/web/hooks/use-layout-state";
-import { TasksPanelStateProvider } from "@/web/hooks/use-tasks-panel-state";
-import { Separator } from "@deco/ui/components/separator.tsx";
+import { getActiveGithubRepo } from "@/web/lib/github-repo";
+import { useOptionalTasksPanelState } from "@/web/hooks/use-tasks-panel-state";
 import { Toolbar } from "./toolbar";
-import { TasksPanelColumn } from "./tasks-panel-column";
 import { ChatMainPanelGroup } from "./chat-main-panel-group";
 import { ToggleButtons } from "./toggle-buttons";
 import { MainPanelTabsBar } from "@/web/layouts/main-panel-tabs/main-panel-tabs-bar";
 import { VirtualMcpHeaderInfo } from "../../views/virtual-mcp/header-info.tsx";
+import { VmEventsProvider } from "@/web/components/vm/hooks/vm-events-context.tsx";
+import type { VmMapEntry } from "@decocms/mesh-sdk";
+import { useEnsureTask } from "@/web/hooks/use-tasks";
 
 // ---------------------------------------------------------------------------
 // Types & Context
@@ -82,13 +83,7 @@ export function useInsetContext(): InsetContextValue | null {
 // Agent inset sub-components
 // ---------------------------------------------------------------------------
 
-function ActiveTaskBoundary({
-  children,
-  variant,
-}: {
-  children?: React.ReactNode;
-  variant?: "home" | "default";
-}) {
+function ActiveTaskBoundary({ children }: { children?: React.ReactNode }) {
   const { taskId } = useChatTask();
   return (
     <ErrorBoundary
@@ -100,7 +95,7 @@ function ActiveTaskBoundary({
     >
       <Suspense fallback={<Chat.Skeleton />}>
         <Chat.ActiveTaskProvider taskId={taskId}>
-          {children ?? <ChatCenterPanel variant={variant} />}
+          {children ?? <ChatCenterPanel />}
         </Chat.ActiveTaskProvider>
       </Suspense>
     </ErrorBoundary>
@@ -138,17 +133,96 @@ function MobileToolbar({ onOpenSidebar }: { onOpenSidebar: () => void }) {
   );
 }
 
+// ---------------------------------------------------------------------------
+// VmEventsBridge — passes (virtualMcpId, branch) to the unified VM events
+// SSE provider and runs auto-start. Lives inside Chat.Provider so it can
+// read useChatTask, which keeps the SSE connection in sync with the active
+// task as the user navigates between tasks (different tasks may pin
+// different branches).
+// ---------------------------------------------------------------------------
+
+function VmEventsBridge({
+  virtualMcpId,
+  hasActiveGithubRepo,
+  vmMap,
+  children,
+}: {
+  virtualMcpId: string;
+  hasActiveGithubRepo: boolean;
+  vmMap: Record<string, Record<string, VmMapEntry>> | undefined;
+  children: ReactNode;
+}) {
+  const { org } = useProjectContext();
+  const { currentBranch } = useChatTask();
+  const { data: session } = authClient.useSession();
+  const userId = session?.user?.id;
+
+  // Auto-start the VM when the active task points at a branch without a
+  // registered vmMap entry. Routed through useVmStart so concurrent mounts
+  // (preview, env, this bridge) for the same (virtualMcpId, branch) collapse
+  // onto one in-flight upstream call.
+  const autoStartClient = useMCPClient({
+    connectionId: SELF_MCP_ALIAS_ID,
+    orgId: org.id,
+    orgSlug: org.slug,
+  });
+  const { mutate: triggerAutoStart } = useVmStart(autoStartClient);
+  // Attempt at most one auto-start per (branch, mount). A user VM_DELETE
+  // removes the vmMap entry — without a permanent guard the effect would
+  // re-fire and resurrect the VM the user just stopped.
+  const autoStartAttemptedRef = useRef<Set<string>>(new Set());
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect — fires VM_START when vmMap is missing an entry for (user, branch); ref guard dedupes within this mount, module-level map dedupes across components
+  useEffect(() => {
+    if (!hasActiveGithubRepo) return;
+    if (!userId) return;
+    if (!currentBranch) return;
+    if (vmMap?.[userId]?.[currentBranch]) {
+      // VM is already running — record the branch so a user stop won't
+      // re-trigger auto-start within this mount.
+      autoStartAttemptedRef.current.add(currentBranch);
+      return;
+    }
+    if (autoStartAttemptedRef.current.has(currentBranch)) return;
+    autoStartAttemptedRef.current.add(currentBranch);
+    triggerAutoStart(
+      { virtualMcpId, branch: currentBranch },
+      {
+        onError: (err) => {
+          console.error("[auto-start-vm] failed:", err);
+        },
+      },
+    );
+  }, [
+    hasActiveGithubRepo,
+    userId,
+    currentBranch,
+    vmMap,
+    virtualMcpId,
+    triggerAutoStart,
+  ]);
+
+  return (
+    <VmEventsProvider
+      virtualMcpId={virtualMcpId}
+      branch={currentBranch ?? null}
+    >
+      {children}
+    </VmEventsProvider>
+  );
+}
+
 // ---------------------------------------------------------------------------
 // AgentInsetProvider — resolves virtualMcpId, provides InsetContext,
-// wraps in Chat.Provider, renders chat+main panel group.
+// wraps in Chat.Provider, renders the task-scoped chat+main panel group.
 // ---------------------------------------------------------------------------
 
 function AgentInsetProvider() {
   const isMobile = useIsMobile();
   const navigate = useNavigate();
   const { org } = useProjectContext();
+  const tasksOpen = useOptionalTasksPanelState()?.tasksOpen ?? false;
 
-  useStatusSounds(org.id);
+  useStatusSounds(org.slug);
 
   const params = useParams({ strict: false }) as {
     org?: string;
@@ -157,11 +231,17 @@ function AgentInsetProvider() {
   };
   const orgSlug = params.org ?? "";
 
-  const search = useSearch({ strict: false }) as { virtualmcpid?: string };
+  const search = useSearch({ strict: false }) as {
+    virtualmcpid?: string;
+  };
   const virtualMcpId =
     search.virtualmcpid ?? getWellKnownDecopilotVirtualMCP(org.id).id;
-  const isDecopilot = virtualMcpId === getDecopilotId(org.id);
-  const isAgentRoute = !isDecopilot;
+
+  // Ensure the thread row exists for this URL before rendering the chat. On
+  // 404 the hook fires COLLECTION_THREADS_CREATE (idempotent) and surfaces a
+  // "Creating task…" state until the row is persisted. Without this the
+  // chat renders with branch=null because the thread never existed.
+  const ensureState = useEnsureTask(params.taskId ?? "", virtualMcpId);
 
   // Fetch entity (Suspense-based — resolved before render)
   const entity = useVirtualMCP(virtualMcpId);
@@ -174,10 +254,12 @@ function AgentInsetProvider() {
       }
     : null;
 
+  const hasActiveGithubRepo = !!(entity && getActiveGithubRepo(entity));
+
   const layout = useChatMainPanelState(entityMetadata, {
     virtualMcpId,
     orgSlug,
-    isAgentRoute,
+    isAgentRoute: true,
   });
 
   const { setOpenMobile, openMobile: mobileSidebarOpen } = useSidebar();
@@ -204,6 +286,34 @@ function AgentInsetProvider() {
     entity,
   };
 
+  if (ensureState.status === "creating" || ensureState.status === "loading") {
+    return (
+      <InsetContext value={insetContextValue}>
+        <div className="flex-1 min-h-0 pr-1.5 pb-1.5 overflow-hidden">
+          <div className="flex h-full items-center justify-center bg-background card-shadow rounded-[0.75rem] text-sm text-muted-foreground">
+            <Loading01 className="size-4 animate-spin mr-2" />
+            Creating task…
+          </div>
+        </div>
+      </InsetContext>
+    );
+  }
+
+  if (ensureState.status === "error") {
+    return (
+      <InsetContext value={insetContextValue}>
+        <div className="flex-1 min-h-0 pr-1.5 pb-1.5 overflow-hidden">
+          <div className="flex flex-col h-full items-center justify-center gap-2 bg-background card-shadow rounded-[0.75rem] p-8 text-sm">
+            <div className="font-medium">Task unavailable</div>
+            <div className="text-muted-foreground">
+              {ensureState.error.message}
+            </div>
+          </div>
+        </div>
+      </InsetContext>
+    );
+  }
+
   if (!entity) {
     return (
       <InsetContext value={insetContextValue}>
@@ -219,10 +329,7 @@ function AgentInsetProvider() {
                 <Button
                   variant="outline"
                   onClick={() =>
-                    navigate({
-                      to: "/$org",
-                      params: { org: orgSlug },
-                    })
+                    navigate({ to: "/$org", params: { org: orgSlug } })
                   }
                 >
                   Go to organization home
@@ -266,15 +373,21 @@ function AgentInsetProvider() {
       <InsetContext value={insetContextValue}>
         <div className="flex flex-col flex-1 bg-background min-h-0">
           <Chat.Provider key={chatVirtualMcpId} virtualMcpId={chatVirtualMcpId}>
-            <NewTaskBridge
-              onNewTaskRef={onNewTask}
-              createNewTask={layout.createNewTask}
-            />
-            <MobileToolbar onOpenSidebar={() => setMobileSidebarOpen(true)} />
-            <div className="flex-1 min-h-0 overflow-hidden">
-              <ActiveTaskBoundary variant={isDecopilot ? "home" : undefined} />
-            </div>
-            {mobileSidebarSheet}
+            <VmEventsBridge
+              virtualMcpId={virtualMcpId}
+              hasActiveGithubRepo={hasActiveGithubRepo}
+              vmMap={entity?.metadata?.vmMap}
+            >
+              <NewTaskBridge
+                onNewTaskRef={onNewTask}
+                createNewTask={layout.createNewTask}
+              />
+              <MobileToolbar onOpenSidebar={() => setMobileSidebarOpen(true)} />
+              <div className="flex-1 min-h-0 overflow-hidden">
+                <ActiveTaskBoundary />
+              </div>
+              {mobileSidebarSheet}
+            </VmEventsBridge>
           </Chat.Provider>
         </div>
       </InsetContext>
@@ -282,131 +395,70 @@ function AgentInsetProvider() {
   }
 
   // Desktop — portal toggle buttons into outer toolbar, render chat+main group.
+  // The org-wide tasks column is owned by org-shell-layout, outside this
+  // Suspense boundary, so it stays mounted while this task-scoped content loads.
   return (
-    <InsetContext value={insetContextValue}>
-      <Toolbar.Toggles>
-        <ToggleButtons
-          isDecopilot={isDecopilot}
-          chatOpen={layout.chatOpen}
-          mainOpen={layout.mainOpen}
-          toggleChat={layout.toggleChat}
-          toggleMain={layout.toggleMain}
-        />
-      </Toolbar.Toggles>
-
-      {!isDecopilot && <VirtualMcpHeaderInfo virtualMcp={entity} />}
-
-      {!isDecopilot && (
-        <Toolbar.Tabs>
-          <MainPanelTabsBar
-            virtualMcpId={virtualMcpId}
-            taskId={layout.taskId}
+    <div className="flex-1 min-w-0 flex flex-col">
+      <InsetContext value={insetContextValue}>
+        <Toolbar.Toggles>
+          <ToggleButtons
+            chatOpen={layout.chatOpen}
+            toggleChat={layout.toggleChat}
+            onNewTask={tasksOpen ? undefined : layout.createNewTask}
           />
-        </Toolbar.Tabs>
-      )}
-
-      <Chat.Provider key={chatVirtualMcpId} virtualMcpId={chatVirtualMcpId}>
-        <NewTaskBridge
-          onNewTaskRef={onNewTask}
-          createNewTask={layout.createNewTask}
-        />
-        <ChatMainPanelGroup
-          virtualMcpId={virtualMcpId}
-          taskId={layout.taskId}
-          chatOpen={layout.chatOpen}
-          mainOpen={layout.mainOpen}
-          chatContent={
-            <ActiveTaskBoundary variant={isDecopilot ? "home" : undefined} />
-          }
-        />
-      </Chat.Provider>
-    </InsetContext>
+        </Toolbar.Toggles>
+
+        <Chat.Provider key={chatVirtualMcpId} virtualMcpId={chatVirtualMcpId}>
+          <Toolbar.Tabs>
+            <MainPanelTabsBar
+              virtualMcpId={virtualMcpId}
+              taskId={layout.taskId}
+            />
+          </Toolbar.Tabs>
+
+          <VmEventsBridge
+            virtualMcpId={virtualMcpId}
+            hasActiveGithubRepo={hasActiveGithubRepo}
+            vmMap={entity?.metadata?.vmMap}
+          >
+            <VirtualMcpHeaderInfo virtualMcp={entity} />
+            <NewTaskBridge
+              onNewTaskRef={onNewTask}
+              createNewTask={layout.createNewTask}
+            />
+            <ChatMainPanelGroup
+              virtualMcpId={virtualMcpId}
+              taskId={layout.taskId}
+              chatOpen={layout.chatOpen}
+              mainOpen={layout.mainOpen}
+              chatContent={<ActiveTaskBoundary />}
+            />
+          </VmEventsBridge>
+        </Chat.Provider>
+      </InsetContext>
+    </div>
   );
 }
 
 // ---------------------------------------------------------------------------
-// Default export — the shell layout component for agent routes
+// Default export — the per-task content for /$org/$taskId.
+//
+// Sidebar, toolbar shell, org-wide tasks panel, ChatPrefsProvider, and
+// TasksPanelStateProvider all live in `org-shell-layout` (the parent route).
+// This component just renders the per-task chrome inside the flex-row Outlet
+// on desktop, or directly inside SidebarInset on mobile.
 // ---------------------------------------------------------------------------
 
 export default function AgentShellLayout() {
-  const isMobile = useIsMobile();
-
   return (
-    <SidebarProvider defaultOpen={false}>
-      <div className="flex flex-col h-dvh overflow-hidden">
-        <SidebarLayout
-          className="flex-1 bg-sidebar"
-          style={
-            {
-              "--sidebar-width-icon": "3.5rem",
-            } as Record<string, string>
-          }
-        >
-          <StudioSidebar />
-          <SidebarInset
-            className="flex flex-col"
-            style={{
-              background: "transparent",
-              containerType: "inline-size",
-            }}
-          >
-            {isMobile ? (
-              <Suspense
-                fallback={
-                  <div className="flex-1 flex items-center justify-center">
-                    <Loading01
-                      size={20}
-                      className="animate-spin text-muted-foreground"
-                    />
-                  </div>
-                }
-              >
-                <AgentInsetProvider />
-              </Suspense>
-            ) : (
-              <Suspense
-                fallback={
-                  <div className="flex-1 flex items-center justify-center">
-                    <Loading01
-                      size={20}
-                      className="animate-spin text-muted-foreground"
-                    />
-                  </div>
-                }
-              >
-                <TasksPanelStateProvider>
-                  <Toolbar>
-                    <Toolbar.Header>
-                      <Toolbar.Nav />
-                      <Toolbar.LeftSlot />
-                      <Toolbar.TabsSlot />
-                      <Separator orientation="vertical" className="mx-2 h-5" />
-                      <Toolbar.TogglesSlot />
-                    </Toolbar.Header>
-                    <div className="flex-1 min-h-0 flex flex-row">
-                      <TasksPanelColumn />
-                      <div className="flex-1 min-w-0 flex flex-col">
-                        <Suspense
-                          fallback={
-                            <div className="flex-1 flex items-center justify-center">
-                              <Loading01
-                                size={20}
-                                className="animate-spin text-muted-foreground"
-                              />
-                            </div>
-                          }
-                        >
-                          <AgentInsetProvider />
-                        </Suspense>
-                      </div>
-                    </div>
-                  </Toolbar>
-                </TasksPanelStateProvider>
-              </Suspense>
-            )}
-          </SidebarInset>
-        </SidebarLayout>
-      </div>
-    </SidebarProvider>
+    <Suspense
+      fallback={
+        <div className="flex-1 flex items-center justify-center">
+          <Loading01 size={20} className="animate-spin text-muted-foreground" />
+        </div>
+      }
+    >
+      <AgentInsetProvider />
+    </Suspense>
   );
 }
diff --git a/apps/mesh/src/web/layouts/agent-shell-layout/toggle-buttons.tsx b/apps/mesh/src/web/layouts/agent-shell-layout/toggle-buttons.tsx
index 78dbca7e92..89cb67ddc3 100644
--- a/apps/mesh/src/web/layouts/agent-shell-layout/toggle-buttons.tsx
+++ b/apps/mesh/src/web/layouts/agent-shell-layout/toggle-buttons.tsx
@@ -1,27 +1,27 @@
 /**
  * ToggleButtons — left/right panel toggles portal'd into the outer Toolbar.
  *
- * Layout differs by virtual MCP:
- *   - Non-decopilot agents: tasks + chat toggles (main panel opens/closes
- *     via the header tab bar).
- *   - Decopilot: tasks + main-view toggles (no tab bar; the main toggle
- *     replaces it).
+ * Renders the tasks toggle, chat toggle, and (when armed) the new-task
+ * button. When the tasks panel is closed, the new-task button slides in
+ * via a grid-cols animation so the shortcut is always reachable without
+ * stealing visual weight when tasks are already visible.
  */
 
+import { Edit05, Menu02, MessageCircle01 } from "@untitledui/icons";
 import {
-  ClipboardCheck,
-  LayoutRight,
-  MessageChatCircle,
-} from "@untitledui/icons";
+  Tooltip,
+  TooltipContent,
+  TooltipTrigger,
+} from "@deco/ui/components/tooltip.tsx";
 import { cn } from "@deco/ui/lib/utils.js";
 import { useTasksPanelState } from "@/web/hooks/use-tasks-panel-state";
+import { track } from "@/web/lib/posthog-client";
 
 export interface ToggleButtonsProps {
-  isDecopilot: boolean;
   chatOpen: boolean;
-  mainOpen: boolean;
   toggleChat: () => void;
-  toggleMain: () => void;
+  /** When set, reveals an animated "new task" button next to the chat toggle. */
+  onNewTask?: () => void;
 }
 
 const TOGGLE_BASE =
@@ -31,52 +31,90 @@ const TOGGLE_INACTIVE =
   "text-sidebar-foreground/60 hover:bg-sidebar-accent hover:text-sidebar-foreground";
 
 export function ToggleButtons({
-  isDecopilot,
   chatOpen,
-  mainOpen,
   toggleChat,
-  toggleMain,
+  onNewTask,
 }: ToggleButtonsProps) {
   const { tasksOpen, toggleTasks } = useTasksPanelState();
+  const showNewTask = !!onNewTask;
 
   return (
     <>
-      <button
-        type="button"
-        onClick={toggleTasks}
-        aria-pressed={tasksOpen}
-        className={cn(TOGGLE_BASE, tasksOpen ? TOGGLE_ACTIVE : TOGGLE_INACTIVE)}
-        title="Toggle tasks"
+      <Tooltip delayDuration={300}>
+        <TooltipTrigger asChild>
+          <button
+            type="button"
+            onClick={() => {
+              track("agent_toolbar_toggled", {
+                button: "tasks",
+                next_state: !tasksOpen ? "open" : "closed",
+              });
+              toggleTasks();
+            }}
+            aria-pressed={tasksOpen}
+            className={cn(
+              TOGGLE_BASE,
+              tasksOpen ? TOGGLE_ACTIVE : TOGGLE_INACTIVE,
+            )}
+          >
+            <Menu02 size={16} />
+          </button>
+        </TooltipTrigger>
+        <TooltipContent side="bottom">Tasks</TooltipContent>
+      </Tooltip>
+      <Tooltip delayDuration={300}>
+        <TooltipTrigger asChild>
+          <button
+            type="button"
+            onClick={() => {
+              track("agent_toolbar_toggled", {
+                button: "chat",
+                next_state: !chatOpen ? "open" : "closed",
+              });
+              toggleChat();
+            }}
+            aria-pressed={chatOpen}
+            className={cn(
+              TOGGLE_BASE,
+              chatOpen ? TOGGLE_ACTIVE : TOGGLE_INACTIVE,
+            )}
+          >
+            <MessageCircle01 size={16} />
+          </button>
+        </TooltipTrigger>
+        <TooltipContent side="bottom">Chat</TooltipContent>
+      </Tooltip>
+      <div
+        className={cn(
+          "grid transition-[grid-template-columns] duration-200 ease-[var(--ease-out-quart)]",
+          showNewTask ? "grid-cols-[1fr]" : "grid-cols-[0fr]",
+        )}
       >
-        <ClipboardCheck size={16} />
-      </button>
-      {isDecopilot ? (
-        <button
-          type="button"
-          onClick={toggleMain}
-          aria-pressed={mainOpen}
-          className={cn(
-            TOGGLE_BASE,
-            mainOpen ? TOGGLE_ACTIVE : TOGGLE_INACTIVE,
-          )}
-          title="Toggle main view"
-        >
-          <LayoutRight size={16} />
-        </button>
-      ) : (
-        <button
-          type="button"
-          onClick={toggleChat}
-          aria-pressed={chatOpen}
-          className={cn(
-            TOGGLE_BASE,
-            chatOpen ? TOGGLE_ACTIVE : TOGGLE_INACTIVE,
-          )}
-          title="Toggle chat"
-        >
-          <MessageChatCircle size={16} />
-        </button>
-      )}
+        <div className="overflow-hidden">
+          <Tooltip delayDuration={300}>
+            <TooltipTrigger asChild>
+              <button
+                type="button"
+                onClick={onNewTask}
+                disabled={!showNewTask}
+                tabIndex={showNewTask ? 0 : -1}
+                aria-hidden={!showNewTask}
+                className={cn(
+                  TOGGLE_BASE,
+                  TOGGLE_INACTIVE,
+                  "transition-[transform,opacity] duration-200 ease-[var(--ease-out-quart)] will-change-transform",
+                  showNewTask
+                    ? "translate-x-0 opacity-100"
+                    : "-translate-x-2 opacity-0",
+                )}
+              >
+                <Edit05 size={16} />
+              </button>
+            </TooltipTrigger>
+            <TooltipContent side="bottom">New task</TooltipContent>
+          </Tooltip>
+        </div>
+      </div>
     </>
   );
 }
diff --git a/apps/mesh/src/web/layouts/agent-shell-layout/toolbar.tsx b/apps/mesh/src/web/layouts/agent-shell-layout/toolbar.tsx
index 638e684271..8772bbc9c2 100644
--- a/apps/mesh/src/web/layouts/agent-shell-layout/toolbar.tsx
+++ b/apps/mesh/src/web/layouts/agent-shell-layout/toolbar.tsx
@@ -1,14 +1,17 @@
 /**
  * Toolbar — vertical shell containing a fixed header row plus a body slot.
  *
- * The header hosts back/forward buttons plus three portal targets:
- *   - Toolbar.LeftSlot      — contextual label (e.g. virtual MCP icon + title)
+ * The header is a 3-column grid (1fr 1fr 1fr) so the center column is always
+ * centered relative to the screen regardless of left/right content widths.
+ *
+ * Portal targets:
+ *   - Toolbar.CenterSlot    — contextual label (e.g. virtual MCP icon + title)
  *   - Toolbar.TabsSlot      — main-panel tab bar (scrollable)
  *   - Toolbar.TogglesSlot   — tasks/chat toggle buttons
+ *   - Toolbar.RightSlot     — right-side actions (e.g. Create PR)
  *
- * Consumers live inside the inner Suspense and render into the slots via
- * <Toolbar.Left> / <Toolbar.Tabs> / <Toolbar.Toggles> (createPortal).
- * Never suspends itself.
+ * Consumers render into the slots via <Toolbar.Center> / <Toolbar.Tabs> /
+ * <Toolbar.Toggles> / <Toolbar.Right> (createPortal). Never suspends itself.
  */
 
 import { createContext, use, useState, type ReactNode } from "react";
@@ -20,8 +23,10 @@ type ToolbarCtx = {
   setTogglesEl: (el: HTMLDivElement | null) => void;
   tabsEl: HTMLDivElement | null;
   setTabsEl: (el: HTMLDivElement | null) => void;
-  leftEl: HTMLDivElement | null;
-  setLeftEl: (el: HTMLDivElement | null) => void;
+  centerEl: HTMLDivElement | null;
+  setCenterEl: (el: HTMLDivElement | null) => void;
+  rightEl: HTMLDivElement | null;
+  setRightEl: (el: HTMLDivElement | null) => void;
 };
 
 const ToolbarContext = createContext<ToolbarCtx | null>(null);
@@ -35,7 +40,8 @@ function useToolbarCtx(): ToolbarCtx {
 export function Toolbar({ children }: { children?: ReactNode }) {
   const [togglesEl, setTogglesEl] = useState<HTMLDivElement | null>(null);
   const [tabsEl, setTabsEl] = useState<HTMLDivElement | null>(null);
-  const [leftEl, setLeftEl] = useState<HTMLDivElement | null>(null);
+  const [centerEl, setCenterEl] = useState<HTMLDivElement | null>(null);
+  const [rightEl, setRightEl] = useState<HTMLDivElement | null>(null);
   return (
     <ToolbarContext
       value={{
@@ -43,8 +49,10 @@ export function Toolbar({ children }: { children?: ReactNode }) {
         setTogglesEl,
         tabsEl,
         setTabsEl,
-        leftEl,
-        setLeftEl,
+        centerEl,
+        setCenterEl,
+        rightEl,
+        setRightEl,
       }}
     >
       <div className="flex flex-col h-full min-h-0">{children}</div>
@@ -54,7 +62,23 @@ export function Toolbar({ children }: { children?: ReactNode }) {
 
 function ToolbarHeader({ children }: { children?: ReactNode }) {
   return (
-    <div className="shrink-0 flex items-center justify-between pl-1 pr-2 pt-0.25 h-10">
+    <div className="shrink-0 grid grid-cols-3 items-center pl-1 pr-2 pt-0.25 h-12">
+      {children}
+    </div>
+  );
+}
+
+function ToolbarLeftColumn({ children }: { children?: ReactNode }) {
+  return (
+    <div className="flex items-center gap-0.5 min-w-0 justify-self-start">
+      {children}
+    </div>
+  );
+}
+
+function ToolbarRightColumn({ children }: { children?: ReactNode }) {
+  return (
+    <div className="flex items-center justify-end gap-0.5 min-w-0 justify-self-end">
       {children}
     </div>
   );
@@ -62,7 +86,7 @@ function ToolbarHeader({ children }: { children?: ReactNode }) {
 
 function ToolbarNav() {
   return (
-    <div className="flex items-center gap-0.5 min-w-0">
+    <>
       <button
         type="button"
         onClick={() => window.history.back()}
@@ -79,31 +103,29 @@ function ToolbarNav() {
       >
         <ChevronRight size={16} />
       </button>
-    </div>
+    </>
   );
 }
 
-function ToolbarLeftSlot() {
-  const { setLeftEl } = useToolbarCtx();
+function ToolbarCenterSlot() {
+  const { setCenterEl } = useToolbarCtx();
   return (
-    <div ref={setLeftEl} className="flex items-center gap-2 min-w-0 shrink" />
+    <div
+      ref={setCenterEl}
+      className="min-w-0 flex items-center justify-center gap-2"
+    />
   );
 }
 
-function ToolbarLeft({ children }: { children: ReactNode }) {
-  const { leftEl } = useToolbarCtx();
-  if (!leftEl) return null;
-  return createPortal(children, leftEl);
+function ToolbarCenter({ children }: { children: ReactNode }) {
+  const { centerEl } = useToolbarCtx();
+  if (!centerEl) return null;
+  return createPortal(children, centerEl);
 }
 
 function ToolbarTabsSlot() {
   const { setTabsEl } = useToolbarCtx();
-  return (
-    <div
-      ref={setTabsEl}
-      className="flex-1 min-w-0 flex items-center overflow-x-auto"
-    />
-  );
+  return <div ref={setTabsEl} className="shrink-0 flex items-center" />;
 }
 
 function ToolbarTabs({ children }: { children: ReactNode }) {
@@ -117,7 +139,7 @@ function ToolbarTogglesSlot() {
   return (
     <div
       ref={setTogglesEl}
-      className="flex items-center justify-end gap-0.5 shrink-0"
+      className="flex items-center gap-0.5 shrink-0 ml-0.5"
     />
   );
 }
@@ -128,11 +150,31 @@ function ToolbarToggles({ children }: { children: ReactNode }) {
   return createPortal(children, togglesEl);
 }
 
+function ToolbarRightSlot() {
+  const { setRightEl } = useToolbarCtx();
+  return (
+    <div
+      ref={setRightEl}
+      className="flex items-center justify-end gap-0.5 shrink-0"
+    />
+  );
+}
+
+function ToolbarRight({ children }: { children: ReactNode }) {
+  const { rightEl } = useToolbarCtx();
+  if (!rightEl) return null;
+  return createPortal(children, rightEl);
+}
+
 Toolbar.Header = ToolbarHeader;
+Toolbar.LeftColumn = ToolbarLeftColumn;
+Toolbar.RightColumn = ToolbarRightColumn;
 Toolbar.Nav = ToolbarNav;
-Toolbar.LeftSlot = ToolbarLeftSlot;
-Toolbar.Left = ToolbarLeft;
+Toolbar.CenterSlot = ToolbarCenterSlot;
+Toolbar.Center = ToolbarCenter;
 Toolbar.TabsSlot = ToolbarTabsSlot;
 Toolbar.Tabs = ToolbarTabs;
 Toolbar.TogglesSlot = ToolbarTogglesSlot;
 Toolbar.Toggles = ToolbarToggles;
+Toolbar.RightSlot = ToolbarRightSlot;
+Toolbar.Right = ToolbarRight;
diff --git a/apps/mesh/src/web/layouts/chat-center-panel/index.tsx b/apps/mesh/src/web/layouts/chat-center-panel/index.tsx
index 3345c784be..d231cc24a4 100644
--- a/apps/mesh/src/web/layouts/chat-center-panel/index.tsx
+++ b/apps/mesh/src/web/layouts/chat-center-panel/index.tsx
@@ -1,9 +1,6 @@
 /**
  * ChatCenterPanel — center-panel entry point for the unified chat layout.
  *
- * Thin wrapper around the existing `ChatPanel` implementation. `variant="home"`
- * is handed to the panel for the decopilot (org-home) case; otherwise the
- * default sidebar empty state is used. The three-panel shell in
- * `agent-shell-layout` wires the appropriate variant.
+ * Thin wrapper around the existing `ChatPanel` implementation.
  */
 export { ChatPanel as ChatCenterPanel } from "@/web/components/chat/side-panel-chat";
diff --git a/apps/mesh/src/web/layouts/home-page/index.tsx b/apps/mesh/src/web/layouts/home-page/index.tsx
new file mode 100644
index 0000000000..1bd78fe9ec
--- /dev/null
+++ b/apps/mesh/src/web/layouts/home-page/index.tsx
@@ -0,0 +1,169 @@
+import { AgentsList } from "@/web/components/home/agents-list.tsx";
+import { Chat } from "@/web/components/chat";
+import { ImportFromDecoDialog } from "@/web/components/import-from-deco-dialog.tsx";
+import { IntegrationIcon } from "@/web/components/integration-icon";
+import { authClient } from "@/web/lib/auth-client";
+import { KEYS } from "@/web/lib/query-keys";
+import { useDecoCredits } from "@/web/hooks/use-deco-credits";
+import { useIsMobile } from "@deco/ui/hooks/use-mobile.ts";
+import { ArrowRight } from "@untitledui/icons";
+import { useQuery } from "@tanstack/react-query";
+import { useState } from "react";
+
+const DECO_BANNER_GRADIENT = [
+  "radial-gradient(ellipse 25% 220% at -5% 120%, rgba(165,149,255,0.35) 0%, transparent 100%)",
+  "radial-gradient(ellipse 25% 220% at 105% -20%, rgba(208,236,26,0.32) 0%, transparent 100%)",
+].join(", ");
+const DECO_BANNER_TEXTURE = "/decotexture.svg";
+
+function ImportDecoSiteBanner({ onClick }: { onClick: () => void }) {
+  return (
+    <button
+      type="button"
+      onClick={onClick}
+      className="w-full relative flex items-center gap-4 px-4 py-4 rounded-lg border border-border bg-background overflow-hidden transition-colors text-left cursor-pointer group"
+      style={{ backgroundImage: DECO_BANNER_GRADIENT }}
+    >
+      <div className="relative shrink-0 p-1.5 bg-[var(--brand-green-light)] rounded-lg border border-border">
+        <IntegrationIcon
+          icon="/logos/deco%20logo.svg"
+          name="deco.cx"
+          size="xs"
+          className="border-0 rounded-none bg-transparent"
+        />
+      </div>
+      <p className="flex-1 relative text-sm font-medium text-foreground leading-none whitespace-nowrap">
+        Import your deco.cx site
+      </p>
+      <img
+        src={DECO_BANNER_TEXTURE}
+        alt=""
+        aria-hidden
+        className="absolute pointer-events-none"
+        style={{
+          width: "274.5px",
+          height: "272.25px",
+          left: "calc(50% + 145.5px)",
+          top: "calc(50% + 40px)",
+          transform: "translate(-50%, -50%)",
+        }}
+      />
+      <div className="relative bg-background flex items-center justify-center size-8 rounded-md shrink-0">
+        <ArrowRight
+          size={16}
+          className="text-foreground transition-transform group-hover:translate-x-0.5"
+        />
+      </div>
+    </button>
+  );
+}
+
+function useIsDecoUser() {
+  const { data: session } = authClient.useSession();
+  const { data } = useQuery({
+    queryKey: KEYS.decoProfile(session?.user?.email),
+    queryFn: async () => {
+      const res = await fetch("/api/deco-sites/profile");
+      if (!res.ok) return { isDecoUser: false };
+      return res.json() as Promise<{ isDecoUser: boolean }>;
+    },
+    enabled: Boolean(session?.user?.email),
+    staleTime: 5 * 60_000,
+  });
+  return data?.isDecoUser ?? false;
+}
+
+export function HomePage() {
+  const { data: session } = authClient.useSession();
+  const [importOpen, setImportOpen] = useState(false);
+  const isDecoUser = useIsDecoUser();
+  const isMobile = useIsMobile();
+  const {
+    hasDecoKey,
+    isZeroBalance,
+    isInitialFreeCredit,
+    balanceDollars,
+    hasOnlyDecoProvider,
+  } = useDecoCredits();
+
+  const userName = session?.user?.name?.split(" ")[0] || "there";
+
+  const showEyebrow =
+    hasDecoKey && isInitialFreeCredit && balanceDollars != null;
+  const showNoCreditsEyebrow =
+    hasDecoKey && isZeroBalance && hasOnlyDecoProvider;
+
+  if (isMobile) {
+    return (
+      <>
+        <div className="flex-1 relative flex flex-col items-center px-4">
+          <div className="flex-1 flex flex-col items-center justify-center w-full">
+            {showEyebrow && (
+              <div className="mb-4">
+                <Chat.CreditsEyebrow balanceDollars={balanceDollars} />
+              </div>
+            )}
+            {showNoCreditsEyebrow && (
+              <div className="mb-4">
+                <Chat.NoCreditsEyebrow />
+              </div>
+            )}
+            <p className="text-3xl font-medium text-foreground text-center max-w-[280px]">
+              What's on your mind, {userName}?
+            </p>
+          </div>
+          <div className="w-full flex flex-col gap-4 pb-4">
+            <AgentsList />
+            <Chat.Input showConnectionsBanner />
+          </div>
+          {isDecoUser && (
+            <div className="w-full">
+              <ImportDecoSiteBanner onClick={() => setImportOpen(true)} />
+            </div>
+          )}
+        </div>
+        <ImportFromDecoDialog open={importOpen} onOpenChange={setImportOpen} />
+      </>
+    );
+  }
+
+  return (
+    <>
+      <div className="flex-1 relative flex flex-col items-center px-10">
+        <div className="flex-1 flex flex-col items-center justify-center w-full">
+          <div className="flex flex-col items-center w-full max-w-[672px]">
+            <div className="text-center mb-10">
+              {showEyebrow && (
+                <div className="mb-4">
+                  <Chat.CreditsEyebrow balanceDollars={balanceDollars} />
+                </div>
+              )}
+              {showNoCreditsEyebrow && (
+                <div className="mb-4">
+                  <Chat.NoCreditsEyebrow />
+                </div>
+              )}
+              <p className="text-3xl font-medium text-foreground">
+                What's on your mind, {userName}?
+              </p>
+            </div>
+            <div className="w-full">
+              <Chat.Input showConnectionsBanner />
+            </div>
+          </div>
+          <div className="w-full mt-10 mx-auto">
+            <AgentsList />
+          </div>
+        </div>
+        {isDecoUser && (
+          <div className="absolute bottom-6 left-0 right-0 px-10">
+            <div className="w-full max-w-[500px] mx-auto">
+              <ImportDecoSiteBanner onClick={() => setImportOpen(true)} />
+            </div>
+          </div>
+        )}
+      </div>
+      <ImportFromDecoDialog open={importOpen} onOpenChange={setImportOpen} />
+    </>
+  );
+}
diff --git a/apps/mesh/src/web/layouts/main-panel-tabs/automation-tab.tsx b/apps/mesh/src/web/layouts/main-panel-tabs/automation-tab.tsx
index 359970482e..aa4c368c68 100644
--- a/apps/mesh/src/web/layouts/main-panel-tabs/automation-tab.tsx
+++ b/apps/mesh/src/web/layouts/main-panel-tabs/automation-tab.tsx
@@ -6,13 +6,7 @@ import { Loading01 } from "@untitledui/icons";
 import { useNavigate } from "@tanstack/react-router";
 import { Suspense } from "react";
 
-export function AutomationTab({
-  tabId,
-  virtualMcpId,
-}: {
-  tabId: string;
-  virtualMcpId: string;
-}) {
+export function AutomationTab({ tabId }: { tabId: string }) {
   const parsed = parseAutomationTabId(tabId);
   if (!parsed) return null;
 
@@ -30,7 +24,7 @@ export function AutomationTab({
               </div>
             }
           >
-            <AutomationTabInner id={parsed.id} virtualMcpId={virtualMcpId} />
+            <AutomationTabInner id={parsed.id} />
           </Suspense>
         </Page.Body>
       </Page.Content>
@@ -38,13 +32,7 @@ export function AutomationTab({
   );
 }
 
-function AutomationTabInner({
-  id,
-  virtualMcpId,
-}: {
-  id: string;
-  virtualMcpId: string;
-}) {
+function AutomationTabInner({ id }: { id: string }) {
   const navigate = useNavigate();
   const { data: automation, isLoading } = useAutomation(id);
 
@@ -78,7 +66,6 @@ function AutomationTabInner({
     <AutomationInlineDetail
       automationId={id}
       automation={automation}
-      virtualMcpId={virtualMcpId}
       onBack={onBack}
     />
   );
diff --git a/apps/mesh/src/web/layouts/main-panel-tabs/connections-tab.tsx b/apps/mesh/src/web/layouts/main-panel-tabs/connections-tab.tsx
deleted file mode 100644
index 3e3a307af4..0000000000
--- a/apps/mesh/src/web/layouts/main-panel-tabs/connections-tab.tsx
+++ /dev/null
@@ -1,12 +0,0 @@
-import { VirtualMcpDetailView } from "@/web/views/virtual-mcp";
-
-export function ConnectionsTab({ virtualMcpId }: { virtualMcpId: string }) {
-  return (
-    <VirtualMcpDetailView
-      virtualMcpId={virtualMcpId}
-      forceTab="connections"
-      hideOwnTabBar
-      hideOwnTitle
-    />
-  );
-}
diff --git a/apps/mesh/src/web/layouts/main-panel-tabs/env-tab.tsx b/apps/mesh/src/web/layouts/main-panel-tabs/env-tab.tsx
index 0fe2611e4d..618171737a 100644
--- a/apps/mesh/src/web/layouts/main-panel-tabs/env-tab.tsx
+++ b/apps/mesh/src/web/layouts/main-panel-tabs/env-tab.tsx
@@ -1,23 +1,5 @@
 import { EnvContent } from "@/web/components/vm/env/env";
-import { getActiveGithubRepo } from "@/web/lib/github-repo";
-import { useVirtualMCP } from "@decocms/mesh-sdk";
-import { AlertCircle } from "@untitledui/icons";
-
-export function EnvTab({ virtualMcpId }: { virtualMcpId: string }) {
-  const entity = useVirtualMCP(virtualMcpId);
-  const activeRepo = entity ? getActiveGithubRepo(entity) : null;
-
-  if (!activeRepo) {
-    return (
-      <div className="flex-1 flex flex-col items-center justify-center gap-2 text-center text-sm text-muted-foreground p-6">
-        <AlertCircle size={24} className="text-muted-foreground/60" />
-        <div>No repository connected.</div>
-        <div className="text-xs text-muted-foreground/80">
-          Connect a GitHub repository from the Connections tab to enable Env.
-        </div>
-      </div>
-    );
-  }
 
+export function EnvTab(_props: { virtualMcpId: string }) {
   return <EnvContent />;
 }
diff --git a/apps/mesh/src/web/layouts/main-panel-tabs/header-tab-button.tsx b/apps/mesh/src/web/layouts/main-panel-tabs/header-tab-button.tsx
index f6c775c84d..f6e3330176 100644
--- a/apps/mesh/src/web/layouts/main-panel-tabs/header-tab-button.tsx
+++ b/apps/mesh/src/web/layouts/main-panel-tabs/header-tab-button.tsx
@@ -1,24 +1,14 @@
 /**
  * HeaderTabButton — a tab in the agent-shell header tab bar.
  *
- * Two visual states driven by the `active` prop:
- *   - idle (inactive): icon-only square button.
- *   - active: expanded pill with icon + title (accent colors).
- *
- * Pill animation uses a single unified transition (180ms ease-out-cubic) on
- * all properties so the expand/collapse reads as one clean motion rather than
- * staggered layers. Kept simple on purpose — tab bars are seen constantly.
+ * Both active and inactive tabs always show icon + label. The active
+ * tab gets the accent background; inactive tabs are muted.
  *
  * Every button is wrapped in a Tooltip showing the tab title so the
  * title is discoverable on hover in both states.
  */
 
 import { Package } from "@untitledui/icons";
-import {
-  Tooltip,
-  TooltipContent,
-  TooltipTrigger,
-} from "@deco/ui/components/tooltip.tsx";
 import { cn } from "@deco/ui/lib/utils.ts";
 import type { TabIcon } from "./resolve-tab-icon";
 
@@ -34,41 +24,26 @@ export function HeaderTabButton({
   onClick: () => void;
 }) {
   return (
-    <Tooltip delayDuration={700}>
-      <TooltipTrigger asChild>
-        <button
-          type="button"
-          onClick={onClick}
-          aria-pressed={active}
-          aria-label={title}
-          className={cn(
-            "shrink-0 grid items-center h-7 rounded-md overflow-hidden",
-            "[transition:grid-template-columns_180ms_var(--ease-out-cubic),gap_180ms_var(--ease-out-cubic),padding_180ms_var(--ease-out-cubic),background-color_180ms_ease,color_180ms_ease]",
-            active
-              ? "grid-cols-[auto_1fr] gap-1.5 px-2"
-              : "grid-cols-[auto_0fr] gap-0 px-1.5",
-            active
-              ? "bg-sidebar-accent text-sidebar-foreground"
-              : "text-sidebar-foreground/60 hover:bg-sidebar-accent hover:text-sidebar-foreground",
-          )}
-        >
-          <span className="flex size-5 items-center justify-center">
-            <Icon icon={icon} />
-          </span>
-          <span
-            aria-hidden={!active}
-            className={cn(
-              "whitespace-nowrap text-sm font-medium leading-none min-w-0",
-              "[transition:opacity_180ms_ease]",
-              active ? "opacity-100" : "opacity-0",
-            )}
-          >
-            {title}
-          </span>
-        </button>
-      </TooltipTrigger>
-      <TooltipContent side="bottom">{title}</TooltipContent>
-    </Tooltip>
+    <button
+      type="button"
+      onClick={onClick}
+      aria-pressed={active}
+      aria-label={title}
+      className={cn(
+        "shrink-0 flex items-center gap-1.5 h-8 rounded-md px-2",
+        "[transition:background-color_180ms_ease,color_180ms_ease]",
+        active
+          ? "bg-sidebar-accent text-sidebar-foreground"
+          : "text-sidebar-foreground/60 hover:bg-sidebar-accent hover:text-sidebar-foreground",
+      )}
+    >
+      <span className="flex size-5 items-center justify-center shrink-0">
+        <Icon icon={icon} />
+      </span>
+      <span className="whitespace-nowrap text-sm font-medium leading-none">
+        {title}
+      </span>
+    </button>
   );
 }
 
diff --git a/apps/mesh/src/web/layouts/main-panel-tabs/index.tsx b/apps/mesh/src/web/layouts/main-panel-tabs/index.tsx
index 83eaa96d6d..5e00ea67d9 100644
--- a/apps/mesh/src/web/layouts/main-panel-tabs/index.tsx
+++ b/apps/mesh/src/web/layouts/main-panel-tabs/index.tsx
@@ -11,14 +11,13 @@
 import { Suspense, lazy } from "react";
 import { Loading01 } from "@untitledui/icons";
 import { useMainPanelTabs } from "./use-main-panel-tabs";
-import { InstructionsTab } from "./instructions-tab";
-import { ConnectionsTab } from "./connections-tab";
-import { LayoutTab } from "./layout-tab";
+import { SettingsTab } from "./settings-tab";
+import { GitTab } from "@/web/components/thread/github/git-tab";
 import { PreviewTab } from "./preview-tab";
 import { EnvTab } from "./env-tab";
 import { AutomationTab } from "./automation-tab";
 import { AutomationsListTab } from "./automations-list-tab";
-import { parsePinnedViewTabId } from "./tab-id";
+import { isLegacySettingsTab, parsePinnedViewTabId } from "./tab-id";
 
 const AppViewContent = lazy(() =>
   import("@/web/routes/project-app-view").then((m) => ({
@@ -33,23 +32,21 @@ export function MainPanelContent({
   taskId: string;
   virtualMcpId: string;
 }) {
-  const { activeTab, layoutTabs, automationTabParsed } = useMainPanelTabs({
-    virtualMcpId,
-    taskId,
-  });
+  const { activeTab, layoutTabs, expandedTools, automationTabParsed } =
+    useMainPanelTabs({
+      virtualMcpId,
+      taskId,
+    });
 
-  if (activeTab === "instructions") {
-    return <InstructionsTab virtualMcpId={virtualMcpId} />;
+  if (isLegacySettingsTab(activeTab)) {
+    return <SettingsTab virtualMcpId={virtualMcpId} />;
   }
-  if (activeTab === "connections") {
-    return <ConnectionsTab virtualMcpId={virtualMcpId} />;
+  if (activeTab === "git") {
+    return <GitTab virtualMcpId={virtualMcpId} />;
   }
   if (activeTab === "automations") {
     return <AutomationsListTab virtualMcpId={virtualMcpId} />;
   }
-  if (activeTab === "layout") {
-    return <LayoutTab virtualMcpId={virtualMcpId} />;
-  }
   if (activeTab === "env") {
     return <EnvTab virtualMcpId={virtualMcpId} />;
   }
@@ -57,15 +54,20 @@ export function MainPanelContent({
     return <PreviewTab virtualMcpId={virtualMcpId} />;
   }
   if (automationTabParsed) {
-    return <AutomationTab tabId={activeTab} virtualMcpId={virtualMcpId} />;
+    return <AutomationTab tabId={activeTab} />;
   }
 
   const pinnedView = parsePinnedViewTabId(activeTab);
   if (pinnedView) {
+    const expandedTool = expandedTools.find(
+      (t) =>
+        t.appId === pinnedView.connectionId &&
+        t.toolName === pinnedView.toolName,
+    );
     return (
       <Suspense
         fallback={
-          <div className="flex-1 flex items-center justify-center">
+          <div className="h-full w-full flex items-center justify-center">
             <Loading01
               size={20}
               className="animate-spin text-muted-foreground"
@@ -77,6 +79,7 @@ export function MainPanelContent({
           key={activeTab}
           connectionId={pinnedView.connectionId}
           toolName={pinnedView.toolName}
+          args={expandedTool?.args}
         />
       </Suspense>
     );
@@ -87,7 +90,7 @@ export function MainPanelContent({
     return (
       <Suspense
         fallback={
-          <div className="flex-1 flex items-center justify-center">
+          <div className="h-full w-full flex items-center justify-center">
             <Loading01
               size={20}
               className="animate-spin text-muted-foreground"
@@ -99,10 +102,11 @@ export function MainPanelContent({
           key={activeTab}
           connectionId={agentTab.view.appId}
           toolName={agentTab.id}
+          args={agentTab.view.args}
         />
       </Suspense>
     );
   }
 
-  return <InstructionsTab virtualMcpId={virtualMcpId} />;
+  return <SettingsTab virtualMcpId={virtualMcpId} />;
 }
diff --git a/apps/mesh/src/web/layouts/main-panel-tabs/instructions-tab.tsx b/apps/mesh/src/web/layouts/main-panel-tabs/instructions-tab.tsx
deleted file mode 100644
index 2803a17040..0000000000
--- a/apps/mesh/src/web/layouts/main-panel-tabs/instructions-tab.tsx
+++ /dev/null
@@ -1,12 +0,0 @@
-import { VirtualMcpDetailView } from "@/web/views/virtual-mcp";
-
-export function InstructionsTab({ virtualMcpId }: { virtualMcpId: string }) {
-  return (
-    <VirtualMcpDetailView
-      virtualMcpId={virtualMcpId}
-      forceTab="instructions"
-      hideOwnTabBar
-      hideOwnTitle
-    />
-  );
-}
diff --git a/apps/mesh/src/web/layouts/main-panel-tabs/layout-tab.tsx b/apps/mesh/src/web/layouts/main-panel-tabs/layout-tab.tsx
deleted file mode 100644
index b109016c70..0000000000
--- a/apps/mesh/src/web/layouts/main-panel-tabs/layout-tab.tsx
+++ /dev/null
@@ -1,12 +0,0 @@
-import { VirtualMcpDetailView } from "@/web/views/virtual-mcp";
-
-export function LayoutTab({ virtualMcpId }: { virtualMcpId: string }) {
-  return (
-    <VirtualMcpDetailView
-      virtualMcpId={virtualMcpId}
-      forceTab="layout"
-      hideOwnTabBar
-      hideOwnTitle
-    />
-  );
-}
diff --git a/apps/mesh/src/web/layouts/main-panel-tabs/main-panel-tabs-bar.tsx b/apps/mesh/src/web/layouts/main-panel-tabs/main-panel-tabs-bar.tsx
index a76029656f..c26cccbae9 100644
--- a/apps/mesh/src/web/layouts/main-panel-tabs/main-panel-tabs-bar.tsx
+++ b/apps/mesh/src/web/layouts/main-panel-tabs/main-panel-tabs-bar.tsx
@@ -25,6 +25,7 @@ import { useMainPanelTabs, type Tab } from "./use-main-panel-tabs";
 import { selectTabSlots } from "./select-tab-slots";
 import { HeaderTabButton } from "./header-tab-button";
 import { TabOverflowMenu } from "./tab-overflow-menu";
+import { track } from "@/web/lib/posthog-client";
 
 const MAX_VISIBLE_TABS = 6;
 
@@ -58,6 +59,14 @@ export function MainPanelTabsBar({
   );
 
   const handleSelect = (id: string) => {
+    const clicked = tabs.find((t) => t.id === id);
+    const wasActive = effectiveActiveId === id && mainOpen;
+    track("main_panel_tab_clicked", {
+      virtual_mcp_id: virtualMcpId,
+      tab_id: id,
+      tab_kind: clicked?.kind ?? null,
+      was_active: wasActive,
+    });
     if (id === "automations") {
       const target = resolveAutomationsPillClickTarget({
         activeTab,
diff --git a/apps/mesh/src/web/layouts/main-panel-tabs/resolve-tab-icon.test.ts b/apps/mesh/src/web/layouts/main-panel-tabs/resolve-tab-icon.test.ts
index 6053e373ce..e5bb5ce495 100644
--- a/apps/mesh/src/web/layouts/main-panel-tabs/resolve-tab-icon.test.ts
+++ b/apps/mesh/src/web/layouts/main-panel-tabs/resolve-tab-icon.test.ts
@@ -1,17 +1,16 @@
 import { describe, expect, test } from "bun:test";
-import { BookOpen01, Lightning01, ZapSquare } from "@untitledui/icons";
+import { LayoutAlt04, Lightning01 } from "@untitledui/icons";
 import { resolveTabIcon, SYSTEM_TAB_ICONS } from "./resolve-tab-icon";
 
 type TestConn = { id: string; icon: string | null };
 
 describe("SYSTEM_TAB_ICONS", () => {
   test("covers every fixed system tab", () => {
-    expect(SYSTEM_TAB_ICONS.instructions).toBe(BookOpen01);
-    expect(SYSTEM_TAB_ICONS.connections).toBe(ZapSquare);
+    expect(SYSTEM_TAB_ICONS.settings).toBe(LayoutAlt04);
     expect(SYSTEM_TAB_ICONS.automations).toBe(Lightning01);
-    expect(SYSTEM_TAB_ICONS.layout).toBeDefined();
     expect(SYSTEM_TAB_ICONS.env).toBeDefined();
     expect(SYSTEM_TAB_ICONS.preview).toBeDefined();
+    expect(SYSTEM_TAB_ICONS.git).toBeDefined();
   });
 });
 
@@ -24,11 +23,11 @@ describe("resolveTabIcon", () => {
   test("system tab → component icon from SYSTEM_TAB_ICONS", () => {
     expect(
       resolveTabIcon({
-        tabId: "instructions",
+        tabId: "settings",
         kind: "system",
         connections: conns,
       }),
-    ).toEqual({ kind: "component", Component: BookOpen01 });
+    ).toEqual({ kind: "component", Component: LayoutAlt04 });
   });
 
   test("agent ext-app with connection icon URL → url kind", () => {
diff --git a/apps/mesh/src/web/layouts/main-panel-tabs/resolve-tab-icon.ts b/apps/mesh/src/web/layouts/main-panel-tabs/resolve-tab-icon.ts
index 31b2aa8042..5ea628e47c 100644
--- a/apps/mesh/src/web/layouts/main-panel-tabs/resolve-tab-icon.ts
+++ b/apps/mesh/src/web/layouts/main-panel-tabs/resolve-tab-icon.ts
@@ -1,11 +1,10 @@
 import type { ComponentType, SVGProps } from "react";
 import {
-  BookOpen01,
+  GitBranch01,
   Globe01,
   LayoutAlt04,
   Lightning01,
   Terminal,
-  ZapSquare,
 } from "@untitledui/icons";
 import { getIconComponent, parseIconString } from "../../components/agent-icon";
 
@@ -19,20 +18,18 @@ export type TabIcon =
   | { kind: "fallback" };
 
 export type SystemTabId =
-  | "instructions"
-  | "connections"
+  | "settings"
   | "automations"
-  | "layout"
   | "env"
-  | "preview";
+  | "preview"
+  | "git";
 
 export const SYSTEM_TAB_ICONS: Record<SystemTabId, IconComponent> = {
-  instructions: BookOpen01,
-  connections: ZapSquare,
+  settings: LayoutAlt04,
   automations: Lightning01,
-  layout: LayoutAlt04,
   env: Terminal,
   preview: Globe01,
+  git: GitBranch01,
 };
 
 type ConnectionLike = { id: string; icon: string | null };
diff --git a/apps/mesh/src/web/layouts/main-panel-tabs/settings-tab.tsx b/apps/mesh/src/web/layouts/main-panel-tabs/settings-tab.tsx
new file mode 100644
index 0000000000..5e563f8686
--- /dev/null
+++ b/apps/mesh/src/web/layouts/main-panel-tabs/settings-tab.tsx
@@ -0,0 +1,5 @@
+import { VirtualMcpDetailView } from "@/web/views/virtual-mcp";
+
+export function SettingsTab({ virtualMcpId }: { virtualMcpId: string }) {
+  return <VirtualMcpDetailView virtualMcpId={virtualMcpId} hideOwnTitle />;
+}
diff --git a/apps/mesh/src/web/layouts/main-panel-tabs/tab-id.test.ts b/apps/mesh/src/web/layouts/main-panel-tabs/tab-id.test.ts
index 7fc3dc1f31..f94c6f326c 100644
--- a/apps/mesh/src/web/layouts/main-panel-tabs/tab-id.test.ts
+++ b/apps/mesh/src/web/layouts/main-panel-tabs/tab-id.test.ts
@@ -1,5 +1,6 @@
 import { describe, expect, test } from "bun:test";
 import {
+  isLegacySettingsTab,
   parseAutomationTabId,
   resolveDefaultTabId,
   resolveActiveTabAndOpen,
@@ -16,8 +17,8 @@ describe("parseAutomationTabId", () => {
   });
 
   test("non-automation tab → null", () => {
-    expect(parseAutomationTabId("instructions")).toBeNull();
-    expect(parseAutomationTabId("layout")).toBeNull();
+    expect(parseAutomationTabId("settings")).toBeNull();
+    expect(parseAutomationTabId("preview")).toBeNull();
     expect(parseAutomationTabId(undefined)).toBeNull();
     expect(parseAutomationTabId("0")).toBeNull();
   });
@@ -27,13 +28,30 @@ describe("parseAutomationTabId", () => {
   });
 });
 
+describe("isLegacySettingsTab", () => {
+  test("legacy tab ids → true", () => {
+    expect(isLegacySettingsTab("instructions")).toBe(true);
+    expect(isLegacySettingsTab("connections")).toBe(true);
+    expect(isLegacySettingsTab("layout")).toBe(true);
+    expect(isLegacySettingsTab("settings")).toBe(true);
+  });
+
+  test("non-legacy tab ids → false", () => {
+    expect(isLegacySettingsTab("automations")).toBe(false);
+    expect(isLegacySettingsTab("env")).toBe(false);
+    expect(isLegacySettingsTab("preview")).toBe(false);
+    expect(isLegacySettingsTab("git")).toBe(false);
+    expect(isLegacySettingsTab(undefined)).toBe(false);
+  });
+});
+
 describe("resolveDefaultTabId", () => {
-  test("null metadata → 'instructions'", () => {
-    expect(resolveDefaultTabId(null)).toBe("instructions");
+  test("null metadata → 'settings'", () => {
+    expect(resolveDefaultTabId(null)).toBe("settings");
   });
 
-  test("defaultMainView null → 'instructions'", () => {
-    expect(resolveDefaultTabId({ defaultMainView: null })).toBe("instructions");
+  test("defaultMainView null → 'settings'", () => {
+    expect(resolveDefaultTabId({ defaultMainView: null })).toBe("settings");
   });
 
   test("ext-app with id → id", () => {
@@ -63,13 +81,13 @@ describe("resolveDefaultTabId", () => {
     ).toBe("t1");
   });
 
-  test("ext-app id not in declared tabs and no tabs → 'instructions'", () => {
+  test("ext-app id not in declared tabs and no tabs → 'settings'", () => {
     expect(
       resolveDefaultTabId({
         defaultMainView: { type: "ext-app", id: "stale" },
         tabs: [],
       }),
-    ).toBe("instructions");
+    ).toBe("settings");
   });
 
   test("ext-apps with id + toolName → pinned-view tab id", () => {
@@ -85,21 +103,21 @@ describe("resolveDefaultTabId", () => {
     ).toBe("app:conn-abc:hello_world");
   });
 
-  test("instructions → 'instructions'", () => {
+  test("legacy instructions → 'settings'", () => {
     expect(
       resolveDefaultTabId({ defaultMainView: { type: "instructions" } }),
-    ).toBe("instructions");
+    ).toBe("settings");
   });
 
-  test("connections → 'connections'", () => {
+  test("legacy connections → 'settings'", () => {
     expect(
       resolveDefaultTabId({ defaultMainView: { type: "connections" } }),
-    ).toBe("connections");
+    ).toBe("settings");
   });
 
-  test("layout → 'layout'", () => {
+  test("legacy layout → 'settings'", () => {
     expect(resolveDefaultTabId({ defaultMainView: { type: "layout" } })).toBe(
-      "layout",
+      "settings",
     );
   });
 
@@ -109,22 +127,22 @@ describe("resolveDefaultTabId", () => {
     );
   });
 
-  test("legacy settings → 'layout'", () => {
-    expect(resolveDefaultTabId({ defaultMainView: { type: "settings" } })).toBe(
-      "layout",
-    );
-  });
-
   test("preview → 'preview'", () => {
     expect(resolveDefaultTabId({ defaultMainView: { type: "preview" } })).toBe(
       "preview",
     );
   });
 
-  test("unknown type falls back to 'instructions'", () => {
+  test("git → 'git'", () => {
+    expect(resolveDefaultTabId({ defaultMainView: { type: "git" } })).toBe(
+      "git",
+    );
+  });
+
+  test("unknown type falls back to 'settings'", () => {
     expect(
       resolveDefaultTabId({ defaultMainView: { type: "automation" } }),
-    ).toBe("instructions");
+    ).toBe("settings");
   });
 });
 
@@ -140,10 +158,10 @@ describe("resolveActiveTabAndOpen", () => {
     ).toEqual({ mainOpen: true, activeTab: "analytics" });
   });
 
-  test("?main absent + no defaultMainView → closed, tab = 'instructions'", () => {
+  test("?main absent + no defaultMainView → closed, tab = 'settings'", () => {
     expect(
       resolveActiveTabAndOpen({ mainParam: undefined, metadata: null }),
-    ).toEqual({ mainOpen: false, activeTab: "instructions" });
+    ).toEqual({ mainOpen: false, activeTab: "settings" });
   });
 
   test("?main absent + defaultMainView.type === 'chat' → closed (aligns with resolveDefaultPanelState)", () => {
@@ -152,7 +170,7 @@ describe("resolveActiveTabAndOpen", () => {
         mainParam: undefined,
         metadata: { defaultMainView: { type: "chat" } },
       }),
-    ).toEqual({ mainOpen: false, activeTab: "instructions" });
+    ).toEqual({ mainOpen: false, activeTab: "settings" });
   });
 
   test("?main=0 → closed, tab = default", () => {
@@ -161,10 +179,28 @@ describe("resolveActiveTabAndOpen", () => {
     );
   });
 
-  test("?main=layout → open, tab = 'layout'", () => {
+  test("?main=settings → open, tab = 'settings'", () => {
+    expect(
+      resolveActiveTabAndOpen({ mainParam: "settings", metadata: meta }),
+    ).toEqual({ mainOpen: true, activeTab: "settings" });
+  });
+
+  test("?main=instructions (legacy) → open, tab = 'settings'", () => {
+    expect(
+      resolveActiveTabAndOpen({ mainParam: "instructions", metadata: meta }),
+    ).toEqual({ mainOpen: true, activeTab: "settings" });
+  });
+
+  test("?main=connections (legacy) → open, tab = 'settings'", () => {
+    expect(
+      resolveActiveTabAndOpen({ mainParam: "connections", metadata: meta }),
+    ).toEqual({ mainOpen: true, activeTab: "settings" });
+  });
+
+  test("?main=layout (legacy) → open, tab = 'settings'", () => {
     expect(
       resolveActiveTabAndOpen({ mainParam: "layout", metadata: meta }),
-    ).toEqual({ mainOpen: true, activeTab: "layout" });
+    ).toEqual({ mainOpen: true, activeTab: "settings" });
   });
 
   test("?main=automation:abc → open, tab = 'automation:abc'", () => {
@@ -175,14 +211,20 @@ describe("resolveActiveTabAndOpen", () => {
       }),
     ).toEqual({ mainOpen: true, activeTab: "automation:abc" });
   });
+
+  test("?main=git → open, tab = 'git'", () => {
+    expect(
+      resolveActiveTabAndOpen({ mainParam: "git", metadata: meta }),
+    ).toEqual({ mainOpen: true, activeTab: "git" });
+  });
 });
 
 describe("resolveTabClickTarget", () => {
   test("clicking active tab while panel open → close ('0')", () => {
     expect(
       resolveTabClickTarget({
-        clickedId: "layout",
-        activeTab: "layout",
+        clickedId: "settings",
+        activeTab: "settings",
         mainOpen: true,
       }),
     ).toBe("0");
@@ -191,28 +233,28 @@ describe("resolveTabClickTarget", () => {
   test("clicking non-active tab while panel open → clicked id", () => {
     expect(
       resolveTabClickTarget({
-        clickedId: "connections",
-        activeTab: "layout",
+        clickedId: "env",
+        activeTab: "settings",
         mainOpen: true,
       }),
-    ).toBe("connections");
+    ).toBe("env");
   });
 
   test("clicking any tab while panel closed → clicked id (open it)", () => {
     expect(
       resolveTabClickTarget({
-        clickedId: "layout",
-        activeTab: "layout",
+        clickedId: "settings",
+        activeTab: "settings",
         mainOpen: false,
       }),
-    ).toBe("layout");
+    ).toBe("settings");
     expect(
       resolveTabClickTarget({
-        clickedId: "instructions",
-        activeTab: "layout",
+        clickedId: "preview",
+        activeTab: "settings",
         mainOpen: false,
       }),
-    ).toBe("instructions");
+    ).toBe("preview");
   });
 });
 
@@ -246,10 +288,10 @@ describe("isAutomationsPillActive", () => {
 
   test("non-automation tab → false", () => {
     expect(
-      isAutomationsPillActive({ activeTab: "instructions", mainOpen: true }),
+      isAutomationsPillActive({ activeTab: "settings", mainOpen: true }),
     ).toBe(false);
     expect(
-      isAutomationsPillActive({ activeTab: "connections", mainOpen: true }),
+      isAutomationsPillActive({ activeTab: "preview", mainOpen: true }),
     ).toBe(false);
   });
 });
@@ -294,7 +336,7 @@ describe("resolveAutomationsPillClickTarget", () => {
   test("on unrelated tab → open list", () => {
     expect(
       resolveAutomationsPillClickTarget({
-        activeTab: "instructions",
+        activeTab: "settings",
         mainOpen: true,
       }),
     ).toBe("automations");
diff --git a/apps/mesh/src/web/layouts/main-panel-tabs/tab-id.ts b/apps/mesh/src/web/layouts/main-panel-tabs/tab-id.ts
index fc69376dc4..ff9cc61f3a 100644
--- a/apps/mesh/src/web/layouts/main-panel-tabs/tab-id.ts
+++ b/apps/mesh/src/web/layouts/main-panel-tabs/tab-id.ts
@@ -2,12 +2,17 @@
  * Pure helpers for the `?main=<tabId>|0` URL model.
  *
  * Tab id grammar:
- *   - Fixed system: "instructions" | "connections" | "layout" | "env" | "preview"
+ *   - Fixed system: "settings" | "automations" | "env" | "preview" | "git"
+ *   - Legacy fixed system (redirected to "settings"): "instructions" | "connections" | "layout"
  *   - Agent-declared: <agentTab.id> (from virtualMcp.metadata.ui.layout.tabs)
  *   - Expanded-from-chat: <toolName> (from task.metadata.expanded_tools)
  *   - Pinned view: "app:<connectionId>:<toolName>" (from metadata.ui.pinnedViews)
  *   - Ephemeral automation: "automation:<id>"
  *   - "0" = closed sentinel (not an actual tab id)
+ *
+ * The "settings" tab bundles what used to be separate instructions,
+ * connections, and layout tabs. GitHub-linked Virtual MCPs expose an
+ * additional "git" tab (branch/PR panel) alongside settings.
  */
 
 export interface EntityLayoutMetadata {
@@ -63,29 +68,43 @@ export function parsePinnedViewTabId(
 }
 
 export const FIXED_SYSTEM_TABS = [
-  "instructions",
-  "connections",
+  "settings",
   "automations",
-  "layout",
   "env",
   "preview",
+  "git",
 ] as const;
 
 const FIXED_SYSTEM_TAB_SET = new Set<string>(FIXED_SYSTEM_TABS);
 
+/**
+ * Legacy tab ids that were merged into the unified "settings" tab. Kept
+ * here so saved defaults / URL state migrate cleanly.
+ */
+const LEGACY_SETTINGS_TABS = new Set<string>([
+  "instructions",
+  "connections",
+  "layout",
+  "settings",
+]);
+
+export function isLegacySettingsTab(tabId: string | undefined): boolean {
+  return !!tabId && LEGACY_SETTINGS_TABS.has(tabId);
+}
+
 export function resolveDefaultTabId(
   metadata: EntityLayoutMetadata | null,
 ): string {
   const def = metadata?.defaultMainView ?? null;
-  if (!def) return "instructions";
+  if (!def) return "settings";
+
+  // Legacy tab ids (instructions/connections/layout) now live inside the
+  // unified "settings" tab.
+  if (LEGACY_SETTINGS_TABS.has(def.type)) return "settings";
 
   // Direct mapping for any fixed system tab id.
   if (FIXED_SYSTEM_TAB_SET.has(def.type)) return def.type;
 
-  // Legacy: "settings" used to be its own tab; the settings card now
-  // lives inside the Layout tab.
-  if (def.type === "settings") return "layout";
-
   if (def.type === "ext-app" || def.type === "ext-apps") {
     // Pinned view default: { type: "ext-apps", id: connectionId, toolName }.
     // Round-trip as the composite pinned-view tab id so the pinned-view
@@ -95,10 +114,10 @@ export function resolveDefaultTabId(
     }
     const declaredTabIds = metadata?.tabs?.map((t) => t.id) ?? [];
     if (def.id && declaredTabIds.includes(def.id)) return def.id;
-    return declaredTabIds[0] ?? "instructions";
+    return declaredTabIds[0] ?? "settings";
   }
 
-  return metadata?.tabs?.[0]?.id ?? "instructions";
+  return metadata?.tabs?.[0]?.id ?? "settings";
 }
 
 export function resolveActiveTabAndOpen(ctx: {
@@ -118,6 +137,10 @@ export function resolveActiveTabAndOpen(ctx: {
     const defaultIsChat = view == null || view.type === "chat";
     return { mainOpen: !defaultIsChat, activeTab: def };
   }
+  // Legacy ids coming from URL state migrate to the unified settings tab.
+  if (LEGACY_SETTINGS_TABS.has(ctx.mainParam)) {
+    return { mainOpen: true, activeTab: "settings" };
+  }
   return { mainOpen: true, activeTab: ctx.mainParam };
 }
 
diff --git a/apps/mesh/src/web/layouts/main-panel-tabs/use-main-panel-tabs.ts b/apps/mesh/src/web/layouts/main-panel-tabs/use-main-panel-tabs.ts
index 62f8078388..7e31cdd34d 100644
--- a/apps/mesh/src/web/layouts/main-panel-tabs/use-main-panel-tabs.ts
+++ b/apps/mesh/src/web/layouts/main-panel-tabs/use-main-panel-tabs.ts
@@ -21,6 +21,7 @@ import {
 } from "@decocms/mesh-sdk";
 import { KEYS } from "@/web/lib/query-keys";
 import { getActiveGithubRepo } from "@/web/lib/github-repo";
+import { useChatTask } from "@/web/components/chat/index";
 import type {
   ThreadExpandedTool,
   ThreadMetadata,
@@ -67,6 +68,7 @@ function useTaskMetadata(taskId: string): ThreadMetadata | null {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const { data } = useSuspenseQuery({
     queryKey: KEYS.threadMetadata(taskId),
@@ -95,9 +97,12 @@ export function useMainPanelTabs(ctx: {
   taskId: string;
 }): MainPanelTabs {
   const navigate = useNavigate();
-  const search = useSearch({ strict: false }) as { main?: string };
+  const search = useSearch({ strict: false }) as {
+    main?: string;
+  };
   const entity = useVirtualMCP(ctx.virtualMcpId);
   const metadata = useTaskMetadata(ctx.taskId);
+  const { currentBranch } = useChatTask();
 
   const entityUI =
     (
@@ -140,16 +145,18 @@ export function useMainPanelTabs(ctx: {
 
   const automationTabParsed = parseAutomationTabId(activeTab);
 
-  const systemTabs: Array<{ id: string; title: string }> = [
-    { id: "instructions", title: "Instructions" },
-    { id: "connections", title: "Connections" },
-    { id: "automations", title: "Automations" },
-    { id: "layout", title: "Layout" },
-  ];
+  // Unified "settings" tab bundles instructions, connections, and layout
+  // into a single detail view. On GitHub-linked vMCPs the contextual
+  // work tabs (Preview, Terminal, git) come first so they're closest
+  // to the panel; Settings + Automations stay anchored at the right.
+  const systemTabs: Array<{ id: string; title: string }> = [];
   if (hasActiveGithubRepo) {
-    systemTabs.push({ id: "env", title: "Terminal" });
     systemTabs.push({ id: "preview", title: "Preview" });
+    systemTabs.push({ id: "env", title: "Terminal" });
+    systemTabs.push({ id: "git", title: currentBranch ?? "git" });
   }
+  systemTabs.push({ id: "settings", title: "Settings" });
+  systemTabs.push({ id: "automations", title: "Automations" });
 
   // Merge pinned views + per-task expanded tools into a single list keyed
   // by the pinned-view tab id. Pinned views win on dedupe so the
@@ -186,16 +193,6 @@ export function useMainPanelTabs(ctx: {
   }
 
   const tabs: Tab[] = [
-    ...systemTabs.map((t) => ({
-      id: t.id,
-      title: t.title,
-      kind: "system" as const,
-      icon: resolveTabIcon({
-        tabId: t.id,
-        kind: "system",
-        connections,
-      }),
-    })),
     ...layoutTabs.map((t) => ({
       id: t.id,
       title: t.title,
@@ -219,6 +216,16 @@ export function useMainPanelTabs(ctx: {
         connections,
       }),
     })),
+    ...systemTabs.map((t) => ({
+      id: t.id,
+      title: t.title,
+      kind: "system" as const,
+      icon: resolveTabIcon({
+        tabId: t.id,
+        kind: "system",
+        connections,
+      }),
+    })),
   ];
 
   const setActiveTab = (id: string) => {
diff --git a/apps/mesh/src/web/layouts/org-home/index.tsx b/apps/mesh/src/web/layouts/org-home/index.tsx
new file mode 100644
index 0000000000..e96b7204b3
--- /dev/null
+++ b/apps/mesh/src/web/layouts/org-home/index.tsx
@@ -0,0 +1,20 @@
+/**
+ * OrgHome — leaf component for /$org/. Renders HomePage inside the same
+ * panel chrome the chat surface uses, full-bleed (no chat-main split).
+ *
+ * No Chat.Provider, no ActiveTaskProvider — the home composer is wired
+ * to the home submit path (URL autosend handoff) via Chat.Input's
+ * optional-context fallback.
+ */
+
+import { HomePage } from "@/web/layouts/home-page";
+
+export default function OrgHome() {
+  return (
+    <div className="flex-1 min-h-0 p-1.5 overflow-hidden">
+      <div className="flex h-full flex-col bg-background overflow-hidden card-shadow rounded-[0.75rem]">
+        <HomePage />
+      </div>
+    </div>
+  );
+}
diff --git a/apps/mesh/src/web/layouts/org-shell-layout/index.tsx b/apps/mesh/src/web/layouts/org-shell-layout/index.tsx
new file mode 100644
index 0000000000..6356145d19
--- /dev/null
+++ b/apps/mesh/src/web/layouts/org-shell-layout/index.tsx
@@ -0,0 +1,91 @@
+/**
+ * Org Shell Layout
+ *
+ * Shared parent for `/$org/` (home) and `/$org/$taskId` (chat). Owns the
+ * sidebar + toolbar shell + ChatPrefsProvider. The org-wide tasks panel lives
+ * here, outside child-route Suspense, so it stays mounted while the active
+ * task/chat content switches.
+ */
+
+import { Suspense } from "react";
+import {
+  SidebarInset,
+  SidebarLayout,
+  SidebarProvider,
+} from "@deco/ui/components/sidebar.tsx";
+import { useIsMobile } from "@deco/ui/hooks/use-mobile.ts";
+import { Loading01 } from "@untitledui/icons";
+import { Outlet, useParams } from "@tanstack/react-router";
+import { StudioSidebar } from "@/web/components/sidebar";
+import { ChatPrefsProvider } from "@/web/components/chat/context";
+import { TasksPanelStateProvider } from "@/web/hooks/use-tasks-panel-state";
+import { Toolbar } from "@/web/layouts/agent-shell-layout/toolbar";
+import { TasksPanelColumn } from "@/web/layouts/agent-shell-layout/tasks-panel-column";
+
+function RouteFallback() {
+  return (
+    <div className="flex-1 flex items-center justify-center">
+      <Loading01 size={20} className="animate-spin text-muted-foreground" />
+    </div>
+  );
+}
+
+export default function OrgShellLayout() {
+  const isMobile = useIsMobile();
+  const params = useParams({ strict: false }) as { taskId?: string };
+  const hasTaskRoute = Boolean(params.taskId);
+
+  return (
+    <SidebarProvider defaultOpen={false}>
+      <div className="flex flex-col h-dvh overflow-hidden">
+        <SidebarLayout
+          className="flex-1 bg-sidebar"
+          style={
+            {
+              "--sidebar-width-icon": "3.5rem",
+            } as Record<string, string>
+          }
+        >
+          <StudioSidebar />
+          <SidebarInset
+            className="flex flex-col"
+            style={{
+              background: "transparent",
+              containerType: "inline-size",
+            }}
+          >
+            <ChatPrefsProvider>
+              <TasksPanelStateProvider>
+                {isMobile ? (
+                  <Suspense fallback={<RouteFallback />}>
+                    <Outlet />
+                  </Suspense>
+                ) : (
+                  <Toolbar>
+                    <Toolbar.Header>
+                      <Toolbar.LeftColumn>
+                        <Toolbar.Nav />
+                        <Toolbar.TogglesSlot />
+                      </Toolbar.LeftColumn>
+                      <Toolbar.CenterSlot />
+                      <Toolbar.RightColumn>
+                        <Toolbar.TabsSlot />
+                        <Toolbar.RightSlot />
+                      </Toolbar.RightColumn>
+                    </Toolbar.Header>
+                    <div className="flex-1 min-h-0 flex flex-row">
+                      {hasTaskRoute && <TasksPanelColumn />}
+                      <Suspense fallback={<RouteFallback />}>
+                        <Outlet />
+                      </Suspense>
+                    </div>
+                  </Toolbar>
+                )}
+              </TasksPanelStateProvider>
+            </ChatPrefsProvider>
+          </SidebarInset>
+        </SidebarLayout>
+      </div>
+    </SidebarProvider>
+  );
+}
diff --git a/apps/mesh/src/web/layouts/plugin-layout.tsx b/apps/mesh/src/web/layouts/plugin-layout.tsx
index 901e4b9dcb..c96604f418 100644
--- a/apps/mesh/src/web/layouts/plugin-layout.tsx
+++ b/apps/mesh/src/web/layouts/plugin-layout.tsx
@@ -117,6 +117,7 @@ export function PluginLayout({
   const selfClient = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const { data: pluginConfig, isLoading: isLoadingConfig } = useQuery({
@@ -145,6 +146,7 @@ export function PluginLayout({
   const configuredClient = useMCPClientOptional({
     connectionId: configuredConnection?.id,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   // Build session for context (always available)
diff --git a/apps/mesh/src/web/layouts/settings-layout.tsx b/apps/mesh/src/web/layouts/settings-layout.tsx
index 4b18e0bac7..45dbcab570 100644
--- a/apps/mesh/src/web/layouts/settings-layout.tsx
+++ b/apps/mesh/src/web/layouts/settings-layout.tsx
@@ -31,8 +31,10 @@ import {
   CpuChip01,
   Loading01,
   Lock01,
+  LogOut01,
   Menu01,
   PackageCheck,
+  Shield01,
   User01,
   Users03,
   Zap,
@@ -42,6 +44,8 @@ import { useIsMobile } from "@deco/ui/hooks/use-mobile.ts";
 import { Suspense } from "react";
 import { pluginSettingsSidebarItems } from "@/web/index";
 import { useStatusSounds } from "../hooks/use-status-sounds";
+import { authClient } from "@/web/lib/auth-client";
+import { track } from "@/web/lib/posthog-client";
 
 interface SettingsNavItem {
   key: string;
@@ -65,7 +69,7 @@ function useSettingsSidebarGroups(): SettingsNavGroup[] {
 
   const groups: SettingsNavGroup[] = [
     {
-      label: "",
+      label: "Organization",
       items: [
         {
           key: "general",
@@ -73,6 +77,23 @@ function useSettingsSidebarGroups(): SettingsNavGroup[] {
           icon: <Building02 size={14} />,
           to: "/$org/settings/general",
         },
+        {
+          key: "brand-context",
+          label: "Brand Context",
+          icon: <BookOpen01 size={14} />,
+          to: "/$org/settings/brand-context",
+        },
+        {
+          key: "ai-providers",
+          label: "AI Providers",
+          icon: <CpuChip01 size={14} />,
+          to: "/$org/settings/ai-providers",
+        },
+      ],
+    },
+    {
+      label: "Build",
+      items: [
         {
           key: "connections",
           label: "Connections",
@@ -97,18 +118,11 @@ function useSettingsSidebarGroups(): SettingsNavGroup[] {
           icon: <PackageCheck size={14} />,
           to: "/$org/settings/store",
         },
-        {
-          key: "brand-context",
-          label: "Brand Context",
-          icon: <BookOpen01 size={14} />,
-          to: "/$org/settings/brand-context",
-        },
-        {
-          key: "ai-providers",
-          label: "AI Providers",
-          icon: <CpuChip01 size={14} />,
-          to: "/$org/settings/ai-providers",
-        },
+      ],
+    },
+    {
+      label: "Manage",
+      items: [
         {
           key: "monitor",
           label: "Monitor",
@@ -121,16 +135,22 @@ function useSettingsSidebarGroups(): SettingsNavGroup[] {
           icon: <Users03 size={14} />,
           to: "/$org/settings/members",
         },
+        {
+          key: "roles",
+          label: "Roles",
+          icon: <Shield01 size={14} />,
+          to: "/$org/settings/roles",
+        },
         {
           key: "sso",
-          label: "SSO",
+          label: "Security",
           icon: <Lock01 size={14} />,
           to: "/$org/settings/sso",
         },
       ],
     },
     {
-      label: "",
+      label: "Extensions",
       items: [
         {
           key: "features",
@@ -141,20 +161,19 @@ function useSettingsSidebarGroups(): SettingsNavGroup[] {
         ...enabledSettingsItems,
       ],
     },
+    {
+      label: "Account",
+      items: [
+        {
+          key: "profile",
+          label: "Profile & Preferences",
+          icon: <User01 size={14} />,
+          to: "/$org/settings/profile",
+        },
+      ],
+    },
   ];
 
-  groups.push({
-    label: "",
-    items: [
-      {
-        key: "profile",
-        label: "Profile & Preferences",
-        icon: <User01 size={14} />,
-        to: "/$org/settings/profile",
-      },
-    ],
-  });
-
   return groups;
 }
 
@@ -198,9 +217,13 @@ export function SettingsSidebar() {
             key={`${group.label}-${i}`}
             className="pt-0 pr-0 pb-0 pl-0"
           >
-            {i > 0 && <div className="mx-2 my-2 border-t border-border/50" />}
             {group.label && (
-              <p className="px-2 py-1.5 text-xs font-semibold text-muted-foreground/60">
+              <p
+                className={cn(
+                  "px-2 pt-1.5 pb-0.5 text-xs font-medium text-muted-foreground/60",
+                  i > 0 && "mt-3",
+                )}
+              >
                 {group.label}
               </p>
             )}
@@ -212,6 +235,13 @@ export function SettingsSidebar() {
                       <Link
                         to={item.to}
                         params={{ org }}
+                        onClick={() =>
+                          track("settings_nav_clicked", {
+                            section_key: item.key,
+                            section_label: item.label,
+                            group_label: group.label || "main",
+                          })
+                        }
                         className="flex items-center gap-2.5 text-sm"
                       >
                         <span className="shrink-0">{item.icon}</span>
@@ -224,6 +254,29 @@ export function SettingsSidebar() {
             </SidebarGroupContent>
           </SidebarGroup>
         ))}
+
+        {/* Sign Out */}
+        <SidebarGroup className="pt-0 pr-0 pb-0 pl-0">
+          <div className="mx-2 my-2 border-t border-border/50" />
+          <SidebarGroupContent>
+            <SidebarMenu className="gap-0.5">
+              <SidebarMenuItem>
+                <SidebarMenuButton
+                  onClick={() => {
+                    track("signed_out", { source: "settings_sidebar" });
+                    authClient.signOut();
+                  }}
+                  className="flex items-center gap-2.5 text-sm"
+                >
+                  <span className="shrink-0">
+                    <LogOut01 size={14} />
+                  </span>
+                  <span className="truncate">Sign Out</span>
+                </SidebarMenuButton>
+              </SidebarMenuItem>
+            </SidebarMenu>
+          </SidebarGroupContent>
+        </SidebarGroup>
       </SidebarContent>
 
       {/* Version */}
@@ -267,7 +320,16 @@ export function SettingsSidebarMobile({ onClose }: { onClose: () => void }) {
       <div className="flex flex-col flex-1 overflow-y-auto px-2 py-2 gap-0.5">
         {groups.map((group, i) => (
           <div key={`${group.label}-${i}`} className="flex flex-col gap-0.5">
-            {i > 0 && <div className="h-px bg-border/50 my-2" />}
+            {group.label && (
+              <p
+                className={cn(
+                  "px-3 pt-1.5 pb-0.5 text-xs font-medium text-muted-foreground/60",
+                  i > 0 && "mt-3",
+                )}
+              >
+                {group.label}
+              </p>
+            )}
             {group.items.map((item) => (
               <Link
                 key={item.key}
@@ -287,6 +349,21 @@ export function SettingsSidebarMobile({ onClose }: { onClose: () => void }) {
             ))}
           </div>
         ))}
+
+        {/* Sign Out */}
+        <div className="flex flex-col gap-0.5">
+          <div className="h-px bg-border/50 my-2" />
+          <button
+            type="button"
+            onClick={() => authClient.signOut()}
+            className="flex items-center gap-3 w-full px-3 py-2.5 rounded-lg transition-colors text-sm text-sidebar-foreground/70 hover:bg-sidebar-accent hover:text-sidebar-foreground"
+          >
+            <span className="shrink-0">
+              <LogOut01 size={14} />
+            </span>
+            <span className="truncate">Sign Out</span>
+          </button>
+        </div>
       </div>
 
       {/* Version */}
@@ -352,7 +429,7 @@ function SettingsInset() {
   const { org } = useProjectContext();
 
   // Org-wide SSE sound notifications
-  useStatusSounds(org.id);
+  useStatusSounds(org.slug);
 
   const { setOpenMobile, openMobile: mobileSidebarOpen } = useSidebar();
 
diff --git a/apps/mesh/src/web/layouts/shell-layout.tsx b/apps/mesh/src/web/layouts/shell-layout.tsx
index f7515c1626..5112db95e3 100644
--- a/apps/mesh/src/web/layouts/shell-layout.tsx
+++ b/apps/mesh/src/web/layouts/shell-layout.tsx
@@ -5,19 +5,20 @@ import { isModKey } from "@/web/lib/keyboard-shortcuts";
 import RequiredAuthLayout from "@/web/layouts/required-auth-layout";
 import { authClient } from "@/web/lib/auth-client";
 import { LOCALSTORAGE_KEYS } from "@/web/lib/localstorage-keys";
-import {
-  ProjectContextProvider,
-  SELF_MCP_ALIAS_ID,
-  useMCPClient,
-} from "@decocms/mesh-sdk";
-import { useSuspenseQuery } from "@tanstack/react-query";
+import { PostHogGroupSync } from "@/web/providers/posthog-group-sync";
+import { ProjectContextProvider, useProjectContext } from "@decocms/mesh-sdk";
+import { useQueryClient, useSuspenseQuery } from "@tanstack/react-query";
 import {
   Outlet,
   useMatch,
   useNavigate,
   useParams,
+  useSearch,
 } from "@tanstack/react-router";
 import { KEYS } from "../lib/query-keys";
+import { readCachedTaskBranch } from "../lib/read-cached-task-branch";
+import { useTaskActions } from "../hooks/use-tasks";
+import { useOrganizationSettingsSuspense } from "../hooks/use-organization-settings";
 import { useOrgSsoStatus } from "../hooks/use-org-sso";
 import { SsoRequiredScreen } from "../components/sso-required-screen";
 
@@ -26,11 +27,6 @@ import { SsoRequiredScreen } from "../components/sso-required-screen";
 // SSO enforcement MUST stay in ShellLayoutContent, above all child rendering.
 // ---------------------------------------------------------------------------
 
-type OrgSettingsPayload = {
-  organizationId: string;
-  enabled_plugins?: string[] | null;
-};
-
 /**
  * Single ProjectContextProvider for the entire shell.
  * Fetches org settings (enabledPlugins) and provides a complete project context.
@@ -43,24 +39,7 @@ function ShellProjectProvider({
   org: NonNullable<Parameters<typeof ProjectContextProvider>[0]["org"]>;
   children: React.ReactNode;
 }) {
-  const client = useMCPClient({
-    connectionId: SELF_MCP_ALIAS_ID,
-    orgId: org.id,
-  });
-
-  const { data: orgSettings } = useSuspenseQuery({
-    queryKey: KEYS.organizationSettings(org.id),
-    queryFn: async () => {
-      const result = await client.callTool({
-        name: "ORGANIZATION_SETTINGS_GET",
-        arguments: {},
-      });
-      const payload =
-        (result as { structuredContent?: unknown }).structuredContent ?? result;
-      return (payload ?? {}) as OrgSettingsPayload;
-    },
-    staleTime: 60_000,
-  });
+  const orgSettings = useOrganizationSettingsSuspense(org.id, org.slug);
 
   const project = {
     id: org.id,
@@ -86,11 +65,15 @@ function ShellProjectProvider({
 
 export function usePanelActions() {
   const navigate = useNavigate();
+  const queryClient = useQueryClient();
+  const taskActions = useTaskActions();
+  const { locator } = useProjectContext();
 
   const params = useParams({ strict: false }) as {
     org?: string;
     taskId?: string;
   };
+  const search = useSearch({ strict: false }) as { virtualmcpid?: string };
   const orgSlug = params.org ?? "";
   const currentTaskId = params.taskId ?? "";
 
@@ -125,12 +108,34 @@ export function usePanelActions() {
         if (virtualMcpId) next.virtualmcpid = virtualMcpId;
         else if (prev.virtualmcpid) next.virtualmcpid = prev.virtualmcpid;
         if (prev.tasks) next.tasks = prev.tasks;
+        // Preserve the main panel tab (git / preview / env / …) so that
+        // switching tasks keeps the user's current view.
+        if (prev.main) next.main = prev.main;
         return next;
       },
       false,
     );
 
-  const createNewTask = () => setTaskId(crypto.randomUUID());
+  // Create a new task carrying the current task's branch (if any) so the
+  // new thread lands on the same warm sandbox. Server picks from vmMap when
+  // no branch is provided. Awaiting the create avoids the route loader's
+  // create-on-404 fallback firing without a branch hint.
+  const createNewTask = async () => {
+    const newId = crypto.randomUUID();
+    const branch = readCachedTaskBranch(queryClient, locator, currentTaskId);
+    const targetVmcp = search.virtualmcpid;
+    try {
+      await taskActions.create.mutateAsync({
+        id: newId,
+        ...(targetVmcp ? { virtual_mcp_id: targetVmcp } : {}),
+        ...(branch ? { branch } : {}),
+      });
+    } catch {
+      // Toast already fired by useCollectionActions; navigate anyway so the
+      // route loader's ensure-fallback can retry.
+    }
+    setTaskId(newId);
+  };
 
   const openTab = (tabId: string) =>
     navWith(currentTaskId || crypto.randomUUID(), (prev) => ({
@@ -188,8 +193,13 @@ function ShellLayoutContent() {
         return null;
       }
 
-      const { data } = await authClient.organization.setActive({
-        organizationSlug: org,
+      // Fetch org data without persisting it as the session's active org.
+      // Per Better Auth's org plugin docs, persisting active org to the
+      // session breaks multi-tab usage because the session row is shared
+      // across tabs. We rely on the URL slug (mounted under /api/:org/...)
+      // for org resolution instead.
+      const { data } = await authClient.organization.getFullOrganization({
+        query: { organizationSlug: org },
       });
 
       // Persist for fast redirect on next login (read by homeRoute beforeLoad)
@@ -206,7 +216,8 @@ function ShellLayoutContent() {
 
   // Check org-level SSO enforcement (must be before early returns to satisfy Rules of Hooks)
   const orgId = activeOrg?.id;
-  const { data: ssoStatus } = useOrgSsoStatus(orgId);
+  const orgSlug = activeOrg?.slug;
+  const { data: ssoStatus } = useOrgSsoStatus(orgId, orgSlug);
 
   if (!activeOrg) {
     return <SplashScreen />;
@@ -216,6 +227,7 @@ function ShellLayoutContent() {
     return (
       <SsoRequiredScreen
         orgId={activeOrg.id}
+        orgSlug={activeOrg.slug}
         orgName={activeOrg.name}
         domain={ssoStatus.domain}
       />
@@ -224,6 +236,7 @@ function ShellLayoutContent() {
 
   return (
     <ShellProjectProvider org={{ ...activeOrg, logo: activeOrg.logo ?? null }}>
+      <PostHogGroupSync activeOrg={activeOrg} />
       <Outlet />
 
       {/* Keyboard Shortcuts Dialog */}
diff --git a/apps/mesh/src/web/layouts/tasks-panel/index.tsx b/apps/mesh/src/web/layouts/tasks-panel/index.tsx
index 44460dc1e8..4c86d6b8d0 100644
--- a/apps/mesh/src/web/layouts/tasks-panel/index.tsx
+++ b/apps/mesh/src/web/layouts/tasks-panel/index.tsx
@@ -4,7 +4,7 @@
  * Automation-triggered tasks are distinguished by a badge on their avatar.
  */
 
-import { Suspense } from "react";
+import { Suspense, useState, useTransition } from "react";
 import { useParams } from "@tanstack/react-router";
 import {
   useMCPClient,
@@ -23,20 +23,27 @@ import { useTasksAutoRefresh } from "@/web/hooks/use-tasks-auto-refresh";
 import { usePanelActions } from "@/web/layouts/shell-layout";
 import { KEYS } from "@/web/lib/query-keys";
 import { toast } from "sonner";
-import { authClient } from "@/web/lib/auth-client";
-import { TasksSection } from "./tasks-section";
+import {
+  TasksSection,
+  type FilterOption,
+  type MemberFilter,
+} from "./tasks-section";
 
 function TasksPanelContent() {
   useTasksAutoRefresh();
-  const { data: session } = authClient.useSession();
-  const currentUserId = session?.user?.id;
+  const [memberFilter, setMemberFilter] = useState<MemberFilter>("mine");
+  const [typeFilter, setTypeFilter] = useState<FilterOption>("all");
+  const [, startFilterTransition] = useTransition();
+
+  const taskOwner = memberFilter === "mine" ? "me" : "all";
+
   const { tasks: myTasks } = useTasks({
-    owner: "me",
+    owner: taskOwner,
     status: "open",
     hasTrigger: false,
   });
   const { tasks: automationTasks } = useTasks({
-    owner: "all",
+    owner: taskOwner,
     status: "open",
     hasTrigger: true,
   });
@@ -47,15 +54,26 @@ function TasksPanelContent() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const activeTaskId = params.taskId ?? null;
 
+  const taggedAutomationTasks = automationTasks.map((t) => ({
+    ...t,
+    fromAutomation: true as const,
+  }));
+
   const allTasks = [
-    ...myTasks,
-    ...automationTasks.map((t) => ({ ...t, fromAutomation: true as const })),
+    ...(typeFilter !== "automation" ? myTasks : []),
+    ...(typeFilter !== "manual" ? taggedAutomationTasks : []),
   ].sort((a, b) => (b.updated_at ?? "").localeCompare(a.updated_at ?? ""));
 
+  const handleSetMemberFilter = (v: MemberFilter) =>
+    startFilterTransition(() => setMemberFilter(v));
+  const handleSetTypeFilter = (v: FilterOption) =>
+    startFilterTransition(() => setTypeFilter(v));
+
   const handleArchive = async (task: Task) => {
     try {
       await callUpdateTaskTool(client, task.id, { hidden: true });
@@ -81,7 +99,7 @@ function TasksPanelContent() {
   }
 
   return (
-    <div className="flex flex-col h-full min-h-0 overflow-y-auto p-2 gap-3">
+    <div className="flex flex-col h-full min-h-0 p-2 gap-3">
       <TasksSection
         title="Tasks"
         tasks={allTasks}
@@ -90,7 +108,10 @@ function TasksPanelContent() {
         onArchive={handleArchive}
         onNew={createNewTask}
         showNewButton
-        currentUserId={currentUserId}
+        filter={typeFilter}
+        setFilter={handleSetTypeFilter}
+        memberFilter={memberFilter}
+        setMemberFilter={handleSetMemberFilter}
       />
     </div>
   );
diff --git a/apps/mesh/src/web/layouts/tasks-panel/mcp-avatar.tsx b/apps/mesh/src/web/layouts/tasks-panel/mcp-avatar.tsx
index fcf2dbe006..f499b820fd 100644
--- a/apps/mesh/src/web/layouts/tasks-panel/mcp-avatar.tsx
+++ b/apps/mesh/src/web/layouts/tasks-panel/mcp-avatar.tsx
@@ -12,7 +12,7 @@ export function McpAvatar({
   showAutomationBadge,
 }: {
   virtualMcpId: string | null | undefined;
-  size?: "sm" | "md";
+  size?: "xs" | "sm" | "md";
   showAutomationBadge?: boolean;
 }) {
   return (
@@ -39,7 +39,7 @@ function McpAvatarInner({
   size,
 }: {
   virtualMcpId: string;
-  size: "sm" | "md";
+  size: "xs" | "sm" | "md";
 }) {
   const entity = useVirtualMCP(virtualMcpId);
   if (!entity) return <AgentAvatar icon={null} name="?" size={size} />;
diff --git a/apps/mesh/src/web/layouts/tasks-panel/task-row.tsx b/apps/mesh/src/web/layouts/tasks-panel/task-row.tsx
index 8a2fcebc3f..9fc41e4cdd 100644
--- a/apps/mesh/src/web/layouts/tasks-panel/task-row.tsx
+++ b/apps/mesh/src/web/layouts/tasks-panel/task-row.tsx
@@ -1,5 +1,6 @@
 import { cn } from "@deco/ui/lib/utils.js";
 import { Archive } from "@untitledui/icons";
+import { useEffect, useRef } from "react";
 import {
   Tooltip,
   TooltipContent,
@@ -29,9 +30,25 @@ export function TaskRow({
   const StatusIcon = config.icon;
   const virtualMcp = useVirtualMCP(task.virtual_mcp_id);
   const githubRepo = getActiveGithubRepo(virtualMcp);
+  const rowRef = useRef<HTMLDivElement>(null);
+
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect -- syncs route-selected task row with the scrollable tasks panel DOM
+  useEffect(() => {
+    if (!isActive) return;
+    const row = rowRef.current;
+    if (!row) return;
+
+    row.focus({ preventScroll: true });
+    row.scrollIntoView({
+      behavior: "smooth",
+      block: "start",
+      inline: "nearest",
+    });
+  }, [isActive, task.id]);
 
   return (
     <div
+      ref={rowRef}
       role="button"
       tabIndex={0}
       onClick={onClick}
@@ -44,12 +61,13 @@ export function TaskRow({
       }}
       className={cn(
         "group/row flex items-center gap-3 px-2 py-1.5 rounded-md cursor-pointer transition-colors",
+        "focus-visible:outline-none focus-visible:inset-ring-2 focus-visible:inset-ring-ring/50",
         isActive ? "bg-accent" : "hover:bg-accent/60",
       )}
     >
       <McpAvatar
         virtualMcpId={task.virtual_mcp_id}
-        size="sm"
+        size="xs"
         showAutomationBadge={showAutomationBadge}
       />
       <div className="flex-1 min-w-0">
@@ -58,14 +76,19 @@ export function TaskRow({
         </div>
         {task.updated_at && (
           <div className="flex items-center gap-1 text-xs text-muted-foreground min-w-0">
-            {githubRepo && (
+            {task.branch ? (
+              <>
+                <span className="truncate font-mono">{task.branch}</span>
+                <span className="shrink-0">·</span>
+              </>
+            ) : githubRepo ? (
               <>
                 <span className="truncate">
                   {githubRepo.owner}/{githubRepo.name}
                 </span>
                 <span className="shrink-0">·</span>
               </>
-            )}
+            ) : null}
             <span className="shrink-0">
               {formatTimeAgo(new Date(task.updated_at))}
             </span>
diff --git a/apps/mesh/src/web/layouts/tasks-panel/tasks-section.tsx b/apps/mesh/src/web/layouts/tasks-panel/tasks-section.tsx
index 03ff7c3682..1c43640e48 100644
--- a/apps/mesh/src/web/layouts/tasks-panel/tasks-section.tsx
+++ b/apps/mesh/src/web/layouts/tasks-panel/tasks-section.tsx
@@ -1,4 +1,3 @@
-import { useState } from "react";
 import { Edit05, FilterLines, User02, Users03 } from "@untitledui/icons";
 import {
   DropdownMenu,
@@ -10,9 +9,10 @@ import {
 import { cn } from "@deco/ui/lib/utils.js";
 import type { Task } from "@/web/components/chat/task/types";
 import { TaskRow } from "./task-row";
+import { track } from "@/web/lib/posthog-client";
 
-type FilterOption = "all" | "manual" | "automation";
-type MemberFilter = "all" | "mine";
+export type FilterOption = "all" | "manual" | "automation";
+export type MemberFilter = "all" | "mine";
 
 const FILTER_LABELS: Record<FilterOption, string> = {
   all: "All tasks",
@@ -35,7 +35,10 @@ export function TasksSection({
   showNewButton,
   showAutomationBadge,
   emptyLabel,
-  currentUserId,
+  filter,
+  setFilter,
+  memberFilter,
+  setMemberFilter,
 }: {
   title: string;
   tasks: Task[];
@@ -46,26 +49,16 @@ export function TasksSection({
   showNewButton?: boolean;
   showAutomationBadge?: boolean;
   emptyLabel?: string;
-  currentUserId?: string;
+  filter: FilterOption;
+  setFilter: (v: FilterOption) => void;
+  memberFilter: MemberFilter;
+  setMemberFilter: (v: MemberFilter) => void;
 }) {
-  const [filter, setFilter] = useState<FilterOption>("all");
-  const [memberFilter, setMemberFilter] = useState<MemberFilter>("mine");
-
-  const memberFiltered =
-    memberFilter === "mine" && currentUserId
-      ? tasks.filter((t) => t.created_by === currentUserId)
-      : tasks;
-
-  const visibleTasks =
-    filter === "automation"
-      ? memberFiltered.filter((t) => t.fromAutomation)
-      : filter === "manual"
-        ? memberFiltered.filter((t) => !t.fromAutomation)
-        : memberFiltered;
+  const visibleTasks = tasks;
 
   return (
-    <div className="flex flex-col gap-0.5 mt-1">
-      <div className="pl-2 pr-1.5 h-7 flex items-center justify-between text-xs font-medium text-muted-foreground mb-1">
+    <div className="flex flex-col h-full min-h-0 mt-1">
+      <div className="shrink-0 pl-2 pr-1.5 h-7 flex items-center justify-between text-xs font-medium text-muted-foreground mb-1">
         <span>{title}</span>
         <div className="flex items-center gap-0.5">
           <DropdownMenu>
@@ -85,7 +78,15 @@ export function TasksSection({
             <DropdownMenuContent align="end">
               <DropdownMenuRadioGroup
                 value={memberFilter}
-                onValueChange={(v) => setMemberFilter(v as MemberFilter)}
+                onValueChange={(v) => {
+                  const next = v as MemberFilter;
+                  if (next !== memberFilter) {
+                    track("tasks_panel_member_filter_changed", {
+                      to_value: next,
+                    });
+                  }
+                  setMemberFilter(next);
+                }}
               >
                 {(Object.keys(MEMBER_FILTER_LABELS) as MemberFilter[]).map(
                   (opt) => (
@@ -113,7 +114,13 @@ export function TasksSection({
             <DropdownMenuContent align="end">
               <DropdownMenuRadioGroup
                 value={filter}
-                onValueChange={(v) => setFilter(v as FilterOption)}
+                onValueChange={(v) => {
+                  const next = v as FilterOption;
+                  if (next !== filter) {
+                    track("tasks_panel_filter_changed", { to_value: next });
+                  }
+                  setFilter(next);
+                }}
               >
                 {(Object.keys(FILTER_LABELS) as FilterOption[]).map((opt) => (
                   <DropdownMenuRadioItem key={opt} value={opt}>
@@ -126,7 +133,10 @@ export function TasksSection({
           {showNewButton && onNew && (
             <button
               type="button"
-              onClick={onNew}
+              onClick={() => {
+                track("tasks_panel_new_clicked");
+                onNew();
+              }}
               aria-label={`New ${title.toLowerCase()}`}
               className="flex size-8 items-center justify-center rounded-md hover:bg-muted hover:text-foreground"
             >
@@ -135,22 +145,39 @@ export function TasksSection({
           )}
         </div>
       </div>
-      {visibleTasks.length === 0 && emptyLabel ? (
-        <div className="px-2 py-1.5 text-xs text-muted-foreground/70">
-          {emptyLabel}
-        </div>
-      ) : (
-        visibleTasks.map((t) => (
-          <TaskRow
-            key={t.id}
-            task={t}
-            isActive={activeTaskId === t.id}
-            onClick={() => onSelect(t)}
-            onArchive={() => onArchive(t)}
-            showAutomationBadge={showAutomationBadge || t.fromAutomation}
-          />
-        ))
-      )}
+      <div className="flex-1 min-h-0 overflow-y-auto flex flex-col gap-0.5">
+        {visibleTasks.length === 0 && emptyLabel ? (
+          <div className="px-2 py-1.5 text-xs text-muted-foreground/70">
+            {emptyLabel}
+          </div>
+        ) : (
+          visibleTasks.map((t) => (
+            <TaskRow
+              key={t.id}
+              task={t}
+              isActive={activeTaskId === t.id}
+              onClick={() => {
+                if (activeTaskId !== t.id) {
+                  track("tasks_panel_task_clicked", {
+                    thread_id: t.id,
+                    virtual_mcp_id: t.virtual_mcp_id ?? null,
+                    from_automation: Boolean(t.fromAutomation),
+                  });
+                }
+                onSelect(t);
+              }}
+              onArchive={() => {
+                track("tasks_panel_task_archived", {
+                  thread_id: t.id,
+                  virtual_mcp_id: t.virtual_mcp_id ?? null,
+                });
+                onArchive(t);
+              }}
+              showAutomationBadge={showAutomationBadge || t.fromAutomation}
+            />
+          ))
+        )}
+      </div>
     </div>
   );
 }
diff --git a/apps/mesh/src/web/lib/autosend.test.ts b/apps/mesh/src/web/lib/autosend.test.ts
new file mode 100644
index 0000000000..781c7e376e
--- /dev/null
+++ b/apps/mesh/src/web/lib/autosend.test.ts
@@ -0,0 +1,143 @@
+import { describe, expect, test } from "bun:test";
+import {
+  AUTOSEND_TTL_MS,
+  AUTOSEND_QUERY_VALUE,
+  autosendStorageKey,
+  claimStoredAutosend,
+  clearStoredAutosend,
+  readStoredAutosend,
+  writeStoredAutosend,
+  type AutosendPayload,
+} from "./autosend";
+
+class MemoryStorage {
+  private items = new Map<string, string>();
+
+  getItem(key: string) {
+    return this.items.get(key) ?? null;
+  }
+
+  setItem(key: string, value: string) {
+    this.items.set(key, value);
+  }
+
+  removeItem(key: string) {
+    this.items.delete(key);
+  }
+}
+
+describe("autosend storage", () => {
+  test("writes and reads a pending payload", () => {
+    const storage = new MemoryStorage();
+    const payload: AutosendPayload = {
+      message: { tiptapDoc: { type: "doc", content: [] } },
+      createdAt: 1_700_000_000_000,
+    };
+
+    writeStoredAutosend(
+      storage,
+      "org/project",
+      "task-1",
+      payload.message,
+      payload.createdAt,
+    );
+
+    expect(readStoredAutosend(storage, "org/project", "task-1")).toEqual({
+      ...payload,
+      status: "pending",
+    });
+  });
+
+  test("claim switches pending payload to sending", () => {
+    const storage = new MemoryStorage();
+    const payload: AutosendPayload = {
+      message: { tiptapDoc: { type: "doc", content: [] } },
+      createdAt: 1_700_000_000_000,
+    };
+
+    writeStoredAutosend(
+      storage,
+      "org/project",
+      "task-1",
+      payload.message,
+      payload.createdAt,
+    );
+
+    expect(
+      claimStoredAutosend(storage, "org/project", "task-1", payload.createdAt),
+    ).toEqual(payload);
+    expect(readStoredAutosend(storage, "org/project", "task-1")?.status).toBe(
+      "sending",
+    );
+  });
+
+  test("claim ignores non-pending payloads", () => {
+    const storage = new MemoryStorage();
+    writeStoredAutosend(
+      storage,
+      "org/project",
+      "task-1",
+      { tiptapDoc: { type: "doc", content: [] } },
+      1_700_000_000_000,
+    );
+    claimStoredAutosend(storage, "org/project", "task-1", 1_700_000_000_000);
+
+    expect(
+      claimStoredAutosend(storage, "org/project", "task-1", 1_700_000_000_000),
+    ).toBeNull();
+  });
+
+  test("claim removes stale payloads", () => {
+    const storage = new MemoryStorage();
+    writeStoredAutosend(
+      storage,
+      "org/project",
+      "task-1",
+      { tiptapDoc: { type: "doc", content: [] } },
+      1_700_000_000_000,
+    );
+
+    expect(
+      claimStoredAutosend(
+        storage,
+        "org/project",
+        "task-1",
+        1_700_000_000_000 + AUTOSEND_TTL_MS,
+      ),
+    ).toBeNull();
+    expect(readStoredAutosend(storage, "org/project", "task-1")).toBeNull();
+  });
+
+  test("clear removes the stored payload", () => {
+    const storage = new MemoryStorage();
+    writeStoredAutosend(
+      storage,
+      "org/project",
+      "task-1",
+      { tiptapDoc: { type: "doc", content: [] } },
+      1_700_000_000_000,
+    );
+
+    clearStoredAutosend(storage, "org/project", "task-1");
+
+    expect(readStoredAutosend(storage, "org/project", "task-1")).toBeNull();
+    expect(storage.getItem(autosendStorageKey("org/project", "task-1"))).toBe(
+      null,
+    );
+  });
+
+  test("invalid stored JSON is removed", () => {
+    const storage = new MemoryStorage();
+    storage.setItem(autosendStorageKey("org/project", "task-1"), "not json");
+
+    expect(readStoredAutosend(storage, "org/project", "task-1")).toBeNull();
+    expect(storage.getItem(autosendStorageKey("org/project", "task-1"))).toBe(
+      null,
+    );
+  });
+
+  test("constants match expected URL handoff", () => {
+    expect(AUTOSEND_TTL_MS).toBe(10_000);
+    expect(AUTOSEND_QUERY_VALUE).toBe("true");
+  });
+});
diff --git a/apps/mesh/src/web/lib/autosend.ts b/apps/mesh/src/web/lib/autosend.ts
new file mode 100644
index 0000000000..5b0b305fcd
--- /dev/null
+++ b/apps/mesh/src/web/lib/autosend.ts
@@ -0,0 +1,108 @@
+import type { SendMessageParams } from "@/web/components/chat/store/types";
+import type { ProjectLocator } from "@decocms/mesh-sdk";
+import { LOCALSTORAGE_KEYS } from "./localstorage-keys";
+
+export const AUTOSEND_TTL_MS = 10_000;
+export const AUTOSEND_QUERY_VALUE = "true";
+
+export interface AutosendPayload {
+  message: SendMessageParams;
+  createdAt: number;
+}
+
+export type AutosendStatus = "pending" | "sending";
+
+export interface StoredAutosendPayload extends AutosendPayload {
+  status: AutosendStatus;
+}
+
+type StorageLike = Pick<Storage, "getItem" | "setItem" | "removeItem">;
+
+export function autosendStorageKey(
+  locator: ProjectLocator | string,
+  taskId: string,
+): string {
+  return LOCALSTORAGE_KEYS.chatAutosend(locator, taskId);
+}
+
+function isValidStatus(status: unknown): status is AutosendStatus {
+  return status === "pending" || status === "sending";
+}
+
+function parseStoredAutosend(
+  value: string | null,
+): StoredAutosendPayload | null {
+  if (!value) return null;
+  let parsed: unknown;
+  try {
+    parsed = JSON.parse(value);
+  } catch {
+    return null;
+  }
+  if (
+    !parsed ||
+    typeof parsed !== "object" ||
+    typeof (parsed as { createdAt?: unknown }).createdAt !== "number" ||
+    typeof (parsed as { message?: unknown }).message !== "object" ||
+    !isValidStatus((parsed as { status?: unknown }).status)
+  ) {
+    return null;
+  }
+  return parsed as StoredAutosendPayload;
+}
+
+export function writeStoredAutosend(
+  storage: StorageLike,
+  locator: ProjectLocator | string,
+  taskId: string,
+  message: SendMessageParams,
+  createdAt = Date.now(),
+): StoredAutosendPayload {
+  const payload: StoredAutosendPayload = {
+    message,
+    createdAt,
+    status: "pending",
+  };
+  storage.setItem(autosendStorageKey(locator, taskId), JSON.stringify(payload));
+  return payload;
+}
+
+export function readStoredAutosend(
+  storage: StorageLike,
+  locator: ProjectLocator | string,
+  taskId: string,
+): StoredAutosendPayload | null {
+  const key = autosendStorageKey(locator, taskId);
+  const payload = parseStoredAutosend(storage.getItem(key));
+  if (!payload) {
+    storage.removeItem(key);
+    return null;
+  }
+  return payload;
+}
+
+export function claimStoredAutosend(
+  storage: StorageLike,
+  locator: ProjectLocator | string,
+  taskId: string,
+  now = Date.now(),
+): AutosendPayload | null {
+  const key = autosendStorageKey(locator, taskId);
+  const payload = readStoredAutosend(storage, locator, taskId);
+  if (!payload) return null;
+  if (payload.status !== "pending") return null;
+  if (now - payload.createdAt >= AUTOSEND_TTL_MS) {
+    storage.removeItem(key);
+    return null;
+  }
+  storage.setItem(key, JSON.stringify({ ...payload, status: "sending" }));
+  return { message: payload.message, createdAt: payload.createdAt };
+}
+
+export function clearStoredAutosend(
+  storage: StorageLike,
+  locator: ProjectLocator | string,
+  taskId: string,
+): void {
+  storage.removeItem(autosendStorageKey(locator, taskId));
+}
diff --git a/apps/mesh/src/web/lib/localstorage-keys.ts b/apps/mesh/src/web/lib/localstorage-keys.ts
index 5ce9fb4784..1ce1169124 100644
--- a/apps/mesh/src/web/lib/localstorage-keys.ts
+++ b/apps/mesh/src/web/lib/localstorage-keys.ts
@@ -14,12 +14,14 @@ export const LOCALSTORAGE_KEYS = {
     `mesh:chat:selectedModel:${locator}`,
   chatSelectedMode: (locator: ProjectLocator) =>
     `mesh:chat:selectedMode:${locator}`,
-  chatSelectedKeyId: (locator: ProjectLocator) =>
-    `mesh:chat:selectedKeyId:${locator}`,
   chatSelectedImageModel: (locator: ProjectLocator) =>
     `mesh:chat:selectedImageModel:${locator}`,
   chatSelectedDeepResearchModel: (locator: ProjectLocator) =>
     `mesh:chat:selectedDeepResearchModel:${locator}`,
+  chatSimpleModeTier: (locator: ProjectLocator) =>
+    `mesh:chat:simpleModeTier:${locator}`,
+  chatAutosend: (locator: ProjectLocator | string, taskId: string) =>
+    `mesh:chat:autosend:${locator}:${taskId}`,
   assistantChatActiveTask: (locator: ProjectLocator) =>
     `mesh:assistant-chat:active-task:${locator}`,
   decoChatPanelWidth: () => `mesh:decochat:panel-width`,
diff --git a/apps/mesh/src/web/lib/metadata-model-info.ts b/apps/mesh/src/web/lib/metadata-model-info.ts
index 8d0a09f837..e9ce253b26 100644
--- a/apps/mesh/src/web/lib/metadata-model-info.ts
+++ b/apps/mesh/src/web/lib/metadata-model-info.ts
@@ -10,6 +10,7 @@ export function toMetadataModelInfo(model: AiProviderModel): MetadataModelInfo {
             caps.includes("vision") || caps.includes("image") || undefined,
           text: caps.includes("text") || undefined,
           reasoning: caps.includes("reasoning") || undefined,
+          file: caps.includes("file") || undefined,
         }
       : undefined;
   return {
diff --git a/apps/mesh/src/web/lib/posthog-client.test.ts b/apps/mesh/src/web/lib/posthog-client.test.ts
new file mode 100644
index 0000000000..f66976541f
--- /dev/null
+++ b/apps/mesh/src/web/lib/posthog-client.test.ts
@@ -0,0 +1,94 @@
+import { describe, expect, test, beforeEach, afterAll, mock } from "bun:test";
+
+type GroupCall = [type: string, key: string, props: unknown];
+
+const groupCalls: GroupCall[] = [];
+const initCalls: unknown[][] = [];
+let resetCount = 0;
+
+// `initPostHog` early-returns when `typeof window === "undefined"`. Bun's test
+// runtime has no DOM, so stub a minimal window before importing the module.
+// Track whether we own the stub so we can clean it up afterAll — leaving a
+// fake `window` on globalThis breaks other tests that check `typeof window`
+// and then dereference its DOM properties (e.g. PGlite's `window.location`).
+const windowStubbedHere = typeof globalThis.window === "undefined";
+if (windowStubbedHere) {
+  (globalThis as unknown as { window: object }).window = {};
+}
+
+afterAll(() => {
+  if (windowStubbedHere) {
+    delete (globalThis as { window?: unknown }).window;
+  }
+});
+
+mock.module("posthog-js", () => ({
+  default: {
+    init: (...args: unknown[]) => {
+      initCalls.push(args);
+    },
+    group: (type: string, key: string, props: unknown) => {
+      groupCalls.push([type, key, props]);
+    },
+    reset: () => {
+      resetCount += 1;
+    },
+    identify: () => {},
+    capture: () => {},
+    captureException: () => {},
+  },
+}));
+
+const { initPostHog, setOrganizationGroup, resetUser, __resetForTest } =
+  await import("./posthog-client");
+
+describe("posthog-client.setOrganizationGroup", () => {
+  beforeEach(() => {
+    groupCalls.length = 0;
+    initCalls.length = 0;
+    resetCount = 0;
+    __resetForTest();
+  });
+
+  test("is a no-op before initPostHog is called", () => {
+    setOrganizationGroup("org_1", { name: "Acme", slug: "acme" });
+    expect(groupCalls).toHaveLength(0);
+  });
+
+  test("calls posthog.group with organization type after init", () => {
+    initPostHog("phc_test", "https://us.i.posthog.com");
+    setOrganizationGroup("org_1", { name: "Acme", slug: "acme" });
+    expect(groupCalls).toEqual([
+      ["organization", "org_1", { name: "Acme", slug: "acme" }],
+    ]);
+  });
+
+  test("de-dupes consecutive calls with the same orgId", () => {
+    initPostHog("phc_test", "https://us.i.posthog.com");
+    setOrganizationGroup("org_1", { name: "Acme", slug: "acme" });
+    setOrganizationGroup("org_1", { name: "Acme", slug: "acme" });
+    expect(groupCalls).toHaveLength(1);
+  });
+
+  test("fires again when orgId changes", () => {
+    initPostHog("phc_test", "https://us.i.posthog.com");
+    setOrganizationGroup("org_1", { name: "Acme", slug: "acme" });
+    setOrganizationGroup("org_2", { name: "Beta", slug: "beta" });
+    expect(groupCalls).toHaveLength(2);
+    expect(groupCalls[1]).toEqual([
+      "organization",
+      "org_2",
+      { name: "Beta", slug: "beta" },
+    ]);
+  });
+
+  test("resetUser clears the cached org so the next setOrganizationGroup re-fires", () => {
+    initPostHog("phc_test", "https://us.i.posthog.com");
+    setOrganizationGroup("org_1", { name: "Acme", slug: "acme" });
+    resetUser();
+    expect(resetCount).toBe(1);
+
+    setOrganizationGroup("org_1", { name: "Acme", slug: "acme" });
+    expect(groupCalls).toHaveLength(2);
+  });
+});
diff --git a/apps/mesh/src/web/lib/posthog-client.ts b/apps/mesh/src/web/lib/posthog-client.ts
new file mode 100644
index 0000000000..72bcff8772
--- /dev/null
+++ b/apps/mesh/src/web/lib/posthog-client.ts
@@ -0,0 +1,107 @@
+/**
+ * PostHog analytics client (browser-side).
+ *
+ * Init is deferred until the SPA fetches /api/config and reads
+ * `posthog: { key, host } | null`. When PostHog isn't configured, the
+ * `init` call is skipped and every track/identify shim is a no-op.
+ *
+ * Calls fired before `initPostHog()` runs are silently dropped — there
+ * is no in-memory queue. See the spec for the rationale.
+ */
+
+import posthog from "posthog-js";
+
+let initialized = false;
+let lastOrgGroupKey: string | null = null;
+
+export function initPostHog(key: string, host: string) {
+  if (initialized || typeof window === "undefined") return;
+  posthog.init(key, {
+    api_host: host,
+    capture_pageview: "history_change",
+    capture_pageleave: true,
+    autocapture: true,
+    // Capture unhandled JS exceptions (DOMError, TypeError, unhandled promise
+    // rejections) as $exception events — gives us client-side error tracking
+    // without hand-wiring every try/catch.
+    capture_exceptions: true,
+    // Session replay is on, but gated by project-level sampling (10%) and
+    // minimum duration (10s). See PostHog project settings.
+    // - `maskAllInputs: true` masks every native <input>/<textarea>/<select>
+    //   by default. The Decopilot chat input is a TipTap contenteditable, so
+    //   it's NOT an input and stays visible on purpose.
+    // - `blockClass: "ph-no-capture"` → add to any element that should be
+    //   fully hidden from recordings (shown as a solid block). Use on secret
+    //   fields (API keys, connection tokens).
+    session_recording: {
+      maskAllInputs: true,
+      blockClass: "ph-no-capture",
+    },
+    person_profiles: "identified_only",
+  });
+  initialized = true;
+}
+
+export function identifyUser(
+  userId: string,
+  props?: { email?: string; name?: string },
+) {
+  if (!initialized) return;
+  posthog.identify(userId, props);
+}
+
+export function resetUser() {
+  if (!initialized) return;
+  posthog.reset();
+  lastOrgGroupKey = null;
+}
+
+export function track(event: string, properties?: Record<string, unknown>) {
+  if (!initialized) return;
+  posthog.capture(event, properties);
+}
+
+/**
+ * Bind the current browser session to an organization group so that every
+ * subsequent autocaptured event carries `$groups: { organization: <id> }`.
+ * De-duped by orgId — calling this repeatedly with the same id is free.
+ * `resetUser()` clears the cache so re-login re-fires.
+ */
+export function setOrganizationGroup(
+  orgId: string,
+  props?: { name?: string; slug?: string },
+) {
+  if (!initialized) return;
+  if (orgId === lastOrgGroupKey) return;
+  posthog.group("organization", orgId, props);
+  lastOrgGroupKey = orgId;
+}
+
+/**
+ * Report an exception to PostHog with optional structured context.
+ *
+ * Use from React error boundaries (`componentDidCatch`) where errors are
+ * caught BEFORE bubbling to `window.onerror` — so the built-in
+ * `capture_exceptions: true` autocapture never sees them. Wrap in
+ * try/catch so a PostHog failure never blocks the fallback UI.
+ */
+export function captureException(
+  error: unknown,
+  properties?: Record<string, unknown>,
+) {
+  if (!initialized) return;
+  try {
+    posthog.captureException(error, properties);
+  } catch {
+    // Swallow — never let analytics break the error UI.
+  }
+}
+
+/**
+ * Test-only: reset module-level state between tests. Not exported from any
+ * non-test consumer; kept here because module state is otherwise opaque.
+ */
+export function __resetForTest() {
+  initialized = false;
+  lastOrgGroupKey = null;
+}
diff --git a/apps/mesh/src/web/lib/query-keys.ts b/apps/mesh/src/web/lib/query-keys.ts
index c490d3cb7c..7138d629dc 100644
--- a/apps/mesh/src/web/lib/query-keys.ts
+++ b/apps/mesh/src/web/lib/query-keys.ts
@@ -12,7 +12,6 @@ export const KEYS = {
   publicConfig: () => ["publicConfig"] as const,
 
   // Auth-related queries
-  authConfig: () => ["authConfig"] as const,
   session: () => ["session"] as const,
 
   // Task queries (filters scope the cache entry)
@@ -164,6 +163,10 @@ export const KEYS = {
   monitoringLogDetail: (logId: string) =>
     ["monitoring", "log-detail", logId] as const,
 
+  // Ensure-task query (load-or-create by id)
+  ensureTask: (orgId: string, id: string) =>
+    ["ensure-task", orgId, id] as const,
+
   // Thread queries (scoped by locator)
   threadsInfinite: (locator: string, paramsKey: string) =>
     ["threads", "list-infinite", locator, paramsKey] as const,
@@ -173,6 +176,9 @@ export const KEYS = {
     ["threads", "model-logs", locator, dateKey] as const,
   threadMetadata: (threadId: string) =>
     ["threads", "metadata", threadId] as const,
+  threadSandbox: (orgKey: string, taskId: string | undefined) =>
+    ["thread-sandbox", "v2", orgKey, taskId] as const,
+  threadOutputs: (threadId: string) => ["thread-outputs", threadId] as const,
 
   // Virtual MCP tools (for tool definition lookup in chat)
   // null virtualMcpId means default virtual MCP
@@ -242,8 +248,17 @@ export const KEYS = {
   // Automations (scoped by organization, optionally by project)
   automationsAll: (organizationId: string) =>
     ["automations", organizationId] as const,
-  automations: (organizationId: string, virtualMcpId?: string | null) =>
-    ["automations", organizationId, virtualMcpId ?? null] as const,
+  automations: (
+    organizationId: string,
+    virtualMcpId?: string | null,
+    search?: string | null,
+  ) =>
+    [
+      "automations",
+      organizationId,
+      virtualMcpId ?? null,
+      search ?? null,
+    ] as const,
   automation: (organizationId: string, id: string) =>
     ["automation", organizationId, id] as const,
   automationRuns: (
@@ -300,10 +315,6 @@ export const KEYS = {
   orgSsoStatus: (organizationId: string) =>
     ["org-sso-status", organizationId] as const,
 
-  // Registry config (scoped by organization)
-  registryConfig: (organizationId: string) =>
-    ["registry-config", organizationId] as const,
-
   // Store discovery (per-registry infinite query)
   storeDiscovery: (orgId: string, registryId: string) =>
     ["store-discovery", orgId, registryId] as const,
diff --git a/apps/mesh/src/web/lib/read-cached-last-thread.test.ts b/apps/mesh/src/web/lib/read-cached-last-thread.test.ts
new file mode 100644
index 0000000000..e6fc602972
--- /dev/null
+++ b/apps/mesh/src/web/lib/read-cached-last-thread.test.ts
@@ -0,0 +1,120 @@
+import { describe, expect, test } from "bun:test";
+import { QueryClient } from "@tanstack/react-query";
+import { KEYS } from "./query-keys";
+import { readCachedLastThread } from "./read-cached-last-thread";
+import type { Task, TasksQueryData } from "@/web/components/chat/task/types";
+
+const LOCATOR = "org/proj";
+const USER_ID = "user-1";
+const AGENT_ID = "agent-1";
+
+function task(overrides: Partial<Task>): Task {
+  return {
+    id: "t-default",
+    title: "Test thread",
+    created_at: "2026-04-29T00:00:00.000Z",
+    updated_at: "2026-04-29T00:00:00.000Z",
+    created_by: USER_ID,
+    virtual_mcp_id: AGENT_ID,
+    ...overrides,
+  };
+}
+
+function seed(qc: QueryClient, filterTag: string, items: Task[]) {
+  const data: TasksQueryData = { items, hasMore: false };
+  qc.setQueryData(["tasks", LOCATOR, filterTag], data);
+}
+
+describe("readCachedLastThread", () => {
+  test("returns null when the cache is empty", () => {
+    const qc = new QueryClient();
+    expect(readCachedLastThread(qc, LOCATOR, AGENT_ID, USER_ID)).toBeNull();
+  });
+
+  test("returns the single matching thread", () => {
+    const qc = new QueryClient();
+    seed(qc, "list-a", [
+      task({ id: "t1", updated_at: "2026-04-29T01:00:00.000Z" }),
+    ]);
+    const result = readCachedLastThread(qc, LOCATOR, AGENT_ID, USER_ID);
+    expect(result?.id).toBe("t1");
+  });
+
+  test("picks the freshest match across multiple cached lists", () => {
+    const qc = new QueryClient();
+    seed(qc, "list-a", [
+      task({ id: "older", updated_at: "2026-04-29T01:00:00.000Z" }),
+    ]);
+    seed(qc, "list-b", [
+      task({ id: "newer", updated_at: "2026-04-29T05:00:00.000Z" }),
+      task({ id: "oldest", updated_at: "2026-04-28T00:00:00.000Z" }),
+    ]);
+    const result = readCachedLastThread(qc, LOCATOR, AGENT_ID, USER_ID);
+    expect(result?.id).toBe("newer");
+  });
+
+  test("rejects threads for a different agent", () => {
+    const qc = new QueryClient();
+    seed(qc, "list-a", [
+      task({ id: "wrong-agent", virtual_mcp_id: "agent-2" }),
+    ]);
+    expect(readCachedLastThread(qc, LOCATOR, AGENT_ID, USER_ID)).toBeNull();
+  });
+
+  test("rejects threads created by a different user", () => {
+    const qc = new QueryClient();
+    seed(qc, "list-a", [task({ id: "wrong-user", created_by: "user-2" })]);
+    expect(readCachedLastThread(qc, LOCATOR, AGENT_ID, USER_ID)).toBeNull();
+  });
+
+  test("rejects archived (hidden) threads", () => {
+    const qc = new QueryClient();
+    seed(qc, "list-a", [
+      task({
+        id: "archived",
+        hidden: true,
+        updated_at: "2026-04-29T05:00:00.000Z",
+      }),
+      task({ id: "live", updated_at: "2026-04-29T01:00:00.000Z" }),
+    ]);
+    const result = readCachedLastThread(qc, LOCATOR, AGENT_ID, USER_ID);
+    expect(result?.id).toBe("live");
+  });
+
+  test("does not match cache entries for a different locator", () => {
+    const qc = new QueryClient();
+    qc.setQueryData(["tasks", "other-locator", "list-a"], {
+      items: [task({ id: "elsewhere" })],
+      hasMore: false,
+    } satisfies TasksQueryData);
+    expect(readCachedLastThread(qc, LOCATOR, AGENT_ID, USER_ID)).toBeNull();
+  });
+
+  test("ignores entries with empty/missing items", () => {
+    const qc = new QueryClient();
+    qc.setQueryData(["tasks", LOCATOR, "empty"], {
+      items: [],
+      hasMore: false,
+    } satisfies TasksQueryData);
+    qc.setQueryData(["tasks", LOCATOR, "undef"], undefined);
+    expect(readCachedLastThread(qc, LOCATOR, AGENT_ID, USER_ID)).toBeNull();
+  });
+
+  test("verifies KEYS.tasksPrefix is used as the matching prefix", () => {
+    const qc = new QueryClient();
+    const exactKey = KEYS.tasks(LOCATOR, {
+      owner: "me",
+      status: "open",
+      virtualMcpId: AGENT_ID,
+      userId: USER_ID,
+      hasTrigger: null,
+    });
+    qc.setQueryData(exactKey, {
+      items: [task({ id: "from-real-key" })],
+      hasMore: false,
+    } satisfies TasksQueryData);
+    expect(readCachedLastThread(qc, LOCATOR, AGENT_ID, USER_ID)?.id).toBe(
+      "from-real-key",
+    );
+  });
+});
diff --git a/apps/mesh/src/web/lib/read-cached-last-thread.ts b/apps/mesh/src/web/lib/read-cached-last-thread.ts
new file mode 100644
index 0000000000..7bcc98ebbc
--- /dev/null
+++ b/apps/mesh/src/web/lib/read-cached-last-thread.ts
@@ -0,0 +1,32 @@
+import type { QueryClient } from "@tanstack/react-query";
+import { KEYS } from "./query-keys";
+import type { Task, TasksQueryData } from "@/web/components/chat/task/types";
+
+/**
+ * Find the user's most recently updated thread with a given agent by
+ * scanning the local TanStack Query cache. Used by the sidebar pinned-agent
+ * click handler to resume the last conversation instead of always creating
+ * a new thread. Returns null when no matching, non-archived thread is in
+ * cache — callers should fall back to creating a new thread in that case.
+ */
+export function readCachedLastThread(
+  queryClient: QueryClient,
+  locator: string,
+  virtualMcpId: string,
+  userId: string,
+): Task | null {
+  const queries = queryClient.getQueriesData<TasksQueryData>({
+    queryKey: KEYS.tasksPrefix(locator),
+  });
+  let best: Task | null = null;
+  for (const [, data] of queries) {
+    if (!data?.items) continue;
+    for (const t of data.items) {
+      if (t.virtual_mcp_id !== virtualMcpId) continue;
+      if (t.created_by !== userId) continue;
+      if (t.hidden) continue;
+      if (!best || t.updated_at > best.updated_at) best = t;
+    }
+  }
+  return best;
+}
diff --git a/apps/mesh/src/web/lib/read-cached-task-branch.ts b/apps/mesh/src/web/lib/read-cached-task-branch.ts
new file mode 100644
index 0000000000..bbb571c407
--- /dev/null
+++ b/apps/mesh/src/web/lib/read-cached-task-branch.ts
@@ -0,0 +1,29 @@
+import type { QueryClient } from "@tanstack/react-query";
+import { KEYS } from "./query-keys";
+import type { TasksQueryData } from "@/web/components/chat/task/types";
+
+/**
+ * Read a task's branch out of the React Query cache without firing a fetch.
+ * Used by "+ New task" entry points outside the chat context (tasks-panel,
+ * agent-shell-layout toolbar) to carry the active task's branch into the
+ * COLLECTION_THREADS_CREATE call so the new thread lands on the same warm
+ * sandbox.
+ *
+ * Returns null when the task isn't in any cached list, or when the cached
+ * row's branch is missing.
+ */
+export function readCachedTaskBranch(
+  queryClient: QueryClient,
+  locator: string,
+  taskId: string,
+): string | null {
+  if (!taskId) return null;
+  const queries = queryClient.getQueriesData<TasksQueryData>({
+    queryKey: KEYS.tasksPrefix(locator),
+  });
+  for (const [, data] of queries) {
+    const task = data?.items?.find((t) => t.id === taskId);
+    if (task?.branch) return task.branch;
+  }
+  return null;
+}
diff --git a/apps/mesh/src/web/providers/auth-config-provider.tsx b/apps/mesh/src/web/providers/auth-config-provider.tsx
index 852d6e3c9f..940bdef85e 100644
--- a/apps/mesh/src/web/providers/auth-config-provider.tsx
+++ b/apps/mesh/src/web/providers/auth-config-provider.tsx
@@ -1,31 +1,14 @@
 import { createContext, useContext, type ReactNode } from "react";
-import { useSuspenseQuery } from "@tanstack/react-query";
 import type { AuthConfig } from "@/api/routes/auth";
-import { KEYS } from "@/web/lib/query-keys";
+import { usePublicConfig } from "@/web/hooks/use-public-config";
 
 const AuthConfigContext = createContext<AuthConfig | undefined>(undefined);
 
-async function fetchAuthConfig(): Promise<AuthConfig> {
-  const response = await fetch("/api/auth/custom/config");
-  if (!response.ok) {
-    throw new Error("Failed to load auth configuration");
-  }
-  const data = await response.json();
-  if (!data.success) {
-    throw new Error(data.error || "Failed to load auth configuration");
-  }
-  return data.config;
-}
-
 export function AuthConfigProvider({ children }: { children: ReactNode }) {
-  const { data: authConfig } = useSuspenseQuery({
-    queryKey: KEYS.authConfig(),
-    queryFn: fetchAuthConfig,
-    staleTime: Infinity,
-  });
+  const publicConfig = usePublicConfig();
 
   return (
-    <AuthConfigContext.Provider value={authConfig}>
+    <AuthConfigContext.Provider value={publicConfig.auth}>
       {children}
     </AuthConfigContext.Provider>
   );
diff --git a/apps/mesh/src/web/providers/posthog-group-sync.tsx b/apps/mesh/src/web/providers/posthog-group-sync.tsx
new file mode 100644
index 0000000000..ecab49a771
--- /dev/null
+++ b/apps/mesh/src/web/providers/posthog-group-sync.tsx
@@ -0,0 +1,30 @@
+/**
+ * Binds the current PostHog browser session to the active organization
+ * group. Render once `activeOrg` is resolved so that every subsequent
+ * autocaptured event carries `$groups: { organization: <id> }`.
+ *
+ * Side-effect during render is intentional and matches the project's
+ * existing `PostHogIdentitySync` pattern (see ban on `useEffect` in
+ * plugins/ban-use-effect.ts). De-duplication lives in
+ * `setOrganizationGroup` itself, so re-renders are cheap.
+ */
+
+import { setOrganizationGroup } from "@/web/lib/posthog-client";
+
+export function PostHogGroupSync({
+  activeOrg,
+}: {
+  activeOrg: {
+    id: string;
+    name?: string | null;
+    slug?: string | null;
+  } | null;
+}) {
+  if (activeOrg) {
+    setOrganizationGroup(activeOrg.id, {
+      name: activeOrg.name ?? undefined,
+      slug: activeOrg.slug ?? undefined,
+    });
+  }
+  return null;
+}
diff --git a/apps/mesh/src/web/providers/posthog-provider.tsx b/apps/mesh/src/web/providers/posthog-provider.tsx
new file mode 100644
index 0000000000..bb49ad2c16
--- /dev/null
+++ b/apps/mesh/src/web/providers/posthog-provider.tsx
@@ -0,0 +1,45 @@
+/**
+ * Initializes PostHog from the runtime public config and syncs the
+ * Better Auth session into it.
+ *
+ * - Calls `initPostHog(key, host)` once on mount when `posthog` config
+ *   is present (server returns `posthog: null` when unconfigured).
+ * - Calls `identify` when a logged-in user is present.
+ * - Calls `reset` when the session clears (logout).
+ *
+ * Must render below the Suspense boundary that fetches /api/config.
+ */
+
+import { authClient } from "@/web/lib/auth-client";
+import { identifyUser, initPostHog, resetUser } from "@/web/lib/posthog-client";
+import { usePublicConfig } from "@/web/hooks/use-public-config";
+
+let lastUserId: string | null = null;
+
+export function PostHogIdentitySync({
+  children,
+}: {
+  children: React.ReactNode;
+}) {
+  const publicConfig = usePublicConfig();
+  const { data: session } = authClient.useSession();
+
+  if (publicConfig.posthog) {
+    initPostHog(publicConfig.posthog.key, publicConfig.posthog.host);
+
+    const userId = session?.user?.id ?? null;
+
+    if (userId && userId !== lastUserId) {
+      identifyUser(userId, {
+        email: session?.user?.email,
+        name: session?.user?.name,
+      });
+      lastUserId = userId;
+    } else if (!userId && lastUserId) {
+      resetUser();
+      lastUserId = null;
+    }
+  }
+
+  return <>{children}</>;
+}
diff --git a/apps/mesh/src/web/providers/providers.tsx b/apps/mesh/src/web/providers/providers.tsx
index 0aad7c1520..f49eb39e91 100644
--- a/apps/mesh/src/web/providers/providers.tsx
+++ b/apps/mesh/src/web/providers/providers.tsx
@@ -3,6 +3,7 @@ import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
 
 import { AuthConfigProvider } from "@/web/providers/auth-config-provider";
 import { BetterAuthUIProvider } from "@/web/providers/better-auth-ui-provider";
+import { PostHogIdentitySync } from "@/web/providers/posthog-provider";
 import { SplashScreen } from "@/web/components/splash-screen";
 import { ThemeProvider } from "@/web/providers/theme-provider";
 import { Toaster } from "sonner";
@@ -31,7 +32,9 @@ export function Providers({ children }: { children: React.ReactNode }) {
       <Suspense fallback={<SplashScreen />}>
         <ThemeProvider>
           <AuthConfigProvider>
-            <BetterAuthUIProvider>{children}</BetterAuthUIProvider>
+            <BetterAuthUIProvider>
+              <PostHogIdentitySync>{children}</PostHogIdentitySync>
+            </BetterAuthUIProvider>
           </AuthConfigProvider>
         </ThemeProvider>
       </Suspense>
diff --git a/apps/mesh/src/web/routes/agents-list.tsx b/apps/mesh/src/web/routes/agents-list.tsx
index 9deb179ee4..516b5b80c9 100644
--- a/apps/mesh/src/web/routes/agents-list.tsx
+++ b/apps/mesh/src/web/routes/agents-list.tsx
@@ -37,6 +37,7 @@ import {
 import { FolderClosed, Plus } from "@untitledui/icons";
 import { toast } from "sonner";
 import { GitHubRepoPicker } from "@/web/components/github-repo-picker.tsx";
+import { track } from "@/web/lib/posthog-client";
 
 export default function AgentsListPage() {
   const { org } = useProjectContext();
@@ -92,6 +93,7 @@ export default function AgentsListPage() {
   );
 
   const handleTemplateClick = (templateId: string) => {
+    track("agents_list_template_clicked", { template_id: templateId });
     if (templateId === "site-editor") {
       setImportDecoOpen(true);
     } else if (templateId === "site-diagnostics") {
@@ -117,6 +119,7 @@ export default function AgentsListPage() {
     setDeleteTarget(null);
     try {
       await actions.delete.mutateAsync(id);
+      track("agent_deleted", { agent_id: id, source: "agents_list" });
       toast.success(`Deleted "${title}"`);
     } catch {
       // Error toast handled by mutation
@@ -128,39 +131,54 @@ export default function AgentsListPage() {
       <Page.Content>
         <Page.Body>
           <div className="flex flex-col gap-6">
-            <Page.Title
-              actions={
-                <DropdownMenu>
-                  <DropdownMenuTrigger asChild>
-                    <Button size="sm">
-                      <Plus size={14} />
-                      Create Agent
-                    </Button>
-                  </DropdownMenuTrigger>
-                  <CreateAgentDropdownContent
-                    onCreateFromScratch={() => createVirtualMCP()}
-                    onImportGitHub={() => setGithubPickerOpen(true)}
-                    onImportDeco={() => setImportDecoOpen(true)}
-                    isCreating={isCreating}
-                    align="end"
-                  />
-                </DropdownMenu>
-              }
-            >
-              Agents
-            </Page.Title>
-            <SearchInput
-              value={search}
-              onChange={setSearch}
-              placeholder="Search for an agent..."
-              className="w-full md:w-[375px]"
-              onKeyDown={(event) => {
-                if (event.key === "Escape") {
-                  setSearch("");
-                  (event.target as HTMLInputElement).blur();
-                }
-              }}
-            />
+            <Page.Title>Agents</Page.Title>
+            <div className="flex flex-wrap items-center justify-between gap-3">
+              <SearchInput
+                value={search}
+                onChange={setSearch}
+                placeholder="Search for an agent..."
+                className="w-full md:w-[375px]"
+                onKeyDown={(event) => {
+                  if (event.key === "Escape") {
+                    setSearch("");
+                    (event.target as HTMLInputElement).blur();
+                  }
+                }}
+              />
+              <DropdownMenu>
+                <DropdownMenuTrigger asChild>
+                  <Button size="sm">
+                    <Plus size={14} />
+                    Create Agent
+                  </Button>
+                </DropdownMenuTrigger>
+                <CreateAgentDropdownContent
+                  onCreateFromScratch={() => {
+                    track("agent_create_clicked", {
+                      source: "agents_list",
+                      method: "scratch",
+                    });
+                    createVirtualMCP();
+                  }}
+                  onImportGitHub={() => {
+                    track("agent_create_clicked", {
+                      source: "agents_list",
+                      method: "github",
+                    });
+                    setGithubPickerOpen(true);
+                  }}
+                  onImportDeco={() => {
+                    track("agent_create_clicked", {
+                      source: "agents_list",
+                      method: "deco",
+                    });
+                    setImportDecoOpen(true);
+                  }}
+                  isCreating={isCreating}
+                  align="end"
+                />
+              </DropdownMenu>
+            </div>
           </div>
 
           {filteredAgents.length === 0 && filteredTemplates.length === 0 && (
@@ -185,9 +203,27 @@ export default function AgentsListPage() {
                         </Button>
                       </DropdownMenuTrigger>
                       <CreateAgentDropdownContent
-                        onCreateFromScratch={() => createVirtualMCP()}
-                        onImportGitHub={() => setGithubPickerOpen(true)}
-                        onImportDeco={() => setImportDecoOpen(true)}
+                        onCreateFromScratch={() => {
+                          track("agent_create_clicked", {
+                            source: "agents_list_empty",
+                            method: "scratch",
+                          });
+                          createVirtualMCP();
+                        }}
+                        onImportGitHub={() => {
+                          track("agent_create_clicked", {
+                            source: "agents_list_empty",
+                            method: "github",
+                          });
+                          setGithubPickerOpen(true);
+                        }}
+                        onImportDeco={() => {
+                          track("agent_create_clicked", {
+                            source: "agents_list_empty",
+                            method: "deco",
+                          });
+                          setImportDecoOpen(true);
+                        }}
                         isCreating={isCreating}
                         align="center"
                         showBetaBadge
diff --git a/apps/mesh/src/web/routes/orgs/collection-detail.tsx b/apps/mesh/src/web/routes/orgs/collection-detail.tsx
index 8b61d7a3c2..2597a78811 100644
--- a/apps/mesh/src/web/routes/orgs/collection-detail.tsx
+++ b/apps/mesh/src/web/routes/orgs/collection-detail.tsx
@@ -105,6 +105,7 @@ function CollectionDetailsContent() {
   const client = useMCPClient({
     connectionId: connectionId ?? null,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const actions = useCollectionActions(scopeKey, collectionName, client);
diff --git a/apps/mesh/src/web/routes/orgs/connections.tsx b/apps/mesh/src/web/routes/orgs/connections.tsx
index 46f74cff5b..a8eb84b1d6 100644
--- a/apps/mesh/src/web/routes/orgs/connections.tsx
+++ b/apps/mesh/src/web/routes/orgs/connections.tsx
@@ -102,6 +102,7 @@ import {
 } from "@untitledui/icons";
 import { Suspense, useState } from "react";
 import { useForm } from "react-hook-form";
+import { track } from "@/web/lib/posthog-client";
 import {
   connectionFormSchema,
   type ConnectionFormData,
@@ -580,6 +581,9 @@ function CatalogItemCard({
   };
 
   const handleCommunityConfirm = () => {
+    track("connections_community_warning_confirmed", {
+      registry_item_id: item.id,
+    });
     setCommunityWarningOpen(false);
     if (pendingAction === "connect") {
       onConnect(item);
@@ -763,6 +767,11 @@ function ConnectionResults({
 
   const handleInlineConnect = async (item: RegistryItem) => {
     if (!org || !session?.user?.id) return;
+    track("connection_add_clicked", {
+      action: "connect_new",
+      registry_item_id: item.id,
+      source: "connections_page",
+    });
     setConnectingItemId(item.id);
 
     try {
@@ -793,27 +802,44 @@ function ConnectionResults({
       const { id } = await actions.create.mutateAsync(connectionData);
 
       // Handle OAuth flow
-      const mcpProxyUrl = new URL(`/mcp/${id}`, window.location.origin);
+      const mcpProxyUrl = new URL(
+        `/api/${org.slug}/mcp/${id}`,
+        window.location.origin,
+      );
       const authStatus = await isConnectionAuthenticated({
         url: mcpProxyUrl.href,
         token: null,
+        orgId: org.id,
       });
 
       if (authStatus.supportsOAuth && !authStatus.isAuthenticated) {
         const { token, tokenInfo, error } = await authenticateMcp({
           connectionId: id,
+          orgSlug: org.slug,
+          scope: "offline_access",
         });
         if (error || !token) {
+          track("connection_oauth_failed", {
+            connection_id: id,
+            flow: "connections_page_connect",
+            error: error ?? "no_token",
+          });
           toast.error(`Authentication failed: ${error ?? "no token received"}`);
           return;
         } else {
+          track("connection_oauth_succeeded", {
+            connection_id: id,
+            flow: "connections_page_connect",
+          });
           if (tokenInfo) {
             try {
               const response = await fetch(
-                `/api/connections/${id}/oauth-token`,
+                `/api/${org.slug}/connections/${id}/oauth-token`,
                 {
                   method: "POST",
-                  headers: { "Content-Type": "application/json" },
+                  headers: {
+                    "Content-Type": "application/json",
+                  },
                   credentials: "include",
                   body: JSON.stringify({
                     accessToken: tokenInfo.accessToken,
@@ -866,6 +892,7 @@ function ConnectionResults({
   const selfClient = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const invalidateConnections = () => {
@@ -885,6 +912,7 @@ function ConnectionResults({
   const handleBulkDelete = async () => {
     setBulkDeleteOpen(false);
     const ids = [...selectedIds];
+    track("connections_bulk_delete", { count: ids.length });
     let deleted = 0;
 
     for (const id of ids) {
@@ -906,6 +934,10 @@ function ConnectionResults({
 
   const handleBulkToggleStatus = async (status: "active" | "inactive") => {
     const ids = [...selectedIds];
+    track("connections_bulk_status_toggled", {
+      count: ids.length,
+      to_status: status,
+    });
     let updated = 0;
 
     for (const id of ids) {
@@ -927,6 +959,10 @@ function ConnectionResults({
   const handleAddToAgent = async (agentId: string) => {
     const agent = agents.find((a) => a.id === agentId);
     if (!agent || !selfClient) return;
+    track("connections_bulk_add_to_agent", {
+      agent_id: agentId,
+      count: selectedIds.size,
+    });
 
     const existingConnIds = new Set(
       agent.connections.map((c) => c.connection_id),
@@ -1290,6 +1326,9 @@ function OrgMcpsContent() {
   const isCreating = search.action === "create";
 
   const openCreateDialog = () => {
+    track("connections_custom_dialog_opened", {
+      source: "connections_page",
+    });
     navigate({
       to: "/$org/settings/connections",
       params: { org: org.slug },
@@ -1340,6 +1379,10 @@ function OrgMcpsContent() {
     }
 
     const newId = generatePrefixedId("conn");
+    track("connection_custom_created", {
+      connection_type: connectionType,
+      ui_type: data.ui_type,
+    });
     // Create new connection
     await actions.create.mutateAsync({
       id: newId,
@@ -1952,7 +1995,13 @@ function OrgMcpsContent() {
                   { id: "connected", label: "Connected" },
                 ]}
                 activeTab={activeTab}
-                onTabChange={(id) => setActiveTab(id as ConnectionTab)}
+                onTabChange={(id) => {
+                  const next = id as ConnectionTab;
+                  if (next !== activeTab) {
+                    track("connections_page_tab_changed", { to_tab: next });
+                  }
+                  setActiveTab(next);
+                }}
               />
               <Suspense
                 fallback={
diff --git a/apps/mesh/src/web/routes/orgs/members.tsx b/apps/mesh/src/web/routes/orgs/members.tsx
index e054d4daac..3be6d1b9c6 100644
--- a/apps/mesh/src/web/routes/orgs/members.tsx
+++ b/apps/mesh/src/web/routes/orgs/members.tsx
@@ -2,17 +2,17 @@ import { CollectionDisplayButton } from "@/web/components/collections/collection
 import { SearchInput } from "@deco/ui/components/search-input.tsx";
 import { Page } from "@/web/components/page";
 import { CollectionTableWrapper } from "@/web/components/collections/collection-table-wrapper.tsx";
-import { ManageRolesDialog } from "@/web/components/manage-roles-dialog";
 import { EmptyState } from "@/web/components/empty-state.tsx";
 import { ErrorBoundary } from "@/web/components/error-boundary";
 import { InviteMemberDialog } from "@/web/components/invite-member-dialog";
+import { track } from "@/web/lib/posthog-client";
 import { useMembers } from "@/web/hooks/use-members";
 import {
   useInvitations,
   useInvitationActions,
 } from "@/web/hooks/use-invitations";
 import { useOrganizationRoles } from "@/web/hooks/use-organization-roles";
-import { authClient } from "@/web/lib/auth-client";
+import { useOrgAuthClient } from "@/web/hooks/use-org-auth-client";
 import { KEYS } from "@/web/lib/query-keys";
 import { useProjectContext } from "@decocms/mesh-sdk";
 import {
@@ -68,7 +68,6 @@ import { Suspense, useState } from "react";
 import { toast } from "sonner";
 import { TagMultiSelect } from "@/web/components/tag-multi-select";
 
-// Role colors matching manage-roles-dialog
 const ROLE_COLORS = [
   "bg-neutral-400",
   "bg-red-500",
@@ -430,6 +429,7 @@ function OrgMembersContent() {
   const invitationActions = useInvitationActions();
   const queryClient = useQueryClient();
   const { locator } = useProjectContext();
+  const orgAuth = useOrgAuthClient();
   const [memberToRemove, setMemberToRemove] = useState<string | null>(null);
   const [invitationToCancel, setInvitationToCancel] = useState<string | null>(
     null,
@@ -514,7 +514,7 @@ function OrgMembersContent() {
 
   const removeMemberMutation = useMutation({
     mutationFn: async (memberId: string) => {
-      const result = await authClient.organization.removeMember({
+      const result = await orgAuth.organization.removeMember({
         memberIdOrEmail: memberId,
       });
       if (result?.error) {
@@ -522,11 +522,15 @@ function OrgMembersContent() {
       }
     },
     onSuccess: () => {
+      track("member_removed");
       queryClient.invalidateQueries({ queryKey: KEYS.members(locator) });
       toast.success("Member has been removed from the organization");
       setMemberToRemove(null);
     },
     onError: (error) => {
+      track("member_remove_failed", {
+        error: error instanceof Error ? error.message : String(error),
+      });
       toast.error(
         error instanceof Error ? error.message : "Failed to remove member",
       );
@@ -541,7 +545,7 @@ function OrgMembersContent() {
       memberId: string;
       role: string;
     }) => {
-      const result = await authClient.organization.updateMemberRole({
+      const result = await orgAuth.organization.updateMemberRole({
         memberId,
         role: [role],
       });
@@ -549,11 +553,16 @@ function OrgMembersContent() {
         throw new Error(result.error.message);
       }
     },
-    onSuccess: () => {
+    onSuccess: (_res, vars) => {
+      track("member_role_updated", { new_role: vars.role });
       queryClient.invalidateQueries({ queryKey: KEYS.members(locator) });
       toast.success("Member's role has been updated");
     },
-    onError: (error) => {
+    onError: (error, vars) => {
+      track("member_role_update_failed", {
+        new_role: vars.role,
+        error: error instanceof Error ? error.message : String(error),
+      });
       toast.error(
         error instanceof Error ? error.message : "Failed to update role",
       );
@@ -571,7 +580,7 @@ function OrgMembersContent() {
       email: string;
     }) => {
       // Cancel the old invitation
-      const cancelResult = await authClient.organization.cancelInvitation({
+      const cancelResult = await orgAuth.organization.cancelInvitation({
         invitationId,
       });
       if (cancelResult?.error) {
@@ -579,7 +588,7 @@ function OrgMembersContent() {
       }
 
       // Create new invitation with updated role
-      const inviteResult = await authClient.organization.inviteMember({
+      const inviteResult = await orgAuth.organization.inviteMember({
         email,
         role: role as "admin" | "owner",
       });
@@ -587,11 +596,16 @@ function OrgMembersContent() {
         throw new Error(inviteResult.error.message);
       }
     },
-    onSuccess: () => {
+    onSuccess: (_res, vars) => {
+      track("invitation_role_updated", { new_role: vars.role });
       queryClient.invalidateQueries({ queryKey: KEYS.invitations(locator) });
       toast.success("Invitation role has been updated");
     },
-    onError: (error) => {
+    onError: (error, vars) => {
+      track("invitation_role_update_failed", {
+        new_role: vars.role,
+        error: error instanceof Error ? error.message : String(error),
+      });
       toast.error(
         error instanceof Error
           ? error.message
@@ -769,14 +783,6 @@ function OrgMembersContent() {
 
   const ctaButton = (
     <div className="flex items-center gap-2">
-      <ManageRolesDialog
-        trigger={
-          <Button variant="outline">
-            <Shield01 size={16} />
-            Manage Roles
-          </Button>
-        }
-      />
       <InviteMemberDialog trigger={<Button>Invite Member</Button>} />
     </div>
   );
@@ -859,19 +865,19 @@ function OrgMembersContent() {
           <div className="flex flex-col gap-6">
             <Page.Title>Members</Page.Title>
             <div className="flex flex-wrap items-center justify-between gap-3">
-              <SearchInput
-                value={search}
-                onChange={setSearch}
-                placeholder="Search members..."
-                className="w-full md:w-[375px]"
-                onKeyDown={(event) => {
-                  if (event.key === "Escape") {
-                    setSearch("");
-                    (event.target as HTMLInputElement).blur();
-                  }
-                }}
-              />
               <div className="flex items-center gap-2">
+                <SearchInput
+                  value={search}
+                  onChange={setSearch}
+                  placeholder="Search members..."
+                  className="w-full md:w-[375px]"
+                  onKeyDown={(event) => {
+                    if (event.key === "Escape") {
+                      setSearch("");
+                      (event.target as HTMLInputElement).blur();
+                    }
+                  }}
+                />
                 <CollectionDisplayButton
                   viewMode={viewMode}
                   onViewModeChange={setViewMode}
@@ -884,8 +890,8 @@ function OrgMembersContent() {
                     { id: "joined", label: "Joined" },
                   ]}
                 />
-                {ctaButton}
               </div>
+              {ctaButton}
             </div>
             {viewMode === "cards" ? (
               <div>
diff --git a/apps/mesh/src/web/routes/orgs/monitoring/index.tsx b/apps/mesh/src/web/routes/orgs/monitoring/index.tsx
index dc71a91683..107d6ef923 100644
--- a/apps/mesh/src/web/routes/orgs/monitoring/index.tsx
+++ b/apps/mesh/src/web/routes/orgs/monitoring/index.tsx
@@ -71,6 +71,7 @@ import { OverviewTabContent, OverviewTabSkeleton } from "./overview.tsx";
 import { AuditTabContent, MonitoringLogsTable } from "./audit.tsx";
 import { ThreadsTabContent, ThreadsFiltersPopover } from "./threads.tsx";
 import { getOrgMembers } from "./utils.ts";
+import { track } from "@/web/lib/posthog-client";
 
 // ============================================================================
 // Filters Popover Component
@@ -116,7 +117,7 @@ function FiltersPopover({
 }: FiltersPopoverProps) {
   const [filterPopoverOpen, setFilterPopoverOpen] = useState(false);
   const [propertyFilterMode, setPropertyFilterMode] = useState<"raw" | "form">(
-    "raw",
+    "form",
   );
 
   const [localTool, setLocalTool] = useState(tool);
@@ -604,6 +605,7 @@ function MonitoringDashboardContent({
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const propertyApiParams = propertyFiltersToApiParams(propertyFilters);
@@ -951,9 +953,26 @@ export default function MonitoringDashboard() {
             to={to}
             propertyFilters={propertyFilters}
             onUpdateFilters={updateFilters}
-            onTimeRangeChange={handleTimeRangeChange}
-            onStreamingToggle={() => updateFilters({ streaming: !streaming })}
-            onTabChange={(newTab) => updateFilters({ tab: newTab })}
+            onTimeRangeChange={(range) => {
+              track("monitoring_time_range_changed", {
+                from: range.from,
+                to: range.to,
+              });
+              handleTimeRangeChange(range);
+            }}
+            onStreamingToggle={() => {
+              track("monitoring_live_toggled", { enabled: !streaming });
+              updateFilters({ streaming: !streaming });
+            }}
+            onTabChange={(newTab) => {
+              if (newTab !== tab) {
+                track("monitoring_tab_changed", {
+                  from_tab: tab,
+                  to_tab: newTab,
+                });
+              }
+              updateFilters({ tab: newTab });
+            }}
           />
         </Suspense>
       </ErrorBoundary>
diff --git a/apps/mesh/src/web/routes/orgs/settings/automations.tsx b/apps/mesh/src/web/routes/orgs/settings/automations.tsx
index bc85865dfc..606c024490 100644
--- a/apps/mesh/src/web/routes/orgs/settings/automations.tsx
+++ b/apps/mesh/src/web/routes/orgs/settings/automations.tsx
@@ -7,8 +7,13 @@ import { EmptyState } from "@/web/components/empty-state.tsx";
 import { useAutomations } from "@/web/hooks/use-automations";
 import { useNavigateToAgent } from "@/web/hooks/use-navigate-to-agent";
 import { AutomationListRow } from "@/web/views/automations/automation-list-row";
-import { useVirtualMCPs, useProjectContext } from "@decocms/mesh-sdk";
+import {
+  getDecopilotId,
+  useVirtualMCPs,
+  useProjectContext,
+} from "@decocms/mesh-sdk";
 import { useNavigate } from "@tanstack/react-router";
+import { track } from "@/web/lib/posthog-client";
 
 export default function SettingsAutomationsPage() {
   const { org } = useProjectContext();
@@ -24,19 +29,27 @@ export default function SettingsAutomationsPage() {
   const filtered = automations.filter((a) => {
     if (!lowerSearch) return true;
     if (a.name.toLowerCase().includes(lowerSearch)) return true;
-    const agent = a.agent ? agentMap.get(a.agent.id) : undefined;
+    const agent = agentMap.get(a.virtual_mcp_id);
     if (agent && agent.title.toLowerCase().includes(lowerSearch)) return true;
     return false;
   });
 
-  const handleRowClick = (automationId: string, agentId: string | null) => {
-    if (!agentId) return;
-    navigateToAgent(agentId, {
+  const handleRowClick = (automationId: string, agentId: string) => {
+    // Fall back to Decopilot when the automation's virtual_mcp_id no longer
+    // resolves (orphaned reference); otherwise the detail panel can't mount.
+    const target = agentMap.has(agentId) ? agentId : getDecopilotId(org.id);
+    track("automations_list_row_clicked", {
+      automation_id: automationId,
+      agent_id: target,
+      source: "settings_automations",
+    });
+    navigateToAgent(target, {
       search: { main: "automation:" + automationId },
     });
   };
 
   const handleBrowseAgents = () => {
+    track("automations_empty_state_browse_agents_clicked");
     navigate({ to: "/$org/settings/agents", params: { org: org.slug } });
   };
 
@@ -85,7 +98,7 @@ export default function SettingsAutomationsPage() {
                   key={a.id}
                   automation={a}
                   showAgent
-                  onClick={() => handleRowClick(a.id, a.agent?.id ?? null)}
+                  onClick={() => handleRowClick(a.id, a.virtual_mcp_id)}
                 />
               ))}
             </div>
diff --git a/apps/mesh/src/web/routes/orgs/settings/roles.tsx b/apps/mesh/src/web/routes/orgs/settings/roles.tsx
new file mode 100644
index 0000000000..c97378e688
--- /dev/null
+++ b/apps/mesh/src/web/routes/orgs/settings/roles.tsx
@@ -0,0 +1,458 @@
+import { useProjectContext } from "@decocms/mesh-sdk";
+import {
+  type OrganizationRole,
+  useOrganizationRoles,
+} from "@/web/hooks/use-organization-roles";
+import { useOrgAuthClient } from "@/web/hooks/use-org-auth-client";
+import { KEYS } from "@/web/lib/query-keys";
+import { track } from "@/web/lib/posthog-client";
+import { Badge } from "@deco/ui/components/badge.tsx";
+import { Button } from "@deco/ui/components/button.tsx";
+import {
+  AlertDialog,
+  AlertDialogAction,
+  AlertDialogCancel,
+  AlertDialogContent,
+  AlertDialogDescription,
+  AlertDialogFooter,
+  AlertDialogHeader,
+  AlertDialogTitle,
+} from "@deco/ui/components/alert-dialog.tsx";
+import {
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuTrigger,
+} from "@deco/ui/components/dropdown-menu.tsx";
+import {
+  Plus,
+  Lock01,
+  DotsVertical,
+  Trash01,
+  Loading01,
+} from "@untitledui/icons";
+import { cn } from "@deco/ui/lib/utils.ts";
+import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query";
+import { useNavigate, useSearch } from "@tanstack/react-router";
+import { Suspense, useState } from "react";
+import { toast } from "sonner";
+import { CollectionTableWrapper } from "@/web/components/collections/collection-table-wrapper.tsx";
+import type { TableColumn } from "@/web/components/collections/collection-table.tsx";
+import { Page } from "@/web/components/page";
+import { ErrorBoundary } from "@/web/components/error-boundary";
+import { EmptyState } from "@/web/components/empty-state.tsx";
+import { SearchInput } from "@deco/ui/components/search-input.tsx";
+import {
+  RoleDetailPage,
+  getTargetKey,
+  type RoleEditorTarget,
+} from "@/web/views/settings/org-role-detail.tsx";
+
+// ============================================================================
+// Role color helpers
+// ============================================================================
+
+const BUILTIN_ROLES = [
+  { role: "owner", label: "Owner", color: "bg-red-500" },
+  { role: "admin", label: "Admin", color: "bg-blue-500" },
+  { role: "user", label: "User", color: "bg-green-500" },
+] as const;
+
+const ROLE_COLORS = [
+  "bg-red-500",
+  "bg-orange-500",
+  "bg-amber-500",
+  "bg-yellow-500",
+  "bg-lime-500",
+  "bg-green-500",
+  "bg-emerald-500",
+  "bg-teal-500",
+  "bg-cyan-500",
+  "bg-sky-500",
+  "bg-blue-500",
+  "bg-indigo-500",
+  "bg-violet-500",
+  "bg-purple-500",
+  "bg-fuchsia-500",
+  "bg-pink-500",
+  "bg-rose-500",
+] as const;
+
+function getRoleColor(roleName: string): string {
+  if (!roleName) return "bg-neutral-400";
+  let hash = 0;
+  for (let i = 0; i < roleName.length; i++) {
+    const char = roleName.charCodeAt(i);
+    hash = (hash << 5) - hash + char;
+    hash = hash & hash;
+  }
+  const index = Math.abs(hash) % ROLE_COLORS.length;
+  return ROLE_COLORS[index] ?? ROLE_COLORS[0];
+}
+
+const BUILTIN_ROLE_COLORS: Record<string, string> = {
+  owner: "bg-red-500",
+  admin: "bg-blue-500",
+  user: "bg-green-500",
+};
+
+function getRoleDotColor(role: string, isBuiltin: boolean): string {
+  if (isBuiltin) return BUILTIN_ROLE_COLORS[role] ?? "bg-neutral-400";
+  return getRoleColor(role);
+}
+
+// ============================================================================
+// Roles Table (main page content)
+// ============================================================================
+
+type RoleRow =
+  | {
+      kind: "builtin";
+      role: (typeof BUILTIN_ROLES)[number] & { memberCount: number };
+    }
+  | { kind: "custom"; role: OrganizationRole & { memberCount: number } };
+
+function RolesPageContent() {
+  const [search, setSearch] = useState("");
+  const [roleToDelete, setRoleToDelete] = useState<{
+    id: string;
+    label: string;
+  } | null>(null);
+
+  const navigate = useNavigate();
+  const { role: roleParam } = useSearch({ strict: false }) as {
+    role?: string;
+  };
+
+  const { locator } = useProjectContext();
+  const orgAuth = useOrgAuthClient();
+  const queryClient = useQueryClient();
+  const { customRoles, refetch: refetchRoles } = useOrganizationRoles();
+
+  const setActiveRole = (value: string | undefined) =>
+    navigate({
+      to: ".",
+      search: (prev: Record<string, unknown>) => ({ ...prev, role: value }),
+    });
+
+  const activeTarget: RoleEditorTarget | null = (() => {
+    if (!roleParam) return null;
+    if (roleParam === "new") return { kind: "new" };
+    if (roleParam.startsWith("builtin-")) {
+      const slug = roleParam.slice(8) as "owner" | "admin" | "user";
+      return { kind: "builtin", role: slug };
+    }
+    const custom = customRoles.find((r) => r.id === roleParam);
+    return custom ? { kind: "custom", role: custom } : null;
+  })();
+  const { data: membersData } = useQuery({
+    queryKey: KEYS.members(locator),
+    queryFn: () => orgAuth.organization.listMembers(),
+  });
+
+  const members = membersData?.data?.members ?? [];
+  type Member = (typeof members)[number];
+
+  const getMemberCount = (roleSlug: string) =>
+    members.filter((m: Member) => m.role === roleSlug).length;
+
+  const builtinRows: RoleRow[] = BUILTIN_ROLES.map((r) => ({
+    kind: "builtin" as const,
+    role: { ...r, memberCount: getMemberCount(r.role) },
+  }));
+
+  const customRows: RoleRow[] = customRoles.map((r) => ({
+    kind: "custom" as const,
+    role: { ...r, memberCount: getMemberCount(r.role) },
+  }));
+
+  let allRows: RoleRow[] = [...builtinRows, ...customRows];
+
+  if (search) {
+    const q = search.toLowerCase();
+    allRows = allRows.filter((row) => row.role.label.toLowerCase().includes(q));
+  }
+
+  const deleteRoleMutation = useMutation({
+    mutationFn: async (roleId: string) => {
+      const result = await orgAuth.organization.deleteRole({ roleId });
+      if (result?.error) throw new Error(result.error.message);
+      return result?.data;
+    },
+    onSuccess: (_, roleId) => {
+      track("role_deleted", { role_id: roleId });
+      queryClient.invalidateQueries({ queryKey: KEYS.members(locator) });
+      queryClient.invalidateQueries({
+        queryKey: KEYS.organizationRoles(locator),
+      });
+      toast.success("Role deleted successfully!");
+      refetchRoles();
+      if (activeTarget?.kind === "custom" && activeTarget.role.id === roleId) {
+        setActiveRole(undefined);
+      }
+    },
+    onError: (error, roleId) => {
+      track("role_delete_failed", {
+        role_id: roleId,
+        error: error instanceof Error ? error.message : String(error),
+      });
+      toast.error(
+        error instanceof Error ? error.message : "Failed to delete role",
+      );
+    },
+  });
+
+  const columns: TableColumn<RoleRow>[] = [
+    {
+      id: "role",
+      header: "Role",
+      render: (row) => (
+        <div className="flex items-center gap-3">
+          <div
+            className={cn(
+              "size-2.5 rounded-full shrink-0",
+              getRoleDotColor(row.role.role, row.kind === "builtin"),
+            )}
+          />
+          <span className="text-sm font-medium text-foreground truncate">
+            {row.role.label}
+          </span>
+          {row.kind === "builtin" && (
+            <Lock01 size={12} className="text-muted-foreground shrink-0" />
+          )}
+        </div>
+      ),
+      cellClassName: "flex-1 min-w-0",
+      sortable: true,
+    },
+    {
+      id: "type",
+      header: "Type",
+      render: (row) =>
+        row.kind === "builtin" ? (
+          <Badge variant="secondary" className="text-xs">
+            Built-in
+          </Badge>
+        ) : (
+          <Badge variant="outline" className="text-xs">
+            Custom
+          </Badge>
+        ),
+      cellClassName: "w-28 shrink-0",
+    },
+    {
+      id: "permissions",
+      header: "Permissions",
+      render: (row) => {
+        if (row.kind === "builtin") {
+          if (row.role.role === "owner" || row.role.role === "admin") {
+            return (
+              <span className="text-sm text-muted-foreground">Full access</span>
+            );
+          }
+          return (
+            <span className="text-sm text-muted-foreground">Basic access</span>
+          );
+        }
+        const r = row.role as OrganizationRole;
+        const parts: string[] = [];
+        if (r.allowsAllStaticPermissions) {
+          parts.push("Full org access");
+        } else if (r.staticPermissionCount && r.staticPermissionCount > 0) {
+          parts.push(
+            `${r.staticPermissionCount} org perm${r.staticPermissionCount !== 1 ? "s" : ""}`,
+          );
+        }
+        if (r.allowsAllConnections) {
+          parts.push("All connections");
+        } else if (r.connectionCount && r.connectionCount > 0) {
+          parts.push(
+            `${r.connectionCount} connection${r.connectionCount !== 1 ? "s" : ""}`,
+          );
+        }
+        return (
+          <span className="text-sm text-muted-foreground truncate">
+            {parts.length > 0 ? parts.join(", ") : "No permissions"}
+          </span>
+        );
+      },
+      cellClassName: "flex-1 min-w-0",
+    },
+    {
+      id: "members",
+      header: "Members",
+      render: (row) => (
+        <span className="text-sm text-foreground">{row.role.memberCount}</span>
+      ),
+      cellClassName: "w-24 shrink-0",
+    },
+    {
+      id: "actions",
+      header: "",
+      render: (row) => {
+        if (row.kind === "builtin") return null;
+        return (
+          <DropdownMenu>
+            <DropdownMenuTrigger asChild>
+              <Button
+                variant="ghost"
+                size="sm"
+                className="h-8 w-8 p-0"
+                onClick={(e) => e.stopPropagation()}
+              >
+                <DotsVertical size={16} />
+              </Button>
+            </DropdownMenuTrigger>
+            <DropdownMenuContent
+              align="end"
+              onClick={(e) => e.stopPropagation()}
+            >
+              <DropdownMenuItem
+                variant="destructive"
+                onClick={() => {
+                  const r = row.role as OrganizationRole;
+                  if (r.id) setRoleToDelete({ id: r.id, label: r.label });
+                }}
+              >
+                <Trash01 size={16} />
+                Delete
+              </DropdownMenuItem>
+            </DropdownMenuContent>
+          </DropdownMenu>
+        );
+      },
+      cellClassName: "w-12 shrink-0",
+    },
+  ];
+
+  const handleRowClick = (row: RoleRow) => {
+    if (row.kind === "builtin") {
+      setActiveRole(`builtin-${row.role.role}`);
+    } else {
+      const r = row.role as OrganizationRole;
+      setActiveRole(r.id);
+    }
+  };
+
+  if (activeTarget) {
+    return (
+      <RoleDetailPage
+        key={getTargetKey(activeTarget)}
+        target={activeTarget}
+        onBack={() => setActiveRole(undefined)}
+        onSaved={() => {
+          refetchRoles();
+          setActiveRole(undefined);
+        }}
+      />
+    );
+  }
+
+  return (
+    <Page>
+      <Page.Content>
+        <Page.Body>
+          <div className="flex flex-col gap-6">
+            <Page.Title>Roles</Page.Title>
+            <div className="flex flex-wrap items-center justify-between gap-3">
+              <SearchInput
+                value={search}
+                onChange={setSearch}
+                placeholder="Search roles..."
+                className="w-full md:w-[375px]"
+                onKeyDown={(e) => {
+                  if (e.key === "Escape") {
+                    setSearch("");
+                    (e.target as HTMLInputElement).blur();
+                  }
+                }}
+              />
+              <Button onClick={() => setActiveRole("new")}>
+                <Plus size={16} />
+                Create Role
+              </Button>
+            </div>
+            <CollectionTableWrapper
+              columns={columns}
+              data={allRows}
+              isLoading={false}
+              onRowClick={handleRowClick}
+              emptyState={
+                search ? (
+                  <EmptyState
+                    title="No roles found"
+                    description={`No roles match "${search}"`}
+                  />
+                ) : (
+                  <EmptyState
+                    title="No roles"
+                    description="Create a role to get started."
+                  />
+                )
+              }
+            />
+          </div>
+        </Page.Body>
+      </Page.Content>
+
+      <AlertDialog
+        open={roleToDelete !== null}
+        onOpenChange={(open) => !open && setRoleToDelete(null)}
+      >
+        <AlertDialogContent>
+          <AlertDialogHeader>
+            <AlertDialogTitle>Delete Role</AlertDialogTitle>
+            <AlertDialogDescription>
+              Are you sure you want to delete the "{roleToDelete?.label}" role?
+              This action cannot be undone.
+            </AlertDialogDescription>
+          </AlertDialogHeader>
+          <AlertDialogFooter>
+            <AlertDialogCancel>Cancel</AlertDialogCancel>
+            <AlertDialogAction
+              onClick={() => {
+                if (roleToDelete?.id)
+                  deleteRoleMutation.mutate(roleToDelete.id);
+                setRoleToDelete(null);
+              }}
+              className="bg-destructive text-destructive-foreground hover:bg-destructive/90"
+            >
+              Delete
+            </AlertDialogAction>
+          </AlertDialogFooter>
+        </AlertDialogContent>
+      </AlertDialog>
+    </Page>
+  );
+}
+
+export default function RolesPage() {
+  return (
+    <ErrorBoundary
+      fallback={
+        <Page>
+          <div className="flex items-center justify-center h-full">
+            <div className="text-sm text-muted-foreground">
+              Failed to load roles
+            </div>
+          </div>
+        </Page>
+      }
+    >
+      <Suspense
+        fallback={
+          <Page>
+            <div className="flex items-center justify-center h-full">
+              <Loading01
+                size={32}
+                className="animate-spin text-muted-foreground"
+              />
+            </div>
+          </Page>
+        }
+      >
+        <RolesPageContent />
+      </Suspense>
+    </ErrorBoundary>
+  );
+}
diff --git a/apps/mesh/src/web/routes/project-app-view.tsx b/apps/mesh/src/web/routes/project-app-view.tsx
index daac827908..5c73070465 100644
--- a/apps/mesh/src/web/routes/project-app-view.tsx
+++ b/apps/mesh/src/web/routes/project-app-view.tsx
@@ -9,7 +9,10 @@ import {
   useMCPToolsList,
   useMCPToolCall,
 } from "@decocms/mesh-sdk";
-import type { McpUiMessageRequest } from "@modelcontextprotocol/ext-apps";
+import type {
+  McpUiDisplayMode,
+  McpUiMessageRequest,
+} from "@modelcontextprotocol/ext-apps";
 import type { Tool } from "@modelcontextprotocol/sdk/types.js";
 import { contentBlocksToTiptapDoc } from "@/mcp-apps/content-blocks.ts";
 import { MCPAppRenderer } from "@/mcp-apps/mcp-app-renderer.tsx";
@@ -25,6 +28,7 @@ function AppRenderer({
   tool,
   connectionId,
   orgId,
+  args,
 }: {
   client: ReturnType<typeof useMCPClient>;
   resourceURI: string;
@@ -36,15 +40,27 @@ function AppRenderer({
   };
   connectionId: string;
   orgId?: string;
+  args?: Record<string, unknown>;
 }) {
   const { sendMessage } = useChatBridge();
   const { setAppContext, clearAppContext } = useChatPrefs();
-  const { setChatOpen } = usePanelActions();
+  const { setChatOpen, openTab } = usePanelActions();
   const sourceId = `${connectionId}:${tool.name}`;
+
+  const handleRequestDisplayMode = (
+    mode: McpUiDisplayMode,
+  ): McpUiDisplayMode => {
+    if (mode === "inline") {
+      openTab("0");
+      return "inline";
+    }
+    return "fullscreen";
+  };
+  const toolInput = args ?? EMPTY_TOOL_INPUT;
   const { data: toolResult } = useMCPToolCall({
     client,
     toolName: tool.name,
-    toolArguments: EMPTY_TOOL_INPUT,
+    toolArguments: toolInput,
   });
 
   const clientId = getGatewayClientId(tool._meta);
@@ -70,7 +86,7 @@ function AppRenderer({
       resourceURI={resourceURI}
       orgId={orgId}
       toolInfo={{ tool: strippedTool }}
-      toolInput={EMPTY_TOOL_INPUT}
+      toolInput={toolInput}
       toolResult={toolResult}
       displayMode="fullscreen"
       minHeight={MCP_APP_DISPLAY_MODES.fullscreen.minHeight}
@@ -79,6 +95,7 @@ function AppRenderer({
       onMessage={handleAppMessage}
       onUpdateModelContext={(params) => setAppContext(sourceId, params)}
       onTeardown={() => clearAppContext(sourceId)}
+      onRequestDisplayMode={handleRequestDisplayMode}
       className="h-full"
     />
   );
@@ -87,12 +104,18 @@ function AppRenderer({
 export function AppViewContent({
   connectionId,
   toolName,
+  args,
 }: {
   connectionId: string;
   toolName: string;
+  args?: Record<string, unknown>;
 }) {
   const { org } = useProjectContext();
-  const client = useMCPClient({ connectionId, orgId: org.id });
+  const client = useMCPClient({
+    connectionId,
+    orgId: org.id,
+    orgSlug: org.slug,
+  });
   const { data: toolsResult } = useMCPToolsList({ client });
 
   const decodedToolName = stripMcpServerPrefix(decodeURIComponent(toolName));
@@ -118,6 +141,7 @@ export function AppViewContent({
       tool={tool}
       connectionId={connectionId}
       orgId={org.id}
+      args={args}
     />
   );
 }
diff --git a/apps/mesh/src/web/utils/ai-providers-logos.ts b/apps/mesh/src/web/utils/ai-providers-logos.ts
index 5314dc5a4c..87217dafae 100644
--- a/apps/mesh/src/web/utils/ai-providers-logos.ts
+++ b/apps/mesh/src/web/utils/ai-providers-logos.ts
@@ -9,18 +9,44 @@ const OPENROUTER_ICON_URL =
 const ANTHROPIC_ICON_URL =
   "https://assets.decocache.com/decocms/51a209ae-14bc-4b6f-8216-8eb670695bd7/Anthropic-Icon--Streamline-Svg-Logos.svg";
 
+/**
+ * Heuristic: when an OpenAI-compatible proxy returns model IDs without a
+ * provider prefix (e.g. "gpt-4o-mini", "claude-3-5-sonnet"), guess the
+ * upstream provider from the name so the model selector still shows a
+ * recognizable logo instead of the default fallback.
+ */
+function inferUpstreamFromModelId(modelId: string): string | null {
+  const id = modelId.toLowerCase();
+  if (id.startsWith("gpt-") || id.startsWith("o1") || id.startsWith("o3"))
+    return "openai";
+  if (id.startsWith("claude-") || id.startsWith("claude.")) return "anthropic";
+  if (id.startsWith("gemini")) return "google";
+  if (id.startsWith("llama")) return "meta-llama";
+  if (id.startsWith("mistral") || id.startsWith("mixtral")) return "mistralai";
+  if (id.startsWith("qwen")) return "qwen";
+  if (id.startsWith("deepseek")) return "deepseek";
+  if (id.startsWith("grok")) return "x-ai";
+  if (id.startsWith("command-")) return "cohere";
+  if (id.startsWith("phi-")) return "microsoft";
+  return null;
+}
+
 export function getProviderLogo(model: {
   providerId: string;
   modelId: string;
 }): string {
-  const upstreamProvider = model.modelId.includes("/")
+  const upstream = model.modelId.includes("/")
     ? model.modelId.split("/")[0]
-    : null;
-  return (
-    (upstreamProvider && PROVIDER_LOGOS[upstreamProvider]) ||
-    PROVIDER_LOGOS[model.providerId] ||
-    DEFAULT_LOGO
-  );
+    : undefined;
+  const fromUpstream = upstream ? PROVIDER_LOGOS[upstream] : undefined;
+  if (fromUpstream) return fromUpstream;
+
+  const fromProvider = PROVIDER_LOGOS[model.providerId];
+  if (fromProvider) return fromProvider;
+
+  const inferred = inferUpstreamFromModelId(model.modelId);
+  const fromInferred = inferred ? PROVIDER_LOGOS[inferred] : undefined;
+  return fromInferred ?? DEFAULT_LOGO;
 }
 
 export const PROVIDER_LOGOS: Record<string, string> = {
diff --git a/apps/mesh/src/web/utils/openai-compatible-presets.ts b/apps/mesh/src/web/utils/openai-compatible-presets.ts
new file mode 100644
index 0000000000..374e79f3f7
--- /dev/null
+++ b/apps/mesh/src/web/utils/openai-compatible-presets.ts
@@ -0,0 +1,68 @@
+/**
+ * Branded presets that wrap the generic "openai-compatible" provider with a
+ * first-class card (logo, name, description, sensible base-URL placeholder).
+ *
+ * All presets store as providerId="openai-compatible" with the preset id
+ * captured in the ai_provider_keys.preset_id column, so multiple configs of
+ * the same preset can coexist (e.g. two LiteLLM instances) and the model
+ * selector can show the branded logo + name instead of "OpenAI Compatible".
+ */
+export interface OpenAICompatiblePreset {
+  id: string;
+  name: string;
+  description: string;
+  logo: string;
+  baseUrlPlaceholder: string;
+  /** When true, the form hints that an API key is typically required. */
+  apiKeyRecommended: boolean;
+  /** Short copy shown in the form's helper area. */
+  helpText?: string;
+}
+
+export const OPENAI_COMPATIBLE_PRESETS: OpenAICompatiblePreset[] = [
+  {
+    id: "litellm",
+    name: "LiteLLM",
+    description: "Connect a LiteLLM proxy as an OpenAI-compatible endpoint",
+    logo: "https://decoims.com/decocms/e974ae05-ad64-4b4a-8444-d9705f019b85/litellm.png",
+    baseUrlPlaceholder: "http://localhost:4000",
+    apiKeyRecommended: true,
+    helpText:
+      "Point at your LiteLLM proxy. The base URL should be the root of the proxy (we'll append /v1).",
+  },
+  {
+    id: "ollama",
+    name: "Ollama",
+    description: "Run local models via Ollama's OpenAI-compatible API",
+    logo: "https://decoims.com/decocms/2bb2f822-5288-4b7c-a541-dcbef76525a0/ollama.png",
+    baseUrlPlaceholder: "http://localhost:11434",
+    apiKeyRecommended: false,
+    helpText:
+      "Ollama exposes /v1 by default — no API key required for local use.",
+  },
+  {
+    id: "lm-studio",
+    name: "LM Studio",
+    description: "Local models served by LM Studio",
+    logo: "https://decoims.com/decocms/9f0ab1a9-d2d5-4f3e-9de0-aadd4926428d/lmstudio.webp",
+    baseUrlPlaceholder: "http://localhost:1234",
+    apiKeyRecommended: false,
+    helpText:
+      "Start the local server in LM Studio, then paste its base URL here.",
+  },
+  {
+    id: "vllm",
+    name: "vLLM",
+    description: "High-throughput inference server with OpenAI-compatible API",
+    logo: "https://decoims.com/decocms/b6c60e4f-a4aa-443c-981f-ad0f31640e22/vllm.png",
+    baseUrlPlaceholder: "http://localhost:8000",
+    apiKeyRecommended: false,
+  },
+];
+
+export function getPreset(
+  presetId: string | null | undefined,
+): OpenAICompatiblePreset | undefined {
+  if (!presetId) return undefined;
+  return OPENAI_COMPATIBLE_PRESETS.find((p) => p.id === presetId);
+}
diff --git a/apps/mesh/src/web/utils/registry-utils.ts b/apps/mesh/src/web/utils/registry-utils.ts
index 75e082fc6b..ee34c449e9 100644
--- a/apps/mesh/src/web/utils/registry-utils.ts
+++ b/apps/mesh/src/web/utils/registry-utils.ts
@@ -118,12 +118,14 @@ export function extractItemsFromResponse<T>(response: unknown): T[] {
 export async function callRegistryTool<TOutput>(
   registryId: string,
   orgId: string,
+  orgSlug: string,
   toolName: string,
   args: Record<string, unknown>,
 ): Promise<TOutput> {
   const client = await createMCPClient({
     connectionId: registryId,
     orgId,
+    orgSlug,
   });
 
   try {
diff --git a/apps/mesh/src/web/views/automations/automation-detail.tsx b/apps/mesh/src/web/views/automations/automation-detail.tsx
index cdf20c22e0..db96e68db5 100644
--- a/apps/mesh/src/web/views/automations/automation-detail.tsx
+++ b/apps/mesh/src/web/views/automations/automation-detail.tsx
@@ -9,6 +9,11 @@ import {
   type AiProviderModel,
 } from "@/web/hooks/collections/use-ai-providers.ts";
 import { ModelSelector } from "@/web/components/chat/select-model.tsx";
+import {
+  SimpleModeTierDropdown,
+  type SimpleModeTier,
+} from "@/web/components/chat/simple-mode-tier-dropdown.tsx";
+import { useSimpleMode } from "@/web/hooks/use-organization-settings";
 import { User } from "@/web/components/user/user.tsx";
 import {
   useAutomation,
@@ -16,7 +21,11 @@ import {
   useTriggerList,
   type TriggerDefinition,
 } from "@/web/hooks/use-automations";
-import { useChatTask, useChatPrefs } from "@/web/components/chat/context";
+import {
+  useChatTask,
+  useChatPrefs,
+  useChatBridge,
+} from "@/web/components/chat/context";
 import { usePreferences } from "@/web/hooks/use-preferences";
 import { Button } from "@deco/ui/components/button.tsx";
 import { Input } from "@deco/ui/components/input.tsx";
@@ -27,10 +36,13 @@ import {
   TooltipTrigger,
 } from "@deco/ui/components/tooltip.tsx";
 import {
-  getDecopilotId,
+  StudioPackAgentId,
   useConnections,
   useProjectContext,
 } from "@decocms/mesh-sdk";
+import { usePanelActions } from "@/web/layouts/shell-layout";
+import { useEnsureStudioPack } from "@/web/components/home/use-ensure-studio-pack";
+import { buildImprovePromptDoc } from "@/web/components/chat/tiptap/build-improve-prompt-doc";
 import {
   ArrowLeft,
   ArrowUp,
@@ -41,8 +53,9 @@ import {
   XClose,
   Zap,
 } from "@untitledui/icons";
-import { Suspense, useRef, useState } from "react";
+import { Suspense, useEffect, useReducer, useState } from "react";
 import { useForm, Controller } from "react-hook-form";
+import { useDebouncedAutosave } from "@/web/hooks/use-debounced-autosave.ts";
 import { toast } from "sonner";
 import type { Metadata } from "@/web/components/chat/types.ts";
 import {
@@ -63,6 +76,40 @@ interface SettingsFormData {
   active: boolean;
   credential_id: string;
   model_id: string;
+  // Empty string when the automation isn't pinned to a Simple Mode tier.
+  // When set, the server resolves the model from the live tier slot at run
+  // time, so credential_id / model_id act as a display snapshot only.
+  tier: SimpleModeTier | "";
+}
+
+type EditSession = {
+  start: number;
+  fields: Set<string>;
+  saveCount: number;
+};
+
+type EditSessionAction =
+  | { type: "accumulate"; now: number; fields: string[] }
+  | { type: "reset" };
+
+function editSessionReducer(
+  state: EditSession | null,
+  action: EditSessionAction,
+): EditSession | null {
+  switch (action.type) {
+    case "accumulate": {
+      const base: EditSession = state ?? {
+        start: action.now,
+        fields: new Set(),
+        saveCount: 0,
+      };
+      const fields = new Set(base.fields);
+      for (const f of action.fields) fields.add(f);
+      return { ...base, fields, saveCount: base.saveCount + 1 };
+    }
+    case "reset":
+      return null;
+  }
 }
 
 // ============================================================================
@@ -79,6 +126,7 @@ import {
   SelectTrigger,
   SelectValue,
 } from "@deco/ui/components/select.tsx";
+import { track } from "@/web/lib/posthog-client";
 
 // ============================================================================
 // Event Trigger Form
@@ -113,6 +161,12 @@ function EventTriggerForm({
         connection_id: connectionId,
         params,
       });
+      track("automation_trigger_added", {
+        automation_id: automationId,
+        trigger_type: "event",
+        connection_id: connectionId,
+        event_type: eventType,
+      });
       toast.success("Event trigger added");
       onDone();
     } catch {
@@ -273,17 +327,15 @@ function EventTriggerForm({
 export function SettingsTab({
   automationId,
   automation,
-  virtualMcpId,
   onBack,
   onDelete,
 }: {
   automationId: string;
   automation: NonNullable<ReturnType<typeof useAutomation>["data"]>;
-  virtualMcpId: string;
   onBack?: () => void;
   onDelete?: () => void;
 }) {
-  const agentId = automation.agent?.id ?? virtualMcpId;
+  const agentId = automation.virtual_mcp_id;
   const { org } = useProjectContext();
   const { update: updateMutation, triggerAdd: addTrigger } =
     useAutomationActions();
@@ -293,12 +345,15 @@ export function SettingsTab({
   // Chat hooks for running the automation
   const { createTaskWithMessage } = useChatTask();
   const {
-    setVirtualMcpId,
     setModel,
+    setSimpleModeTier,
     credentialId: chatCredentialId,
     selectedModel: chatModel,
-    setChatMode,
   } = useChatPrefs();
+  const simpleMode = useSimpleMode();
+  const { setChatOpen } = usePanelActions();
+  const { sendMessage } = useChatBridge();
+  const ensureStudioPack = useEnsureStudioPack();
   const [preferences, setPreferences] = usePreferences();
   const initialTiptapDoc =
     (automation.messages?.[0] as { metadata?: Metadata } | undefined)?.metadata
@@ -309,11 +364,18 @@ export function SettingsTab({
   const [showCustomCron, setShowCustomCron] = useState(false);
   const [cronInput, setCronInput] = useState("");
   const [showEventForm, setShowEventForm] = useState(false);
-  const editorInitializedRef = useRef(false);
-  const saveTimerRef = useRef<ReturnType<typeof setTimeout> | null>(null);
-  const tiptapDirtyRef = useRef(false);
-
-  const handleImprovePrompt = () => {
+  const [isImproving, setIsImproving] = useState(false);
+  // The editor's first setTiptapDoc call is the mount-time normalization,
+  // not a user edit — we skip it so it doesn't mark dirty / autosave.
+  const [editorInitialized, setEditorInitialized] = useState(false);
+  // Tiptap is not in the RHF form (mount normalization would mark dirty
+  // before the user has typed anything). We track tiptap-dirty here and
+  // mix it into saveForm's "should we send?" decision alongside RHF's
+  // dirtyFields.
+  const [tiptapDirty, setTiptapDirty] = useState(false);
+
+  const handleImprovePrompt = async () => {
+    if (isImproving) return;
     const parts = derivePartsFromTiptapDoc(tiptapDoc);
     const instructionsText = parts
       .filter((p): p is { type: "text"; text: string } => p.type === "text")
@@ -321,25 +383,38 @@ export function SettingsTab({
       .join("\n");
     if (!instructionsText.trim()) return;
 
-    setChatMode("plan");
+    setIsImproving(true);
+    try {
+      forceSessionFlush();
+      track("automation_improve_clicked", {
+        automation_id: automationId,
+        agent_id: agentId,
+        instructions_length: instructionsText.length,
+      });
+
+      await ensureStudioPack(["studio-automation-manager"]);
 
-    createTaskWithMessage({
-      virtualMcpId: getDecopilotId(org.id),
-      message: {
-        parts: [
-          {
-            type: "text",
-            text: `/writing-prompts for automation with id ${automationId}. The current message is\n\n<message>\n${instructionsText}\n</message>`,
-          },
-        ],
-      },
-    });
+      setChatOpen(true);
+
+      await sendMessage({
+        tiptapDoc: buildImprovePromptDoc({
+          managerAgentId: StudioPackAgentId.AUTOMATION_MANAGER(org.id),
+          managerName: "Automation Manager",
+          kind: "automation",
+          id: automationId,
+          instructions: instructionsText,
+        }),
+      });
+    } finally {
+      setIsImproving(false);
+    }
   };
 
   const defaultCredentialId =
     automation.models?.credentialId || chatCredentialId || "";
   const defaultModelId =
     automation.models?.thinking?.id || chatModel?.modelId || "";
+  const defaultTier: SimpleModeTier | "" = automation.models?.tier ?? "";
 
   const form = useForm<SettingsFormData>({
     defaultValues: {
@@ -347,6 +422,7 @@ export function SettingsTab({
       active: automation.active,
       credential_id: defaultCredentialId,
       model_id: defaultModelId,
+      tier: defaultTier,
     },
   });
 
@@ -360,79 +436,175 @@ export function SettingsTab({
   const selectedModel: AiProviderModel | null =
     models.find((m) => m.modelId === watchModelId) ?? null;
 
+  const watchTier = form.watch("tier");
+  // The slot the saved credential/model actually correspond to, if any.
+  // Used both for the dropdown label and to decide whether saving is safe
+  // to auto-pin a legacy automation — we only persist `tier` when we know
+  // with certainty which slot the existing model matches.
+  const slotMatchedTier = (["fast", "smart", "thinking"] as const).find(
+    (t) =>
+      simpleMode.chat[t]?.modelId === watchModelId &&
+      simpleMode.chat[t]?.keyId === watchConnectionId,
+  );
+  // Persisted tier (from automation.models.tier) wins so the dropdown stays
+  // truthful even when slots are reconfigured server-side. Falls back to
+  // slot-match, then to "smart" as a final default for the dropdown label.
+  const activeSimpleModeTier: SimpleModeTier =
+    watchTier || slotMatchedTier || "smart";
+
+  const handleSimpleModeTierSelect = (tier: SimpleModeTier) => {
+    const slot = simpleMode.chat[tier];
+    if (!slot) return;
+    form.setValue("credential_id", slot.keyId, { shouldDirty: true });
+    form.setValue("model_id", slot.modelId, { shouldDirty: true });
+    form.setValue("tier", tier, { shouldDirty: true });
+  };
+
+  // Session-based tracking for automation_updated. Auto-saves persist every
+  // ~1s but we only emit one PostHog event per edit-session (aggregated
+  // fields + save_count + edit_duration_ms). A session ends after 30s of
+  // quiet, or on explicit flush (tab-leave, improve, test).
+  const [editSession, dispatchEditSession] = useReducer(
+    editSessionReducer,
+    null,
+  );
+
+  const flushEditSession = () => {
+    if (editSession === null) return;
+    track("automation_updated", {
+      automation_id: automationId,
+      agent_id: agentId,
+      fields: Array.from(editSession.fields),
+      save_count: editSession.saveCount,
+      edit_duration_ms: Date.now() - editSession.start,
+    });
+    dispatchEditSession({ type: "reset" });
+  };
+
   const saveForm = async (): Promise<boolean> => {
-    const hasDirtyFields = Object.keys(form.formState.dirtyFields).length > 0;
-    if (!hasDirtyFields && !tiptapDirtyRef.current) return true;
-    tiptapDirtyRef.current = false;
+    // form.formState is a Proxy over React state. When saveForm runs
+    // synchronously after setValue (e.g. via flushAndSave), React hasn't
+    // processed the batched update yet and form.formState.dirtyFields
+    // returns the previous render's snapshot — empty on the first edit — so
+    // the save would bail. Read control._formState.dirtyFields for the live
+    // value. Same gotcha as virtual-mcp.
+    const liveDirtyFields = (
+      form.control as unknown as {
+        _formState: { dirtyFields: Record<string, unknown> };
+      }
+    )._formState.dirtyFields;
+    const dirtyKeys = Object.keys(liveDirtyFields);
+    if (dirtyKeys.length === 0 && !tiptapDirty) return true;
 
     const values = form.getValues();
+    const coercedCredentialId =
+      values.credential_id && values.model_id ? values.credential_id : "";
+    const coercedModelId =
+      values.credential_id && values.model_id ? values.model_id : "";
+
+    // Reflect coercion in the form so the UI matches what we're persisting.
+    // shouldDirty is left as the default (false) — these aren't user edits;
+    // the rebase below will adopt them as the new baseline.
+    if (coercedCredentialId !== values.credential_id) {
+      form.setValue("credential_id", coercedCredentialId);
+    }
+    if (coercedModelId !== values.model_id) {
+      form.setValue("model_id", coercedModelId);
+    }
+
+    const formData = form.getValues();
+    const previousDefaults = (
+      form.control as unknown as { _defaultValues: SettingsFormData }
+    )._defaultValues;
+
+    // Rebase the dirty baseline pre-mutate so an edit during the in-flight
+    // save that returns a value to its pre-save default still registers as
+    // dirty. keepValues preserves user view; only _defaultValues advances.
+    form.reset(formData, { keepValues: true });
+    const tiptapWasDirty = tiptapDirty;
+    setTiptapDirty(false);
+
+    // Persist `tier` only when we have a confident signal: an explicit form
+    // value (set via the tier dropdown) or a saved model that actually
+    // matches a configured slot. Legacy automations whose model doesn't
+    // match any slot are NOT silently re-pinned to the default tier on
+    // incidental edits — that would change which model the run path uses
+    // with no UI signal.
+    const tierToPersist: SimpleModeTier | undefined = simpleMode.enabled
+      ? formData.tier || slotMatchedTier
+      : formData.tier || undefined;
+
+    const updatePayload = {
+      id: automationId,
+      name: formData.name,
+      active: formData.active,
+      models: {
+        credentialId: coercedCredentialId,
+        thinking: { id: coercedModelId },
+        ...(tierToPersist ? { tier: tierToPersist } : {}),
+      },
+      messages: tiptapDocToMessages(tiptapDoc),
+      temperature: 0,
+    };
+
     try {
-      const coercedCredentialId =
-        values.credential_id && values.model_id ? values.credential_id : "";
-      const coercedModelId =
-        values.credential_id && values.model_id ? values.model_id : "";
-
-      const updatePayload = {
-        id: automationId,
-        name: values.name,
-        active: values.active,
-        agent: {
-          id: agentId,
-        },
-        models: {
-          credentialId: coercedCredentialId,
-          thinking: {
-            id: coercedModelId,
-          },
-        },
-        messages: tiptapDocToMessages(tiptapDoc),
-        temperature: 0,
-      };
       await updateMutation.mutateAsync(updatePayload);
-      form.reset({
-        ...values,
-        credential_id: coercedCredentialId,
-        model_id: coercedModelId,
-      });
-      return true;
     } catch {
-      tiptapDirtyRef.current = true;
+      // Roll back the rebase so user edits remain dirty for the next attempt.
+      form.reset(previousDefaults, { keepValues: true });
+      if (tiptapWasDirty) setTiptapDirty(true);
       return false;
     }
-  };
 
-  const debouncedSave = () => {
-    if (saveTimerRef.current) clearTimeout(saveTimerRef.current);
-    saveTimerRef.current = setTimeout(() => {
-      saveForm();
-    }, 1000);
+    const fields = [...dirtyKeys];
+    if (tiptapWasDirty) fields.push("messages");
+    dispatchEditSession({ type: "accumulate", now: Date.now(), fields });
+    scheduleSessionFlush();
+    return true;
   };
 
-  const flushAndSave = async () => {
-    if (saveTimerRef.current) clearTimeout(saveTimerRef.current);
-    return saveForm();
-  };
+  const { schedule: scheduleSave, flush: flushAndSave } = useDebouncedAutosave({
+    save: saveForm,
+  });
+
+  const { schedule: scheduleSessionFlush, flush: forceSessionFlush } =
+    useDebouncedAutosave({
+      delayMs: 30_000,
+      save: async () => flushEditSession(),
+    });
+
+  // form.watch(callback) fires on value changes via setValue, but not on
+  // form.reset({ keepValues: true }) (which only emits state, no `values`
+  // key) — so saveForm's pre-mutate rebase does NOT loop. Edit handlers can
+  // just call form.setValue with shouldDirty:true and trust this
+  // subscription to schedule the save. flushAndSave remains for explicit
+  // "save NOW" semantics.
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect
+  useEffect(() => {
+    const sub = form.watch(() => scheduleSave());
+    return () => sub.unsubscribe();
+    // scheduleSave is stable for our purpose: its closure mediates through
+    // stable refs inside useDebouncedAutosave.
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, []);
 
   const setTiptapDoc = (doc: Metadata["tiptapDoc"]) => {
     setTiptapDocRaw(doc);
-    if (!editorInitializedRef.current) {
-      editorInitializedRef.current = true;
+    if (!editorInitialized) {
+      setEditorInitialized(true);
       return;
     }
-    tiptapDirtyRef.current = true;
-    debouncedSave();
+    setTiptapDirty(true);
+    scheduleSave();
   };
 
-  const watchSubscribedRef = useRef(false);
-  if (!watchSubscribedRef.current) {
-    watchSubscribedRef.current = true;
-    form.watch(() => {
-      debouncedSave();
-    });
-  }
-
   const handleRunClick = async () => {
+    track("automation_test_clicked", {
+      automation_id: automationId,
+      agent_id: agentId,
+    });
     const saved = await flushAndSave();
+    forceSessionFlush();
     if (!saved) return;
 
     if (!tiptapDoc) {
@@ -440,16 +612,19 @@ export function SettingsTab({
       return;
     }
 
-    setVirtualMcpId(agentId || null);
-    if (selectedModel && watchConnectionId) {
+    if (simpleMode.enabled) {
+      setSimpleModeTier(activeSimpleModeTier);
+    } else if (selectedModel && watchConnectionId) {
       setModel({ ...selectedModel, keyId: watchConnectionId });
     }
 
+    setChatOpen(true);
     setPreferences({ ...preferences, toolApprovalLevel: "auto" });
 
     const parts = derivePartsFromTiptapDoc(tiptapDoc);
     createTaskWithMessage({
       message: { tiptapDoc, parts },
+      virtualMcpId: agentId || undefined,
     });
   };
 
@@ -468,11 +643,17 @@ export function SettingsTab({
         {/* Header: Name + Status + Creator */}
         <div className="flex flex-col gap-1.5">
           <div className="flex items-center justify-between gap-4">
-            <Input
-              {...form.register("name")}
-              placeholder="Automation name"
-              className="border border-transparent shadow-none px-0 text-lg font-medium h-auto focus-visible:ring-0 focus-visible:border-border bg-transparent flex-1"
-              style={{ boxShadow: "none" }}
+            <Controller
+              control={form.control}
+              name="name"
+              render={({ field }) => (
+                <Input
+                  {...field}
+                  placeholder="Automation name"
+                  className="border border-transparent shadow-none px-0 text-lg font-medium h-auto focus-visible:ring-0 focus-visible:border-border bg-transparent flex-1"
+                  style={{ boxShadow: "none" }}
+                />
+              )}
             />
             {onDelete && (
               <Button
@@ -494,7 +675,7 @@ export function SettingsTab({
                   checked={field.value}
                   onCheckedChange={(checked) => {
                     field.onChange(checked);
-                    setTimeout(() => flushAndSave(), 0);
+                    flushAndSave();
                   }}
                   className="cursor-pointer"
                 />
@@ -581,6 +762,10 @@ export function SettingsTab({
                       type: "cron",
                       cron_expression: val,
                     });
+                    track("automation_trigger_added", {
+                      automation_id: automationId,
+                      trigger_type: "cron",
+                    });
                     toast.success("Starter added");
                     setShowCustomCron(false);
                     setCronInput("");
@@ -658,7 +843,7 @@ export function SettingsTab({
               variant="outline"
               size="sm"
               className="h-7 gap-1.5 px-2 text-xs"
-              disabled={!tiptapDoc}
+              disabled={isImproving || !tiptapDoc}
               onClick={handleImprovePrompt}
             >
               <Stars01 size={13} />
@@ -677,23 +862,32 @@ export function SettingsTab({
               />
 
               <div className="flex items-center justify-end gap-1.5 p-2.5">
-                <ModelSelector
-                  model={selectedModel}
-                  isLoading={isModelsLoading}
-                  credentialId={watchConnectionId || null}
-                  onCredentialChange={(id) => {
-                    form.setValue("credential_id", id ?? "", {
-                      shouldDirty: true,
-                    });
-                    form.setValue("model_id", "", { shouldDirty: true });
-                  }}
-                  onModelChange={(model) =>
-                    form.setValue("model_id", model.modelId, {
-                      shouldDirty: true,
-                    })
-                  }
-                  placeholder="Model"
-                />
+                {simpleMode.enabled ? (
+                  <SimpleModeTierDropdown
+                    tier={activeSimpleModeTier}
+                    onSelect={handleSimpleModeTierSelect}
+                  />
+                ) : (
+                  <ModelSelector
+                    model={selectedModel}
+                    isLoading={isModelsLoading}
+                    credentialId={watchConnectionId || null}
+                    onCredentialChange={(id) => {
+                      form.setValue("credential_id", id ?? "", {
+                        shouldDirty: true,
+                      });
+                      form.setValue("model_id", "", { shouldDirty: true });
+                      form.setValue("tier", "", { shouldDirty: true });
+                    }}
+                    onModelChange={(model) => {
+                      form.setValue("model_id", model.modelId, {
+                        shouldDirty: true,
+                      });
+                      form.setValue("tier", "", { shouldDirty: true });
+                    }}
+                    placeholder="Model"
+                  />
+                )}
                 <Tooltip>
                   <TooltipTrigger asChild>
                     <Button
diff --git a/apps/mesh/src/web/views/automations/automation-list-row.tsx b/apps/mesh/src/web/views/automations/automation-list-row.tsx
index 13e9779b52..f6ddaa6015 100644
--- a/apps/mesh/src/web/views/automations/automation-list-row.tsx
+++ b/apps/mesh/src/web/views/automations/automation-list-row.tsx
@@ -37,7 +37,7 @@ export function AutomationListRow({
   const { remove } = useAutomationActions();
   const [confirmOpen, setConfirmOpen] = useState(false);
   const agent = useVirtualMCP(
-    showAgent ? (automation.agent?.id ?? undefined) : undefined,
+    showAgent ? automation.virtual_mcp_id : undefined,
   );
 
   const handleDelete = () => {
@@ -78,10 +78,10 @@ export function AutomationListRow({
           }
         />
 
-        {showAgent && agent && (
+        {showAgent && (
           <AgentAvatar
-            icon={agent.icon ?? null}
-            name={agent.title}
+            icon={agent?.icon ?? null}
+            name={agent?.title ?? automation.name}
             size="xs"
             className="shrink-0"
           />
diff --git a/apps/mesh/src/web/views/automations/automations-list.tsx b/apps/mesh/src/web/views/automations/automations-list.tsx
index 297a032806..5778a83256 100644
--- a/apps/mesh/src/web/views/automations/automations-list.tsx
+++ b/apps/mesh/src/web/views/automations/automations-list.tsx
@@ -1,4 +1,4 @@
-import { useState } from "react";
+import { useState, useTransition } from "react";
 import { useNavigate } from "@tanstack/react-router";
 import { Plus, Zap } from "@untitledui/icons";
 import { Button } from "@deco/ui/components/button.tsx";
@@ -11,17 +11,28 @@ import {
   useAutomations,
 } from "@/web/hooks/use-automations";
 import { AutomationListRow } from "./automation-list-row";
+import { track } from "@/web/lib/posthog-client";
+import { useChatPrefs } from "@/web/components/chat/context";
 
 export function AutomationsList({ virtualMcpId }: { virtualMcpId: string }) {
   const navigate = useNavigate();
-  const { data: automations = [] } = useAutomations(virtualMcpId);
-  const { create } = useAutomationActions();
   const [search, setSearch] = useState("");
-
-  const lowerSearch = search.toLowerCase();
-  const filtered = automations.filter((a) =>
-    a.name.toLowerCase().includes(lowerSearch),
+  const [serverSearch, setServerSearch] = useState("");
+  const [, startTransition] = useTransition();
+  const { data: automations = [] } = useAutomations(
+    virtualMcpId,
+    serverSearch || null,
   );
+  const { create } = useAutomationActions();
+  const { selectedModel: chatModel, credentialId: chatCredentialId } =
+    useChatPrefs();
+
+  const handleSearch = (value: string) => {
+    setSearch(value);
+    startTransition(() => {
+      setServerSearch(value);
+    });
+  };
 
   const goToDetail = (id: string) =>
     navigate({
@@ -35,8 +46,16 @@ export function AutomationsList({ virtualMcpId }: { virtualMcpId: string }) {
 
   const handleNew = async () => {
     if (create.isPending) return;
+    track("automation_new_clicked", {
+      virtual_mcp_id: virtualMcpId,
+      existing_count: automations.length,
+    });
+    const modelDefaults =
+      chatModel?.modelId && chatCredentialId
+        ? { credentialId: chatCredentialId, modelId: chatModel.modelId }
+        : null;
     const created = await create.mutateAsync(
-      buildDefaultAutomationInput(virtualMcpId),
+      buildDefaultAutomationInput(virtualMcpId, modelDefaults),
     );
     goToDetail(created.id);
   };
@@ -46,31 +65,24 @@ export function AutomationsList({ virtualMcpId }: { virtualMcpId: string }) {
       <Page.Content>
         <Page.Body>
           <div className="flex flex-col gap-6">
-            <Page.Title
-              actions={
-                <Button
-                  size="sm"
-                  onClick={handleNew}
-                  disabled={create.isPending}
-                >
-                  <Plus size={14} />
-                  New automation
-                </Button>
-              }
-            >
-              Automations
-            </Page.Title>
-            {automations.length > 0 && (
-              <SearchInput
-                value={search}
-                onChange={setSearch}
-                placeholder="Search automations..."
-                className="w-full md:w-[375px]"
-              />
-            )}
+            <Page.Title>Automations</Page.Title>
+            <div className="flex flex-wrap items-center justify-between gap-3">
+              {automations.length > 0 && (
+                <SearchInput
+                  value={search}
+                  onChange={handleSearch}
+                  placeholder="Search automations..."
+                  className="w-full md:w-[375px]"
+                />
+              )}
+              <Button size="sm" onClick={handleNew} disabled={create.isPending}>
+                <Plus size={14} />
+                New automation
+              </Button>
+            </div>
           </div>
 
-          {automations.length === 0 ? (
+          {automations.length === 0 && !serverSearch ? (
             <div className="flex items-center justify-center py-20">
               <EmptyState
                 image={<Zap size={48} className="text-muted-foreground" />}
@@ -88,7 +100,7 @@ export function AutomationsList({ virtualMcpId }: { virtualMcpId: string }) {
                 }
               />
             </div>
-          ) : filtered.length === 0 ? (
+          ) : automations.length === 0 && serverSearch ? (
             <div className="flex items-center justify-center py-20">
               <EmptyState
                 image={<Zap size={48} className="text-muted-foreground" />}
@@ -98,7 +110,7 @@ export function AutomationsList({ virtualMcpId }: { virtualMcpId: string }) {
             </div>
           ) : (
             <div className="mt-6 rounded-xl border border-border overflow-hidden">
-              {filtered.map((a) => (
+              {automations.map((a) => (
                 <AutomationListRow
                   key={a.id}
                   automation={a}
diff --git a/apps/mesh/src/web/views/registry/monitor-connections-panel.tsx b/apps/mesh/src/web/views/registry/monitor-connections-panel.tsx
index 78bf30d04b..096820cbc6 100644
--- a/apps/mesh/src/web/views/registry/monitor-connections-panel.tsx
+++ b/apps/mesh/src/web/views/registry/monitor-connections-panel.tsx
@@ -1,5 +1,9 @@
 import { useState } from "react";
-import { authenticateMcp, isConnectionAuthenticated } from "@decocms/mesh-sdk";
+import {
+  authenticateMcp,
+  isConnectionAuthenticated,
+  useProjectContext,
+} from "@decocms/mesh-sdk";
 import { useQuery } from "@tanstack/react-query";
 import { Badge } from "@deco/ui/components/badge.tsx";
 import { Button } from "@deco/ui/components/button.tsx";
@@ -69,6 +73,7 @@ function ConnectionRow({
 
   const updateAuth = useUpdateMonitorConnectionAuth();
   const { updateMutation } = useRegistryMutations();
+  const { org } = useProjectContext();
   const connectionId = entry.mapping.connection_id;
   const authStatus = entry.mapping.auth_status;
   const title = entry.item?.title ?? entry.mapping.item_id;
@@ -80,8 +85,9 @@ function ConnectionRow({
     queryKey: KEYS.monitorConnectionAuthProbe(connectionId),
     queryFn: async () =>
       isConnectionAuthenticated({
-        url: `/mcp/${connectionId}`,
+        url: `/api/${org.slug}/mcp/${connectionId}`,
         token: null,
+        orgId: org.id,
       }),
     staleTime: 10_000,
     retry: 1,
@@ -148,8 +154,10 @@ function ConnectionRow({
       toast.info(`Opening authentication window for "${title}"...`);
       const authResult = await authenticateMcp({
         connectionId,
+        orgSlug: org.slug,
         clientName: `MCP Test - ${title}`,
         timeout: 180000,
+        scope: "offline_access",
       });
 
       if (authResult.error) {
@@ -160,10 +168,12 @@ function ConnectionRow({
       // Save OAuth tokens
       if (authResult.tokenInfo) {
         const res = await fetch(
-          `/api/connections/${connectionId}/oauth-token`,
+          `/api/${org.slug}/connections/${connectionId}/oauth-token`,
           {
             method: "POST",
-            headers: { "Content-Type": "application/json" },
+            headers: {
+              "Content-Type": "application/json",
+            },
             credentials: "include",
             body: JSON.stringify({
               accessToken: authResult.tokenInfo.accessToken,
@@ -198,7 +208,7 @@ function ConnectionRow({
   };
 
   const saveTokenInternal = async (token: string) => {
-    const res = await fetch("/mcp/self", {
+    const res = await fetch(`/api/${org.slug}/mcp/self`, {
       method: "POST",
       credentials: "include",
       headers: { "Content-Type": "application/json" },
diff --git a/apps/mesh/src/web/views/settings/org-ai-providers.tsx b/apps/mesh/src/web/views/settings/org-ai-providers.tsx
index db023f7ef2..369049bbfc 100644
--- a/apps/mesh/src/web/views/settings/org-ai-providers.tsx
+++ b/apps/mesh/src/web/views/settings/org-ai-providers.tsx
@@ -1,6 +1,7 @@
 import { Suspense, useState, useEffect } from "react";
 import { useQueryClient, useMutation, useQuery } from "@tanstack/react-query";
-import { useForm } from "react-hook-form";
+import { Controller, useForm } from "react-hook-form";
+import { useDebouncedAutosave } from "@/web/hooks/use-debounced-autosave.ts";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { z } from "zod";
 import { toast } from "sonner";
@@ -11,12 +12,22 @@ import {
   Eye,
   EyeOff,
   AlertCircle,
+  CheckCircle,
   RefreshCw01,
+  Edit01,
+  Check,
+  X,
 } from "@untitledui/icons";
 import { Page } from "@/web/components/page";
 import { Button } from "@deco/ui/components/button.tsx";
-import { Card } from "@deco/ui/components/card.tsx";
+import {
+  SettingsCard,
+  SettingsCardItem,
+  SettingsPage,
+  SettingsSection,
+} from "@/web/components/settings/settings-section";
 import { Input } from "@deco/ui/components/input.tsx";
+import { Switch } from "@deco/ui/components/switch.tsx";
 import {
   ToggleGroup,
   ToggleGroupItem,
@@ -44,16 +55,31 @@ import {
 import {
   useAiProviders,
   useAiProviderKeys,
+  useAiProviderModels,
   type AiProviderKey,
+  type AiProviderModel,
 } from "@/web/hooks/collections/use-ai-providers";
 import {
   SELF_MCP_ALIAS_ID,
   useMCPClient,
   useProjectContext,
+  pickSimpleModeDefaults,
 } from "@decocms/mesh-sdk";
 import { KEYS } from "@/web/lib/query-keys";
+import { track } from "@/web/lib/posthog-client";
 import { cn } from "@deco/ui/lib/utils.ts";
 import { ErrorBoundary } from "@/web/components/error-boundary";
+import {
+  useSimpleMode,
+  useUpdateSimpleMode,
+  type SimpleModeConfig,
+} from "@/web/hooks/use-organization-settings";
+import { SimpleModeConfigSchema } from "@/tools/organization/schema";
+import { ModelSelector } from "@/web/components/chat/select-model";
+import {
+  OPENAI_COMPATIBLE_PRESETS,
+  type OpenAICompatiblePreset,
+} from "@/web/utils/openai-compatible-presets";
 
 function ErrorFallback({ error }: { error: Error }) {
   return (
@@ -76,8 +102,50 @@ function KeyList({
   isDeleting: boolean;
 }) {
   const [deleteTarget, setDeleteTarget] = useState<string | null>(null);
+  const [editTarget, setEditTarget] = useState<string | null>(null);
+  const [editLabel, setEditLabel] = useState("");
   const targetKey = keys.find((k) => k.id === deleteTarget);
 
+  const { org } = useProjectContext();
+  const queryClient = useQueryClient();
+  const client = useMCPClient({
+    connectionId: SELF_MCP_ALIAS_ID,
+    orgId: org.id,
+    orgSlug: org.slug,
+  });
+
+  const { mutate: updateLabel, isPending: isUpdating } = useMutation({
+    mutationFn: async ({ keyId, label }: { keyId: string; label: string }) => {
+      await client.callTool({
+        name: "AI_PROVIDER_KEY_UPDATE",
+        arguments: { keyId, label },
+      });
+    },
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: KEYS.aiProviderKeys(org.id) });
+      setEditTarget(null);
+    },
+    onError: () => {
+      toast.error("Failed to update key label");
+    },
+  });
+
+  const startEdit = (key: AiProviderKey) => {
+    setEditTarget(key.id);
+    setEditLabel(key.label);
+  };
+
+  const cancelEdit = () => {
+    setEditTarget(null);
+    setEditLabel("");
+  };
+
+  const confirmEdit = (keyId: string) => {
+    const trimmed = editLabel.trim();
+    if (!trimmed) return;
+    updateLabel({ keyId, label: trimmed });
+  };
+
   return (
     <div className="flex flex-col gap-2 mt-4">
       {keys.map((key) => (
@@ -85,24 +153,74 @@ function KeyList({
           key={key.id}
           className="flex items-center justify-between p-2 rounded-md bg-muted/50 text-sm"
         >
-          <div className="flex items-center gap-2 overflow-hidden">
+          <div className="flex items-center gap-2 overflow-hidden flex-1 min-w-0">
             <Key01 size={14} className="text-muted-foreground shrink-0" />
-            <span className="font-medium truncate">{key.label}</span>
-            <span className="text-xs text-muted-foreground shrink-0">
-              added {formatDistanceToNow(new Date(key.createdAt))} ago
-            </span>
+            {editTarget === key.id ? (
+              <input
+                autoFocus
+                className="font-medium bg-transparent border-b border-border outline-none flex-1 min-w-0"
+                value={editLabel}
+                onChange={(e) => setEditLabel(e.target.value)}
+                onKeyDown={(e) => {
+                  if (e.key === "Enter") confirmEdit(key.id);
+                  if (e.key === "Escape") cancelEdit();
+                }}
+              />
+            ) : (
+              <>
+                <span className="font-medium truncate">{key.label}</span>
+                <span className="text-xs text-muted-foreground shrink-0">
+                  added {formatDistanceToNow(new Date(key.createdAt))} ago
+                </span>
+              </>
+            )}
           </div>
-          {/* Stop propagation so trash click doesn't trigger card's onClick */}
-          <div onClick={(e) => e.stopPropagation()}>
-            <Button
-              variant="ghost"
-              size="icon"
-              className="h-6 w-6 text-muted-foreground hover:text-destructive"
-              disabled={isDeleting}
-              onClick={() => setDeleteTarget(key.id)}
-            >
-              <Trash01 size={14} />
-            </Button>
+          {/* Stop propagation so clicks don't trigger card's onClick */}
+          <div
+            className="flex items-center gap-0.5 shrink-0"
+            onClick={(e) => e.stopPropagation()}
+          >
+            {editTarget === key.id ? (
+              <>
+                <Button
+                  variant="ghost"
+                  size="icon"
+                  className="h-6 w-6 text-muted-foreground hover:text-foreground"
+                  disabled={isUpdating || !editLabel.trim()}
+                  onClick={() => confirmEdit(key.id)}
+                >
+                  <Check size={14} />
+                </Button>
+                <Button
+                  variant="ghost"
+                  size="icon"
+                  className="h-6 w-6 text-muted-foreground hover:text-foreground"
+                  onClick={cancelEdit}
+                >
+                  <X size={14} />
+                </Button>
+              </>
+            ) : (
+              <>
+                <Button
+                  variant="ghost"
+                  size="icon"
+                  className="h-6 w-6 text-muted-foreground hover:text-foreground"
+                  onClick={() => startEdit(key)}
+                >
+                  <Edit01 size={14} />
+                </Button>
+                <Button
+                  variant="ghost"
+                  size="icon"
+                  className="h-6 w-6 text-muted-foreground hover:text-destructive"
+                  disabled={isDeleting}
+                  onClick={() => setDeleteTarget(key.id)}
+                >
+                  <Trash01 size={14} />
+                </Button>
+              </>
+            )}
           </div>
         </div>
       ))}
@@ -162,6 +280,7 @@ function ConnectApiKeyForm({
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const queryClient = useQueryClient();
   const [showKey, setShowKey] = useState(false);
@@ -225,7 +344,7 @@ function ConnectApiKeyForm({
             type={showKey ? "text" : "password"}
             placeholder="sk-..."
             {...register("apiKey")}
-            className="h-8 text-sm pr-8"
+            className="ph-no-capture h-8 text-sm pr-8"
           />
           <button
             type="button"
@@ -269,9 +388,11 @@ const openaiCompatibleFormSchema = z.object({
 type OpenAICompatibleFormData = z.infer<typeof openaiCompatibleFormSchema>;
 
 function ConnectOpenAICompatibleForm({
+  preset,
   onCancel,
   onSuccess,
 }: {
+  preset?: OpenAICompatiblePreset;
   onCancel: () => void;
   onSuccess: () => void;
 }) {
@@ -279,6 +400,7 @@ function ConnectOpenAICompatibleForm({
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const queryClient = useQueryClient();
   const [showKey, setShowKey] = useState(false);
@@ -306,8 +428,9 @@ function ConnectOpenAICompatibleForm({
         name: "AI_PROVIDER_KEY_CREATE",
         arguments: {
           providerId: "openai-compatible",
-          label: data.label || data.baseUrl,
+          label: data.label || preset?.name || data.baseUrl,
           apiKey: encodedKey,
+          ...(preset ? { presetId: preset.id } : {}),
         },
       });
     },
@@ -322,6 +445,12 @@ function ConnectOpenAICompatibleForm({
     },
   });
 
+  const labelPlaceholder = preset
+    ? `e.g. ${preset.name} prod, ${preset.name} dev`
+    : "e.g. My OpenAI-compatible server";
+  const baseUrlPlaceholder =
+    preset?.baseUrlPlaceholder ?? "http://localhost:4000/v1";
+
   return (
     <form
       onSubmit={handleSubmit((data) => createKey(data))}
@@ -332,7 +461,7 @@ function ConnectOpenAICompatibleForm({
           Label
         </label>
         <Input
-          placeholder="e.g. LiteLLM, Ollama"
+          placeholder={labelPlaceholder}
           {...register("label")}
           className="h-8 text-sm"
         />
@@ -343,7 +472,7 @@ function ConnectOpenAICompatibleForm({
         </label>
         <Input
           type="url"
-          placeholder="http://localhost:4000/v1"
+          placeholder={baseUrlPlaceholder}
           {...register("baseUrl")}
           className="h-8 text-sm"
         />
@@ -353,14 +482,17 @@ function ConnectOpenAICompatibleForm({
       </div>
       <div className="space-y-1">
         <label className="text-xs font-medium text-muted-foreground">
-          API Key <span className="text-muted-foreground/60">(optional)</span>
+          API Key{" "}
+          <span className="text-muted-foreground/60">
+            ({preset?.apiKeyRecommended ? "recommended" : "optional"})
+          </span>
         </label>
         <div className="relative">
           <Input
             type={showKey ? "text" : "password"}
             placeholder="sk-..."
             {...register("apiKey")}
-            className="h-8 text-sm pr-8"
+            className="ph-no-capture h-8 text-sm pr-8"
           />
           <button
             type="button"
@@ -372,6 +504,10 @@ function ConnectOpenAICompatibleForm({
         </div>
       </div>
 
+      {preset?.helpText && (
+        <p className="text-xs text-muted-foreground">{preset.helpText}</p>
+      )}
+
       {error && <p className="text-xs text-destructive">{error.message}</p>}
 
       <DialogFooter>
@@ -415,6 +551,7 @@ function ProviderCard({
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const queryClient = useQueryClient();
   const [isConnectFormOpen, setIsConnectFormOpen] = useState(false);
@@ -458,7 +595,7 @@ function ProviderCard({
           providerId: provider.id,
           code,
           stateToken,
-          label: "Connected via OAuth",
+          label: provider.name,
         },
       })) as { isError?: boolean; content?: { text?: string }[] };
       if (result?.isError) {
@@ -467,6 +604,7 @@ function ProviderCard({
       }
     },
     onSuccess: () => {
+      track("ai_provider_oauth_succeeded", { provider_id: provider.id });
       queryClient.invalidateQueries({ queryKey: KEYS.aiProviderKeys(org.id) });
       queryClient.invalidateQueries({ queryKey: KEYS.aiProviders(org.id) });
       toast.success(`${provider.name} connected successfully`);
@@ -474,6 +612,10 @@ function ProviderCard({
       setOauthStateToken(null);
     },
     onError: (err) => {
+      track("ai_provider_oauth_failed", {
+        provider_id: provider.id,
+        error: err.message,
+      });
       toast.error(`OAuth connection failed: ${err.message}`);
       setIsOAuthPending(false);
       setOauthStateToken(null);
@@ -497,9 +639,14 @@ function ProviderCard({
     },
     onSuccess: (data) => {
       if (!data?.activated) {
+        track("ai_provider_cli_activate_failed", {
+          provider_id: provider.id,
+          error: data?.error ?? "unknown",
+        });
         toast.error(data?.error ?? "CLI activation failed");
         return;
       }
+      track("ai_provider_cli_activated", { provider_id: provider.id });
       queryClient.invalidateQueries({
         queryKey: KEYS.aiProviderKeys(org.id),
       });
@@ -508,7 +655,13 @@ function ProviderCard({
       });
       toast.success(`${provider.name} activated`);
     },
-    onError: (err) => toast.error(err.message),
+    onError: (err) => {
+      track("ai_provider_cli_activate_failed", {
+        provider_id: provider.id,
+        error: err.message,
+      });
+      toast.error(err.message);
+    },
   });
 
   const { mutate: provisionKey, isPending: isProvisioning } = useMutation({
@@ -526,11 +679,18 @@ function ProviderCard({
       }
     },
     onSuccess: () => {
+      track("ai_provider_provision_succeeded", {
+        provider_id: provider.id,
+      });
       queryClient.invalidateQueries({ queryKey: KEYS.aiProviderKeys(org.id) });
       queryClient.invalidateQueries({ queryKey: KEYS.aiProviders(org.id) });
       toast.success(`${provider.name} connected successfully`);
     },
     onError: (err) => {
+      track("ai_provider_provision_failed", {
+        provider_id: provider.id,
+        error: err.message,
+      });
       toast.error(`Failed to connect ${provider.name}: ${err.message}`);
     },
   });
@@ -539,11 +699,19 @@ function ProviderCard({
   useEffect(() => {
     if (!isOAuthPending || !oauthStateToken) return;
 
+    // Local flag — once the popup posts back and exchangeOAuth starts, the
+    // exchange has its own onSuccess/onError handlers. Without this, a slow
+    // exchange (>2min) would race the timeout and fire a false-positive
+    // ai_provider_oauth_failed{error:"timeout"} alongside the eventual
+    // ai_provider_oauth_succeeded.
+    let exchangeStarted = false;
+
     const handleMessage = (event: MessageEvent) => {
       if (event.origin !== window.location.origin) return;
       if (event.data?.type === "AI_PROVIDER_OAUTH_CALLBACK") {
         const { code, stateToken } = event.data;
         if (stateToken === oauthStateToken) {
+          exchangeStarted = true;
           exchangeOAuth({ code, stateToken });
         } else {
           console.error("State token mismatch");
@@ -556,20 +724,22 @@ function ProviderCard({
 
     window.addEventListener("message", handleMessage);
 
-    // Timeout after 2 minutes
+    // 2-minute popup-wait timeout. Distinct from exchange-failure: this means
+    // the user never came back from the OAuth popup. Tracked as a separate
+    // event so funnel math stays clean.
     const timeoutId = setTimeout(() => {
-      if (isOAuthPending) {
-        setIsOAuthPending(false);
-        setOauthStateToken(null);
-        toast.error("Connection timed out");
-      }
+      if (exchangeStarted) return;
+      track("ai_provider_oauth_timeout", { provider_id: provider.id });
+      setIsOAuthPending(false);
+      setOauthStateToken(null);
+      toast.error("Connection timed out");
     }, 120000);
 
     return () => {
       window.removeEventListener("message", handleMessage);
       clearTimeout(timeoutId);
     };
-  }, [isOAuthPending, oauthStateToken, exchangeOAuth]);
+  }, [isOAuthPending, oauthStateToken, exchangeOAuth, provider.id]);
 
   const supportsProvision = !!provider.supportsProvision;
   const supportsOAuth = provider.supportedMethods.includes("oauth-pkce");
@@ -579,14 +749,32 @@ function ProviderCard({
     if (isConnectFormOpen || isOAuthPending || isActivating || isProvisioning)
       return;
     if (isCliActivate) {
-      if (!isActive) activateCli();
+      if (!isActive) {
+        track("ai_provider_connect_clicked", {
+          provider_id: provider.id,
+          method: "cli-activate",
+        });
+        activateCli();
+      }
       return;
     }
     if (supportsProvision) {
+      track("ai_provider_connect_clicked", {
+        provider_id: provider.id,
+        method: "provision",
+      });
       provisionKey();
     } else if (supportsOAuth) {
+      track("ai_provider_connect_clicked", {
+        provider_id: provider.id,
+        method: "oauth-pkce",
+      });
       handleConnectOAuth();
     } else if (supportsApiKey) {
+      track("ai_provider_connect_clicked", {
+        provider_id: provider.id,
+        method: "api-key",
+      });
       setIsConnectFormOpen(true);
     }
   };
@@ -620,92 +808,69 @@ function ProviderCard({
     }
   };
 
+  const loadingText = isActivating
+    ? "Checking CLI..."
+    : isProvisioning
+      ? "Connecting..."
+      : isOAuthPending
+        ? "Authorizing..."
+        : null;
+
+  const statusText =
+    loadingText ??
+    (isActive && isCliActivate
+      ? `Authenticated via ${provider.name} CLI`
+      : provider.description);
+
   return (
     <>
-      <Card
+      <SettingsCardItem
+        icon={
+          provider.logo ? (
+            <img
+              src={provider.logo}
+              alt={provider.name}
+              className="size-8 rounded-md object-contain dark:bg-white dark:p-0.5"
+            />
+          ) : (
+            <Avatar
+              fallback={provider.name.charAt(0)}
+              className="size-8 bg-primary/10 text-primary"
+            />
+          )
+        }
+        title={
+          <span className="flex items-center gap-2">
+            {provider.name}
+            {isActive && !isCliActivate && !loadingText && (
+              <span className="text-xs font-normal text-muted-foreground">
+                {keys.length} key{keys.length !== 1 ? "s" : ""} configured
+                {provider.supportsCredits ? " · Managed above" : ""}
+              </span>
+            )}
+          </span>
+        }
+        description={statusText}
+        onClick={
+          !isOAuthPending && !isActivating && !isProvisioning
+            ? handleCardClick
+            : undefined
+        }
         className={cn(
-          "p-4 flex flex-col gap-3 transition-colors relative",
-          isActive && "border-primary/20",
-          !isOAuthPending &&
-            !isActivating &&
-            !isProvisioning &&
-            "cursor-pointer hover:bg-muted/30",
           (isOAuthPending || isActivating || isProvisioning) && "cursor-wait",
         )}
-        onClick={handleCardClick}
-      >
-        {isActive && (
-          <div className="absolute top-4 right-4 w-2 h-2 rounded-full bg-green-500" />
-        )}
-
-        <div className="flex items-start justify-between">
-          <div className="flex items-center gap-3">
-            {provider.logo ? (
-              <img
-                src={provider.logo}
-                alt={provider.name}
-                className="size-8 rounded-md object-contain dark:bg-white dark:rounded-md dark:p-0.5"
-              />
-            ) : (
-              <Avatar
-                fallback={provider.name.charAt(0)}
-                className="size-8 bg-primary/10 text-primary"
-              />
-            )}
-            <div>
-              <h3 className="font-medium text-base">{provider.name}</h3>
-              <p className="text-sm text-muted-foreground line-clamp-1">
-                {isActivating
-                  ? "Checking CLI..."
-                  : isProvisioning
-                    ? "Connecting..."
-                    : isOAuthPending
-                      ? "Authorizing..."
-                      : provider.description}
-              </p>
-            </div>
-          </div>
-        </div>
-
-        {isActive && (
-          <div className="mt-1">
-            {isCliActivate ? (
-              <>
-                <p className="text-xs text-muted-foreground">
-                  Authenticated via {provider.name} CLI
-                </p>
-                <KeyList
-                  keys={keys}
-                  onDelete={deleteKey}
-                  isDeleting={isDeleting}
-                />
-              </>
-            ) : (
-              <>
-                {/* Hide balance + top-up for deco — the hero section shows it */}
-                {!provider.supportsCredits && (
-                  <div className="flex items-center justify-between">
-                    <p className="text-xs font-medium text-muted-foreground">
-                      {keys.length} key{keys.length !== 1 ? "s" : ""} configured
-                    </p>
-                  </div>
-                )}
-                {provider.supportsCredits && (
-                  <p className="text-xs text-muted-foreground">
-                    {keys.length} key{keys.length !== 1 ? "s" : ""} configured
-                    &middot; Managed above
-                  </p>
-                )}
-                <KeyList
-                  keys={keys}
-                  onDelete={deleteKey}
-                  isDeleting={isDeleting}
-                />
-              </>
+        action={
+          <div className="flex items-center gap-2">
+            {isActive && (
+              <div className="w-2 h-2 rounded-full bg-green-500 shrink-0" />
             )}
           </div>
+        }
+      >
+        {isActive && !isCliActivate && (
+          <KeyList keys={keys} onDelete={deleteKey} isDeleting={isDeleting} />
         )}
-      </Card>
+      </SettingsCardItem>
 
       <Dialog
         open={isConnectFormOpen}
@@ -740,6 +905,134 @@ function ProviderCard({
   );
 }
 
+/**
+ * Card for an OpenAI-compatible "preset" (LiteLLM, Ollama, ...) or the generic
+ * Custom fallback (preset = null). All keys are stored under
+ * providerId="openai-compatible"; the preset_id column distinguishes them so
+ * users can configure many of each.
+ */
+function OpenAICompatiblePresetCard({
+  preset,
+  keys,
+  fallbackLogo,
+}: {
+  preset: OpenAICompatiblePreset | null;
+  keys: AiProviderKey[];
+  /** Used for the Custom (preset = null) card — shows the openai-compatible provider's default logo. */
+  fallbackLogo?: string | null;
+}) {
+  const { org } = useProjectContext();
+  const client = useMCPClient({
+    connectionId: SELF_MCP_ALIAS_ID,
+    orgId: org.id,
+    orgSlug: org.slug,
+  });
+  const queryClient = useQueryClient();
+  const [isFormOpen, setIsFormOpen] = useState(false);
+  const isActive = keys.length > 0;
+
+  const displayName = preset?.name ?? "Custom OpenAI Compatible";
+  const description =
+    preset?.description ?? "Connect any OpenAI-compatible endpoint by URL";
+  const logo = preset?.logo ?? fallbackLogo;
+
+  const { mutate: deleteKey, isPending: isDeleting } = useMutation({
+    mutationFn: async (keyId: string) => {
+      await client.callTool({
+        name: "AI_PROVIDER_KEY_DELETE",
+        arguments: { keyId },
+      });
+      return keyId;
+    },
+    onSuccess: (deletedKeyId) => {
+      queryClient.invalidateQueries({ queryKey: KEYS.aiProviderKeys(org.id) });
+      queryClient.invalidateQueries({ queryKey: KEYS.aiProviders(org.id) });
+      queryClient.invalidateQueries({
+        queryKey: KEYS.aiProviderModels(org.id, deletedKeyId),
+      });
+      toast.success("Connection deleted");
+    },
+    onError: (err) => {
+      toast.error(`Failed to delete connection: ${err.message}`);
+    },
+  });
+
+  return (
+    <>
+      <SettingsCardItem
+        icon={
+          logo ? (
+            <img
+              src={logo}
+              alt={displayName}
+              className="size-8 rounded-md object-contain dark:bg-white dark:p-0.5"
+            />
+          ) : (
+            <Avatar
+              fallback={displayName.charAt(0)}
+              className="size-8 bg-primary/10 text-primary"
+            />
+          )
+        }
+        title={
+          <span className="flex items-center gap-2">
+            {displayName}
+            {isActive && (
+              <span className="text-xs font-normal text-muted-foreground">
+                {keys.length} connection{keys.length !== 1 ? "s" : ""}{" "}
+                configured
+              </span>
+            )}
+          </span>
+        }
+        description={description}
+        onClick={() => {
+          if (!isFormOpen) {
+            track("ai_provider_connect_clicked", {
+              provider_id: "openai-compatible",
+              preset_id: preset?.id ?? null,
+              method: "api-key",
+            });
+            setIsFormOpen(true);
+          }
+        }}
+        action={
+          isActive ? (
+            <div className="w-2 h-2 rounded-full bg-green-500 shrink-0" />
+          ) : undefined
+        }
+      >
+        {isActive && (
+          <KeyList keys={keys} onDelete={deleteKey} isDeleting={isDeleting} />
+        )}
+      </SettingsCardItem>
+
+      <Dialog
+        open={isFormOpen}
+        onOpenChange={(open) => {
+          if (!open) setIsFormOpen(false);
+        }}
+      >
+        <DialogContent>
+          <DialogHeader>
+            <DialogTitle>Connect {displayName}</DialogTitle>
+            <DialogDescription>
+              {preset
+                ? `Add a ${preset.name} connection. Multiple connections of the same kind are supported.`
+                : "Enter the base URL and optional API key for any OpenAI-compatible endpoint."}
+            </DialogDescription>
+          </DialogHeader>
+          <ConnectOpenAICompatibleForm
+            preset={preset ?? undefined}
+            onCancel={() => setIsFormOpen(false)}
+            onSuccess={() => setIsFormOpen(false)}
+          />
+        </DialogContent>
+      </Dialog>
+    </>
+  );
+}
+
 export function ProviderCardGrid({
   hideProviderId,
 }: {
@@ -754,37 +1047,73 @@ export function ProviderCardGrid({
     p.supportedMethods.includes("cli-activate"),
   );
   const cloudProviders = providers.filter(
-    (p) => !p.supportedMethods.includes("cli-activate"),
+    (p) =>
+      !p.supportedMethods.includes("cli-activate") &&
+      p.id !== "openai-compatible",
+  );
+
+  // Keys for the openai-compatible provider, split per preset id (null = Custom).
+  const openaiCompatibleKeys = allKeys.filter(
+    (k) => k.providerId === "openai-compatible",
+  );
+  const showOpenAICompatibleSection = hideProviderId !== "openai-compatible";
+  const openaiCompatibleProvider = (aiProviders?.providers ?? []).find(
+    (p) => p.id === "openai-compatible",
   );
 
   return (
-    <div className="flex flex-col gap-5 w-full">
+    <div className="flex flex-col gap-6 w-full">
       {localProviders.length > 0 && (
-        <div className="relative rounded-xl border border-lime-400/30 bg-gradient-to-br from-lime-50/50 via-transparent to-yellow-50/30 dark:from-lime-950/20 dark:to-yellow-950/10 p-4">
-          <div className="absolute inset-0 rounded-xl bg-gradient-to-br from-lime-400/5 to-yellow-400/5 pointer-events-none" />
-          <p className="text-xs font-medium text-lime-700 dark:text-lime-400 mb-3 relative">
-            Local models — use your existing AI provider
-          </p>
-          <div className="grid grid-cols-1 lg:grid-cols-2 gap-3 relative">
-            {localProviders.map((provider) => (
+        <SettingsSection>
+          <div className="relative rounded-xl border border-lime-400/30 bg-gradient-to-br from-lime-50/50 via-transparent to-yellow-50/30 dark:from-lime-950/20 dark:to-yellow-950/10 p-4">
+            <div className="absolute inset-0 rounded-xl bg-gradient-to-br from-lime-400/5 to-yellow-400/5 pointer-events-none" />
+            <p className="text-xs font-medium text-lime-700 dark:text-lime-400 mb-3 relative">
+              Local models — use your existing AI provider
+            </p>
+            <SettingsCard className="relative">
+              {localProviders.map((provider) => (
+                <ProviderCard
+                  key={provider.id}
+                  provider={provider}
+                  keys={allKeys.filter((k) => k.providerId === provider.id)}
+                />
+              ))}
+            </SettingsCard>
+          </div>
+        </SettingsSection>
+      )}
+      <SettingsSection>
+        <SettingsCard>
+          {[
+            ...cloudProviders.map((provider) => (
               <ProviderCard
                 key={provider.id}
                 provider={provider}
                 keys={allKeys.filter((k) => k.providerId === provider.id)}
               />
-            ))}
-          </div>
-        </div>
-      )}
-      <div className="grid grid-cols-1 lg:grid-cols-2 gap-4">
-        {cloudProviders.map((provider) => (
-          <ProviderCard
-            key={provider.id}
-            provider={provider}
-            keys={allKeys.filter((k) => k.providerId === provider.id)}
-          />
-        ))}
-      </div>
+            )),
+            ...(showOpenAICompatibleSection
+              ? [
+                  ...OPENAI_COMPATIBLE_PRESETS.map((preset) => (
+                    <OpenAICompatiblePresetCard
+                      key={preset.id}
+                      preset={preset}
+                      keys={openaiCompatibleKeys.filter(
+                        (k) => k.presetId === preset.id,
+                      )}
+                    />
+                  )),
+                  <OpenAICompatiblePresetCard
+                    key="custom"
+                    preset={null}
+                    keys={openaiCompatibleKeys.filter((k) => !k.presetId)}
+                    fallbackLogo={openaiCompatibleProvider?.logo}
+                  />,
+                ]
+              : []),
+          ]}
+        </SettingsCard>
+      </SettingsSection>
     </div>
   );
 }
@@ -801,6 +1130,7 @@ function QuickTopUp() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const [customOpen, setCustomOpen] = useState(false);
 
@@ -936,6 +1266,7 @@ function DecoCreditsHero() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const queryClient = useQueryClient();
   const allKeys = useAiProviderKeys();
@@ -986,107 +1317,471 @@ function DecoCreditsHero() {
     balanceDollars != null ? `$${balanceDollars.toFixed(2)}` : "—";
 
   return (
-    <div
-      className={cn(
-        "relative rounded-xl overflow-hidden",
-        "border border-border",
-        "bg-gradient-to-br from-background via-muted/30 to-background",
-      )}
-    >
-      <div className="relative p-6">
-        {/* Provider identity */}
-        <div className="flex items-center justify-between mb-5">
-          <div className="flex items-center gap-3">
-            <img
-              src="/logos/deco%20logo.svg"
-              alt="Deco AI Gateway"
-              className="size-9 rounded-lg object-contain dark:bg-white dark:p-0.5"
-            />
-            <div>
-              <h3 className="text-sm font-semibold text-foreground">
-                Deco AI Gateway
-              </h3>
-              <p className="text-xs text-muted-foreground">
-                Access to 100+ models
-              </p>
+    <SettingsSection title="Deco AI Gateway">
+      <SettingsCard>
+        <div className="px-5 py-5 flex flex-col gap-5">
+          {/* Provider info and disconnect button */}
+          <div className="flex items-center justify-between">
+            <div className="flex items-center gap-3">
+              <img
+                src="/logos/deco%20logo.svg"
+                alt="Deco AI Gateway"
+                className="size-9 rounded-lg object-contain dark:bg-white dark:p-0.5"
+              />
+              <div>
+                <p className="text-xs text-muted-foreground">
+                  Access to 100+ models
+                </p>
+              </div>
             </div>
+            <Button
+              variant="ghost"
+              size="sm"
+              className="text-xs text-muted-foreground hover:text-destructive"
+              onClick={() => setConfirmDisconnect(true)}
+              disabled={isDisconnecting}
+            >
+              Disconnect
+            </Button>
           </div>
-          <Button
-            variant="ghost"
-            size="sm"
-            className="text-xs text-muted-foreground hover:text-destructive"
-            onClick={() => setConfirmDisconnect(true)}
-            disabled={isDisconnecting}
+
+          <AlertDialog
+            open={confirmDisconnect}
+            onOpenChange={setConfirmDisconnect}
           >
-            Disconnect
-          </Button>
-        </div>
+            <AlertDialogContent>
+              <AlertDialogHeader>
+                <AlertDialogTitle>Disconnect Deco AI Gateway</AlertDialogTitle>
+                <AlertDialogDescription>
+                  This will remove the Deco AI Gateway from this workspace. Your
+                  credit balance is preserved and will be available if you
+                  reconnect.
+                </AlertDialogDescription>
+              </AlertDialogHeader>
+              <AlertDialogFooter>
+                <AlertDialogCancel>Cancel</AlertDialogCancel>
+                <AlertDialogAction
+                  onClick={() => disconnect()}
+                  className="bg-destructive text-destructive-foreground hover:bg-destructive/90"
+                >
+                  Disconnect
+                </AlertDialogAction>
+              </AlertDialogFooter>
+            </AlertDialogContent>
+          </AlertDialog>
 
-        <AlertDialog
-          open={confirmDisconnect}
-          onOpenChange={setConfirmDisconnect}
-        >
-          <AlertDialogContent>
-            <AlertDialogHeader>
-              <AlertDialogTitle>Disconnect Deco AI Gateway</AlertDialogTitle>
-              <AlertDialogDescription>
-                This will remove the Deco AI Gateway from this workspace. Your
-                credit balance is preserved and will be available if you
-                reconnect.
-              </AlertDialogDescription>
-            </AlertDialogHeader>
-            <AlertDialogFooter>
-              <AlertDialogCancel>Cancel</AlertDialogCancel>
-              <AlertDialogAction
-                onClick={() => disconnect()}
-                className="bg-destructive text-destructive-foreground hover:bg-destructive/90"
+          {/* Balance */}
+          <div className="flex flex-col gap-2 pt-2">
+            <div className="flex items-baseline gap-2">
+              {isLoading || isFetching ? (
+                <Skeleton className="h-9 w-24" />
+              ) : (
+                <span
+                  className={cn(
+                    "text-3xl font-semibold tabular-nums tracking-tight",
+                    balanceDollars != null && creditColorClass(balanceDollars),
+                  )}
+                >
+                  {displayBalance}
+                </span>
+              )}
+              <button
+                type="button"
+                onClick={() => refetch()}
+                disabled={isFetching}
+                className="text-muted-foreground hover:text-foreground disabled:opacity-50 transition-colors p-1 rounded-md hover:bg-muted/50"
+                aria-label="Refresh balance"
               >
-                Disconnect
-              </AlertDialogAction>
-            </AlertDialogFooter>
-          </AlertDialogContent>
-        </AlertDialog>
-
-        {/* Balance */}
-        <div className="flex items-baseline gap-2">
-          {isLoading || isFetching ? (
-            <Skeleton className="h-9 w-24" />
-          ) : (
-            <span
-              className={cn(
-                "text-3xl font-semibold tabular-nums tracking-tight",
-                balanceDollars != null && creditColorClass(balanceDollars),
+                <RefreshCw01
+                  size={14}
+                  className={cn(isFetching && "animate-spin")}
+                />
+              </button>
+            </div>
+            <p className="text-xs text-muted-foreground">
+              Available credit balance
+            </p>
+          </div>
+
+          {/* Quick top-up */}
+          <div className="pt-4 border-t border-border/60">
+            <p className="text-xs font-medium text-muted-foreground mb-2.5">
+              Add credits
+            </p>
+            <QuickTopUp />
+          </div>
+        </div>
+      </SettingsCard>
+    </SettingsSection>
+  );
+}
+
+// ── Simple Model Mode ────────────────────────────────────────────────
+
+const filterImageModels = (m: AiProviderModel) =>
+  m.capabilities?.includes("image") === true;
+
+const filterWebResearchModels = (m: AiProviderModel) => {
+  if (m.asyncResearch === true) return true;
+  const n = m.modelId.toLowerCase().replace(/[^a-z0-9]/g, "");
+  return n.includes("sonar") || n.includes("deepresearch");
+};
+
+type TierKey = "fast" | "smart" | "thinking";
+
+const TIER_LABELS: Record<TierKey, string> = {
+  fast: "Fast",
+  smart: "Smart",
+  thinking: "Thinking",
+};
+
+const TIER_DESCRIPTIONS: Record<TierKey, string> = {
+  fast: "Fastest responses, best for quick tasks",
+  smart: "Balanced speed and capability",
+  thinking: "Most capable, best for complex tasks",
+};
+
+function SimpleModeModelRow({
+  slot,
+  onSlotChange,
+  filterModels,
+  defaultKeyId,
+}: {
+  slot: SimpleModeConfig["chat"]["fast"];
+  onSlotChange: (slot: SimpleModeConfig["chat"]["fast"]) => void;
+  filterModels?: (m: AiProviderModel) => boolean;
+  defaultKeyId: string | null;
+}) {
+  const allKeys = useAiProviderKeys();
+  const [localCredentialId, setLocalCredentialId] = useState<string | null>(
+    slot?.keyId ?? defaultKeyId,
+  );
+
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect
+  useEffect(() => {
+    if (slot?.keyId) setLocalCredentialId(slot.keyId);
+  }, [slot?.keyId]);
+
+  const activeKeyId = localCredentialId ?? defaultKeyId;
+  const slotKey = activeKeyId
+    ? allKeys.find((k) => k.id === activeKeyId)
+    : null;
+
+  const { models: activeModels, isLoading: isLoadingModels } =
+    useAiProviderModels(filterModels ? (activeKeyId ?? undefined) : undefined);
+  const hasFilteredModels = filterModels
+    ? isLoadingModels || activeModels.some(filterModels)
+    : true;
+
+  const resolvedModel: AiProviderModel | null = slot
+    ? ({
+        modelId: slot.modelId,
+        title: slot.title ?? slot.modelId,
+        keyId: slot.keyId,
+        providerId: slotKey?.providerId ?? "deco",
+        description: null,
+        logo: null,
+        capabilities: [],
+        limits: null,
+        costs: null,
+      } as AiProviderModel)
+    : null;
+
+  if (filterModels && !hasFilteredModels) {
+    return (
+      <p className="text-xs text-muted-foreground italic">
+        Not available with current provider
+      </p>
+    );
+  }
+
+  return (
+    <ModelSelector
+      variant="bordered"
+      placeholder="Pick model"
+      model={resolvedModel}
+      credentialId={activeKeyId}
+      filterModels={filterModels}
+      onCredentialChange={(keyId) => setLocalCredentialId(keyId)}
+      onModelChange={(m) => {
+        const keyId = m.keyId ?? activeKeyId ?? "";
+        setLocalCredentialId(keyId);
+        onSlotChange({ keyId, modelId: m.modelId, title: m.title });
+      }}
+    />
+  );
+}
+
+function AutosaveStatus({
+  isPending,
+  showSaved,
+}: {
+  isPending: boolean;
+  showSaved: boolean;
+}) {
+  if (isPending) {
+    return (
+      <span className="flex items-center gap-1 text-xs text-muted-foreground">
+        <RefreshCw01 size={12} className="animate-spin" />
+        Saving…
+      </span>
+    );
+  }
+  if (showSaved) {
+    return (
+      <span className="flex items-center gap-1 text-xs text-muted-foreground">
+        <CheckCircle size={12} />
+        Saved
+      </span>
+    );
+  }
+  return null;
+}
+
+function SimpleModeSection() {
+  const allKeys = useAiProviderKeys();
+  const simpleMode = useSimpleMode();
+  const hasProvider = allKeys.length > 0;
+
+  const form = useForm<SimpleModeConfig>({
+    resolver: zodResolver(SimpleModeConfigSchema),
+    values: simpleMode,
+    mode: "onChange",
+  });
+
+  const {
+    mutate: updateSimpleMode,
+    isPending,
+    isSuccess,
+  } = useUpdateSimpleMode();
+
+  const isDirty = form.formState.isDirty;
+
+  // Autosave: 250ms after the last `schedule()` call, persist. The debounce
+  // coalesces multi-field writes from handleToggle and Effect 2 into a
+  // single mutation. We can't gate on `formState.isDirty` here: handleToggle
+  // calls `form.reset(...)` to seed defaults (which rebases the dirty
+  // baseline) and the `values: simpleMode` prop resyncs the form on every
+  // cache update — both clear the flag before the timer fires, swallowing
+  // the save. Each `schedule()` call is the explicit save intent; nothing
+  // inside `save` re-schedules so there's no feedback loop.
+  const { schedule: scheduleAutosave } = useDebouncedAutosave({
+    delayMs: 250,
+    save: async () => {
+      const values = form.getValues();
+      updateSimpleMode(values, {
+        onSuccess: () => form.reset(values, { keepValues: true }),
+        onError: (err) => {
+          form.reset(simpleMode);
+          toast.error(`Failed to save: ${err.message}`);
+        },
+      });
+    },
+  });
+
+  // Lazily load models for the first 3 keys so we can pre-fill defaults.
+  // Hooks can't run in loops; capping at 3 is sufficient for defaults —
+  // the user can always pick manually.
+  const key0 = allKeys[0];
+  const key1 = allKeys[1];
+  const key2 = allKeys[2];
+  const { models: models0 } = useAiProviderModels(key0?.id);
+  const { models: models1 } = useAiProviderModels(key1?.id);
+  const { models: models2 } = useAiProviderModels(key2?.id);
+
+  const handleToggle = (enabled: boolean) => {
+    const currentChat = form.getValues("chat");
+    if (
+      enabled &&
+      !currentChat.fast &&
+      !currentChat.smart &&
+      !currentChat.thinking
+    ) {
+      const modelsByKeyId: Record<string, AiProviderModel[]> = {};
+      if (key0?.id) modelsByKeyId[key0.id] = models0;
+      if (key1?.id) modelsByKeyId[key1.id] = models1;
+      if (key2?.id) modelsByKeyId[key2.id] = models2;
+      const defaults = pickSimpleModeDefaults(allKeys, modelsByKeyId);
+      form.reset(
+        {
+          enabled: true,
+          chat: defaults.chat,
+          image: defaults.image,
+          webResearch: defaults.webResearch,
+        },
+        { keepDirty: true },
+      );
+    } else {
+      form.setValue("enabled", enabled, { shouldDirty: true });
+    }
+    scheduleAutosave();
+  };
+
+  // Effect 1: Clear form when all providers are removed.
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect — reacts to async provider list changes
+  useEffect(() => {
+    if (!hasProvider) {
+      form.reset({
+        enabled: false,
+        chat: { fast: null, smart: null, thinking: null },
+        image: null,
+        webResearch: null,
+      });
+    }
+  }, [hasProvider, form]);
+
+  // Effect 2: Fill null slots with defaults once models finish loading,
+  // and clear slots whose keyId no longer exists in allKeys (stale provider).
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect — reacts to async model list loading
+  useEffect(() => {
+    const current = form.getValues();
+    if (!current.enabled) return;
+
+    const validKeyIds = new Set(allKeys.map((k) => k.id));
+    const modelsByKeyId: Record<string, AiProviderModel[]> = {};
+    if (key0?.id) modelsByKeyId[key0.id] = models0;
+    if (key1?.id) modelsByKeyId[key1.id] = models1;
+    if (key2?.id) modelsByKeyId[key2.id] = models2;
+
+    const isStale = (slot: SimpleModeConfig["chat"]["fast"]) =>
+      slot != null && !validKeyIds.has(slot.keyId);
+
+    const clearedChat = {
+      fast: isStale(current.chat.fast) ? null : current.chat.fast,
+      smart: isStale(current.chat.smart) ? null : current.chat.smart,
+      thinking: isStale(current.chat.thinking) ? null : current.chat.thinking,
+    };
+    const clearedImage = isStale(current.image) ? null : current.image;
+    const clearedWebResearch = isStale(current.webResearch)
+      ? null
+      : current.webResearch;
+
+    const needsFill =
+      !clearedChat.fast ||
+      !clearedChat.smart ||
+      !clearedChat.thinking ||
+      !clearedImage ||
+      !clearedWebResearch;
+
+    const chatUnchanged =
+      clearedChat.fast === current.chat.fast &&
+      clearedChat.smart === current.chat.smart &&
+      clearedChat.thinking === current.chat.thinking;
+    if (!needsFill && chatUnchanged) return;
+
+    const defaults = pickSimpleModeDefaults(allKeys, modelsByKeyId);
+    form.reset(
+      {
+        ...current,
+        chat: {
+          fast: clearedChat.fast ?? defaults.chat.fast,
+          smart: clearedChat.smart ?? defaults.chat.smart,
+          thinking: clearedChat.thinking ?? defaults.chat.thinking,
+        },
+        image: clearedImage ?? defaults.image,
+        webResearch: clearedWebResearch ?? defaults.webResearch,
+      },
+      { keepDirty: true },
+    );
+  }, [form, allKeys, models0, models1, models2, key0?.id, key1?.id, key2?.id]);
+
+  const enabled = form.watch("enabled");
+  const effectiveEnabled = enabled && hasProvider;
+
+  return (
+    <SettingsSection title="Simple model mode">
+      <SettingsCard>
+        <SettingsCardItem
+          title="Enable simple model mode"
+          description={
+            hasProvider
+              ? "Replace the model picker with a Fast / Smart / Thinking toggle for all members of this org."
+              : "Connect an AI provider above to enable this feature."
+          }
+          action={
+            <div className="flex items-center gap-3">
+              <AutosaveStatus
+                isPending={isPending}
+                showSaved={isSuccess && !isDirty}
+              />
+              <Switch
+                checked={effectiveEnabled}
+                onCheckedChange={handleToggle}
+                disabled={isPending || !hasProvider}
+              />
+            </div>
+          }
+        />
+        {effectiveEnabled && (
+          <>
+            {(["fast", "smart", "thinking"] as TierKey[]).map((tier) => (
+              <Controller
+                key={tier}
+                control={form.control}
+                name={`chat.${tier}` as const}
+                render={({ field }) => (
+                  <SettingsCardItem
+                    title={TIER_LABELS[tier]}
+                    description={TIER_DESCRIPTIONS[tier]}
+                    action={
+                      <SimpleModeModelRow
+                        slot={field.value}
+                        defaultKeyId={allKeys[0]?.id ?? null}
+                        onSlotChange={(slot) => {
+                          field.onChange(slot);
+                          scheduleAutosave();
+                        }}
+                      />
+                    }
+                  />
+                )}
+              />
+            ))}
+            <div className="h-px bg-border mx-5" />
+            <Controller
+              control={form.control}
+              name="image"
+              render={({ field }) => (
+                <SettingsCardItem
+                  title="Image"
+                  action={
+                    <SimpleModeModelRow
+                      slot={field.value}
+                      defaultKeyId={allKeys[0]?.id ?? null}
+                      filterModels={filterImageModels}
+                      onSlotChange={(slot) => {
+                        field.onChange(slot);
+                        scheduleAutosave();
+                      }}
+                    />
+                  }
+                />
               )}
-            >
-              {displayBalance}
-            </span>
-          )}
-          <button
-            type="button"
-            onClick={() => refetch()}
-            disabled={isFetching}
-            className="text-muted-foreground hover:text-foreground disabled:opacity-50 transition-colors p-1 rounded-md hover:bg-muted/50"
-            aria-label="Refresh balance"
-          >
-            <RefreshCw01
-              size={14}
-              className={cn(isFetching && "animate-spin")}
             />
-          </button>
-        </div>
-        <p className="text-xs text-muted-foreground mt-0.5">
-          Available credit balance
-        </p>
-
-        {/* Quick top-up */}
-        <div className="mt-5 pt-4 border-t border-border/60">
-          <p className="text-xs font-medium text-muted-foreground mb-2.5">
-            Add credits
-          </p>
-          <QuickTopUp />
-        </div>
-      </div>
-    </div>
+            <Controller
+              control={form.control}
+              name="webResearch"
+              render={({ field }) => (
+                <SettingsCardItem
+                  title="Web research"
+                  action={
+                    <SimpleModeModelRow
+                      slot={field.value}
+                      defaultKeyId={allKeys[0]?.id ?? null}
+                      filterModels={filterWebResearchModels}
+                      onSlotChange={(slot) => {
+                        field.onChange(slot);
+                        scheduleAutosave();
+                      }}
+                    />
+                  }
+                />
+              )}
+            />
+          </>
+        )}
+      </SettingsCard>
+    </SettingsSection>
   );
 }
 
@@ -1097,15 +1792,15 @@ function OrgAiProvidersContent() {
   const hasDecoKey = allKeys.some((k) => k.providerId === "deco");
 
   return (
-    <div className="flex flex-col gap-6">
+    <>
+      {allKeys.length > 0 && (
+        <Suspense fallback={<Skeleton className="h-16 w-full" />}>
+          <SimpleModeSection />
+        </Suspense>
+      )}
       <DecoCreditsHero />
-      <div>
-        <p className="text-xs font-medium text-muted-foreground uppercase tracking-wider mb-3">
-          Providers
-        </p>
-        <ProviderCardGrid hideProviderId={hasDecoKey ? "deco" : undefined} />
-      </div>
-    </div>
+      <ProviderCardGrid hideProviderId={hasDecoKey ? "deco" : undefined} />
+    </>
   );
 }
 
@@ -1114,7 +1809,7 @@ export function OrgAiProvidersPage() {
     <Page>
       <Page.Content>
         <Page.Body>
-          <div className="flex flex-col gap-6">
+          <SettingsPage>
             <Page.Title>AI Providers</Page.Title>
             <ErrorBoundary
               fallback={({ error }) => (
@@ -1127,7 +1822,7 @@ export function OrgAiProvidersPage() {
                 <OrgAiProvidersContent />
               </Suspense>
             </ErrorBoundary>
-          </div>
+          </SettingsPage>
         </Page.Body>
       </Page.Content>
     </Page>
diff --git a/apps/mesh/src/web/views/settings/org-brand-context.tsx b/apps/mesh/src/web/views/settings/org-brand-context.tsx
index 168d8ae4e2..10e9afa2a1 100644
--- a/apps/mesh/src/web/views/settings/org-brand-context.tsx
+++ b/apps/mesh/src/web/views/settings/org-brand-context.tsx
@@ -1,5 +1,6 @@
 import { useQuery, useMutation, useQueryClient } from "@tanstack/react-query";
 import { useState } from "react";
+import { Controller, useForm, type UseFormReturn } from "react-hook-form";
 import {
   useProjectContext,
   useMCPClient,
@@ -8,17 +9,24 @@ import {
 import {
   ChevronDown,
   ChevronRight,
-  Edit03,
   LinkExternal01,
-  Check,
   Plus,
   Star01,
   Trash01,
-  X,
   Globe02,
   Zap,
 } from "@untitledui/icons";
 import { cn } from "@deco/ui/lib/utils.ts";
+import {
+  AlertDialog,
+  AlertDialogAction,
+  AlertDialogCancel,
+  AlertDialogContent,
+  AlertDialogDescription,
+  AlertDialogFooter,
+  AlertDialogHeader,
+  AlertDialogTitle,
+} from "@deco/ui/components/alert-dialog.tsx";
 import { Button } from "@deco/ui/components/button.tsx";
 import { Input } from "@deco/ui/components/input.tsx";
 import { Textarea } from "@deco/ui/components/textarea.tsx";
@@ -27,6 +35,8 @@ import { Page } from "@/web/components/page";
 import { KEYS } from "@/web/lib/query-keys";
 import { unwrapToolResult } from "@/web/lib/unwrap-tool-result";
 import { usePublicConfig } from "@/web/hooks/use-public-config";
+import { useDebouncedAutosave } from "@/web/hooks/use-debounced-autosave.ts";
+import { track } from "@/web/lib/posthog-client";
 
 // --- Types ---
 
@@ -60,71 +70,49 @@ type BrandContext = {
   isDefault?: boolean;
 };
 
-// --- Editable card ---
+// --- Section card wrapper (visual container only — autosave handles saves) ---
 
 function BrandCard({
   title,
   children,
-  onEdit,
-  editing,
-  onSave,
-  onCancel,
   className,
 }: {
   title: string;
   children: React.ReactNode;
-  onEdit?: () => void;
-  editing?: boolean;
-  onSave?: () => void;
-  onCancel?: () => void;
   className?: string;
 }) {
   return (
     <div
       className={cn(
-        "group relative rounded-2xl border border-border/60 bg-background p-5",
-        editing && "ring-2 ring-ring/30",
+        "rounded-2xl border border-border/60 bg-background p-5",
         className,
       )}
     >
-      <div className="mb-4 flex items-center justify-between">
+      <div className="mb-4">
         <span className="text-xs font-medium text-muted-foreground">
           {title}
         </span>
-        {editing ? (
-          <div className="flex gap-1">
-            <button
-              type="button"
-              onClick={onCancel}
-              className="flex h-7 w-7 items-center justify-center rounded-lg bg-muted hover:bg-muted-foreground/15"
-            >
-              <X size={13} className="text-muted-foreground" />
-            </button>
-            <button
-              type="button"
-              onClick={onSave}
-              className="flex h-7 w-7 items-center justify-center rounded-lg bg-primary/10 hover:bg-primary/20"
-            >
-              <Check size={13} className="text-primary" />
-            </button>
-          </div>
-        ) : (
-          onEdit && (
-            <button
-              type="button"
-              onClick={onEdit}
-              className="flex h-7 w-7 items-center justify-center rounded-lg bg-muted opacity-0 transition-opacity duration-150 hover:bg-muted-foreground/15 group-hover:opacity-100"
-            >
-              <Edit03 size={13} className="text-muted-foreground" />
-            </button>
-          )
-        )}
       </div>
       {children}
     </div>
   );
 }
 
+// --- Form data covering all editable brand fields ---
+
+interface BrandFormData {
+  name: string;
+  domain: string;
+  overview: string;
+  logo: string;
+  favicon: string;
+  ogImage: string;
+  fonts: BrandFonts;
+  colors: BrandColors;
+}
+
+type BrandFormReturn = UseFormReturn<BrandFormData>;
+
 // --- Auto-extract banner ---
 
 function AutoExtractBanner({
@@ -177,240 +165,218 @@ function AutoExtractBanner({
   );
 }
 
-// --- Section: Company Overview (editable) ---
+// --- Section: Company Overview ---
 
 function OverviewSection({
-  brand,
-  onSave,
+  form,
+  onFieldChange,
+  onFieldCommit,
 }: {
-  brand: Partial<BrandContext>;
-  onSave: (data: Partial<BrandContext>) => void;
+  form: BrandFormReturn;
+  onFieldChange: () => void;
+  onFieldCommit: () => void;
 }) {
-  const [editing, setEditing] = useState(false);
-  const [name, setName] = useState(brand.name ?? "");
-  const [domain, setDomain] = useState(brand.domain ?? "");
-  const [overview, setOverview] = useState(brand.overview ?? "");
-
-  const startEdit = () => {
-    setName(brand.name ?? "");
-    setDomain(brand.domain ?? "");
-    setOverview(brand.overview ?? "");
-    setEditing(true);
-  };
-
-  const save = () => {
-    onSave({ name, domain, overview });
-    setEditing(false);
-  };
-
-  const isEmpty = !brand.name && !brand.domain && !brand.overview;
+  const domain = form.watch("domain");
 
   return (
-    <BrandCard
-      title="Company Overview"
-      onEdit={startEdit}
-      editing={editing}
-      onSave={save}
-      onCancel={() => setEditing(false)}
-    >
-      {editing ? (
-        <div className="space-y-3">
-          <div className="grid grid-cols-2 gap-3">
-            <div>
-              <label className="mb-1 block text-xs text-muted-foreground">
-                Company name
-              </label>
-              <Input
-                value={name}
-                onChange={(e) => setName(e.target.value)}
-                placeholder="Acme Corp"
-              />
-            </div>
-            <div>
-              <label className="mb-1 block text-xs text-muted-foreground">
-                Domain
-              </label>
-              <Input
-                value={domain}
-                onChange={(e) => setDomain(e.target.value)}
-                placeholder="acme.com"
-              />
-            </div>
-          </div>
+    <BrandCard title="Company Overview">
+      <div className="space-y-3">
+        <div className="grid grid-cols-2 gap-3">
           <div>
             <label className="mb-1 block text-xs text-muted-foreground">
-              Overview
+              Company name
+            </label>
+            <Controller
+              control={form.control}
+              name="name"
+              render={({ field }) => (
+                <Input
+                  {...field}
+                  onChange={(e) => {
+                    field.onChange(e);
+                    onFieldChange();
+                  }}
+                  onBlur={() => {
+                    field.onBlur();
+                    onFieldCommit();
+                  }}
+                  placeholder="Acme Corp"
+                />
+              )}
+            />
+          </div>
+          <div>
+            <label className="mb-1 flex items-center justify-between text-xs text-muted-foreground">
+              <span>Domain</span>
+              {domain && (
+                <a
+                  href={`https://${domain}`}
+                  target="_blank"
+                  rel="noopener noreferrer"
+                  className="flex items-center gap-1 transition-colors hover:text-foreground"
+                >
+                  <LinkExternal01 size={10} />
+                  open
+                </a>
+              )}
             </label>
-            <Textarea
-              value={overview}
-              onChange={(e) => setOverview(e.target.value)}
-              placeholder="Brief description of what the company does..."
-              rows={3}
+            <Controller
+              control={form.control}
+              name="domain"
+              render={({ field }) => (
+                <Input
+                  {...field}
+                  onChange={(e) => {
+                    field.onChange(e);
+                    onFieldChange();
+                  }}
+                  onBlur={() => {
+                    field.onBlur();
+                    onFieldCommit();
+                  }}
+                  placeholder="acme.com"
+                />
+              )}
             />
           </div>
         </div>
-      ) : isEmpty ? (
-        <p className="text-sm text-muted-foreground/60">
-          No company info yet. Click edit to add your company name, domain, and
-          overview.
-        </p>
-      ) : (
-        <>
-          <div className="mb-3 flex items-start justify-between gap-4">
-            <h2 className="text-xl font-semibold leading-tight text-foreground">
-              {brand.name}
-            </h2>
-            {brand.domain && (
-              <a
-                href={`https://${brand.domain}`}
-                target="_blank"
-                rel="noopener noreferrer"
-                className="mt-0.5 flex shrink-0 items-center gap-1 text-xs text-muted-foreground transition-colors hover:text-foreground"
-              >
-                <LinkExternal01 size={11} />
-                {brand.domain}
-              </a>
+        <div>
+          <label className="mb-1 block text-xs text-muted-foreground">
+            Overview
+          </label>
+          <Controller
+            control={form.control}
+            name="overview"
+            render={({ field }) => (
+              <Textarea
+                {...field}
+                onChange={(e) => {
+                  field.onChange(e);
+                  onFieldChange();
+                }}
+                onBlur={() => {
+                  field.onBlur();
+                  onFieldCommit();
+                }}
+                placeholder="Brief description of what the company does..."
+                rows={3}
+              />
             )}
-          </div>
-          {brand.overview && (
-            <p className="text-sm leading-relaxed text-muted-foreground">
-              {brand.overview}
-            </p>
-          )}
-        </>
-      )}
+          />
+        </div>
+      </div>
     </BrandCard>
   );
 }
 
 // --- Section: Logos ---
 
-function LogosSection({
-  brand,
-  onSave,
+const CHECKERED_BG = {
+  backgroundImage:
+    "linear-gradient(45deg, #e5e7eb 25%, transparent 25%, transparent 75%, #e5e7eb 75%), linear-gradient(45deg, #e5e7eb 25%, transparent 25%, transparent 75%, #e5e7eb 75%)",
+  backgroundSize: "8px 8px",
+  backgroundPosition: "0 0, 4px 4px",
+  backgroundColor: "#fff",
+};
+
+function LogoFieldRow({
+  form,
+  name,
+  label,
+  imgClassName = "h-full w-full object-contain p-3",
+  onFieldChange,
+  onFieldCommit,
 }: {
-  brand: Partial<BrandContext>;
-  onSave: (data: Partial<BrandContext>) => void;
+  form: BrandFormReturn;
+  name: "logo" | "favicon" | "ogImage";
+  label: string;
+  imgClassName?: string;
+  onFieldChange: () => void;
+  onFieldCommit: () => void;
 }) {
-  const [editing, setEditing] = useState(false);
-  const [logo, setLogo] = useState(brand.logo ?? "");
-  const [favicon, setFavicon] = useState(brand.favicon ?? "");
-  const [ogImage, setOgImage] = useState(brand.ogImage ?? "");
-
-  const startEdit = () => {
-    setLogo(brand.logo ?? "");
-    setFavicon(brand.favicon ?? "");
-    setOgImage(brand.ogImage ?? "");
-    setEditing(true);
-  };
-
-  const save = () => {
-    onSave({
-      logo: logo || null,
-      favicon: favicon || null,
-      ogImage: ogImage || null,
-    });
-    setEditing(false);
-  };
-
-  const hasLogos = brand.logo || brand.favicon || brand.ogImage;
-
+  const value = form.watch(name);
   return (
-    <BrandCard
-      title="Logos & Images"
-      onEdit={startEdit}
-      editing={editing}
-      onSave={save}
-      onCancel={() => setEditing(false)}
-    >
-      {editing ? (
-        <div className="space-y-3">
-          <div>
-            <label className="mb-1 block text-xs text-muted-foreground">
-              Logo URL
-            </label>
-            <Input
-              value={logo}
-              onChange={(e) => setLogo(e.target.value)}
-              placeholder="https://..."
-            />
-          </div>
-          <div>
-            <label className="mb-1 block text-xs text-muted-foreground">
-              Favicon URL
-            </label>
-            <Input
-              value={favicon}
-              onChange={(e) => setFavicon(e.target.value)}
-              placeholder="https://..."
-            />
-          </div>
-          <div>
-            <label className="mb-1 block text-xs text-muted-foreground">
-              OG Image URL
-            </label>
+    <div className="flex items-start gap-3">
+      <div
+        className="flex aspect-video w-28 shrink-0 items-center justify-center overflow-hidden rounded-xl"
+        style={CHECKERED_BG}
+      >
+        {value ? (
+          <img
+            src={value}
+            alt={label}
+            className={imgClassName}
+            loading="lazy"
+          />
+        ) : (
+          <span className="text-[10px] text-muted-foreground/70">
+            No {label.toLowerCase()}
+          </span>
+        )}
+      </div>
+      <div className="flex-1">
+        <label className="mb-1 block text-xs text-muted-foreground">
+          {label} URL
+        </label>
+        <Controller
+          control={form.control}
+          name={name}
+          render={({ field }) => (
             <Input
-              value={ogImage}
-              onChange={(e) => setOgImage(e.target.value)}
-              placeholder="https://..."
-            />
-          </div>
-        </div>
-      ) : hasLogos ? (
-        <div className="flex gap-2">
-          {brand.logo && (
-            <div
-              className="flex h-16 w-24 shrink-0 items-center justify-center overflow-hidden rounded-xl"
-              style={{
-                backgroundImage:
-                  "linear-gradient(45deg, #e5e7eb 25%, transparent 25%, transparent 75%, #e5e7eb 75%), linear-gradient(45deg, #e5e7eb 25%, transparent 25%, transparent 75%, #e5e7eb 75%)",
-                backgroundSize: "8px 8px",
-                backgroundPosition: "0 0, 4px 4px",
-                backgroundColor: "#fff",
+              {...field}
+              onChange={(e) => {
+                field.onChange(e);
+                onFieldChange();
               }}
-            >
-              <img
-                src={brand.logo}
-                alt="Logo"
-                className="h-full w-full object-contain p-2"
-              />
-            </div>
-          )}
-          {brand.favicon && (
-            <div
-              className="flex h-16 w-16 shrink-0 items-center justify-center overflow-hidden rounded-xl"
-              style={{
-                backgroundImage:
-                  "linear-gradient(45deg, #e5e7eb 25%, transparent 25%, transparent 75%, #e5e7eb 75%), linear-gradient(45deg, #e5e7eb 25%, transparent 25%, transparent 75%, #e5e7eb 75%)",
-                backgroundSize: "8px 8px",
-                backgroundPosition: "0 0, 4px 4px",
-                backgroundColor: "#fff",
+              onBlur={() => {
+                field.onBlur();
+                onFieldCommit();
               }}
-            >
-              <img
-                src={brand.favicon}
-                alt="Favicon"
-                className="h-8 w-8 object-contain"
-              />
-            </div>
-          )}
-          {brand.ogImage && (
-            <div className="h-16 flex-1 overflow-hidden rounded-xl">
-              <img
-                src={brand.ogImage}
-                alt="OG"
-                className="h-full w-full object-cover"
-                loading="lazy"
-              />
-            </div>
+              placeholder="https://..."
+            />
           )}
-        </div>
-      ) : (
-        <p className="text-sm text-muted-foreground/60">
-          No logos added yet. Click edit to add logo, favicon, and OG image
-          URLs.
-        </p>
-      )}
+        />
+      </div>
+    </div>
+  );
+}
+
+function LogosSection({
+  form,
+  onFieldChange,
+  onFieldCommit,
+}: {
+  form: BrandFormReturn;
+  onFieldChange: () => void;
+  onFieldCommit: () => void;
+}) {
+  return (
+    <BrandCard title="Logos & Images">
+      <div className="space-y-3">
+        <LogoFieldRow
+          form={form}
+          name="logo"
+          label="Logo"
+          onFieldChange={onFieldChange}
+          onFieldCommit={onFieldCommit}
+        />
+        <LogoFieldRow
+          form={form}
+          name="favicon"
+          label="Favicon"
+          imgClassName="h-12 w-12 object-contain"
+          onFieldChange={onFieldChange}
+          onFieldCommit={onFieldCommit}
+        />
+        <LogoFieldRow
+          form={form}
+          name="ogImage"
+          label="SEO / OG image"
+          imgClassName="h-full w-full object-contain"
+          onFieldChange={onFieldChange}
+          onFieldCommit={onFieldCommit}
+        />
+      </div>
     </BrandCard>
   );
 }
@@ -424,77 +390,59 @@ const FONT_ROLES = [
 ];
 
 function FontsSection({
-  brand,
-  onSave,
+  form,
+  onFieldChange,
+  onFieldCommit,
 }: {
-  brand: Partial<BrandContext>;
-  onSave: (data: Partial<BrandContext>) => void;
+  form: BrandFormReturn;
+  onFieldChange: () => void;
+  onFieldCommit: () => void;
 }) {
-  const [editing, setEditing] = useState(false);
-  const [fonts, setFonts] = useState<BrandFonts>(brand.fonts ?? {});
-
-  const startEdit = () => {
-    setFonts(brand.fonts ?? {});
-    setEditing(true);
-  };
-
-  const save = () => {
-    const hasAny = Object.values(fonts).some((v) => v?.trim());
-    onSave({ fonts: hasAny ? fonts : null });
-    setEditing(false);
-  };
-
-  const hasFonts =
-    brand.fonts && Object.values(brand.fonts).some((v) => v?.trim());
-
   return (
-    <BrandCard
-      title="Fonts"
-      onEdit={startEdit}
-      editing={editing}
-      onSave={save}
-      onCancel={() => setEditing(false)}
-    >
-      {editing ? (
-        <div className="space-y-2">
-          {FONT_ROLES.map(({ key, label }) => (
+    <BrandCard title="Fonts">
+      <div className="space-y-2">
+        {FONT_ROLES.map(({ key, label }) => {
+          const fieldName = `fonts.${key}` as const;
+          const value = form.watch(fieldName);
+          return (
             <div key={key}>
-              <label className="mb-1 block text-xs text-muted-foreground">
-                {label}
+              <label className="mb-1 flex items-center gap-3 text-xs text-muted-foreground">
+                <span className="w-7 text-base font-medium leading-none text-foreground">
+                  Aa
+                </span>
+                <span>{label}</span>
+                {value && (
+                  <span
+                    className="ml-auto truncate text-foreground"
+                    style={{ fontFamily: value }}
+                  >
+                    {value}
+                  </span>
+                )}
               </label>
-              <Input
-                value={fonts[key] ?? ""}
-                onChange={(e) => setFonts({ ...fonts, [key]: e.target.value })}
-                placeholder={`Font family for ${label.toLowerCase()}`}
+              <Controller
+                control={form.control}
+                name={fieldName}
+                render={({ field }) => (
+                  <Input
+                    {...field}
+                    value={field.value ?? ""}
+                    onChange={(e) => {
+                      field.onChange(e);
+                      onFieldChange();
+                    }}
+                    onBlur={() => {
+                      field.onBlur();
+                      onFieldCommit();
+                    }}
+                    placeholder={`Font family for ${label.toLowerCase()}`}
+                  />
+                )}
               />
             </div>
-          ))}
-        </div>
-      ) : hasFonts ? (
-        <div className="space-y-3">
-          {FONT_ROLES.filter(({ key }) => brand.fonts?.[key]).map(
-            ({ key, label }) => (
-              <div key={key} className="flex items-center gap-3">
-                <span className="w-9 text-xl font-medium leading-none text-foreground">
-                  Aa
-                </span>
-                <div>
-                  <p className="text-sm font-medium leading-none text-foreground">
-                    {brand.fonts![key]}
-                  </p>
-                  <p className="mt-0.5 text-xs text-muted-foreground">
-                    {label}
-                  </p>
-                </div>
-              </div>
-            ),
-          )}
-        </div>
-      ) : (
-        <p className="text-sm text-muted-foreground/60">
-          No fonts defined. Click edit to add your brand fonts.
-        </p>
-      )}
+          );
+        })}
+      </div>
     </BrandCard>
   );
 }
@@ -510,91 +458,61 @@ const COLOR_ROLES = [
 ];
 
 function ColorsSection({
-  brand,
-  onSave,
+  form,
+  onFieldChange,
+  onFieldCommit,
 }: {
-  brand: Partial<BrandContext>;
-  onSave: (data: Partial<BrandContext>) => void;
+  form: BrandFormReturn;
+  onFieldChange: () => void;
+  onFieldCommit: () => void;
 }) {
-  const [editing, setEditing] = useState(false);
-  const [colors, setColors] = useState<BrandColors>(brand.colors ?? {});
-
-  const startEdit = () => {
-    setColors(brand.colors ?? {});
-    setEditing(true);
-  };
-
-  const save = () => {
-    const hasAny = Object.values(colors).some((v) => v?.trim());
-    onSave({ colors: hasAny ? colors : null });
-    setEditing(false);
-  };
-
-  const hasColors =
-    brand.colors && Object.values(brand.colors).some((v) => v?.trim());
-
   return (
-    <BrandCard
-      title="Colors"
-      onEdit={startEdit}
-      editing={editing}
-      onSave={save}
-      onCancel={() => setEditing(false)}
-    >
-      {editing ? (
-        <div className="space-y-2">
-          {COLOR_ROLES.map(({ key, label }) => (
-            <div key={key} className="flex items-center gap-2">
-              <input
-                type="color"
-                value={colors[key] ?? "#000000"}
-                onChange={(e) =>
-                  setColors({ ...colors, [key]: e.target.value })
-                }
-                className="h-9 w-9 shrink-0 cursor-pointer rounded-lg border border-border bg-transparent p-0.5"
-              />
-              <Input
-                value={colors[key] ?? ""}
-                onChange={(e) =>
-                  setColors({ ...colors, [key]: e.target.value })
-                }
-                placeholder="#000000"
-                className="w-28"
-              />
-              <span className="flex-1 text-xs text-muted-foreground">
-                {label}
-              </span>
-            </div>
-          ))}
-        </div>
-      ) : hasColors ? (
-        <div className="flex flex-wrap gap-4">
-          {COLOR_ROLES.filter(({ key }) => brand.colors?.[key]).map(
-            ({ key, label }) => (
-              <div key={key} className="flex flex-col items-center gap-2">
-                <div
-                  className="h-14 w-14 rounded-full shadow-sm"
-                  style={{
-                    backgroundColor: brand.colors![key],
-                    border:
-                      brand.colors![key] === "#FFFFFF"
-                        ? "1px solid #e5e7eb"
-                        : undefined,
-                  }}
-                />
-                <p className="font-mono text-[10px] text-muted-foreground">
-                  {brand.colors![key]}
-                </p>
-                <p className="text-[10px] text-muted-foreground">{label}</p>
-              </div>
-            ),
-          )}
-        </div>
-      ) : (
-        <p className="text-sm text-muted-foreground/60">
-          No colors defined. Click edit to add your brand palette.
-        </p>
-      )}
+    <BrandCard title="Colors">
+      <div className="space-y-2">
+        {COLOR_ROLES.map(({ key, label }) => {
+          const fieldName = `colors.${key}` as const;
+          return (
+            <Controller
+              key={key}
+              control={form.control}
+              name={fieldName}
+              render={({ field }) => (
+                <div className="flex items-center gap-2">
+                  <input
+                    type="color"
+                    value={field.value ?? "#000000"}
+                    onChange={(e) => {
+                      field.onChange(e.target.value);
+                      onFieldChange();
+                    }}
+                    onBlur={() => {
+                      field.onBlur();
+                      onFieldCommit();
+                    }}
+                    className="h-9 w-9 shrink-0 cursor-pointer rounded-lg border border-border bg-transparent p-0.5"
+                  />
+                  <Input
+                    value={field.value ?? ""}
+                    onChange={(e) => {
+                      field.onChange(e.target.value);
+                      onFieldChange();
+                    }}
+                    onBlur={() => {
+                      field.onBlur();
+                      onFieldCommit();
+                    }}
+                    placeholder="#000000"
+                    className="w-28"
+                  />
+                  <span className="flex-1 text-xs text-muted-foreground">
+                    {label}
+                  </span>
+                </div>
+              )}
+            />
+          );
+        })}
+      </div>
     </BrandCard>
   );
 }
@@ -605,78 +523,125 @@ function ExpandableBrandEntry({
   brand,
   client,
   onChanged,
-  archived,
 }: {
   brand: BrandContext;
   client: ReturnType<typeof useMCPClient>;
   onChanged: () => void;
-  archived?: boolean;
 }) {
-  const [expanded, setExpanded] = useState(false);
+  const [expanded, setExpanded] = useState(brand.isDefault ?? false);
+  const [confirmDeleteOpen, setConfirmDeleteOpen] = useState(false);
+
+  const form = useForm<BrandFormData>({
+    values: {
+      name: brand.name ?? "",
+      domain: brand.domain ?? "",
+      overview: brand.overview ?? "",
+      logo: brand.logo ?? "",
+      favicon: brand.favicon ?? "",
+      ogImage: brand.ogImage ?? "",
+      fonts: brand.fonts ?? {},
+      colors: brand.colors ?? {},
+    },
+  });
 
-  const { mutate: saveBrand } = useMutation({
-    mutationFn: async (data: Partial<BrandContext>) => {
+  const updateBrandMutation = useMutation({
+    mutationFn: async (values: BrandFormData) => {
+      const fontsHasAny = Object.values(values.fonts).some((v) => v?.trim());
+      const colorsHasAny = Object.values(values.colors).some((v) => v?.trim());
       const merged = {
         id: brand.id,
-        name: data.name ?? brand.name ?? "",
-        domain: data.domain ?? brand.domain ?? "",
-        overview: data.overview ?? brand.overview ?? "",
-        logo: "logo" in data ? data.logo : brand.logo,
-        favicon: "favicon" in data ? data.favicon : brand.favicon,
-        ogImage: "ogImage" in data ? data.ogImage : brand.ogImage,
-        fonts: "fonts" in data ? data.fonts : brand.fonts,
-        colors: "colors" in data ? data.colors : brand.colors,
-        images: "images" in data ? data.images : brand.images,
+        name: values.name,
+        domain: values.domain,
+        overview: values.overview,
+        logo: values.logo || null,
+        favicon: values.favicon || null,
+        ogImage: values.ogImage || null,
+        fonts: fontsHasAny ? values.fonts : null,
+        colors: colorsHasAny ? values.colors : null,
+        images: brand.images,
       };
       await client.callTool({
         name: "BRAND_CONTEXT_UPDATE",
         arguments: merged,
       });
     },
-    onSuccess: () => {
-      onChanged();
-      toast.success("Brand context saved");
-    },
     onError: () => toast.error("Failed to save brand context"),
   });
 
-  const { mutate: toggleArchive, isPending: isToggling } = useMutation({
-    mutationFn: async () => {
-      if (archived) {
-        // Unarchive: clear archivedAt via update
-        await client.callTool({
-          name: "BRAND_CONTEXT_UPDATE",
-          arguments: { id: brand.id, archivedAt: null },
-        });
-      } else {
-        await client.callTool({
-          name: "BRAND_CONTEXT_DELETE",
-          arguments: { id: brand.id },
-        });
+  const { schedule: scheduleSave, flush: flushAndSave } = useDebouncedAutosave({
+    delayMs: 500,
+    save: async () => {
+      // Read live dirty state from control._formState. form.formState is a
+      // Proxy over React state and lags by one render inside synchronous
+      // event handlers — the same gotcha that hit virtual-mcp.
+      const liveDirtyFields = (
+        form.control as unknown as {
+          _formState: { dirtyFields: Record<string, unknown> };
+        }
+      )._formState.dirtyFields;
+      const dirtyKeys = Object.keys(liveDirtyFields);
+      if (dirtyKeys.length === 0) return;
+
+      const values = form.getValues();
+      const previousDefaults = (
+        form.control as unknown as { _defaultValues: BrandFormData }
+      )._defaultValues;
+
+      // Rebase defaults to the snapshot we're about to send. An edit during
+      // the in-flight save that returns a value to its pre-save default still
+      // registers as dirty for the next save. keepValues preserves the user's
+      // current view; only _defaultValues advances. Replaces the post-mutate
+      // form.reset(values) which used to stomp user edits made mid-flight.
+      form.reset(values, { keepValues: true });
+
+      try {
+        await updateBrandMutation.mutateAsync(values);
+        track("brand_updated", { brand_id: brand.id, fields: dirtyKeys });
+        toast.success("Brand context updated successfully");
+        onChanged();
+      } catch {
+        // Roll back the rebase so user edits remain dirty for the next save.
+        form.reset(previousDefaults, { keepValues: true });
       }
     },
+  });
+
+  const { mutate: deleteBrand, isPending: isDeleting } = useMutation({
+    mutationFn: async () => {
+      await client.callTool({
+        name: "BRAND_CONTEXT_DELETE",
+        arguments: { id: brand.id },
+      });
+    },
     onSuccess: () => {
+      track("brand_deleted", { brand_id: brand.id });
+      setConfirmDeleteOpen(false);
       onChanged();
-      toast.success(archived ? "Brand restored" : "Brand archived");
+      toast.success("Brand deleted");
     },
-    onError: () =>
-      toast.error(
-        archived ? "Failed to restore brand" : "Failed to archive brand",
-      ),
+    onError: () => toast.error("Failed to delete brand"),
   });
 
-  const { mutate: setAsDefault } = useMutation({
+  const { mutate: toggleDefault } = useMutation({
     mutationFn: async () => {
       await client.callTool({
         name: "BRAND_CONTEXT_UPDATE",
-        arguments: { id: brand.id, isDefault: true },
+        arguments: { id: brand.id, isDefault: !brand.isDefault },
       });
     },
     onSuccess: () => {
+      track(
+        brand.isDefault ? "brand_unset_as_default" : "brand_set_as_default",
+        {
+          brand_id: brand.id,
+        },
+      );
       onChanged();
-      toast.success("Set as default brand");
+      toast.success(
+        brand.isDefault ? "Removed as default brand" : "Set as default brand",
+      );
     },
-    onError: () => toast.error("Failed to set default brand"),
+    onError: () => toast.error("Failed to update default brand"),
   });
 
   return (
@@ -736,100 +701,157 @@ function ExpandableBrandEntry({
           )}
         </div>
 
-        {/* Color swatches */}
-        {brand.colors && Object.values(brand.colors).some((v) => v) && (
-          <div className="flex shrink-0 gap-1">
-            {Object.entries(brand.colors)
-              .filter(([, v]) => v)
-              .map(([role, value]) => (
-                <div
-                  key={role}
-                  className="h-5 w-5 rounded-full border border-border/40"
-                  style={{ backgroundColor: value }}
-                  title={`${role}: ${value}`}
-                />
-              ))}
-          </div>
-        )}
+        {/* Color swatches — only when collapsed */}
+        {!expanded &&
+          brand.colors &&
+          Object.values(brand.colors).some((v) => v) && (
+            <div className="flex shrink-0 gap-1">
+              {Object.entries(brand.colors)
+                .filter(([, v]) => v)
+                .map(([role, value]) => (
+                  <div
+                    key={role}
+                    className="h-5 w-5 rounded-full border border-border/40"
+                    style={{ backgroundColor: value }}
+                    title={`${role}: ${value}`}
+                  />
+                ))}
+            </div>
+          )}
 
-        {/* Font names */}
-        {brand.fonts && Object.values(brand.fonts).some((v) => v) && (
-          <span className="shrink-0 text-xs text-muted-foreground">
-            {Object.values(brand.fonts).filter(Boolean).join(", ")}
-          </span>
-        )}
+        {/* Font names — only when collapsed */}
+        {!expanded &&
+          brand.fonts &&
+          Object.values(brand.fonts).some((v) => v) && (
+            <span className="shrink-0 text-xs text-muted-foreground">
+              {Object.values(brand.fonts).filter(Boolean).join(", ")}
+            </span>
+          )}
 
         {/* Default star */}
-        {!archived && (
-          <span
-            role="button"
-            tabIndex={0}
+        <span
+          role="button"
+          tabIndex={0}
+          className={cn(
+            "flex h-7 w-7 shrink-0 items-center justify-center rounded-lg transition-opacity",
+            brand.isDefault
+              ? "opacity-100"
+              : "opacity-0 hover:bg-muted group-hover:opacity-100",
+          )}
+          onClick={(e) => {
+            e.stopPropagation();
+            toggleDefault();
+          }}
+          onKeyDown={(e) => {
+            if (e.key === "Enter") {
+              e.stopPropagation();
+              toggleDefault();
+            }
+          }}
+          title={brand.isDefault ? "Unset as default" : "Set as default"}
+        >
+          <Star01
+            size={13}
             className={cn(
-              "flex h-7 w-7 shrink-0 items-center justify-center rounded-lg transition-opacity",
               brand.isDefault
-                ? "opacity-100"
-                : "opacity-0 hover:bg-muted group-hover:opacity-100",
+                ? "text-primary fill-primary"
+                : "text-muted-foreground",
             )}
-            onClick={(e) => {
-              e.stopPropagation();
-              if (!brand.isDefault) setAsDefault();
-            }}
-            onKeyDown={(e) => {
-              if (e.key === "Enter") {
-                e.stopPropagation();
-                if (!brand.isDefault) setAsDefault();
-              }
-            }}
-            title={brand.isDefault ? "Default brand" : "Set as default"}
-          >
-            <Star01
-              size={13}
-              className={cn(
-                brand.isDefault
-                  ? "text-primary fill-primary"
-                  : "text-muted-foreground",
-              )}
-            />
-          </span>
-        )}
+          />
+        </span>
 
-        {/* Archive */}
+        {/* Delete */}
         <span
           role="button"
           tabIndex={0}
-          className="flex h-7 w-7 shrink-0 items-center justify-center rounded-lg opacity-0 transition-opacity hover:bg-muted group-hover:opacity-100"
+          className="flex h-7 w-7 shrink-0 items-center justify-center rounded-lg opacity-0 transition-opacity hover:bg-destructive/10 group-hover:opacity-100"
           onClick={(e) => {
             e.stopPropagation();
-            toggleArchive();
+            setConfirmDeleteOpen(true);
           }}
           onKeyDown={(e) => {
             if (e.key === "Enter") {
               e.stopPropagation();
-              toggleArchive();
+              setConfirmDeleteOpen(true);
             }
           }}
+          title="Delete brand"
         >
-          {isToggling ? (
-            <span className="text-[10px] text-muted-foreground">...</span>
-          ) : (
-            <Trash01 size={13} className="text-muted-foreground" />
-          )}
+          <Trash01 size={13} className="text-muted-foreground" />
         </span>
       </button>
 
       {/* Expanded content */}
       {expanded && (
         <div className="space-y-3 px-5 pb-5">
-          <OverviewSection brand={brand} onSave={saveBrand} />
-
+          <OverviewSection
+            form={form}
+            onFieldChange={scheduleSave}
+            onFieldCommit={flushAndSave}
+          />
+          <LogosSection
+            form={form}
+            onFieldChange={scheduleSave}
+            onFieldCommit={flushAndSave}
+          />
           <div className="grid grid-cols-2 gap-3">
-            <LogosSection brand={brand} onSave={saveBrand} />
-            <FontsSection brand={brand} onSave={saveBrand} />
+            <ColorsSection
+              form={form}
+              onFieldChange={scheduleSave}
+              onFieldCommit={flushAndSave}
+            />
+            <FontsSection
+              form={form}
+              onFieldChange={scheduleSave}
+              onFieldCommit={flushAndSave}
+            />
           </div>
-
-          <ColorsSection brand={brand} onSave={saveBrand} />
         </div>
       )}
+
+      <AlertDialog
+        open={confirmDeleteOpen}
+        onOpenChange={(open) => {
+          if (!open && !isDeleting) setConfirmDeleteOpen(false);
+        }}
+      >
+        <AlertDialogContent>
+          <AlertDialogHeader>
+            <AlertDialogTitle>Delete brand?</AlertDialogTitle>
+            <AlertDialogDescription asChild>
+              <div>
+                <p>
+                  This will permanently delete{" "}
+                  <span className="font-medium text-foreground">
+                    {brand.name || "this brand"}
+                  </span>
+                  . This action cannot be undone.
+                </p>
+                {brand.isDefault && (
+                  <p className="mt-2 rounded-lg border border-destructive/30 bg-destructive/5 p-2 text-destructive">
+                    <span className="font-medium">Heads up:</span> this is your
+                    organization's default brand. Deleting it will leave your
+                    organization without a default brand until you set another.
+                  </p>
+                )}
+              </div>
+            </AlertDialogDescription>
+          </AlertDialogHeader>
+          <AlertDialogFooter>
+            <AlertDialogCancel disabled={isDeleting}>Cancel</AlertDialogCancel>
+            <AlertDialogAction
+              onClick={(e) => {
+                e.preventDefault();
+                deleteBrand();
+              }}
+              disabled={isDeleting}
+              className="bg-destructive text-destructive-foreground hover:bg-destructive/90"
+            >
+              {isDeleting ? "Deleting..." : "Delete"}
+            </AlertDialogAction>
+          </AlertDialogFooter>
+        </AlertDialogContent>
+      </AlertDialog>
     </div>
   );
 }
@@ -842,6 +864,7 @@ export function OrgBrandContextPage() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const queryClient = useQueryClient();
 
@@ -850,7 +873,7 @@ export function OrgBrandContextPage() {
     queryFn: async () => {
       const result = await client.callTool({
         name: "BRAND_CONTEXT_LIST",
-        arguments: { includeArchived: true },
+        arguments: { includeArchived: false },
       });
       const data = unwrapToolResult<{ items?: BrandContext[] }>(result);
       return Array.isArray(data?.items) ? data.items : [];
@@ -858,8 +881,6 @@ export function OrgBrandContextPage() {
   });
 
   const activeBrands = allBrands.filter((b) => !b.archivedAt);
-  const archivedBrands = allBrands.filter((b) => b.archivedAt);
-  const [showArchived, setShowArchived] = useState(false);
 
   const invalidate = () =>
     queryClient.invalidateQueries({
@@ -879,6 +900,7 @@ export function OrgBrandContextPage() {
       });
     },
     onSuccess: () => {
+      track("brand_created");
       invalidate();
       toast.success("Brand created");
     },
@@ -887,6 +909,7 @@ export function OrgBrandContextPage() {
 
   const { mutate: extractBrand, isPending: isExtracting } = useMutation({
     mutationFn: async (domain: string) => {
+      track("brand_extract_started", { domain });
       const result = await client.callTool({
         name: "BRAND_CONTEXT_EXTRACT",
         arguments: { domain },
@@ -895,13 +918,18 @@ export function OrgBrandContextPage() {
       unwrapToolResult(result);
     },
     onSuccess: () => {
+      track("brand_extract_succeeded");
       invalidate();
       toast.success("Brand extracted successfully");
     },
-    onError: (err) =>
+    onError: (err) => {
+      track("brand_extract_failed", {
+        error: err instanceof Error ? err.message : "unknown",
+      });
       toast.error(
         err instanceof Error ? err.message : "Failed to extract brand",
-      ),
+      );
+    },
   });
 
   return (
@@ -934,7 +962,7 @@ export function OrgBrandContextPage() {
               />
             )}
 
-            {activeBrands.length === 0 && archivedBrands.length === 0 && (
+            {activeBrands.length === 0 && (
               <div className="rounded-2xl border border-dashed border-border bg-muted/30 p-8 text-center">
                 <p className="text-sm text-muted-foreground">
                   No brands configured yet.
@@ -962,39 +990,6 @@ export function OrgBrandContextPage() {
                 />
               ))}
             </div>
-
-            {archivedBrands.length > 0 && (
-              <div className="space-y-3">
-                <button
-                  type="button"
-                  onClick={() => setShowArchived(!showArchived)}
-                  className="flex items-center gap-1.5 text-xs text-muted-foreground/60 transition-colors hover:text-muted-foreground"
-                >
-                  <ChevronRight
-                    size={12}
-                    className={cn(
-                      "transition-transform",
-                      showArchived && "rotate-90",
-                    )}
-                  />
-                  {archivedBrands.length} archived
-                </button>
-
-                {showArchived && (
-                  <div className="space-y-3 opacity-60">
-                    {archivedBrands.map((brand) => (
-                      <ExpandableBrandEntry
-                        key={brand.id}
-                        brand={brand}
-                        client={client}
-                        onChanged={invalidate}
-                        archived
-                      />
-                    ))}
-                  </div>
-                )}
-              </div>
-            )}
           </div>
         </Page.Body>
       </Page.Content>
diff --git a/apps/mesh/src/web/views/settings/org-general.tsx b/apps/mesh/src/web/views/settings/org-general.tsx
index a9f54d000e..aa8db133f9 100644
--- a/apps/mesh/src/web/views/settings/org-general.tsx
+++ b/apps/mesh/src/web/views/settings/org-general.tsx
@@ -1,17 +1,20 @@
 import { Page } from "@/web/components/page";
 import { OrganizationForm } from "@/web/components/settings/organization-form";
 import { DomainSettings } from "@/web/components/settings/domain-settings";
+import { DefaultHomeAgentsForm } from "@/web/components/settings/default-home-agents-form";
+import { SettingsPage } from "@/web/components/settings/settings-section";
 
 export function OrgGeneralPage() {
   return (
     <Page>
       <Page.Content>
         <Page.Body>
-          <div className="flex flex-col gap-6">
+          <SettingsPage>
             <Page.Title>Organization</Page.Title>
             <OrganizationForm />
             <DomainSettings />
-          </div>
+            <DefaultHomeAgentsForm />
+          </SettingsPage>
         </Page.Body>
       </Page.Content>
     </Page>
diff --git a/apps/mesh/src/web/views/settings/org-role-detail.tsx b/apps/mesh/src/web/views/settings/org-role-detail.tsx
new file mode 100644
index 0000000000..d963be5e8d
--- /dev/null
+++ b/apps/mesh/src/web/views/settings/org-role-detail.tsx
@@ -0,0 +1,1644 @@
+import {
+  BASIC_USAGE_TOOLS,
+  getCapabilitySections,
+  isCapabilityEnabled,
+  toggleCapabilityInTools,
+  type PermissionCapability,
+} from "@/tools/registry-metadata";
+import { DEFAULT_LOGO, PROVIDER_LOGOS } from "@/web/utils/ai-providers-logos";
+import { ToolSetSelector } from "@/web/components/tool-set-selector.tsx";
+import { useMembers } from "@/web/hooks/use-members";
+import { type OrganizationRole } from "@/web/hooks/use-organization-roles";
+import { useOrgAuthClient } from "@/web/hooks/use-org-auth-client";
+import { KEYS } from "@/web/lib/query-keys";
+import { track } from "@/web/lib/posthog-client";
+import {
+  useConnections,
+  useProjectContext,
+  type ConnectionEntity,
+} from "@decocms/mesh-sdk";
+import {
+  type AiProviderKey,
+  useAiProviderKeys,
+  useSuspenseAiProviderModels,
+} from "@/web/hooks/collections/use-ai-providers";
+import { Avatar } from "@deco/ui/components/avatar.tsx";
+import { Badge } from "@deco/ui/components/badge.tsx";
+import { Button } from "@deco/ui/components/button.tsx";
+import { Checkbox } from "@deco/ui/components/checkbox.tsx";
+import {
+  AlertDialog,
+  AlertDialogAction,
+  AlertDialogCancel,
+  AlertDialogContent,
+  AlertDialogDescription,
+  AlertDialogFooter,
+  AlertDialogHeader,
+  AlertDialogTitle,
+} from "@deco/ui/components/alert-dialog.tsx";
+import { Switch } from "@deco/ui/components/switch.tsx";
+import {
+  Tooltip,
+  TooltipContent,
+  TooltipProvider,
+  TooltipTrigger,
+} from "@deco/ui/components/tooltip.tsx";
+import { cn } from "@deco/ui/lib/utils.ts";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query";
+import { Suspense, useDeferredValue, useState } from "react";
+import { useForm } from "react-hook-form";
+import { toast } from "sonner";
+import { z } from "zod";
+import { SearchInput } from "@deco/ui/components/search-input.tsx";
+import { Page } from "@/web/components/page";
+import { IntegrationIcon } from "@/web/components/integration-icon";
+import {
+  SettingsCard,
+  SettingsCardItem,
+  SettingsSection,
+} from "@/web/components/settings/settings-section";
+import {
+  AlertTriangle,
+  ChevronDown,
+  ChevronRight,
+  Loading01,
+  Lock01,
+  Plus,
+  X,
+} from "@untitledui/icons";
+
+// ============================================================================
+// Types
+// ============================================================================
+
+export type RoleEditorTarget =
+  | {
+      kind: "builtin";
+      role: "owner" | "admin" | "user";
+      storedId?: string;
+      storedPermission?: Record<string, string[]>;
+    }
+  | { kind: "custom"; role: OrganizationRole }
+  | { kind: "new" };
+
+// ============================================================================
+// Role color helpers
+// ============================================================================
+
+const ROLE_COLORS = [
+  "bg-red-500",
+  "bg-orange-500",
+  "bg-amber-500",
+  "bg-yellow-500",
+  "bg-lime-500",
+  "bg-green-500",
+  "bg-emerald-500",
+  "bg-teal-500",
+  "bg-cyan-500",
+  "bg-sky-500",
+  "bg-blue-500",
+  "bg-indigo-500",
+  "bg-violet-500",
+  "bg-purple-500",
+  "bg-fuchsia-500",
+  "bg-pink-500",
+  "bg-rose-500",
+] as const;
+
+const BUILTIN_ROLE_COLORS: Record<string, string> = {
+  owner: "bg-red-500",
+  admin: "bg-blue-500",
+  user: "bg-green-500",
+};
+
+function getRoleColor(roleName: string): string {
+  if (!roleName) return "bg-neutral-400";
+  let hash = 0;
+  for (let i = 0; i < roleName.length; i++) {
+    const char = roleName.charCodeAt(i);
+    hash = (hash << 5) - hash + char;
+    hash = hash & hash;
+  }
+  const index = Math.abs(hash) % ROLE_COLORS.length;
+  return ROLE_COLORS[index] ?? ROLE_COLORS[0];
+}
+
+function getRoleDotColor(roleSlug: string, isBuiltin: boolean): string {
+  if (isBuiltin) return BUILTIN_ROLE_COLORS[roleSlug] ?? "bg-neutral-400";
+  return getRoleColor(roleSlug);
+}
+
+// ============================================================================
+// Zod Schema
+// ============================================================================
+
+const roleFormSchema = z.object({
+  role: z.object({
+    id: z.string().optional(),
+    slug: z.string().optional(),
+    label: z.string(),
+  }),
+  allowAllStaticPermissions: z.boolean(),
+  staticPermissions: z.array(z.string()),
+  toolSet: z.record(z.string(), z.array(z.string())),
+  allowAllModels: z.boolean(),
+  modelSet: z.record(z.string(), z.array(z.string())),
+  memberIds: z.array(z.string()),
+});
+
+type RoleFormData = z.infer<typeof roleFormSchema>;
+
+function getInitials(name: string | undefined | null): string {
+  if (!name) return "?";
+  return name
+    .split(" ")
+    .map((part) => part[0])
+    .join("")
+    .toUpperCase()
+    .slice(0, 2);
+}
+
+// ============================================================================
+// Organization Permissions Tab
+// ============================================================================
+
+interface OrgPermissionsTabProps {
+  allowAllStaticPermissions: boolean;
+  staticPermissions: string[];
+  onAllowAllChange: (allowAll: boolean) => void;
+  onPermissionsChange: (permissions: string[]) => void;
+  readOnly?: boolean;
+  searchQuery: string;
+}
+
+function makeToggle(checked: boolean, readOnly: boolean, onToggle: () => void) {
+  const sw = (
+    <Switch checked={checked} disabled={readOnly} onCheckedChange={onToggle} />
+  );
+  if (!readOnly) return sw;
+  return (
+    <TooltipProvider>
+      <Tooltip>
+        <TooltipTrigger asChild>
+          <div>{sw}</div>
+        </TooltipTrigger>
+        <TooltipContent>
+          <p>Built-in role permissions cannot be changed</p>
+        </TooltipContent>
+      </Tooltip>
+    </TooltipProvider>
+  );
+}
+
+function OrgPermissionsTab({
+  allowAllStaticPermissions,
+  staticPermissions,
+  onAllowAllChange,
+  onPermissionsChange,
+  readOnly = false,
+  searchQuery,
+}: OrgPermissionsTabProps) {
+  const deferredQuery = useDeferredValue(searchQuery.trim().toLowerCase());
+  const sections = getCapabilitySections();
+
+  const toggleCapability = (
+    cap: PermissionCapability,
+    currentEnabled: boolean,
+  ) => {
+    if (readOnly) return;
+    if (allowAllStaticPermissions && currentEnabled) {
+      const allTools = sections
+        .flatMap((s) => s.capabilities)
+        .flatMap((c) => c.tools);
+      onAllowAllChange(false);
+      onPermissionsChange(allTools.filter((t) => !cap.tools.includes(t)));
+      return;
+    }
+    if (allowAllStaticPermissions) return;
+    onPermissionsChange(
+      toggleCapabilityInTools(cap, staticPermissions, !currentEnabled),
+    );
+  };
+
+  const filteredSections = sections
+    .map(({ section, capabilities }) => ({
+      section,
+      capabilities: capabilities.filter(
+        (cap) =>
+          !deferredQuery ||
+          cap.label.toLowerCase().includes(deferredQuery) ||
+          cap.description.toLowerCase().includes(deferredQuery),
+      ),
+    }))
+    .filter((s) => s.capabilities.length > 0);
+
+  return (
+    <div>
+      <div className="flex flex-col gap-10 py-4">
+        <SettingsSection title="General">
+          <SettingsCard>
+            <SettingsCardItem
+              title="All organization permissions"
+              description="Grant full access to all features below"
+              action={makeToggle(allowAllStaticPermissions, readOnly, () => {
+                onAllowAllChange(!allowAllStaticPermissions);
+                onPermissionsChange([]);
+              })}
+              onClick={
+                readOnly
+                  ? undefined
+                  : () => {
+                      onAllowAllChange(!allowAllStaticPermissions);
+                      onPermissionsChange([]);
+                    }
+              }
+            />
+          </SettingsCard>
+        </SettingsSection>
+
+        {filteredSections.length === 0 && deferredQuery ? (
+          <p className="text-sm text-muted-foreground py-4">
+            No permissions match &ldquo;{searchQuery}&rdquo;
+          </p>
+        ) : (
+          filteredSections.map(({ section, capabilities }) => (
+            <SettingsSection key={section} title={section}>
+              <SettingsCard>
+                {capabilities.map((cap) => {
+                  const enabled = isCapabilityEnabled(
+                    cap,
+                    staticPermissions,
+                    allowAllStaticPermissions,
+                  );
+                  return (
+                    <SettingsCardItem
+                      key={cap.id}
+                      title={
+                        <span className="flex items-center gap-1.5">
+                          {cap.label}
+                          {cap.dangerous && (
+                            <AlertTriangle
+                              size={12}
+                              className="text-amber-500 shrink-0"
+                            />
+                          )}
+                        </span>
+                      }
+                      description={cap.description}
+                      action={makeToggle(enabled, readOnly, () =>
+                        toggleCapability(cap, enabled),
+                      )}
+                      onClick={
+                        readOnly
+                          ? undefined
+                          : () => toggleCapability(cap, enabled)
+                      }
+                    />
+                  );
+                })}
+              </SettingsCard>
+            </SettingsSection>
+          ))
+        )}
+      </div>
+    </div>
+  );
+}
+
+// ============================================================================
+// Models Permissions Tab
+// ============================================================================
+
+const PROVIDER_DISPLAY_NAMES: Record<string, string> = {
+  anthropic: "Anthropic",
+  openrouter: "OpenRouter",
+};
+
+const SUB_PROVIDER_DISPLAY_NAMES: Record<string, string> = {
+  openai: "OpenAI",
+  anthropic: "Anthropic",
+  google: "Google",
+  "meta-llama": "Meta",
+  mistralai: "Mistral",
+  "x-ai": "xAI",
+  deepseek: "DeepSeek",
+  qwen: "Qwen",
+  moonshotai: "MoonshotAI",
+  nvidia: "NVIDIA",
+  perplexity: "Perplexity",
+  cohere: "Cohere",
+  amazon: "Amazon",
+  microsoft: "Microsoft",
+  "z-ai": "Z.ai",
+  "ibm-granite": "IBM Granite",
+  alibaba: "Alibaba",
+  baidu: "Baidu",
+  bytedance: "ByteDance",
+  tencent: "Tencent",
+  minimax: "MiniMax",
+  nousresearch: "Nous Research",
+  allenai: "Allen AI",
+  inception: "Inception",
+};
+
+function getSubProviderId(modelId: string, fallback: string): string {
+  const slash = modelId.indexOf("/");
+  const raw = slash > 0 ? modelId.slice(0, slash) : fallback;
+  // OpenRouter prefixes BYOK / passthrough providers with `~` (e.g.
+  // `~anthropic/claude-...`); normalize so they group with the canonical id.
+  return raw.startsWith("~") ? raw.slice(1) : raw;
+}
+
+function getSubProviderDisplayName(id: string): string {
+  return SUB_PROVIDER_DISPLAY_NAMES[id] ?? PROVIDER_DISPLAY_NAMES[id] ?? id;
+}
+
+function stripTitlePrefix(title: string): string {
+  // OpenRouter titles look like "Anthropic: Claude Haiku Latest" — strip the
+  // "<sub-provider>: " prefix since it's redundant under a grouped header.
+  const colon = title.indexOf(": ");
+  return colon > 0 && colon < 32 ? title.slice(colon + 2) : title;
+}
+
+interface ModelsPermissionsTabProps {
+  allowAllModels: boolean;
+  modelSet: Record<string, string[]>;
+  onAllowAllChange: (allowAll: boolean) => void;
+  onModelSetChange: (modelSet: Record<string, string[]>) => void;
+  readOnly?: boolean;
+  searchQuery: string;
+}
+
+const MODELS_PAGE_SIZE = 30;
+
+type GroupedModel = {
+  id: string;
+  title: string;
+  logo: string | null;
+};
+
+function SubProviderGroup({
+  connectionId,
+  subProviderId,
+  subProviderName,
+  groupLogo,
+  models,
+  allConnectionModelIds,
+  selectedModels,
+  allowAllModels,
+  allConnectionModelsSelected,
+  onToggleModel,
+  onExitAllowAll,
+  readOnly,
+  defaultExpanded,
+}: {
+  connectionId: string;
+  subProviderId: string;
+  subProviderName: string;
+  groupLogo: string | null;
+  models: GroupedModel[];
+  allConnectionModelIds: string[];
+  selectedModels: string[];
+  allowAllModels: boolean;
+  allConnectionModelsSelected: boolean;
+  onToggleModel: (keyId: string, modelId: string) => void;
+  onExitAllowAll: (
+    keyId: string,
+    allModelIds: string[],
+    excludeModelId: string,
+  ) => void;
+  readOnly: boolean;
+  defaultExpanded: boolean;
+}) {
+  const [userExpanded, setUserExpanded] = useState(defaultExpanded);
+  // Honor `defaultExpanded` whenever it's true (e.g. active search) so
+  // matching groups expand automatically even after the user collapsed them
+  // earlier.
+  const expanded = defaultExpanded || userExpanded;
+  const setExpanded = setUserExpanded;
+  const [visibleCount, setVisibleCount] = useState(MODELS_PAGE_SIZE);
+
+  const isModelEnabled = (modelId: string) =>
+    allowAllModels ||
+    allConnectionModelsSelected ||
+    selectedModels.includes("*") ||
+    selectedModels.includes(modelId);
+
+  const enabledCount = models.filter((m) => isModelEnabled(m.id)).length;
+  const visibleModels = models.slice(0, visibleCount);
+  const hasMore = models.length > visibleCount;
+
+  return (
+    <div className="border border-border rounded-lg overflow-hidden bg-card">
+      <div
+        className="flex items-center justify-between gap-3 px-4 py-3 hover:bg-muted/50 cursor-pointer"
+        onClick={() => setExpanded((e) => !e)}
+      >
+        <div className="flex items-center gap-3 flex-1 min-w-0">
+          <IntegrationIcon
+            icon={groupLogo ?? PROVIDER_LOGOS[subProviderId] ?? DEFAULT_LOGO}
+            name={subProviderName}
+            size="sm"
+          />
+          <span className="text-sm font-medium truncate">
+            {subProviderName}
+          </span>
+        </div>
+        <div className="flex items-center gap-3 shrink-0">
+          <Badge variant="secondary" className="text-xs text-muted-foreground">
+            {enabledCount}/{models.length} enabled
+          </Badge>
+          {expanded ? (
+            <ChevronDown size={16} className="text-muted-foreground shrink-0" />
+          ) : (
+            <ChevronRight
+              size={16}
+              className="text-muted-foreground shrink-0"
+            />
+          )}
+        </div>
+      </div>
+      {expanded && (
+        <div className="border-t border-border bg-muted/20">
+          {visibleModels.map((model) => {
+            const isEnabled = isModelEnabled(model.id);
+            const handleToggle = () => {
+              if (readOnly) return;
+              if (allowAllModels) {
+                onExitAllowAll(connectionId, allConnectionModelIds, model.id);
+                return;
+              }
+              onToggleModel(connectionId, model.id);
+            };
+            return (
+              <div
+                key={model.id}
+                className={cn(
+                  "flex items-center justify-between gap-3 px-4 py-3 border-b border-border last:border-b-0",
+                  !readOnly && "hover:bg-muted/50 cursor-pointer",
+                )}
+                onClick={handleToggle}
+              >
+                <div className="flex items-center gap-2 flex-1 min-w-0">
+                  <span className="text-sm truncate">{model.title}</span>
+                </div>
+                <div onClick={(e) => e.stopPropagation()}>
+                  {readOnly ? (
+                    <TooltipProvider>
+                      <Tooltip>
+                        <TooltipTrigger asChild>
+                          <div>
+                            <Switch
+                              checked={isEnabled}
+                              disabled
+                              onCheckedChange={() => {}}
+                            />
+                          </div>
+                        </TooltipTrigger>
+                        <TooltipContent>
+                          <p>Built-in role permissions cannot be changed</p>
+                        </TooltipContent>
+                      </Tooltip>
+                    </TooltipProvider>
+                  ) : (
+                    <Switch
+                      checked={isEnabled}
+                      onCheckedChange={handleToggle}
+                    />
+                  )}
+                </div>
+              </div>
+            );
+          })}
+          {hasMore && (
+            <button
+              type="button"
+              className="w-full px-4 py-2 text-xs text-muted-foreground hover:text-foreground hover:bg-muted/50 transition-colors"
+              onClick={() => setVisibleCount((c) => c + MODELS_PAGE_SIZE)}
+            >
+              Show more ({models.length - visibleCount} remaining)
+            </button>
+          )}
+        </div>
+      )}
+    </div>
+  );
+}
+
+function ConnectionModelsSection({
+  connection,
+  selectedModels,
+  allowAllModels,
+  onToggleModel,
+  onExitAllowAll,
+  allConnectionModelsSelected,
+  searchQuery,
+  readOnly,
+}: {
+  connection: AiProviderKey;
+  selectedModels: string[];
+  allowAllModels: boolean;
+  onToggleModel: (keyId: string, modelId: string) => void;
+  onExitAllowAll: (
+    keyId: string,
+    allModelIds: string[],
+    excludeModelId: string,
+  ) => void;
+  allConnectionModelsSelected: boolean;
+  searchQuery: string;
+  readOnly: boolean;
+}) {
+  const rawModels = useSuspenseAiProviderModels(connection.id);
+  const models = rawModels
+    .filter((m, i, arr) => arr.findIndex((x) => x.modelId === m.modelId) === i)
+    .map((m) => ({ ...m, id: m.modelId, provider: connection.label }));
+
+  const q = searchQuery.trim().toLowerCase();
+  const filteredModels = q
+    ? models.filter(
+        (m) =>
+          m.title.toLowerCase().includes(q) ||
+          m.id.toLowerCase().includes(q) ||
+          m.provider?.toLowerCase().includes(q),
+      )
+    : models;
+
+  if (filteredModels.length === 0) return null;
+
+  const groupsMap = new Map<
+    string,
+    { models: GroupedModel[]; logo: string | null }
+  >();
+  for (const m of filteredModels) {
+    const subId = getSubProviderId(m.id, connection.providerId);
+    const entry = groupsMap.get(subId) ?? { models: [], logo: null };
+    entry.models.push({
+      id: m.id,
+      title: stripTitlePrefix(m.title),
+      logo: m.logo,
+    });
+    if (!entry.logo && m.logo) entry.logo = m.logo;
+    groupsMap.set(subId, entry);
+  }
+  const groups = Array.from(groupsMap.entries())
+    .map(([id, entry]) => ({
+      id,
+      name: getSubProviderDisplayName(id),
+      logo: entry.logo,
+      models: entry.models,
+    }))
+    .sort((a, b) => a.name.localeCompare(b.name));
+
+  // Auto-expand when there's only one group, or when actively searching.
+  const autoExpand = groups.length === 1 || q.length > 0;
+
+  return (
+    <div className="flex flex-col gap-3">
+      <div className="flex items-center gap-2">
+        <img
+          src={PROVIDER_LOGOS[connection.providerId] ?? DEFAULT_LOGO}
+          alt={connection.providerId}
+          className="w-4 h-4 rounded-sm dark:bg-white dark:rounded-sm dark:p-px"
+        />
+        <h4 className="text-sm font-medium">
+          {PROVIDER_DISPLAY_NAMES[connection.providerId] ??
+            connection.providerId}
+        </h4>
+      </div>
+      <div className="flex flex-col gap-3">
+        {groups.map((group) => (
+          <SubProviderGroup
+            key={group.id}
+            connectionId={connection.id}
+            subProviderId={group.id}
+            subProviderName={group.name}
+            groupLogo={group.logo}
+            models={group.models}
+            allConnectionModelIds={models.map((m) => m.id)}
+            selectedModels={selectedModels}
+            allowAllModels={allowAllModels}
+            allConnectionModelsSelected={allConnectionModelsSelected}
+            onToggleModel={onToggleModel}
+            onExitAllowAll={onExitAllowAll}
+            readOnly={readOnly}
+            defaultExpanded={autoExpand}
+          />
+        ))}
+      </div>
+    </div>
+  );
+}
+
+function ModelsPermissionsTab({
+  allowAllModels,
+  modelSet,
+  onAllowAllChange,
+  onModelSetChange,
+  readOnly = false,
+  searchQuery,
+}: ModelsPermissionsTabProps) {
+  const deferredSearchQuery = useDeferredValue(searchQuery);
+  const allModelsConnections = useAiProviderKeys();
+
+  const toggleModel = (connectionId: string, modelId: string) => {
+    const current = modelSet[connectionId] ?? [];
+    const newModelSet = { ...modelSet };
+    if (current.includes(modelId)) {
+      const filtered = current.filter((m) => m !== modelId);
+      if (filtered.length === 0) {
+        delete newModelSet[connectionId];
+      } else {
+        newModelSet[connectionId] = filtered;
+      }
+    } else {
+      newModelSet[connectionId] = [...current, modelId];
+    }
+    onModelSetChange(newModelSet);
+  };
+
+  // Switch from "all models" to a specific selection while preserving every
+  // model in the clicked connection except the one the user just turned off.
+  const exitAllowAll = (
+    connectionId: string,
+    allModelIds: string[],
+    excludeModelId: string,
+  ) => {
+    onAllowAllChange(false);
+    onModelSetChange({
+      ...modelSet,
+      [connectionId]: allModelIds.filter((id) => id !== excludeModelId),
+    });
+  };
+
+  return (
+    <div className="flex flex-col h-full overflow-auto gap-6 pb-6">
+      <div
+        className={cn(
+          "flex items-center justify-between px-4 py-3 rounded-lg border border-border bg-card",
+          !readOnly && "hover:bg-muted/50 cursor-pointer",
+        )}
+        onClick={() => {
+          if (readOnly) return;
+          const newValue = !allowAllModels;
+          onAllowAllChange(newValue);
+          if (newValue) onModelSetChange({});
+        }}
+      >
+        <span className="text-sm font-medium">All models</span>
+        <div onClick={(e) => e.stopPropagation()}>
+          {readOnly ? (
+            <TooltipProvider>
+              <Tooltip>
+                <TooltipTrigger asChild>
+                  <div>
+                    <Switch
+                      checked={allowAllModels}
+                      disabled
+                      onCheckedChange={() => {}}
+                    />
+                  </div>
+                </TooltipTrigger>
+                <TooltipContent>
+                  <p>Built-in role permissions cannot be changed</p>
+                </TooltipContent>
+              </Tooltip>
+            </TooltipProvider>
+          ) : (
+            <Switch
+              checked={allowAllModels}
+              onCheckedChange={(checked) => {
+                onAllowAllChange(checked);
+                if (checked) onModelSetChange({});
+              }}
+            />
+          )}
+        </div>
+      </div>
+      {allModelsConnections.length === 0 ? (
+        <div className="flex items-center justify-center py-8 text-sm text-muted-foreground">
+          No LLM connections configured
+        </div>
+      ) : (
+        allModelsConnections.map((conn) => (
+          <Suspense
+            key={conn.id}
+            fallback={
+              <div className="px-4 py-3 flex items-center gap-2 text-sm text-muted-foreground">
+                <Loading01 className="size-4 animate-spin" />
+                Loading models...
+              </div>
+            }
+          >
+            <ConnectionModelsSection
+              connection={conn}
+              selectedModels={modelSet[conn.id] ?? []}
+              allowAllModels={allowAllModels}
+              onToggleModel={toggleModel}
+              onExitAllowAll={exitAllowAll}
+              allConnectionModelsSelected={(modelSet[conn.id] ?? []).includes(
+                "*",
+              )}
+              searchQuery={deferredSearchQuery}
+              readOnly={readOnly}
+            />
+          </Suspense>
+        ))
+      )}
+    </div>
+  );
+}
+
+// ============================================================================
+// Add Member Dialog
+// ============================================================================
+
+function AddMemberDialog({
+  open,
+  onOpenChange,
+  selectedMemberIds,
+  onAddMembers,
+}: {
+  open: boolean;
+  onOpenChange: (open: boolean) => void;
+  selectedMemberIds: string[];
+  onAddMembers: (memberIds: string[]) => void;
+}) {
+  const [searchQuery, setSearchQuery] = useState("");
+  const deferredSearchQuery = useDeferredValue(searchQuery);
+  const [pendingMemberIds, setPendingMemberIds] = useState<string[]>([]);
+
+  const { data } = useMembers();
+  const members = data?.data?.members ?? [];
+  type Member = (typeof members)[number];
+
+  const filteredMembers = members.filter((member: Member) => {
+    const q = deferredSearchQuery.toLowerCase();
+    return (
+      member.user?.name?.toLowerCase().includes(q) ||
+      member.user?.email?.toLowerCase().includes(q)
+    );
+  });
+
+  const handleAdd = () => {
+    onAddMembers(pendingMemberIds);
+    setPendingMemberIds([]);
+    onOpenChange(false);
+  };
+
+  return (
+    <AlertDialog open={open} onOpenChange={onOpenChange}>
+      <AlertDialogContent className="sm:max-w-md p-0 overflow-hidden">
+        <AlertDialogHeader className="px-6 pt-6">
+          <AlertDialogTitle>Add Members to Role</AlertDialogTitle>
+          <AlertDialogDescription>
+            Select members to add to this role.
+          </AlertDialogDescription>
+        </AlertDialogHeader>
+        <div className="flex flex-col h-80">
+          <div className="border-b border-border px-4 py-3">
+            <SearchInput
+              value={searchQuery}
+              onChange={setSearchQuery}
+              placeholder="Search members..."
+              className="w-full"
+            />
+          </div>
+          <div className="flex-1 overflow-auto">
+            {filteredMembers.length === 0 ? (
+              <div className="flex items-center justify-center h-full px-6">
+                <p className="text-sm text-muted-foreground">
+                  {searchQuery ? "No members found" : "No members available"}
+                </p>
+              </div>
+            ) : (
+              <div className="px-6 py-2 space-y-1">
+                {filteredMembers.map((member: Member) => {
+                  const eligible = member.role !== "owner";
+                  const alreadyInRole = selectedMemberIds.includes(member.id);
+                  const isSelected = pendingMemberIds.includes(member.id);
+                  return (
+                    <label
+                      key={member.id}
+                      className={cn(
+                        "flex items-center gap-3 p-2 rounded-lg",
+                        !eligible || alreadyInRole
+                          ? "opacity-50 cursor-not-allowed"
+                          : "cursor-pointer hover:bg-muted/50",
+                      )}
+                    >
+                      <Checkbox
+                        checked={isSelected || alreadyInRole}
+                        onCheckedChange={() => {
+                          if (!eligible || alreadyInRole) return;
+                          setPendingMemberIds((prev) =>
+                            prev.includes(member.id)
+                              ? prev.filter((id) => id !== member.id)
+                              : [...prev, member.id],
+                          );
+                        }}
+                        disabled={!eligible || alreadyInRole}
+                      />
+                      <Avatar
+                        url={member.user?.image ?? undefined}
+                        fallback={getInitials(member.user?.name)}
+                        shape="circle"
+                        size="sm"
+                      />
+                      <div className="flex-1 min-w-0">
+                        <p className="text-sm font-medium truncate">
+                          {member.user?.name || "Unknown"}
+                        </p>
+                        <p className="text-xs text-muted-foreground truncate">
+                          {member.user?.email}
+                        </p>
+                      </div>
+                      {!eligible && (
+                        <Badge variant="secondary" className="shrink-0">
+                          Owner
+                        </Badge>
+                      )}
+                      {alreadyInRole && eligible && (
+                        <Badge variant="outline" className="shrink-0">
+                          Added
+                        </Badge>
+                      )}
+                    </label>
+                  );
+                })}
+              </div>
+            )}
+          </div>
+        </div>
+        <AlertDialogFooter className="px-6 pb-6">
+          <AlertDialogCancel>Cancel</AlertDialogCancel>
+          <AlertDialogAction
+            onClick={handleAdd}
+            disabled={pendingMemberIds.length === 0}
+          >
+            Add {pendingMemberIds.length > 0 && `(${pendingMemberIds.length})`}
+          </AlertDialogAction>
+        </AlertDialogFooter>
+      </AlertDialogContent>
+    </AlertDialog>
+  );
+}
+
+// ============================================================================
+// Members Tab
+// ============================================================================
+
+function MembersTabContent({
+  memberIds,
+  onMemberIdsChange,
+  readOnly = false,
+  searchQuery,
+  addMemberDialogOpen,
+  onAddMemberDialogOpenChange,
+}: {
+  memberIds: string[];
+  onMemberIdsChange: (memberIds: string[]) => void;
+  readOnly?: boolean;
+  searchQuery: string;
+  addMemberDialogOpen: boolean;
+  onAddMemberDialogOpenChange: (open: boolean) => void;
+}) {
+  const deferredSearchQuery = useDeferredValue(searchQuery);
+
+  const { data } = useMembers();
+  const members = data?.data?.members ?? [];
+  type Member = (typeof members)[number];
+
+  const roleMembers = members.filter((m: Member) => memberIds.includes(m.id));
+  const filteredMembers = roleMembers.filter((member: Member) => {
+    const q = deferredSearchQuery.toLowerCase();
+    return (
+      member.user?.name?.toLowerCase().includes(q) ||
+      member.user?.email?.toLowerCase().includes(q)
+    );
+  });
+
+  return (
+    <div className="flex flex-col h-full">
+      <div className="flex-1 overflow-auto">
+        {roleMembers.length === 0 ? (
+          <div className="flex items-center justify-center h-full">
+            <div className="text-center">
+              <h3 className="text-base font-medium mb-1">No members</h3>
+              <p className="text-sm text-muted-foreground">
+                Add members to grant them the configured permissions.
+              </p>
+            </div>
+          </div>
+        ) : filteredMembers.length === 0 ? (
+          <div className="flex items-center justify-center h-full">
+            <p className="text-sm text-muted-foreground">
+              No members match "{searchQuery}"
+            </p>
+          </div>
+        ) : (
+          <div className="p-4 space-y-2">
+            {filteredMembers.map((member: Member) => (
+              <div
+                key={member.id}
+                className="flex items-center gap-3 p-3 rounded-lg bg-muted/30"
+              >
+                <Avatar
+                  url={member.user?.image ?? undefined}
+                  fallback={getInitials(member.user?.name)}
+                  shape="circle"
+                  size="sm"
+                />
+                <div className="flex-1 min-w-0">
+                  <p className="text-sm font-medium truncate">
+                    {member.user?.name || "Unknown"}
+                  </p>
+                  <p className="text-xs text-muted-foreground truncate">
+                    {member.user?.email}
+                  </p>
+                </div>
+                {readOnly ? (
+                  <TooltipProvider>
+                    <Tooltip>
+                      <TooltipTrigger asChild>
+                        <div>
+                          <Button variant="ghost" size="sm" disabled>
+                            <X size={16} />
+                          </Button>
+                        </div>
+                      </TooltipTrigger>
+                      <TooltipContent>
+                        <p>Owner membership cannot be changed</p>
+                      </TooltipContent>
+                    </Tooltip>
+                  </TooltipProvider>
+                ) : (
+                  <Button
+                    variant="ghost"
+                    size="sm"
+                    onClick={() =>
+                      onMemberIdsChange(
+                        memberIds.filter((id) => id !== member.id),
+                      )
+                    }
+                  >
+                    <X size={16} />
+                  </Button>
+                )}
+              </div>
+            ))}
+          </div>
+        )}
+      </div>
+      <AddMemberDialog
+        open={addMemberDialogOpen}
+        onOpenChange={onAddMemberDialogOpenChange}
+        selectedMemberIds={memberIds}
+        onAddMembers={(ids) => onMemberIdsChange([...memberIds, ...ids])}
+      />
+    </div>
+  );
+}
+
+function MembersTab(props: {
+  memberIds: string[];
+  onMemberIdsChange: (memberIds: string[]) => void;
+  readOnly?: boolean;
+  searchQuery: string;
+  addMemberDialogOpen: boolean;
+  onAddMemberDialogOpenChange: (open: boolean) => void;
+}) {
+  return (
+    <Suspense
+      fallback={
+        <div className="flex items-center justify-center h-full">
+          <Loading01 size={24} className="animate-spin text-muted-foreground" />
+        </div>
+      }
+    >
+      <MembersTabContent {...props} />
+    </Suspense>
+  );
+}
+
+// ============================================================================
+// Built-in Role Helpers
+// ============================================================================
+
+const BUILTIN_ROLE_PERMISSIONS: Record<"owner" | "admin" | "user", string[]> = {
+  owner: [],
+  admin: [],
+  user: [],
+};
+
+type MemberLike = { id: string; role: string };
+
+function loadBuiltinRoleIntoForm(
+  role: "owner" | "admin" | "user",
+  members: Array<{ id: string; role: string }>,
+  storedData?: { id?: string; permission?: Record<string, string[]> },
+  connections?: ConnectionEntity[],
+): RoleFormData {
+  if (storedData?.permission != null && connections) {
+    return convertRoleToFormData(
+      {
+        id: storedData.id,
+        role,
+        label: role.charAt(0).toUpperCase() + role.slice(1),
+        isBuiltin: true,
+        permission: storedData.permission,
+      },
+      members,
+      connections,
+    );
+  }
+  const isOwnerOrAdmin = role === "owner" || role === "admin";
+  return {
+    role: {
+      id: storedData?.id,
+      slug: role,
+      label: role.charAt(0).toUpperCase() + role.slice(1),
+    },
+    allowAllStaticPermissions: isOwnerOrAdmin,
+    staticPermissions: BUILTIN_ROLE_PERMISSIONS[role],
+    toolSet: {},
+    allowAllModels: true,
+    modelSet: {},
+    memberIds: members.filter((m) => m.role === role).map((m) => m.id),
+  };
+}
+
+function convertRoleToFormData(
+  role: OrganizationRole,
+  members: MemberLike[],
+  connections: ConnectionEntity[],
+): RoleFormData {
+  const permission = role.permission || {};
+  const selfPerms = permission["self"] || [];
+  const hasAllStaticPerms = selfPerms.includes("*");
+  const staticPerms = hasAllStaticPerms
+    ? []
+    : selfPerms.filter((p) => p !== "*");
+
+  const toolSet: Record<string, string[]> = {};
+  for (const [key, tools] of Object.entries(permission)) {
+    if (key === "self" || key === "models") continue;
+    if (key === "*") {
+      for (const conn of connections) {
+        toolSet[conn.id] = tools.includes("*")
+          ? (conn.tools?.map((t) => t.name) ?? [])
+          : tools;
+      }
+    } else {
+      const conn = connections.find((c) => c.id === key);
+      if (conn) {
+        toolSet[key] = tools.includes("*")
+          ? (conn.tools?.map((t) => t.name) ?? [])
+          : tools;
+      }
+    }
+  }
+
+  const modelsEntries = permission["models"] || [];
+  const hasAllModels =
+    modelsEntries.length === 0 || modelsEntries.includes("*:*");
+  const modelSet: Record<string, string[]> = {};
+  if (!hasAllModels) {
+    for (const entry of modelsEntries) {
+      const colonIdx = entry.indexOf(":");
+      if (colonIdx === -1) continue;
+      const keyId = entry.slice(0, colonIdx);
+      const modelId = entry.slice(colonIdx + 1);
+      if (!modelSet[keyId]) modelSet[keyId] = [];
+      modelSet[keyId].push(modelId);
+    }
+  }
+
+  return {
+    role: { id: role.id, slug: role.role, label: role.label },
+    allowAllStaticPermissions: hasAllStaticPerms,
+    staticPermissions: staticPerms,
+    toolSet,
+    allowAllModels: hasAllModels,
+    modelSet,
+    memberIds: members.filter((m) => m.role === role.role).map((m) => m.id),
+  };
+}
+
+function buildPermission(
+  data: RoleFormData,
+  connections: ConnectionEntity[],
+): Record<string, string[]> {
+  const permission: Record<string, string[]> = {};
+  if (data.allowAllStaticPermissions) {
+    permission["self"] = ["*"];
+  } else {
+    const tools = new Set(data.staticPermissions);
+    for (const tool of BASIC_USAGE_TOOLS) tools.add(tool);
+    if (tools.size > 0) permission["self"] = Array.from(tools);
+  }
+  for (const [connectionId, tools] of Object.entries(data.toolSet)) {
+    if (tools.length > 0) {
+      const conn = connections.find((c) => c.id === connectionId);
+      const allTools = conn?.tools?.map((t) => t.name) ?? [];
+      permission[connectionId] =
+        allTools.length > 0 && allTools.every((t) => tools.includes(t))
+          ? ["*"]
+          : tools;
+    }
+  }
+  if (data.allowAllModels) {
+    permission["models"] = ["*:*"];
+  } else {
+    const modelEntries: string[] = [];
+    for (const [keyId, models] of Object.entries(data.modelSet)) {
+      for (const modelId of models) {
+        modelEntries.push(`${keyId}:${modelId}`);
+      }
+    }
+    if (modelEntries.length > 0) permission["models"] = modelEntries;
+  }
+  return permission;
+}
+
+function getInitialFormValues(
+  target: RoleEditorTarget,
+  members: MemberLike[],
+  connections: ConnectionEntity[],
+): RoleFormData {
+  if (target.kind === "builtin") {
+    return loadBuiltinRoleIntoForm(
+      target.role,
+      members,
+      target.storedId != null
+        ? { id: target.storedId, permission: target.storedPermission }
+        : undefined,
+      connections,
+    );
+  }
+  if (target.kind === "custom") {
+    return convertRoleToFormData(target.role, members, connections);
+  }
+  return {
+    role: { id: undefined, slug: undefined, label: "" },
+    allowAllStaticPermissions: false,
+    staticPermissions: [],
+    toolSet: {},
+    allowAllModels: true,
+    modelSet: {},
+    memberIds: [],
+  };
+}
+
+// ============================================================================
+// Role Detail Page
+// ============================================================================
+
+function MembersAddButton({
+  readOnly,
+  onOpen,
+}: {
+  readOnly: boolean;
+  onOpen: () => void;
+}) {
+  if (readOnly) {
+    return (
+      <TooltipProvider>
+        <Tooltip>
+          <TooltipTrigger asChild>
+            <div>
+              <Button variant="outline" size="sm" disabled>
+                <Plus size={16} />
+                Add Member
+              </Button>
+            </div>
+          </TooltipTrigger>
+          <TooltipContent>
+            <p>Owner membership cannot be changed</p>
+          </TooltipContent>
+        </Tooltip>
+      </TooltipProvider>
+    );
+  }
+  return (
+    <Button variant="outline" size="sm" onClick={onOpen}>
+      <Plus size={16} />
+      Add Member
+    </Button>
+  );
+}
+
+interface RoleDetailPageProps {
+  target: RoleEditorTarget;
+  onBack: () => void;
+  onSaved: (id: string | undefined) => void;
+}
+
+export function RoleDetailPage(props: RoleDetailPageProps) {
+  const { locator } = useProjectContext();
+  const orgAuth = useOrgAuthClient();
+  const connections = useConnections();
+
+  const { data: membersData, isPending: membersPending } = useQuery({
+    queryKey: KEYS.members(locator),
+    queryFn: () => orgAuth.organization.listMembers(),
+  });
+
+  if (membersPending || !connections) {
+    return (
+      <Page>
+        <div className="flex items-center justify-center h-full">
+          <Loading01 size={32} className="animate-spin text-muted-foreground" />
+        </div>
+      </Page>
+    );
+  }
+
+  const members: MemberLike[] = membersData?.data?.members ?? [];
+  return (
+    <RoleDetailPageInner
+      {...props}
+      members={members}
+      connections={connections}
+    />
+  );
+}
+
+function RoleDetailPageInner({
+  target,
+  onBack,
+  onSaved,
+  members,
+  connections,
+}: RoleDetailPageProps & {
+  members: MemberLike[];
+  connections: ConnectionEntity[];
+}) {
+  const { locator } = useProjectContext();
+  const orgAuth = useOrgAuthClient();
+  const queryClient = useQueryClient();
+
+  const isBuiltin = target.kind === "builtin";
+  const isOwnerBuiltin = target.kind === "builtin" && target.role === "owner";
+  const isNew = target.kind === "new";
+
+  const [activeTab, setActiveTab] = useState<
+    "mcp" | "org" | "models" | "members"
+  >(isBuiltin ? "org" : "mcp");
+
+  const form = useForm<RoleFormData>({
+    resolver: zodResolver(roleFormSchema),
+    defaultValues: getInitialFormValues(target, members, connections),
+  });
+
+  const isFormValid = form.formState.isValid;
+  const isFormDirty = form.formState.isDirty;
+
+  const saveMutation = useMutation({
+    mutationFn: async (formData: RoleFormData) => {
+      const permission = buildPermission(formData, connections);
+      const roleSlug =
+        formData.role.slug ||
+        formData.role.label.toLowerCase().replace(/\s+/g, "-");
+      const isOwnerBuiltinSave =
+        formData.role.slug === "owner" && !formData.role.id;
+      const isEditableBuiltinFirstSave =
+        (formData.role.slug === "admin" || formData.role.slug === "user") &&
+        !formData.role.id;
+
+      const syncMembers = async (currentSlug: string) => {
+        const currentIds = members
+          .filter((m) => m.role === currentSlug)
+          .map((m) => m.id);
+        const toAdd = formData.memberIds.filter(
+          (id) => !currentIds.includes(id),
+        );
+        const toRemove = currentIds.filter(
+          (id: string) => !formData.memberIds.includes(id),
+        );
+        for (const memberId of toAdd) {
+          const r = await orgAuth.organization.updateMemberRole({
+            memberId,
+            role: [currentSlug],
+          });
+          if (r?.error)
+            throw new Error(r.error.message ?? "Something went wrong");
+        }
+        for (const memberId of toRemove) {
+          const r = await orgAuth.organization.updateMemberRole({
+            memberId,
+            role: ["user"],
+          });
+          if (r?.error)
+            throw new Error(r.error.message ?? "Something went wrong");
+        }
+      };
+
+      if (isOwnerBuiltinSave) {
+        await syncMembers("owner");
+        return formData;
+      } else if (formData.role.id) {
+        const r = await orgAuth.organization.updateRole({
+          roleId: formData.role.id,
+          data: { permission },
+        });
+        if (r?.error)
+          throw new Error(r.error.message ?? "Something went wrong");
+        await syncMembers(formData.role.slug!);
+        return formData;
+      } else if (isEditableBuiltinFirstSave) {
+        const r = await orgAuth.organization.createRole({
+          role: formData.role.slug!,
+          permission,
+        });
+        if (r?.error)
+          throw new Error(r.error.message ?? "Something went wrong");
+        await syncMembers(formData.role.slug!);
+        return {
+          ...formData,
+          role: { ...formData.role, id: r.data?.roleData?.id },
+        };
+      } else {
+        const r = await orgAuth.organization.createRole({
+          role: roleSlug,
+          permission,
+        });
+        if (r?.error)
+          throw new Error(r.error.message ?? "Something went wrong");
+        for (const memberId of formData.memberIds) {
+          const mr = await orgAuth.organization.updateMemberRole({
+            memberId,
+            role: [roleSlug],
+          });
+          if (mr?.error) throw new Error(mr.error.message);
+        }
+        return {
+          ...formData,
+          role: {
+            ...formData.role,
+            id: r.data?.roleData?.id,
+            slug: roleSlug,
+          },
+        };
+      }
+    },
+    onSuccess: (data, variables) => {
+      queryClient.invalidateQueries({ queryKey: KEYS.members(locator) });
+      queryClient.invalidateQueries({
+        queryKey: KEYS.organizationRoles(locator),
+      });
+      const wasNew = !variables.role.id && !variables.role.slug;
+      const wasOwnerBuiltin =
+        variables.role.slug === "owner" && !variables.role.id;
+      track(
+        wasOwnerBuiltin
+          ? "role_members_updated"
+          : wasNew
+            ? "role_created"
+            : "role_updated",
+        { role_slug: variables.role.slug ?? null },
+      );
+      toast.success(
+        wasOwnerBuiltin
+          ? "Members updated successfully!"
+          : wasNew
+            ? "Role created successfully!"
+            : "Role updated successfully!",
+      );
+      form.reset(data);
+      onSaved(data.role.id);
+    },
+    onError: (error) => {
+      toast.error(
+        error instanceof Error ? error.message : "Failed to save role",
+      );
+    },
+  });
+
+  const handleSubmit = form.handleSubmit((data) => {
+    if (!data.role.label.trim()) {
+      toast.error("Role name is required");
+      form.setFocus("role.label");
+      return;
+    }
+    saveMutation.mutate(data);
+  });
+
+  const showSaveActions = !isOwnerBuiltin;
+
+  const roleName =
+    target.kind === "builtin"
+      ? target.role.charAt(0).toUpperCase() + target.role.slice(1)
+      : target.kind === "custom"
+        ? target.role.label
+        : "";
+
+  const tabs = [
+    ...(!isOwnerBuiltin
+      ? [{ id: "mcp" as const, label: "MCP Permissions" }]
+      : []),
+    { id: "org" as const, label: "Organization Permissions" },
+    { id: "models" as const, label: "Models" },
+    { id: "members" as const, label: "Members" },
+  ];
+
+  const [searchQuery, setSearchQuery] = useState("");
+  const [addMemberDialogOpen, setAddMemberDialogOpen] = useState(false);
+
+  const handleTabChange = (tab: typeof activeTab) => {
+    setActiveTab(tab);
+    setSearchQuery("");
+  };
+
+  const searchPlaceholders: Record<string, string> = {
+    mcp: "Search MCP servers...",
+    org: "Search permissions...",
+    models: "Search models...",
+    members: "Search members...",
+  };
+
+  return (
+    <Page>
+      <Page.Content
+        className={cn(
+          "flex flex-col",
+          activeTab !== "org" && "overflow-hidden",
+        )}
+      >
+        <div className="shrink-0 mx-auto w-full max-w-[1200px] px-4 md:px-10 pt-8 md:pt-12 pb-4">
+          <div className="flex flex-col gap-5">
+            <Page.Title
+              actions={
+                showSaveActions && (
+                  <>
+                    <Button
+                      variant="outline"
+                      size="sm"
+                      onClick={onBack}
+                      disabled={saveMutation.isPending}
+                    >
+                      Cancel
+                    </Button>
+                    <Button
+                      size="sm"
+                      onClick={handleSubmit}
+                      disabled={
+                        saveMutation.isPending || !isFormValid || !isFormDirty
+                      }
+                    >
+                      {saveMutation.isPending
+                        ? "Saving..."
+                        : isNew
+                          ? "Create Role"
+                          : "Save Changes"}
+                    </Button>
+                  </>
+                )
+              }
+            >
+              <div className="flex items-center gap-2.5 min-w-0">
+                <div
+                  className={cn(
+                    "size-2.5 rounded-full shrink-0",
+                    target.kind === "builtin"
+                      ? getRoleDotColor(target.role, true)
+                      : target.kind === "custom"
+                        ? getRoleDotColor(target.role.role, false)
+                        : getRoleColor(form.watch("role.label")),
+                  )}
+                />
+                {isOwnerBuiltin && (
+                  <Lock01
+                    size={16}
+                    className="text-muted-foreground shrink-0"
+                  />
+                )}
+                {isNew ? (
+                  <input
+                    {...form.register("role.label")}
+                    placeholder="Role name"
+                    className="leading-tight text-foreground bg-transparent border-none outline-none px-1 -mx-1 rounded hover:bg-input/25 focus:bg-input/25 transition-colors w-64 placeholder:text-muted-foreground/50"
+                    autoFocus
+                  />
+                ) : (
+                  <span className="truncate">{roleName}</span>
+                )}
+              </div>
+            </Page.Title>
+
+            <div className="flex items-center gap-2">
+              {tabs.map((tab) => (
+                <button
+                  key={tab.id}
+                  type="button"
+                  onClick={() => handleTabChange(tab.id)}
+                  className={cn(
+                    "h-7 px-2 text-sm rounded-lg border border-input transition-colors inline-flex items-center",
+                    activeTab === tab.id
+                      ? "bg-accent border-border text-foreground"
+                      : "bg-transparent text-muted-foreground hover:border-border hover:bg-accent/50 hover:text-foreground",
+                  )}
+                >
+                  {tab.label}
+                </button>
+              ))}
+            </div>
+
+            <div className="flex items-center justify-between gap-3">
+              <SearchInput
+                value={searchQuery}
+                onChange={setSearchQuery}
+                placeholder={searchPlaceholders[activeTab] ?? "Search..."}
+                className="w-full md:w-[375px]"
+              />
+              {activeTab === "members" && (
+                <MembersAddButton
+                  readOnly={
+                    target.kind === "builtin" && target.role === "owner"
+                  }
+                  onOpen={() => setAddMemberDialogOpen(true)}
+                />
+              )}
+            </div>
+          </div>
+        </div>
+
+        <div
+          className={cn(
+            "mx-auto w-full max-w-[1200px] px-4 md:px-10 pb-6",
+            activeTab !== "org" && "flex-1 min-h-0",
+          )}
+        >
+          <div
+            className={cn(
+              activeTab !== "org" && "h-full overflow-hidden",
+              activeTab !== "models" &&
+                activeTab !== "org" &&
+                "border border-border rounded-xl bg-card",
+            )}
+          >
+            {activeTab === "mcp" && !isOwnerBuiltin && (
+              <ToolSetSelector
+                toolSet={form.watch("toolSet")}
+                onToolSetChange={(newToolSet) =>
+                  form.setValue("toolSet", newToolSet, { shouldDirty: true })
+                }
+                searchQuery={searchQuery}
+              />
+            )}
+            {activeTab === "org" && (
+              <OrgPermissionsTab
+                allowAllStaticPermissions={form.watch(
+                  "allowAllStaticPermissions",
+                )}
+                staticPermissions={form.watch("staticPermissions")}
+                onAllowAllChange={(v) =>
+                  form.setValue("allowAllStaticPermissions", v, {
+                    shouldDirty: true,
+                  })
+                }
+                onPermissionsChange={(v) =>
+                  form.setValue("staticPermissions", v, { shouldDirty: true })
+                }
+                readOnly={isOwnerBuiltin}
+                searchQuery={searchQuery}
+              />
+            )}
+            {activeTab === "models" && (
+              <ModelsPermissionsTab
+                allowAllModels={form.watch("allowAllModels")}
+                modelSet={form.watch("modelSet")}
+                onAllowAllChange={(v) =>
+                  form.setValue("allowAllModels", v, { shouldDirty: true })
+                }
+                onModelSetChange={(v) =>
+                  form.setValue("modelSet", v, { shouldDirty: true })
+                }
+                readOnly={isOwnerBuiltin}
+                searchQuery={searchQuery}
+              />
+            )}
+            {activeTab === "members" && (
+              <MembersTab
+                memberIds={form.watch("memberIds")}
+                onMemberIdsChange={(v) =>
+                  form.setValue("memberIds", v, { shouldDirty: true })
+                }
+                readOnly={target.kind === "builtin" && target.role === "owner"}
+                searchQuery={searchQuery}
+                addMemberDialogOpen={addMemberDialogOpen}
+                onAddMemberDialogOpenChange={setAddMemberDialogOpen}
+              />
+            )}
+          </div>
+        </div>
+      </Page.Content>
+    </Page>
+  );
+}
+
+export function getTargetKey(target: RoleEditorTarget): string {
+  if (target.kind === "builtin") return `builtin-${target.role}`;
+  if (target.kind === "custom") return `custom-${target.role.id}`;
+  return "new";
+}
diff --git a/apps/mesh/src/web/views/settings/org-sso.tsx b/apps/mesh/src/web/views/settings/org-sso.tsx
index 6e961d453b..b6f71838af 100644
--- a/apps/mesh/src/web/views/settings/org-sso.tsx
+++ b/apps/mesh/src/web/views/settings/org-sso.tsx
@@ -1,9 +1,9 @@
 import { useState } from "react";
+import { DomainSettings } from "@/web/components/settings/domain-settings";
 import { toast } from "sonner";
 import { Page } from "@/web/components/page";
 import { Button } from "@deco/ui/components/button.tsx";
 import { Input } from "@deco/ui/components/input.tsx";
-import { Label } from "@deco/ui/components/label.tsx";
 import { Switch } from "@deco/ui/components/switch.tsx";
 import { useProjectContext } from "@decocms/mesh-sdk";
 import {
@@ -12,14 +12,22 @@ import {
   useDeleteOrgSsoConfig,
   useToggleSsoEnforcement,
 } from "@/web/hooks/use-org-sso";
-import { CheckCircle, AlertCircle, Trash01 } from "@untitledui/icons";
+import {
+  SettingsCard,
+  SettingsCardActions,
+  SettingsCardItem,
+  SettingsPage,
+  SettingsSection,
+} from "@/web/components/settings/settings-section";
+import { Trash01 } from "@untitledui/icons";
+import { track } from "@/web/lib/posthog-client";
 
 export function OrgSsoPage() {
   const { org } = useProjectContext();
-  const { data: ssoData, isLoading } = useOrgSsoConfig(org.id);
-  const saveMutation = useSaveOrgSsoConfig(org.id);
-  const deleteMutation = useDeleteOrgSsoConfig(org.id);
-  const enforceMutation = useToggleSsoEnforcement(org.id);
+  const { data: ssoData, isLoading } = useOrgSsoConfig(org.id, org.slug);
+  const saveMutation = useSaveOrgSsoConfig(org.id, org.slug);
+  const deleteMutation = useDeleteOrgSsoConfig(org.id, org.slug);
+  const enforceMutation = useToggleSsoEnforcement(org.id, org.slug);
 
   const [formState, setFormState] = useState({
     issuer: "",
@@ -70,6 +78,10 @@ export function OrgSsoPage() {
         domain: formState.domain,
         enforced: config?.enforced ?? false,
       });
+      track(isConfigured ? "sso_config_updated" : "sso_configured", {
+        organization_id: org.id,
+        email_domain: formState.domain,
+      });
       toast.success("SSO configuration saved");
       setIsEditing(false);
     } catch (err) {
@@ -83,6 +95,7 @@ export function OrgSsoPage() {
     if (!confirm("Are you sure you want to remove SSO configuration?")) return;
     try {
       await deleteMutation.mutateAsync();
+      track("sso_config_removed", { organization_id: org.id });
       toast.success("SSO configuration removed");
       setIsEditing(false);
     } catch {
@@ -93,6 +106,10 @@ export function OrgSsoPage() {
   const handleEnforceToggle = async (enforced: boolean) => {
     try {
       await enforceMutation.mutateAsync(enforced);
+      track("sso_enforcement_toggled", {
+        organization_id: org.id,
+        enforced,
+      });
       toast.success(
         enforced ? "SSO enforcement enabled" : "SSO enforcement disabled",
       );
@@ -105,135 +122,117 @@ export function OrgSsoPage() {
     <Page>
       <Page.Content>
         <Page.Body>
-          <div className="flex flex-col gap-6">
-            <Page.Title>Single Sign-On</Page.Title>
+          <SettingsPage>
+            <Page.Title>Security</Page.Title>
+            <DomainSettings />
             {isLoading ? (
               <div className="text-sm text-muted-foreground">Loading...</div>
             ) : (
-              <div className="flex flex-col gap-6">
+              <>
                 {/* Status */}
                 {isConfigured && !isEditing && (
-                  <div className="flex flex-col gap-4">
-                    <div className="flex items-center gap-2 p-3 rounded-md bg-muted/50">
-                      <CheckCircle size={16} className="text-green-600" />
-                      <span className="text-sm font-medium">
-                        SSO Configured
-                      </span>
-                      <span className="text-xs text-muted-foreground ml-auto">
-                        {config!.issuer}
-                      </span>
-                    </div>
-
-                    <div className="flex flex-col gap-3 text-sm">
-                      <div className="flex justify-between">
-                        <span className="text-muted-foreground">Provider</span>
-                        <span className="font-medium">{config!.issuer}</span>
-                      </div>
-                      <div className="flex justify-between">
-                        <span className="text-muted-foreground">Client ID</span>
-                        <span className="font-mono text-xs">
-                          {config!.clientId}
-                        </span>
-                      </div>
-                      <div className="flex justify-between">
-                        <span className="text-muted-foreground">Domain</span>
-                        <span className="font-medium">{config!.domain}</span>
-                      </div>
-                      <div className="flex justify-between">
-                        <span className="text-muted-foreground">Scopes</span>
-                        <span className="font-mono text-xs">
-                          {config!.scopes.join(" ")}
-                        </span>
-                      </div>
-                    </div>
-
-                    {/* Enforce toggle */}
-                    <div className="flex items-center justify-between p-3 rounded-md border border-border">
-                      <div>
-                        <p className="text-sm font-medium">Enforce SSO</p>
-                        <p className="text-xs text-muted-foreground">
-                          Require all members to authenticate via SSO
-                        </p>
-                      </div>
-                      <Switch
-                        checked={config!.enforced}
-                        onCheckedChange={handleEnforceToggle}
-                        disabled={enforceMutation.isPending}
+                  <SettingsSection title="Single Sign-On">
+                    <SettingsCard>
+                      <SettingsCardItem
+                        title="Provider"
+                        action={
+                          <span className="font-medium">{config!.issuer}</span>
+                        }
                       />
-                    </div>
-
-                    {/* Actions */}
-                    <div className="flex gap-2">
-                      <Button
-                        variant="outline"
-                        size="sm"
-                        onClick={startEditing}
-                      >
-                        Edit configuration
-                      </Button>
-                      <Button
-                        variant="outline"
-                        size="sm"
-                        onClick={() => {
-                          window.open(
-                            `/api/org-sso/authorize?orgId=${org.id}`,
-                            "_blank",
-                          );
-                        }}
-                      >
-                        Test SSO
-                      </Button>
-                      <Button
-                        variant="ghost"
-                        size="sm"
-                        onClick={handleDelete}
-                        disabled={deleteMutation.isPending}
-                        className="text-destructive hover:text-destructive ml-auto"
-                      >
-                        <Trash01 size={14} />
-                        Remove
-                      </Button>
-                    </div>
-                  </div>
+                      <SettingsCardItem
+                        title="Client ID"
+                        action={
+                          <span className="font-mono text-xs">
+                            {config!.clientId}
+                          </span>
+                        }
+                      />
+                      <SettingsCardItem
+                        title="Domain"
+                        action={
+                          <span className="font-medium">{config!.domain}</span>
+                        }
+                      />
+                      <SettingsCardItem
+                        title="Scopes"
+                        action={
+                          <span className="font-mono text-xs">
+                            {config!.scopes.join(" ")}
+                          </span>
+                        }
+                      />
+                      <div className="h-px bg-border mx-5" />
+                      <SettingsCardItem
+                        title="Enforce SSO"
+                        description="Require all members to authenticate via SSO"
+                        action={
+                          <Switch
+                            checked={config!.enforced}
+                            onCheckedChange={handleEnforceToggle}
+                            disabled={enforceMutation.isPending}
+                          />
+                        }
+                      />
+                      <SettingsCardActions>
+                        <Button
+                          variant="ghost"
+                          size="sm"
+                          onClick={handleDelete}
+                          disabled={deleteMutation.isPending}
+                          className="text-destructive hover:text-destructive mr-auto"
+                        >
+                          <Trash01 size={14} />
+                          Remove
+                        </Button>
+                        <Button
+                          variant="outline"
+                          size="sm"
+                          onClick={() => {
+                            window.open(
+                              `/api/${org.slug}/sso/authorize`,
+                              "_blank",
+                            );
+                          }}
+                        >
+                          Test SSO
+                        </Button>
+                        <Button
+                          variant="outline"
+                          size="sm"
+                          onClick={startEditing}
+                        >
+                          Edit configuration
+                        </Button>
+                      </SettingsCardActions>
+                    </SettingsCard>
+                  </SettingsSection>
                 )}
 
                 {/* Form (new config or editing) */}
                 {(!isConfigured || isEditing) && (
-                  <div className="flex flex-col gap-4">
-                    {!isConfigured && (
-                      <div className="flex items-center gap-2 p-3 rounded-md bg-muted/50">
-                        <AlertCircle
-                          size={16}
-                          className="text-muted-foreground"
-                        />
-                        <span className="text-sm text-muted-foreground">
-                          SSO is not configured for this organization.
-                        </span>
-                      </div>
-                    )}
-
-                    <div className="flex flex-col gap-5">
-                      <div className="flex flex-col gap-1.5">
-                        <Label htmlFor="sso-issuer">Issuer URL</Label>
-                        <Input
-                          id="sso-issuer"
-                          placeholder="https://login.microsoftonline.com/{tenant}/v2.0"
-                          value={formState.issuer}
-                          onChange={(e) =>
-                            setFormState((s) => ({
-                              ...s,
-                              issuer: e.target.value,
-                            }))
-                          }
-                        />
-                        <p className="text-xs text-muted-foreground">
-                          The OIDC issuer URL of your identity provider.
-                        </p>
-                      </div>
-
-                      <div className="grid grid-cols-2 gap-5">
-                        <div className="flex flex-col gap-1.5">
-                          <Label htmlFor="sso-client-id">Client ID</Label>
+                  <SettingsSection title="Single Sign-On">
+                    <SettingsCard>
+                      <SettingsCardItem
+                        title="Issuer URL"
+                        description="The OIDC issuer URL of your identity provider."
+                        action={
+                          <Input
+                            id="sso-issuer"
+                            placeholder="https://login.microsoftonline.com/{tenant}/v2.0"
+                            value={formState.issuer}
+                            onChange={(e) =>
+                              setFormState((s) => ({
+                                ...s,
+                                issuer: e.target.value,
+                              }))
+                            }
+                            className="w-[280px]"
+                          />
+                        }
+                      />
+                      <SettingsCardItem
+                        title="Client ID"
+                        action={
                           <Input
                             id="sso-client-id"
                             placeholder="your-client-id"
@@ -244,18 +243,18 @@ export function OrgSsoPage() {
                                 clientId: e.target.value,
                               }))
                             }
+                            className="w-[280px]"
                           />
-                        </div>
-
-                        <div className="flex flex-col gap-1.5">
-                          <Label htmlFor="sso-client-secret">
-                            Client Secret
-                            {isEditing && isConfigured && (
-                              <span className="text-muted-foreground font-normal ml-1">
-                                (leave empty to keep current)
-                              </span>
-                            )}
-                          </Label>
+                        }
+                      />
+                      <SettingsCardItem
+                        title="Client Secret"
+                        description={
+                          isEditing && isConfigured
+                            ? "Leave empty to keep current"
+                            : undefined
+                        }
+                        action={
                           <Input
                             id="sso-client-secret"
                             type="password"
@@ -267,13 +266,14 @@ export function OrgSsoPage() {
                                 clientSecret: e.target.value,
                               }))
                             }
+                            className="w-[280px]"
                           />
-                        </div>
-                      </div>
-
-                      <div className="grid grid-cols-2 gap-5">
-                        <div className="flex flex-col gap-1.5">
-                          <Label htmlFor="sso-domain">Email Domain</Label>
+                        }
+                      />
+                      <SettingsCardItem
+                        title="Email Domain"
+                        description="The email domain this SSO provider covers."
+                        action={
                           <Input
                             id="sso-domain"
                             placeholder="company.com"
@@ -284,14 +284,13 @@ export function OrgSsoPage() {
                                 domain: e.target.value,
                               }))
                             }
+                            className="w-[280px]"
                           />
-                          <p className="text-xs text-muted-foreground">
-                            The email domain that this SSO provider covers.
-                          </p>
-                        </div>
-
-                        <div className="flex flex-col gap-1.5">
-                          <Label htmlFor="sso-scopes">Scopes</Label>
+                        }
+                      />
+                      <SettingsCardItem
+                        title="Scopes"
+                        action={
                           <Input
                             id="sso-scopes"
                             placeholder="openid email profile"
@@ -302,56 +301,56 @@ export function OrgSsoPage() {
                                 scopes: e.target.value,
                               }))
                             }
+                            className="w-[280px]"
                           />
-                        </div>
-                      </div>
-
-                      <div className="flex flex-col gap-1.5">
-                        <Label htmlFor="sso-discovery">
-                          Discovery Endpoint{" "}
-                          <span className="text-muted-foreground font-normal">
-                            (optional)
-                          </span>
-                        </Label>
-                        <Input
-                          id="sso-discovery"
-                          placeholder="Auto-detected from issuer"
-                          value={formState.discoveryEndpoint}
-                          onChange={(e) =>
-                            setFormState((s) => ({
-                              ...s,
-                              discoveryEndpoint: e.target.value,
-                            }))
-                          }
-                        />
-                      </div>
-                    </div>
-
-                    <div className="flex gap-2 pt-2">
-                      <Button
-                        onClick={handleSave}
-                        disabled={saveMutation.isPending}
-                      >
-                        {saveMutation.isPending
-                          ? "Saving..."
-                          : isEditing
-                            ? "Update"
-                            : "Configure SSO"}
-                      </Button>
-                      {isEditing && (
+                        }
+                      />
+                      <SettingsCardItem
+                        title="Discovery Endpoint"
+                        description="Optional — auto-detected from issuer if omitted."
+                        action={
+                          <Input
+                            id="sso-discovery"
+                            placeholder="Auto-detected from issuer"
+                            value={formState.discoveryEndpoint}
+                            onChange={(e) =>
+                              setFormState((s) => ({
+                                ...s,
+                                discoveryEndpoint: e.target.value,
+                              }))
+                            }
+                            className="w-[280px]"
+                          />
+                        }
+                      />
+                      <SettingsCardActions>
+                        {isEditing && (
+                          <Button
+                            variant="outline"
+                            size="sm"
+                            onClick={() => setIsEditing(false)}
+                          >
+                            Cancel
+                          </Button>
+                        )}
                         <Button
-                          variant="ghost"
-                          onClick={() => setIsEditing(false)}
+                          onClick={handleSave}
+                          disabled={saveMutation.isPending}
+                          size="sm"
                         >
-                          Cancel
+                          {saveMutation.isPending
+                            ? "Saving..."
+                            : isEditing
+                              ? "Update"
+                              : "Configure SSO"}
                         </Button>
-                      )}
-                    </div>
-                  </div>
+                      </SettingsCardActions>
+                    </SettingsCard>
+                  </SettingsSection>
                 )}
-              </div>
+              </>
             )}
-          </div>
+          </SettingsPage>
         </Page.Body>
       </Page.Content>
     </Page>
diff --git a/apps/mesh/src/web/views/settings/org-store.tsx b/apps/mesh/src/web/views/settings/org-store.tsx
index 316ce1a173..c646f44d91 100644
--- a/apps/mesh/src/web/views/settings/org-store.tsx
+++ b/apps/mesh/src/web/views/settings/org-store.tsx
@@ -4,7 +4,6 @@ import { useNavigate, useParams } from "@tanstack/react-router";
 import { toast } from "sonner";
 import { AlertCircle, ChevronRight, Plus, Trash01 } from "@untitledui/icons";
 import { Button } from "@deco/ui/components/button.tsx";
-import { Card } from "@deco/ui/components/card.tsx";
 import { Input } from "@deco/ui/components/input.tsx";
 import { Switch } from "@deco/ui/components/switch.tsx";
 import { Skeleton } from "@deco/ui/components/skeleton.tsx";
@@ -23,7 +22,17 @@ import { KEYS } from "@/web/lib/query-keys";
 import { Page } from "@/web/components/page";
 import { ErrorBoundary } from "@/web/components/error-boundary";
 import { useRegistryConnections } from "@/web/hooks/use-registry-connections";
-import { useRegistrySettings } from "@/web/hooks/use-registry-settings";
+import {
+  useRegistryConfig,
+  useUpdateRegistryConfig,
+} from "@/web/hooks/use-organization-settings";
+import { track } from "@/web/lib/posthog-client";
+import {
+  SettingsCard,
+  SettingsCardItem,
+  SettingsPage,
+  SettingsSection,
+} from "@/web/components/settings/settings-section";
 
 function ErrorFallback({ error }: { error: Error }) {
   return (
@@ -69,6 +78,9 @@ function AddPrivateRegistryForm({
       return created.id;
     },
     onSuccess: (connectionId) => {
+      track("store_private_registry_added", {
+        connection_id: connectionId,
+      });
       toast.success("Private registry added");
       onSuccess(connectionId);
     },
@@ -78,42 +90,43 @@ function AddPrivateRegistryForm({
   });
 
   return (
-    <div className="space-y-3 p-4 border rounded-lg bg-muted/30">
-      <div className="space-y-1">
-        <label className="text-xs font-medium text-muted-foreground">
-          Name
-        </label>
-        <Input
-          placeholder="e.g. Acme Corp Registry"
-          value={name}
-          onChange={(e) => setName(e.target.value)}
-          className="h-8 text-sm"
-        />
-      </div>
-      <div className="space-y-1">
-        <label className="text-xs font-medium text-muted-foreground">
-          Registry URL
-        </label>
-        <Input
-          placeholder="https://registry.example.com/mcp"
-          value={url}
-          onChange={(e) => setUrl(e.target.value)}
-          className="h-8 text-sm"
-        />
-      </div>
-      <div className="space-y-1">
-        <label className="text-xs font-medium text-muted-foreground">
-          Auth Token (optional)
-        </label>
-        <Input
-          type="password"
-          placeholder="Bearer token..."
-          value={token}
-          onChange={(e) => setToken(e.target.value)}
-          className="h-8 text-sm"
-        />
-      </div>
-      <div className="flex justify-end gap-2 pt-1">
+    <SettingsCard>
+      <SettingsCardItem
+        title="Name"
+        action={
+          <Input
+            placeholder="e.g. Acme Corp Registry"
+            value={name}
+            onChange={(e) => setName(e.target.value)}
+            className="w-[280px]"
+          />
+        }
+      />
+      <SettingsCardItem
+        title="Registry URL"
+        action={
+          <Input
+            placeholder="https://registry.example.com/mcp"
+            value={url}
+            onChange={(e) => setUrl(e.target.value)}
+            className="w-[280px]"
+          />
+        }
+      />
+      <SettingsCardItem
+        title="Auth Token"
+        description="Optional"
+        action={
+          <Input
+            type="password"
+            placeholder="Bearer token..."
+            value={token}
+            onChange={(e) => setToken(e.target.value)}
+            className="w-[280px]"
+          />
+        }
+      />
+      <div className="px-5 py-4 flex justify-end gap-2">
         <Button
           variant="ghost"
           size="sm"
@@ -130,11 +143,11 @@ function AddPrivateRegistryForm({
           {isPending ? "Adding..." : "Add Registry"}
         </Button>
       </div>
-    </div>
+    </SettingsCard>
   );
 }
 
-function RegistryCard({
+function RegistryItem({
   name,
   description,
   icon,
@@ -162,77 +175,65 @@ function RegistryCard({
     }
   };
 
-  const handleKeyDown = (e: React.KeyboardEvent) => {
-    if (e.currentTarget === e.target && (e.key === "Enter" || e.key === " ")) {
-      e.preventDefault();
-      handleClick();
-    }
-  };
-
   return (
-    <div
-      role="button"
-      tabIndex={0}
-      className="flex items-center gap-3 p-3 border rounded-lg cursor-pointer hover:bg-muted/30 transition-colors"
+    <SettingsCardItem
+      title={name}
+      description={description}
       onClick={handleClick}
-      onKeyDown={handleKeyDown}
-    >
-      {icon ? (
-        <img
-          src={icon}
-          alt={name}
-          className="size-8 rounded-md object-contain shrink-0"
-        />
-      ) : (
-        <Avatar
-          fallback={name.charAt(0)}
-          className="size-8 bg-primary/10 text-primary shrink-0"
-        />
-      )}
-      <div className="min-w-0 flex-1">
-        <h3 className="font-medium text-sm truncate">{name}</h3>
-        <p className="text-xs text-muted-foreground line-clamp-1">
-          {description}
-        </p>
-      </div>
-      <div className="flex items-center gap-2 shrink-0">
-        {onDelete && (
-          <Popover>
-            <PopoverTrigger asChild>
-              <Button
-                variant="ghost"
-                size="icon"
-                className="h-6 w-6 text-muted-foreground hover:text-destructive"
-                onClick={(e) => e.stopPropagation()}
-              >
-                <Trash01 size={14} />
-              </Button>
-            </PopoverTrigger>
-            <PopoverContent className="w-auto p-2" align="end">
-              <div className="flex flex-col gap-2">
-                <p className="text-xs font-medium">Remove this registry?</p>
+      icon={
+        icon ? (
+          <img
+            src={icon}
+            alt={name}
+            className="size-8 rounded-md object-contain"
+          />
+        ) : (
+          <Avatar
+            fallback={name.charAt(0)}
+            className="size-8 bg-primary/10 text-primary"
+          />
+        )
+      }
+      action={
+        <div className="flex items-center gap-2">
+          {onDelete && (
+            <Popover>
+              <PopoverTrigger asChild>
                 <Button
-                  variant="destructive"
-                  size="xs"
-                  onClick={(e) => {
-                    e.stopPropagation();
-                    onDelete();
-                  }}
+                  variant="ghost"
+                  size="icon"
+                  className="h-6 w-6 text-muted-foreground hover:text-destructive"
+                  onClick={(e) => e.stopPropagation()}
                 >
-                  Remove
+                  <Trash01 size={14} />
                 </Button>
-              </div>
-            </PopoverContent>
-          </Popover>
-        )}
-        <Switch
-          checked={enabled}
-          onClick={(e) => e.stopPropagation()}
-          onCheckedChange={(checked) => onToggle(checked)}
-        />
-        {href && <ChevronRight size={14} className="text-muted-foreground" />}
-      </div>
-    </div>
+              </PopoverTrigger>
+              <PopoverContent className="w-auto p-2" align="end">
+                <div className="flex flex-col gap-2">
+                  <p className="text-xs font-medium">Remove this registry?</p>
+                  <Button
+                    variant="destructive"
+                    size="xs"
+                    onClick={(e) => {
+                      e.stopPropagation();
+                      onDelete();
+                    }}
+                  >
+                    Remove
+                  </Button>
+                </div>
+              </PopoverContent>
+            </Popover>
+          )}
+          <Switch
+            checked={enabled}
+            onClick={(e) => e.stopPropagation()}
+            onCheckedChange={(checked) => onToggle(checked)}
+          />
+          {href && <ChevronRight size={14} className="text-muted-foreground" />}
+        </div>
+      }
+    />
   );
 }
 
@@ -240,13 +241,19 @@ function OrgStoreContent() {
   const { org } = useProjectContext();
   const registryConnections = useRegistryConnections();
   const connectionActions = useConnectionActions();
-  const { registryConfig, isRegistryEnabled, updateRegistryConfig } =
-    useRegistrySettings();
+  const registryConfig = useRegistryConfig();
+  const { mutateAsync: updateRegistryConfig } = useUpdateRegistryConfig();
   const queryClient = useQueryClient();
 
   const [showAddForm, setShowAddForm] = useState(false);
 
   const decoStoreId = WellKnownOrgMCPId.REGISTRY(org.id);
+  const isRegistryEnabled = (connectionId: string): boolean => {
+    if (!registryConfig) return connectionId === decoStoreId;
+    const entry = registryConfig.registries[connectionId];
+    if (!entry) return connectionId === decoStoreId;
+    return entry.enabled;
+  };
   const communityRegistryId = WellKnownOrgMCPId.COMMUNITY_REGISTRY(org.id);
 
   const decoStoreConnection = registryConnections.find(
@@ -269,19 +276,20 @@ function OrgStoreContent() {
   );
 
   const handleToggle = async (connectionId: string, enabled: boolean) => {
+    track("store_registry_toggled", { connection_id: connectionId, enabled });
     const current = registryConfig ?? { registries: {}, blockedMcps: [] };
     await updateRegistryConfig({
       ...current,
-      registries: {
-        ...current.registries,
-        [connectionId]: { enabled },
-      },
+      registries: { ...current.registries, [connectionId]: { enabled } },
     });
   };
 
   const handleDelete = async (connectionId: string) => {
+    track("store_private_registry_removed", { connection_id: connectionId });
     await connectionActions.delete.mutateAsync(connectionId);
-    queryClient.invalidateQueries({ queryKey: KEYS.registryConfig(org.id) });
+    queryClient.invalidateQueries({
+      queryKey: KEYS.organizationSettings(org.id),
+    });
   };
 
   const handleAddSuccess = async (connectionId: string) => {
@@ -289,106 +297,104 @@ function OrgStoreContent() {
     const current = registryConfig ?? { registries: {}, blockedMcps: [] };
     await updateRegistryConfig({
       ...current,
-      registries: {
-        ...current.registries,
-        [connectionId]: { enabled: true },
-      },
+      registries: { ...current.registries, [connectionId]: { enabled: true } },
     });
   };
 
   return (
-    <div className="space-y-6">
-      {/* Deco Store */}
-      <div className="space-y-3">
-        <h3 className="text-sm font-medium text-muted-foreground">
-          Deco Store
-        </h3>
-        {decoStoreConnection ? (
-          <RegistryCard
-            name="Deco Store"
-            description="Official deco MCP registry with curated integrations"
-            icon={decoStoreConnection.icon}
-            enabled={isRegistryEnabled(decoStoreId)}
-            onToggle={(enabled) => handleToggle(decoStoreId, enabled)}
-          />
-        ) : (
-          <Card className="p-4">
-            <p className="text-sm text-muted-foreground">
-              Deco Store connection not found. It will be created automatically.
-            </p>
-          </Card>
-        )}
-      </div>
+    <>
+      <SettingsSection title="Deco Store">
+        <SettingsCard>
+          {decoStoreConnection ? (
+            <RegistryItem
+              name="Deco Store"
+              description="Official deco MCP registry with curated integrations"
+              icon={decoStoreConnection.icon}
+              enabled={isRegistryEnabled(decoStoreId)}
+              onToggle={(enabled) => handleToggle(decoStoreId, enabled)}
+            />
+          ) : (
+            <SettingsCardItem
+              title="Deco Store"
+              description="Connection not found — will be created automatically."
+            />
+          )}
+        </SettingsCard>
+      </SettingsSection>
 
-      {/* Private Registries */}
-      <div className="space-y-3">
-        <h3 className="text-sm font-medium text-muted-foreground">
-          Private Registries
-        </h3>
-        <RegistryCard
-          name="Private Registry"
-          description="Your organization's private MCP registry"
-          enabled={isRegistryEnabled("self")}
-          onToggle={(enabled) => handleToggle("self", enabled)}
-          href="/$org/settings/store/registry"
-        />
-        {privateRegistries.map((registry) => (
-          <RegistryCard
-            key={registry.id}
-            name={registry.title}
-            description={registry.description ?? "Private MCP registry"}
-            icon={registry.icon}
-            enabled={isRegistryEnabled(registry.id)}
-            onToggle={(enabled) => handleToggle(registry.id, enabled)}
-            onDelete={() => handleDelete(registry.id)}
-          />
-        ))}
-        {showAddForm ? (
+      <SettingsSection
+        title="Private Registries"
+        actions={
+          !showAddForm ? (
+            <Button
+              variant="outline"
+              size="sm"
+              onClick={() => setShowAddForm(true)}
+            >
+              <Plus size={14} />
+              Add registry
+            </Button>
+          ) : undefined
+        }
+      >
+        {showAddForm && (
           <AddPrivateRegistryForm
             onCancel={() => setShowAddForm(false)}
             onSuccess={handleAddSuccess}
           />
-        ) : (
-          <Button
-            variant="outline"
-            size="sm"
-            className="gap-1.5"
-            onClick={() => setShowAddForm(true)}
-          >
-            <Plus size={14} />
-            Add Private Registry
-          </Button>
         )}
-      </div>
-
-      {/* Community Registry */}
-      <div className="space-y-3">
-        <h3 className="text-sm font-medium text-muted-foreground">Community</h3>
-        {communityConnection ? (
-          <RegistryCard
-            name="MCP Registry"
-            description="Community MCP registry with thousands of handy MCPs"
-            icon={communityConnection.icon}
-            enabled={isRegistryEnabled(effectiveCommunityId)}
-            onToggle={(enabled) => handleToggle(effectiveCommunityId, enabled)}
+        <SettingsCard>
+          <RegistryItem
+            name="Private Registry"
+            description="Your organization's private MCP registry"
+            enabled={isRegistryEnabled("self")}
+            onToggle={(enabled) => handleToggle("self", enabled)}
+            href="/$org/settings/store/registry"
           />
-        ) : (
-          <div className="flex items-center gap-3 p-3 rounded-md bg-muted/30">
-            <Avatar
-              fallback="M"
-              className="size-8 bg-primary/10 text-primary shrink-0"
+          {privateRegistries.map((registry) => (
+            <RegistryItem
+              key={registry.id}
+              name={registry.title}
+              description={registry.description ?? "Private MCP registry"}
+              icon={registry.icon}
+              enabled={isRegistryEnabled(registry.id)}
+              onToggle={(enabled) => handleToggle(registry.id, enabled)}
+              onDelete={() => handleDelete(registry.id)}
             />
-            <div className="min-w-0 flex-1">
-              <p className="text-sm font-medium">MCP Registry</p>
-              <p className="text-xs text-muted-foreground">
-                Community MCP registry — not yet added
-              </p>
-            </div>
-            <Switch checked={false} disabled onCheckedChange={() => {}} />
-          </div>
-        )}
-      </div>
-    </div>
+          ))}
+        </SettingsCard>
+      </SettingsSection>
+
+      <SettingsSection title="Community">
+        <SettingsCard>
+          {communityConnection ? (
+            <RegistryItem
+              name="MCP Registry"
+              description="Community MCP registry with thousands of handy MCPs"
+              icon={communityConnection.icon}
+              enabled={isRegistryEnabled(effectiveCommunityId)}
+              onToggle={(enabled) =>
+                handleToggle(effectiveCommunityId, enabled)
+              }
+            />
+          ) : (
+            <SettingsCardItem
+              title="MCP Registry"
+              description="Community MCP registry — not yet added"
+              icon={
+                <Avatar
+                  fallback="M"
+                  className="size-8 bg-primary/10 text-primary"
+                />
+              }
+              action={
+                <Switch checked={false} disabled onCheckedChange={() => {}} />
+              }
+            />
+          )}
+        </SettingsCard>
+      </SettingsSection>
+    </>
   );
 }
 
@@ -405,12 +411,10 @@ export function OrgStorePage() {
         <Page>
           <Page.Content>
             <Page.Body>
-              <div className="flex flex-col gap-6">
-                <div>
-                  <Page.Title>Store</Page.Title>
-                </div>
+              <SettingsPage>
+                <Page.Title>Store</Page.Title>
                 <OrgStoreContent />
-              </div>
+              </SettingsPage>
             </Page.Body>
           </Page.Content>
         </Page>
diff --git a/apps/mesh/src/web/views/settings/profile-preferences.tsx b/apps/mesh/src/web/views/settings/profile-preferences.tsx
index 056ba3c786..3595362374 100644
--- a/apps/mesh/src/web/views/settings/profile-preferences.tsx
+++ b/apps/mesh/src/web/views/settings/profile-preferences.tsx
@@ -1,13 +1,5 @@
-import { useState } from "react";
 import { Page } from "@/web/components/page";
 import { Avatar } from "@deco/ui/components/avatar.tsx";
-import {
-  Card,
-  CardContent,
-  CardFooter,
-  CardHeader,
-  CardTitle,
-} from "@deco/ui/components/card.tsx";
 import { Switch } from "@deco/ui/components/switch.tsx";
 import {
   Select,
@@ -20,140 +12,121 @@ import {
   ToggleGroupItem,
 } from "@deco/ui/components/toggle-group.tsx";
 import { Input } from "@deco/ui/components/input.tsx";
-import { Button } from "@deco/ui/components/button.tsx";
-import { Label } from "@deco/ui/components/label.tsx";
 import { Moon01, Monitor01, Play, Sun } from "@untitledui/icons";
+import { Controller, useForm } from "react-hook-form";
 import { authClient } from "@/web/lib/auth-client";
 import {
   usePreferences,
   type ThemeMode,
   type ToolApprovalLevel,
 } from "@/web/hooks/use-preferences.ts";
+import { useDebouncedAutosave } from "@/web/hooks/use-debounced-autosave.ts";
 import { playSound } from "@deco/ui/lib/sound-engine.ts";
 import { question004Sound } from "@deco/ui/lib/question-004.ts";
 import { toast } from "@deco/ui/components/sonner.js";
+import { track } from "@/web/lib/posthog-client";
+import {
+  SettingsCard,
+  SettingsCardItem,
+  SettingsPage,
+  SettingsSection,
+} from "@/web/components/settings/settings-section";
 
-function PreferenceRow({
-  label,
-  description,
-  control,
-  onClick,
-  disabled,
-}: {
-  label: string;
-  description?: string;
-  control: React.ReactNode;
-  onClick?: () => void;
-  disabled?: boolean;
-}) {
-  return (
-    <div
-      className="flex items-center justify-between gap-4 py-3 border-b border-border/50 last:border-0"
-      onClick={disabled ? undefined : onClick}
-      role={onClick ? "button" : undefined}
-      tabIndex={onClick && !disabled ? 0 : undefined}
-      onKeyDown={
-        onClick && !disabled
-          ? (e) => {
-              if (e.key === "Enter" || e.key === " ") {
-                e.preventDefault();
-                onClick();
-              }
-            }
-          : undefined
-      }
-      style={{ cursor: onClick && !disabled ? "pointer" : undefined }}
-    >
-      <div className="min-w-0 flex-1">
-        <p className="text-sm text-foreground">{label}</p>
-        {description && (
-          <p className="text-xs text-muted-foreground mt-0.5">{description}</p>
-        )}
-      </div>
-      <div onClick={(e) => e.stopPropagation()} className="shrink-0">
-        {control}
-      </div>
-    </div>
-  );
+interface ProfileFormValues {
+  name: string;
 }
 
 function ProfileSection() {
   const { data: session, isPending } = authClient.useSession();
   const user = session?.user;
   const userImage = (user as { image?: string } | undefined)?.image;
-  const [editedName, setEditedName] = useState<string | null>(null);
-  const [saving, setSaving] = useState(false);
 
-  const name = editedName ?? user?.name ?? "";
-  const isDirty = editedName !== null && editedName !== (user?.name ?? "");
+  const form = useForm<ProfileFormValues>({
+    values: { name: user?.name ?? "" },
+  });
 
-  const handleSave = async () => {
-    if (!isDirty) return;
-    setSaving(true);
-    try {
-      await authClient.updateUser({ name });
-      setEditedName(null);
-      toast.success("Profile updated");
-    } catch {
-      toast.error("Failed to update profile");
-    } finally {
-      setSaving(false);
-    }
-  };
+  const { schedule: scheduleSave, flush: flushAndSave } = useDebouncedAutosave({
+    save: async () => {
+      // Read live dirty state from control._formState (Proxy lag workaround).
+      const liveDirtyFields = (
+        form.control as unknown as {
+          _formState: { dirtyFields: Record<string, unknown> };
+        }
+      )._formState.dirtyFields;
+      if (Object.keys(liveDirtyFields).length === 0) return;
 
-  if (isPending) return null;
+      const values = form.getValues();
+      const previousDefaults = (
+        form.control as unknown as { _defaultValues: ProfileFormValues }
+      )._defaultValues;
 
-  return (
-    <Card className="p-6">
-      <CardHeader className="p-0">
-        <CardTitle className="text-sm">Profile</CardTitle>
-      </CardHeader>
+      // Rebase pre-mutate so an edit during the in-flight save that returns
+      // a value to its pre-save default still registers as dirty.
+      form.reset(values, { keepValues: true });
 
-      <CardContent className="flex flex-col gap-6 p-0">
-        <div className="flex flex-col sm:flex-row items-start gap-6">
-          <Avatar
-            url={userImage}
-            fallback={user?.name ?? "U"}
-            shape="circle"
-            size="lg"
-            className="shrink-0 mt-0.5"
-          />
-          <div className="flex-1 min-w-0 grid grid-cols-1 sm:grid-cols-2 gap-5 w-full">
-            <div className="flex flex-col gap-1.5">
-              <Label
-                htmlFor="display-name"
-                className="text-xs text-muted-foreground"
-              >
-                Display name
-              </Label>
-              <Input
-                id="display-name"
-                value={name}
-                onChange={(e) => setEditedName(e.target.value)}
-                onKeyDown={(e) => {
-                  if (e.key === "Enter") void handleSave();
-                }}
-                placeholder="Your name"
-              />
-            </div>
-            <div className="flex flex-col gap-1.5">
-              <span className="text-xs text-muted-foreground">Email</span>
-              <span className="text-sm text-foreground/80 pt-2 break-all">
-                {user?.email}
-              </span>
-            </div>
-          </div>
-        </div>
-      </CardContent>
+      try {
+        await authClient.updateUser({ name: values.name });
+        track("profile_updated", { fields: ["name"] });
+        toast.success("Profile updated successfully");
+      } catch {
+        form.reset(previousDefaults, { keepValues: true });
+        toast.error("Failed to update profile");
+      }
+    },
+  });
+
+  if (isPending) return null;
 
-      {isDirty && (
-        <CardFooter className="p-0 pt-2 gap-2">
-          <Button onClick={handleSave} disabled={saving}>
-            {saving ? "Saving…" : "Save"}
-          </Button>
-        </CardFooter>
-      )}
-    </Card>
+  return (
+    <SettingsSection>
+      <SettingsCard>
+        <SettingsCardItem
+          title="Avatar"
+          action={
+            <Avatar
+              url={userImage}
+              fallback={user?.name ?? "U"}
+              shape="circle"
+              size="base"
+            />
+          }
+        />
+        <SettingsCardItem
+          title="Display name"
+          action={
+            <Controller
+              control={form.control}
+              name="name"
+              render={({ field }) => (
+                <Input
+                  id="display-name"
+                  {...field}
+                  onChange={(e) => {
+                    field.onChange(e);
+                    scheduleSave();
+                  }}
+                  onBlur={() => {
+                    field.onBlur();
+                    flushAndSave();
+                  }}
+                  onKeyDown={(e) => {
+                    if (e.key === "Enter") void flushAndSave();
+                  }}
+                  placeholder="Your name"
+                  className="w-[280px]"
+                />
+              )}
+            />
+          }
+        />
+        <SettingsCardItem
+          title="Email"
+          action={
+            <span className="text-sm text-muted-foreground">{user?.email}</span>
+          }
+        />
+      </SettingsCard>
+    </SettingsSection>
   );
 }
 
@@ -164,6 +137,7 @@ function PreferencesSection() {
     if (checked) {
       const result = await Notification.requestPermission();
       if (result !== "granted") {
+        track("preferences_notifications_permission_denied");
         toast.error(
           "Notifications denied. Please enable them in your browser settings.",
         );
@@ -171,19 +145,17 @@ function PreferencesSection() {
         return;
       }
     }
+    track("preferences_notifications_toggled", { enabled: checked });
     setPreferences((prev) => ({ ...prev, enableNotifications: checked }));
   };
 
   return (
-    <Card className="p-6">
-      <CardHeader className="p-0">
-        <CardTitle className="text-sm">Preferences</CardTitle>
-      </CardHeader>
-      <CardContent className="flex flex-col p-0">
-        <PreferenceRow
-          label="Theme"
+    <SettingsSection title="Preferences">
+      <SettingsCard>
+        <SettingsCardItem
+          title="Theme"
           description="Your preferred color scheme."
-          control={
+          action={
             <ToggleGroup
               type="single"
               size="sm"
@@ -191,6 +163,7 @@ function PreferencesSection() {
               value={preferences.theme}
               onValueChange={(value) => {
                 if (value) {
+                  track("preferences_theme_changed", { to_value: value });
                   setPreferences((prev) => ({
                     ...prev,
                     theme: value as ThemeMode,
@@ -210,14 +183,16 @@ function PreferencesSection() {
             </ToggleGroup>
           }
         />
-        <PreferenceRow
-          label="Notifications"
+        <SettingsCardItem
+          title="Notifications"
           description="Receive browser notifications for important events."
-          disabled={typeof Notification === "undefined"}
-          onClick={() =>
-            handleNotificationsChange(!preferences.enableNotifications)
+          onClick={
+            typeof Notification !== "undefined"
+              ? () =>
+                  handleNotificationsChange(!preferences.enableNotifications)
+              : undefined
           }
-          control={
+          action={
             <Switch
               disabled={typeof Notification === "undefined"}
               checked={preferences.enableNotifications}
@@ -225,21 +200,25 @@ function PreferencesSection() {
             />
           }
         />
-        <PreferenceRow
-          label="Sounds"
+        <SettingsCardItem
+          title="Sounds"
           description="Play sounds for agent actions and notifications."
-          onClick={() =>
+          onClick={() => {
+            track("preferences_sounds_toggled", {
+              enabled: !preferences.enableSounds,
+            });
             setPreferences((prev) => ({
               ...prev,
               enableSounds: !prev.enableSounds,
-            }))
-          }
-          control={
+            }));
+          }}
+          action={
             <div className="flex items-center gap-2">
               <button
                 type="button"
                 aria-label="Preview notification sound"
                 onClick={() => {
+                  track("preferences_sounds_previewed");
                   playSound(question004Sound.dataUri).catch(() => {});
                 }}
                 className="size-6 rounded flex items-center justify-center text-muted-foreground hover:text-foreground hover:bg-accent/50 transition-colors cursor-pointer"
@@ -248,28 +227,32 @@ function PreferencesSection() {
               </button>
               <Switch
                 checked={preferences.enableSounds}
-                onCheckedChange={(checked) =>
+                onCheckedChange={(checked) => {
+                  track("preferences_sounds_toggled", { enabled: checked });
                   setPreferences((prev) => ({
                     ...prev,
                     enableSounds: checked,
-                  }))
-                }
+                  }));
+                }}
               />
             </div>
           }
         />
-        <PreferenceRow
-          label="Tool Approval"
+        <SettingsCardItem
+          title="Tool Approval"
           description="Control how tools are approved before execution."
-          control={
+          action={
             <Select
               value={preferences.toolApprovalLevel}
-              onValueChange={(value) =>
+              onValueChange={(value) => {
+                track("preferences_tool_approval_changed", {
+                  to_value: value,
+                });
                 setPreferences((prev) => ({
                   ...prev,
                   toolApprovalLevel: value as ToolApprovalLevel,
-                }))
-              }
+                }));
+              }}
             >
               <SelectTrigger className="w-36 h-7 text-xs">
                 <span>
@@ -300,8 +283,8 @@ function PreferencesSection() {
             </Select>
           }
         />
-      </CardContent>
-    </Card>
+      </SettingsCard>
+    </SettingsSection>
   );
 }
 
@@ -309,34 +292,37 @@ function ExperimentalSection() {
   const [preferences, setPreferences] = usePreferences();
 
   return (
-    <Card className="p-6">
-      <CardHeader className="p-0">
-        <CardTitle className="text-sm">Experimental</CardTitle>
-      </CardHeader>
-      <CardContent className="flex flex-col p-0">
-        <PreferenceRow
-          label="Import from GitHub"
+    <SettingsSection title="Experimental">
+      <SettingsCard>
+        <SettingsCardItem
+          title="Import from GitHub"
           description="Enable importing agents from GitHub repositories."
-          onClick={() =>
+          onClick={() => {
+            track("preferences_experimental_vibecode_toggled", {
+              enabled: !preferences.experimental_vibecode,
+            });
             setPreferences((prev) => ({
               ...prev,
               experimental_vibecode: !prev.experimental_vibecode,
-            }))
-          }
-          control={
+            }));
+          }}
+          action={
             <Switch
               checked={preferences.experimental_vibecode}
-              onCheckedChange={(checked) =>
+              onCheckedChange={(checked) => {
+                track("preferences_experimental_vibecode_toggled", {
+                  enabled: checked,
+                });
                 setPreferences((prev) => ({
                   ...prev,
                   experimental_vibecode: checked,
-                }))
-              }
+                }));
+              }}
             />
           }
         />
-      </CardContent>
-    </Card>
+      </SettingsCard>
+    </SettingsSection>
   );
 }
 
@@ -345,14 +331,12 @@ export function ProfilePreferencesPage() {
     <Page>
       <Page.Content>
         <Page.Body>
-          <div className="flex flex-col gap-6">
+          <SettingsPage>
             <Page.Title>Profile & Preferences</Page.Title>
-            <div className="flex flex-col gap-10">
-              <ProfileSection />
-              <PreferencesSection />
-              <ExperimentalSection />
-            </div>
-          </div>
+            <ProfileSection />
+            <PreferencesSection />
+            <ExperimentalSection />
+          </SettingsPage>
         </Page.Body>
       </Page.Content>
     </Page>
diff --git a/apps/mesh/src/web/views/settings/project-plugins.tsx b/apps/mesh/src/web/views/settings/project-plugins.tsx
index a16e351783..7fc3f63723 100644
--- a/apps/mesh/src/web/views/settings/project-plugins.tsx
+++ b/apps/mesh/src/web/views/settings/project-plugins.tsx
@@ -1,15 +1,16 @@
 import { Page } from "@/web/components/page";
 import { ProjectPluginsForm } from "@/web/components/settings/project-plugins-form";
+import { SettingsPage } from "@/web/components/settings/settings-section";
 
 export function ProjectPluginsPage() {
   return (
     <Page>
       <Page.Content>
         <Page.Body>
-          <div className="flex flex-col gap-6">
+          <SettingsPage>
             <Page.Title>Plugins</Page.Title>
             <ProjectPluginsForm />
-          </div>
+          </SettingsPage>
         </Page.Body>
       </Page.Content>
     </Page>
diff --git a/apps/mesh/src/web/views/virtual-mcp/add-connection-dialog.tsx b/apps/mesh/src/web/views/virtual-mcp/add-connection-dialog.tsx
index 1cfc24fd5d..29b8800136 100644
--- a/apps/mesh/src/web/views/virtual-mcp/add-connection-dialog.tsx
+++ b/apps/mesh/src/web/views/virtual-mcp/add-connection-dialog.tsx
@@ -29,6 +29,11 @@ import {
   DialogHeader,
   DialogTitle,
 } from "@deco/ui/components/dialog.tsx";
+import {
+  Tooltip,
+  TooltipContent,
+  TooltipTrigger,
+} from "@deco/ui/components/tooltip.tsx";
 import { cn } from "@deco/ui/lib/utils.ts";
 import {
   type ConnectionEntity,
@@ -52,6 +57,7 @@ import {
 } from "@untitledui/icons";
 import { Suspense, useDeferredValue, useState } from "react";
 import { toast } from "sonner";
+import { track } from "@/web/lib/posthog-client";
 
 // ---------------------------------------------------------------------------
 // Types
@@ -59,6 +65,8 @@ import { toast } from "sonner";
 
 type ConnectionDialogMode = "add" | "browse";
 
+type AttachMode = "existing" | "clone" | "new" | "custom";
+
 type ConnectionDialogProps = {
   open: boolean;
   onOpenChange: (open: boolean) => void;
@@ -67,11 +75,14 @@ type ConnectionDialogProps = {
 } & (
   | {
       mode?: "add";
+      /** Agent ID for `agent_connection_attached` tracking. */
+      agentId: string;
       addedConnectionIds: Set<string>;
       onAdd: (connectionId: string) => void;
     }
   | {
       mode: "browse";
+      agentId?: undefined;
       addedConnectionIds?: undefined;
       onAdd?: undefined;
     }
@@ -85,6 +96,7 @@ type ConnectionTab = "all" | "connected";
 
 function ConnectionDialogContent({
   mode = "add",
+  agentId,
   addedConnectionIds,
   onAdd,
   onCloneAndAdd,
@@ -96,6 +108,7 @@ function ConnectionDialogContent({
   defaultTab = "connected",
 }: {
   mode?: ConnectionDialogMode;
+  agentId?: string;
   addedConnectionIds: Set<string>;
   onAdd: (connectionId: string) => void;
   onCloneAndAdd: (base: ConnectionEntity) => void;
@@ -109,7 +122,7 @@ function ConnectionDialogContent({
   const { org } = useProjectContext();
   const deferredSearch = useDeferredValue(search);
   const isSearchStale = search !== deferredSearch;
-  const searchLower = deferredSearch.toLowerCase();
+  const searchLower = deferredSearch.trim().toLowerCase();
 
   const [activeTab, setActiveTab] = useLocalStorage<ConnectionTab>(
     LOCALSTORAGE_KEYS.connectionsTab(org.slug) +
@@ -117,11 +130,19 @@ function ConnectionDialogContent({
     (existing) => existing ?? defaultTab,
   );
 
+  const handleTabChange = (nextTab: ConnectionTab) => {
+    if (nextTab !== activeTab) {
+      track("connections_dialog_tab_changed", { to_tab: nextTab });
+    }
+    setActiveTab(nextTab);
+  };
+
   // Connections - server-side search with infinite scroll
   const PAGE_SIZE = 100;
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   const where = deferredSearch?.trim()
@@ -222,11 +243,32 @@ function ConnectionDialogContent({
 
   const showCatalog = activeTab === "all" || !!searchLower;
 
-  // Catalog items, excluding apps already shown as connected cards
+  // Catalog items, excluding apps already shown as connected cards.
+  // The client-side search filter is a safety net: `useMergedStoreDiscovery`
+  // uses `keepPreviousData`, so the previous query's results (sorted with
+  // verified items first) stay visible while a new search request is in
+  // flight. Without this filter, the user sees unrelated items that happened
+  // to be in the previous page.
   const catalogItems = showCatalog
     ? mergedDiscovery.items.filter((item: RegistryItem) => {
         const appName = getRegistryItemAppName(item);
-        return !(appName && connectedAppNames.has(appName));
+        if (appName && connectedAppNames.has(appName)) return false;
+        if (!searchLower) return true;
+        const meshMeta = item._meta?.["mcp.mesh"];
+        const haystack = [
+          item.title,
+          item.description,
+          item.name,
+          item.server?.title,
+          item.server?.description,
+          item.server?.name,
+          meshMeta?.friendly_name,
+          meshMeta?.friendlyName,
+        ]
+          .filter(Boolean)
+          .join(" ")
+          .toLowerCase();
+        return haystack.includes(searchLower);
       })
     : [];
 
@@ -281,7 +323,14 @@ function ConnectionDialogContent({
               <Check size={11} /> Connected
             </Badge>
           }
-          onClick={() => onBrowseNavigate?.(slug)}
+          onClick={() => {
+            track("connection_browse_clicked", {
+              app_name: firstInstance.app_name ?? null,
+              connection_id: firstInstance.id,
+              instances_count: connections.length,
+            });
+            onBrowseNavigate?.(slug);
+          }}
         />
       );
     }
@@ -307,8 +356,26 @@ function ConnectionDialogContent({
               onClick={(e) => {
                 e.stopPropagation();
                 if (availableInstance) {
+                  track("connection_add_clicked", {
+                    action: "use_existing",
+                    app_name: firstInstance.app_name ?? null,
+                    connection_id: availableInstance.id,
+                  });
+                  if (agentId) {
+                    track("agent_connection_attached", {
+                      agent_id: agentId,
+                      connection_id: availableInstance.id,
+                      app_name: firstInstance.app_name ?? null,
+                      mode: "existing",
+                    });
+                  }
                   onAdd(availableInstance.id);
                 } else {
+                  track("connection_add_clicked", {
+                    action: "clone",
+                    app_name: firstInstance.app_name ?? null,
+                    base_connection_id: firstInstance.id,
+                  });
                   onCloneAndAdd(firstInstance);
                 }
               }}
@@ -323,9 +390,7 @@ function ConnectionDialogContent({
 
   // Render a catalog item card — no instances yet
   const renderCatalogItem = (item: RegistryItem) => {
-    const meshMeta = item._meta?.["mcp.mesh"] as
-      | Record<string, string>
-      | undefined;
+    const meshMeta = item._meta?.["mcp.mesh"];
     const title =
       meshMeta?.friendlyName ||
       meshMeta?.friendly_name ||
@@ -340,6 +405,9 @@ function ConnectionDialogContent({
       item.server?.icons?.[0]?.src ||
       getGitHubAvatarUrl(item.server?.repository) ||
       null;
+    const isOfficial = meshMeta?.official === true;
+    const isVerified = meshMeta?.verified === true;
+    const isMadeByDeco = meshMeta?.owner === "deco";
 
     return (
       <ConnectionCard
@@ -348,24 +416,71 @@ function ConnectionDialogContent({
         fallbackIcon={<Container />}
         headerActionsAlwaysVisible
         headerActions={
-          <Button
-            variant="outline"
-            size="sm"
-            className="h-7 px-3 text-xs font-medium"
-            disabled={connectingItemId !== null}
-            onClick={(e) => {
-              e.stopPropagation();
-              onConnectAndAdd(item);
-            }}
-          >
-            {connectingItemId === item.id ? (
-              <Loading01 size={14} className="animate-spin" />
-            ) : mode === "browse" ? (
-              "Connect"
-            ) : (
-              "Add"
+          <div className="flex items-center gap-1.5">
+            {isMadeByDeco && (
+              <Tooltip>
+                <TooltipTrigger asChild>
+                  <span className="inline-flex items-center justify-center size-5 rounded-md bg-muted shrink-0">
+                    <img
+                      src="/logos/deco logo.svg"
+                      alt="Made by Deco"
+                      className="size-3"
+                    />
+                  </span>
+                </TooltipTrigger>
+                <TooltipContent>Built and maintained by Deco</TooltipContent>
+              </Tooltip>
             )}
-          </Button>
+            {!isMadeByDeco && isOfficial && (
+              <Tooltip>
+                <TooltipTrigger asChild>
+                  <Badge variant="outline" size="icon">
+                    <CheckVerified02 />
+                  </Badge>
+                </TooltipTrigger>
+                <TooltipContent>
+                  Built and maintained by the official vendor
+                </TooltipContent>
+              </Tooltip>
+            )}
+            {!isMadeByDeco && !isOfficial && isVerified && (
+              <Tooltip>
+                <TooltipTrigger asChild>
+                  <Badge variant="outline" size="icon">
+                    <CheckVerified02 />
+                  </Badge>
+                </TooltipTrigger>
+                <TooltipContent>Verified by the Deco team</TooltipContent>
+              </Tooltip>
+            )}
+            <Button
+              variant="outline"
+              size="sm"
+              className="h-7 px-3 text-xs font-medium"
+              disabled={connectingItemId !== null}
+              onClick={(e) => {
+                e.stopPropagation();
+                track("connection_add_clicked", {
+                  action: "connect_new",
+                  registry_item_id: item.id,
+                  app_name:
+                    meshMeta?.friendlyName ||
+                    item.server?.name ||
+                    item.name ||
+                    null,
+                });
+                onConnectAndAdd(item);
+              }}
+            >
+              {connectingItemId === item.id ? (
+                <Loading01 size={14} className="animate-spin" />
+              ) : mode === "browse" ? (
+                "Connect"
+              ) : (
+                "Add"
+              )}
+            </Button>
+          </div>
         }
       />
     );
@@ -382,13 +497,16 @@ function ConnectionDialogContent({
               { id: "connected", label: "Connected" },
             ]}
             activeTab={activeTab}
-            onTabChange={(id) => setActiveTab(id as ConnectionTab)}
+            onTabChange={(id) => handleTabChange(id as ConnectionTab)}
           />
           <Button
             variant="outline"
             size="sm"
             className="h-7 px-2 text-sm"
-            onClick={onCreateConnection}
+            onClick={() => {
+              track("connections_dialog_custom_clicked");
+              onCreateConnection();
+            }}
           >
             <Plus size={12} />
             Custom Connection
@@ -505,6 +623,7 @@ export function AddConnectionDialog({
   ...rest
 }: ConnectionDialogProps) {
   const mode: ConnectionDialogMode = rest.mode ?? "add";
+  const agentId = "agentId" in rest ? rest.agentId : undefined;
   const addedConnectionIds =
     "addedConnectionIds" in rest
       ? (rest.addedConnectionIds ?? new Set<string>())
@@ -512,6 +631,20 @@ export function AddConnectionDialog({
   const onAdd =
     "onAdd" in rest && rest.onAdd ? rest.onAdd : (_id: string) => {};
 
+  const trackAttach = (
+    id: string,
+    appName: string | null,
+    attachMode: AttachMode,
+  ) => {
+    if (!agentId) return;
+    track("agent_connection_attached", {
+      agent_id: agentId,
+      connection_id: id,
+      app_name: appName,
+      mode: attachMode,
+    });
+  };
+
   const [connectingItemId, setConnectingItemId] = useState<string | null>(null);
   const [search, setSearch] = useState(initialSearch);
   const [createOpen, setCreateOpen] = useState(false);
@@ -550,38 +683,58 @@ export function AddConnectionDialog({
       const id = created.id;
 
       // Handle OAuth if needed
-      const mcpProxyUrl = new URL(`/mcp/${id}`, window.location.origin);
+      const mcpProxyUrl = new URL(
+        `/api/${org.slug}/mcp/${id}`,
+        window.location.origin,
+      );
       const authStatus = await isConnectionAuthenticated({
         url: mcpProxyUrl.href,
         token: null,
+        orgId: org.id,
       });
 
       if (authStatus.supportsOAuth && !authStatus.isAuthenticated) {
         const { token, tokenInfo, error } = await authenticateMcp({
           connectionId: id,
+          orgSlug: org.slug,
+          scope: "offline_access",
         });
         if (error || !token) {
+          track("connection_oauth_failed", {
+            connection_id: id,
+            flow: "clone",
+            error: error ?? "no_token",
+          });
           toast.error(`Authentication failed: ${error ?? "no token received"}`);
           // Clean up the orphaned connection
           await connectionActions.delete.mutateAsync(id);
           return;
         }
+        track("connection_oauth_succeeded", {
+          connection_id: id,
+          flow: "clone",
+        });
         if (tokenInfo) {
           try {
-            const response = await fetch(`/api/connections/${id}/oauth-token`, {
-              method: "POST",
-              headers: { "Content-Type": "application/json" },
-              credentials: "include",
-              body: JSON.stringify({
-                accessToken: tokenInfo.accessToken,
-                refreshToken: tokenInfo.refreshToken,
-                expiresIn: tokenInfo.expiresIn,
-                scope: tokenInfo.scope,
-                clientId: tokenInfo.clientId,
-                clientSecret: tokenInfo.clientSecret,
-                tokenEndpoint: tokenInfo.tokenEndpoint,
-              }),
-            });
+            const response = await fetch(
+              `/api/${org.slug}/connections/${id}/oauth-token`,
+              {
+                method: "POST",
+                headers: {
+                  "Content-Type": "application/json",
+                },
+                credentials: "include",
+                body: JSON.stringify({
+                  accessToken: tokenInfo.accessToken,
+                  refreshToken: tokenInfo.refreshToken,
+                  expiresIn: tokenInfo.expiresIn,
+                  scope: tokenInfo.scope,
+                  clientId: tokenInfo.clientId,
+                  clientSecret: tokenInfo.clientSecret,
+                  tokenEndpoint: tokenInfo.tokenEndpoint,
+                }),
+              },
+            );
             if (!response.ok) {
               await connectionActions.update.mutateAsync({
                 id,
@@ -607,6 +760,7 @@ export function AddConnectionDialog({
         });
       }
 
+      trackAttach(id, base.app_name ?? null, "clone");
       onAdd(id);
     } catch (err) {
       console.error("Failed to add connection:", err);
@@ -648,38 +802,61 @@ export function AddConnectionDialog({
       const { id } = await connectionActions.create.mutateAsync(connectionData);
 
       // Handle OAuth flow
-      const mcpProxyUrl = new URL(`/mcp/${id}`, window.location.origin);
+      const mcpProxyUrl = new URL(
+        `/api/${org.slug}/mcp/${id}`,
+        window.location.origin,
+      );
       const authStatus = await isConnectionAuthenticated({
         url: mcpProxyUrl.href,
         token: null,
+        orgId: org.id,
       });
 
       if (authStatus.supportsOAuth && !authStatus.isAuthenticated) {
         const { token, tokenInfo, error } = await authenticateMcp({
           connectionId: id,
+          orgSlug: org.slug,
+          scope: "offline_access",
         });
         if (error || !token) {
-          toast.error(`Authentication failed: ${error ?? "no token received"}`);
+          track("connection_oauth_failed", {
+            connection_id: id,
+            flow: "connect_new",
+            error: error ?? "no_token",
+          });
+          toast.warning("Couldn't sign in to this connection", {
+            description: `It was added to your agent, but its sign-in setup looks off. You can try authenticating again later from the connection's settings. (${error ?? "no token received"})`,
+          });
+          trackAttach(id, connectionData.app_name ?? null, "new");
           onAdd(id);
           return;
         }
+        track("connection_oauth_succeeded", {
+          connection_id: id,
+          flow: "connect_new",
+        });
 
         if (tokenInfo) {
           try {
-            const response = await fetch(`/api/connections/${id}/oauth-token`, {
-              method: "POST",
-              headers: { "Content-Type": "application/json" },
-              credentials: "include",
-              body: JSON.stringify({
-                accessToken: tokenInfo.accessToken,
-                refreshToken: tokenInfo.refreshToken,
-                expiresIn: tokenInfo.expiresIn,
-                scope: tokenInfo.scope,
-                clientId: tokenInfo.clientId,
-                clientSecret: tokenInfo.clientSecret,
-                tokenEndpoint: tokenInfo.tokenEndpoint,
-              }),
-            });
+            const response = await fetch(
+              `/api/${org.slug}/connections/${id}/oauth-token`,
+              {
+                method: "POST",
+                headers: {
+                  "Content-Type": "application/json",
+                },
+                credentials: "include",
+                body: JSON.stringify({
+                  accessToken: tokenInfo.accessToken,
+                  refreshToken: tokenInfo.refreshToken,
+                  expiresIn: tokenInfo.expiresIn,
+                  scope: tokenInfo.scope,
+                  clientId: tokenInfo.clientId,
+                  clientSecret: tokenInfo.clientSecret,
+                  tokenEndpoint: tokenInfo.tokenEndpoint,
+                }),
+              },
+            );
             if (!response.ok) {
               await connectionActions.update.mutateAsync({
                 id,
@@ -709,6 +886,7 @@ export function AddConnectionDialog({
         toast.success("Connected");
       }
 
+      trackAttach(id, connectionData.app_name ?? null, "new");
       onAdd(id);
     } catch (err) {
       console.error("Failed to connect:", err);
@@ -747,6 +925,7 @@ export function AddConnectionDialog({
         >
           <ConnectionDialogContent
             mode={mode}
+            agentId={agentId}
             addedConnectionIds={addedConnectionIds}
             onAdd={onAdd}
             onCloneAndAdd={handleCloneAndAdd}
@@ -767,30 +946,49 @@ export function AddConnectionDialog({
           setCreateOpen(false);
 
           // Handle OAuth if needed (same flow as handleConnectAndAdd)
-          const mcpProxyUrl = new URL(`/mcp/${id}`, window.location.origin);
+          const mcpProxyUrl = new URL(
+            `/api/${org.slug}/mcp/${id}`,
+            window.location.origin,
+          );
           const authStatus = await isConnectionAuthenticated({
             url: mcpProxyUrl.href,
             token: null,
+            orgId: org.id,
           });
 
           if (authStatus.supportsOAuth && !authStatus.isAuthenticated) {
             const { token, tokenInfo, error } = await authenticateMcp({
               connectionId: id,
+              orgSlug: org.slug,
+              scope: "offline_access",
             });
             if (error || !token) {
-              toast.error(
-                `Authentication failed: ${error ?? "no token received"}`,
-              );
-              await connectionActions.delete.mutateAsync(id);
+              track("connection_oauth_failed", {
+                connection_id: id,
+                flow: "custom_create",
+                error: error ?? "no_token",
+              });
+              toast.warning("Couldn't sign in to this connection", {
+                description: `It was added to your agent, but its sign-in setup looks off. You can try authenticating again later from the connection's settings. (${error ?? "no token received"})`,
+              });
+              trackAttach(id, null, "custom");
+              onAdd(id);
+              onOpenChange(false);
               return;
             }
+            track("connection_oauth_succeeded", {
+              connection_id: id,
+              flow: "custom_create",
+            });
             if (tokenInfo) {
               try {
                 const response = await fetch(
-                  `/api/connections/${id}/oauth-token`,
+                  `/api/${org.slug}/connections/${id}/oauth-token`,
                   {
                     method: "POST",
-                    headers: { "Content-Type": "application/json" },
+                    headers: {
+                      "Content-Type": "application/json",
+                    },
                     credentials: "include",
                     body: JSON.stringify({
                       accessToken: tokenInfo.accessToken,
@@ -831,6 +1029,9 @@ export function AddConnectionDialog({
             });
           }
 
+          // app_name unknown for custom-create; record null and let the
+          // server-side connection_created backfill the breakdown.
+          trackAttach(id, null, "custom");
           onAdd(id);
           onOpenChange(false);
         }}
diff --git a/apps/mesh/src/web/views/virtual-mcp/dependency-selection-dialog.tsx b/apps/mesh/src/web/views/virtual-mcp/dependency-selection-dialog.tsx
index c5aede09bc..77feebd29b 100644
--- a/apps/mesh/src/web/views/virtual-mcp/dependency-selection-dialog.tsx
+++ b/apps/mesh/src/web/views/virtual-mcp/dependency-selection-dialog.tsx
@@ -186,7 +186,11 @@ function ToolsTab({
   disabled?: boolean;
 }) {
   const { org } = useProjectContext();
-  const client = useMCPClient({ connectionId, orgId: org.id });
+  const client = useMCPClient({
+    connectionId,
+    orgId: org.id,
+    orgSlug: org.slug,
+  });
   const { data } = useMCPToolsList({ client });
 
   const items: SelectableItem[] = data.tools.map((tool) => ({
@@ -225,7 +229,11 @@ function ResourcesTab({
   disabled?: boolean;
 }) {
   const { org } = useProjectContext();
-  const client = useMCPClient({ connectionId, orgId: org.id });
+  const client = useMCPClient({
+    connectionId,
+    orgId: org.id,
+    orgSlug: org.slug,
+  });
   const { data } = useMCPResourcesList({ client });
 
   const items: SelectableItem[] = data.resources.map((resource) => ({
@@ -258,7 +266,11 @@ function PromptsTab({
   disabled?: boolean;
 }) {
   const { org } = useProjectContext();
-  const client = useMCPClient({ connectionId, orgId: org.id });
+  const client = useMCPClient({
+    connectionId,
+    orgId: org.id,
+    orgSlug: org.slug,
+  });
   const { data } = useMCPPromptsList({ client });
 
   const items: SelectableItem[] = data.prompts.map((prompt) => ({
diff --git a/apps/mesh/src/web/views/virtual-mcp/header-info.tsx b/apps/mesh/src/web/views/virtual-mcp/header-info.tsx
index dfa7ed1739..7e9f04dda0 100644
--- a/apps/mesh/src/web/views/virtual-mcp/header-info.tsx
+++ b/apps/mesh/src/web/views/virtual-mcp/header-info.tsx
@@ -1,5 +1,5 @@
 import type { VirtualMCPEntity } from "@decocms/mesh-sdk/types";
-import { AgentAvatar } from "../../components/agent-icon.tsx";
+import { HeaderActions } from "../../components/thread/github/header-actions.tsx";
 import { Toolbar } from "../../layouts/agent-shell-layout/toolbar.tsx";
 
 export function VirtualMcpHeaderInfo({
@@ -7,15 +7,14 @@ export function VirtualMcpHeaderInfo({
 }: {
   virtualMcp: VirtualMCPEntity;
 }) {
-  const title = virtualMcp.title ?? "";
+  const githubRepo = virtualMcp.metadata?.githubRepo ?? null;
+  const showActions = !!githubRepo?.connectionId;
+
+  if (!showActions) return null;
+
   return (
-    <Toolbar.Left>
-      <div className="flex items-center gap-2 min-w-0">
-        <AgentAvatar icon={virtualMcp.icon} name={title} size="xs" />
-        <span className="text-sm font-medium text-foreground truncate">
-          {title}
-        </span>
-      </div>
-    </Toolbar.Left>
+    <Toolbar.Right>
+      <HeaderActions virtualMcpId={virtualMcp.id} />
+    </Toolbar.Right>
   );
 }
diff --git a/apps/mesh/src/web/views/virtual-mcp/index.tsx b/apps/mesh/src/web/views/virtual-mcp/index.tsx
index 4b3f6ca2c5..d4d311bfc6 100644
--- a/apps/mesh/src/web/views/virtual-mcp/index.tsx
+++ b/apps/mesh/src/web/views/virtual-mcp/index.tsx
@@ -1,12 +1,14 @@
 import { generatePrefixedId } from "@/shared/utils/generate-id";
 import type { VirtualMCPEntity } from "@/tools/virtual/schema";
 import { getUIResourceUri } from "@/mcp-apps/types.ts";
-import { useChatPrefs, useChatTask } from "@/web/components/chat/context";
-import { CollectionTabs } from "@/web/components/collections/collection-tabs.tsx";
+import { useChatBridge } from "@/web/components/chat/context";
+import { buildImprovePromptDoc } from "@/web/components/chat/tiptap/build-improve-prompt-doc";
 import { EmptyState } from "@/web/components/empty-state.tsx";
 import { ErrorBoundary } from "@/web/components/error-boundary";
+import { useEnsureStudioPack } from "@/web/components/home/use-ensure-studio-pack";
 import { IntegrationIcon } from "@/web/components/integration-icon.tsx";
 import { usePanelActions } from "@/web/layouts/shell-layout";
+import { User } from "@/web/components/user/user";
 import { useMCPAuthStatus } from "@/web/hooks/use-mcp-auth-status";
 
 import {
@@ -26,8 +28,14 @@ import {
   AlertDialogHeader,
   AlertDialogTitle,
 } from "@deco/ui/components/alert-dialog.tsx";
+import {
+  Dialog,
+  DialogContent,
+  DialogHeader,
+  DialogTitle,
+} from "@deco/ui/components/dialog.tsx";
 import { Button } from "@deco/ui/components/button.tsx";
-import { Card, CardContent, CardHeader } from "@deco/ui/components/card.tsx";
+import { Card, CardContent } from "@deco/ui/components/card.tsx";
 import { Input } from "@deco/ui/components/input.tsx";
 import { Label } from "@deco/ui/components/label.tsx";
 import {
@@ -47,8 +55,8 @@ import {
 import { cn } from "@deco/ui/lib/utils.ts";
 import {
   type ConnectionEntity,
-  getDecopilotId,
   SELF_MCP_ALIAS_ID,
+  StudioPackAgentId,
   useConnection,
   useConnectionActions,
   useConnections,
@@ -63,25 +71,33 @@ import { Link, useNavigate } from "@tanstack/react-router";
 import {
   Settings02,
   Settings04,
+  Maximize01,
   Play,
   Plus,
   Stars01,
   Trash01,
   XClose,
 } from "@untitledui/icons";
-import { Suspense, useReducer, useRef, useState } from "react";
+import { Suspense, useEffect, useReducer, useRef, useState } from "react";
 import { Controller, useForm } from "react-hook-form";
+import { useDebouncedAutosave } from "@/web/hooks/use-debounced-autosave.ts";
 import { toast } from "sonner";
 import { IconPicker } from "../../components/icon-picker";
 import { SimpleIconPicker } from "../../components/simple-icon-picker";
 import { Page } from "@/web/components/page";
 import { AddConnectionDialog } from "./add-connection-dialog";
+import { track } from "@/web/lib/posthog-client";
 import { DependencySelectionDialog } from "./dependency-selection-dialog";
 import { ALL_ITEMS_SELECTED } from "./selection-utils";
-import { VirtualMcpFormSchema, type VirtualMcpFormData } from "./types";
+import {
+  VirtualMcpFormSchema,
+  type VirtualMcpFormData,
+  type VirtualMcpFormReturn,
+} from "./types";
 import { VirtualMCPShareModal } from "./virtual-mcp-share-modal";
 import { getActiveGithubRepo } from "@/web/lib/github-repo";
 import { FIXED_SYSTEM_TABS } from "@/web/layouts/main-panel-tabs/tab-id";
+import { toTitleCase } from "@/web/components/chat/message/parts/tool-call-part/utils";
 
 type DialogState = {
   shareDialogOpen: boolean;
@@ -119,6 +135,49 @@ function dialogReducer(state: DialogState, action: DialogAction): DialogState {
   }
 }
 
+type EditSession = {
+  start: number;
+  fields: Set<string>;
+  saveCount: number;
+  instructionsLength: number | null;
+};
+
+type EditSessionAction =
+  | {
+      type: "accumulate";
+      now: number;
+      fields: string[];
+      instructionsLength: number | null;
+    }
+  | { type: "reset" };
+
+function editSessionReducer(
+  state: EditSession | null,
+  action: EditSessionAction,
+): EditSession | null {
+  switch (action.type) {
+    case "accumulate": {
+      const base: EditSession = state ?? {
+        start: action.now,
+        fields: new Set(),
+        saveCount: 0,
+        instructionsLength: null,
+      };
+      const fields = new Set(base.fields);
+      for (const f of action.fields) fields.add(f);
+      return {
+        ...base,
+        fields,
+        saveCount: base.saveCount + 1,
+        instructionsLength:
+          action.instructionsLength ?? base.instructionsLength,
+      };
+    }
+    case "reset":
+      return null;
+  }
+}
+
 /**
  * Connection Item - Card layout inspired by the reference design:
  * Body: icon + name + description (clickable → connection detail page)
@@ -267,7 +326,7 @@ function SiblingInstanceSelector({
     >
       <SelectTrigger
         size="sm"
-        className="w-auto text-xs gap-1 px-2 border border-border bg-background rounded"
+        className="w-auto text-xs gap-1 px-2 shadow-none"
       >
         <SelectValue />
       </SelectTrigger>
@@ -503,7 +562,7 @@ interface PinnedView {
   connectionId: string;
   toolName: string;
   label: string;
-  icon: string | null;
+  icon?: string | null;
 }
 
 interface ConnectionWithTools {
@@ -514,14 +573,21 @@ interface ConnectionWithTools {
   uiTools: UITool[];
 }
 
-function LayoutTabContent({ virtualMcpId }: { virtualMcpId: string }) {
+function LayoutTabContent({
+  virtualMcpId,
+  form,
+  flushAndSave,
+}: {
+  virtualMcpId: string;
+  form: VirtualMcpFormReturn;
+  flushAndSave: () => Promise<unknown>;
+}) {
   const { org } = useProjectContext();
-  const navigate = useNavigate();
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
-  const queryClient = useQueryClient();
 
   const virtualMcp = useVirtualMCP(virtualMcpId);
 
@@ -583,47 +649,33 @@ function LayoutTabContent({ virtualMcpId }: { virtualMcpId: string }) {
 
   const fixedTabTypeSet = new Set<string>(FIXED_SYSTEM_TABS);
 
-  // Current pinned views from virtual MCP metadata
-  const uiMeta = virtualMcp?.metadata?.ui as
-    | {
-        pinnedViews?: PinnedView[] | null;
-        layout?: {
-          defaultMainView?: {
-            type: string;
-            id?: string;
-            toolName?: string;
-          } | null;
-          chatDefaultOpen?: boolean | null;
-        } | null;
-      }
-    | null
-    | undefined;
-
-  const serverPinned: PinnedView[] = uiMeta?.pinnedViews ?? [];
-  const serverDefaultMain = uiMeta?.layout?.defaultMainView ?? null;
-  const serverChatDefaultOpen = uiMeta?.layout?.chatDefaultOpen ?? false;
-
-  const serverDefaultMainKey = (() => {
-    if (!serverDefaultMain || serverDefaultMain.type === "chat") return "chat";
-    // Legacy: "settings" used to be its own tab; map onto Layout.
-    if (serverDefaultMain.type === "settings") return "layout";
-    if (fixedTabTypeSet.has(serverDefaultMain.type)) {
-      return serverDefaultMain.type;
+  // Layout state lives in the parent form under metadata.ui.{pinnedViews, layout}.
+  // form.watch subscribes the component to changes from any source — direct user
+  // edits, the orphan-pin reconciliation below, or a server refetch.
+  const pinnedViews = form.watch("metadata.ui.pinnedViews") ?? [];
+  const layoutMeta = form.watch("metadata.ui.layout") ?? null;
+  const currentDefaultMain = layoutMeta?.defaultMainView ?? null;
+  const chatDefaultOpen = layoutMeta?.chatDefaultOpen ?? false;
+
+  // Convert the stored {type, id, toolName} object into the string composite
+  // key used by the <Select> UI. Legacy tab types fold into "settings".
+  const defaultMainView = (() => {
+    if (!currentDefaultMain || currentDefaultMain.type === "chat")
+      return "chat";
+    if (
+      currentDefaultMain.type === "instructions" ||
+      currentDefaultMain.type === "connections" ||
+      currentDefaultMain.type === "layout"
+    ) {
+      return "settings";
     }
-    return `${serverDefaultMain.type}:${serverDefaultMain.id ?? ""}:${serverDefaultMain.toolName ?? ""}`;
+    if (fixedTabTypeSet.has(currentDefaultMain.type)) {
+      return currentDefaultMain.type;
+    }
+    return `${currentDefaultMain.type}:${currentDefaultMain.id ?? ""}:${currentDefaultMain.toolName ?? ""}`;
   })();
 
-  const [pinnedViews, setPinnedViews] = useState<PinnedView[]>(serverPinned);
-  const [defaultMainView, setDefaultMainView] =
-    useState<string>(serverDefaultMainKey);
-  const [chatDefaultOpen, setChatDefaultOpen] = useState<boolean>(
-    serverChatDefaultOpen,
-  );
-  const [isSaving, setIsSaving] = useState(false);
-
-  // Parse default main view from composite key.
-  // Plain fixed-system tab ids round-trip as { type: "<id>" }.
-  // ext-apps uses "ext-apps:<connectionId>:<toolName>".
+  // Inverse — converts the string composite key back to the stored object form.
   const parseDefaultMainView = (value: string) => {
     const [type, id, toolName] = value.split(":");
     if (!type) return null;
@@ -636,6 +688,21 @@ function LayoutTabContent({ virtualMcpId }: { virtualMcpId: string }) {
     return null;
   };
 
+  const writePinned = (next: PinnedView[]) => {
+    form.setValue("metadata.ui.pinnedViews", next, { shouldDirty: true });
+  };
+
+  const writeLayout = (next: {
+    defaultMainView?: { type: string; id?: string; toolName?: string } | null;
+    chatDefaultOpen?: boolean | null;
+  }) => {
+    form.setValue(
+      "metadata.ui.layout",
+      { ...layoutMeta, ...next },
+      { shouldDirty: true },
+    );
+  };
+
   // Reconcile orphaned pinned views once tool data is available.
   // Only remove pins whose connection was successfully fetched but no longer
   // exposes the pinned tool. Pins for connections that failed to fetch are
@@ -648,9 +715,6 @@ function LayoutTabContent({ virtualMcpId }: { virtualMcpId: string }) {
   ) {
     reconciledRef.current = true;
 
-    // Build set of connection IDs that were successfully fetched.
-    // Pins for connections that failed to fetch are kept to avoid
-    // permanent deletion from transient errors.
     const fetchedOkIds = new Set(
       (connectionsWithTools ?? []).filter((c) => c.fetchOk).map((c) => c.id),
     );
@@ -658,129 +722,55 @@ function LayoutTabContent({ virtualMcpId }: { virtualMcpId: string }) {
       connectionsData.flatMap((c) => c.uiTools.map((t) => `${c.id}:${t.name}`)),
     );
 
-    // Only filter pins for connections we successfully got data for
-    const validPinned = serverPinned.filter(
+    const validPinned = pinnedViews.filter(
       (pv) =>
         !fetchedOkIds.has(pv.connectionId) ||
         validKeys.has(`${pv.connectionId}:${pv.toolName}`),
     );
 
-    if (validPinned.length !== serverPinned.length) {
-      setPinnedViews(validPinned);
+    if (validPinned.length !== pinnedViews.length) {
+      writePinned(validPinned);
 
       // If the default view was an ext-app that got removed, reset to chat
-      let nextDefault = defaultMainView;
       if (
-        serverDefaultMain?.type === "ext-apps" &&
+        currentDefaultMain?.type === "ext-apps" &&
         !validPinned.some(
           (pv) =>
-            pv.connectionId === serverDefaultMain.id &&
-            pv.toolName === serverDefaultMain.toolName,
+            pv.connectionId === currentDefaultMain.id &&
+            pv.toolName === currentDefaultMain.toolName,
         )
       ) {
-        nextDefault = "chat";
-        setDefaultMainView(nextDefault);
+        writeLayout({ defaultMainView: { type: "chat" } });
       }
-
-      // Persist cleaned pins; revert local state on failure
-      client
-        .callTool({
-          name: "VIRTUAL_MCP_PINNED_VIEWS_UPDATE",
-          arguments: {
-            virtualMcpId,
-            pinnedViews: validPinned,
-            layout: {
-              defaultMainView: parseDefaultMainView(nextDefault),
-              chatDefaultOpen,
-            },
-          },
-        })
-        .then((result) => {
-          unwrapToolResult(result);
-          queryClient.invalidateQueries({
-            predicate: (query) =>
-              Array.isArray(query.queryKey) &&
-              query.queryKey.includes("collection") &&
-              query.queryKey.includes("VIRTUAL_MCP"),
-          });
-        })
-        .catch(() => {
-          // Revert to server state so UI stays consistent
-          setPinnedViews(serverPinned);
-          setDefaultMainView(serverDefaultMainKey);
-        });
     }
   }
 
-  // Auto-save helper that persists given state
-  const saveLayout = (
-    nextPinned: PinnedView[],
-    nextDefaultMain: string,
-    nextChatDefaultOpen?: boolean,
-  ) => {
-    setIsSaving(true);
-    const doSave = async () => {
-      try {
-        const result = await client.callTool({
-          name: "VIRTUAL_MCP_PINNED_VIEWS_UPDATE",
-          arguments: {
-            virtualMcpId,
-            pinnedViews: nextPinned,
-            layout: {
-              defaultMainView: parseDefaultMainView(nextDefaultMain),
-              chatDefaultOpen: nextChatDefaultOpen ?? chatDefaultOpen,
-            },
-          },
-        });
-        unwrapToolResult(result);
-        queryClient.invalidateQueries({
-          predicate: (query) =>
-            Array.isArray(query.queryKey) &&
-            query.queryKey.includes("collection") &&
-            query.queryKey.includes("VIRTUAL_MCP"),
-        });
-        toast.success("Layout updated");
-      } catch (error) {
-        toast.error(
-          "Failed to update layout: " +
-            (error instanceof Error ? error.message : "Unknown error"),
-        );
-      } finally {
-        setIsSaving(false);
-      }
-    };
-    doSave();
-  };
-
   const handleTogglePin = (connectionId: string, toolName: string) => {
     const pinned = pinnedViews.some(
       (v) => v.connectionId === connectionId && v.toolName === toolName,
     );
-    let nextPinned: PinnedView[];
-    let nextDefault = defaultMainView;
     if (pinned) {
-      nextPinned = pinnedViews.filter(
+      const nextPinned = pinnedViews.filter(
         (v) => !(v.connectionId === connectionId && v.toolName === toolName),
       );
+      writePinned(nextPinned);
       // If the unpinned view was the default, reset to chat
       const unpinnedKey = `ext-apps:${connectionId}:${toolName}`;
       if (defaultMainView === unpinnedKey) {
-        nextDefault = "chat";
-        setDefaultMainView(nextDefault);
+        writeLayout({ defaultMainView: { type: "chat" } });
       }
     } else {
-      nextPinned = [
+      writePinned([
         ...pinnedViews,
         {
           connectionId,
           toolName,
-          label: toolName.replace(/_/g, " "),
+          label: toTitleCase(toolName),
           icon: null,
         },
-      ];
+      ]);
     }
-    setPinnedViews(nextPinned);
-    saveLayout(nextPinned, nextDefault);
+    flushAndSave();
   };
 
   const handleLabelChange = (
@@ -788,8 +778,8 @@ function LayoutTabContent({ virtualMcpId }: { virtualMcpId: string }) {
     toolName: string,
     label: string,
   ) => {
-    setPinnedViews((prev) =>
-      prev.map((v) =>
+    writePinned(
+      pinnedViews.map((v) =>
         v.connectionId === connectionId && v.toolName === toolName
           ? { ...v, label }
           : v,
@@ -798,7 +788,7 @@ function LayoutTabContent({ virtualMcpId }: { virtualMcpId: string }) {
   };
 
   const handleLabelBlur = () => {
-    saveLayout(pinnedViews, defaultMainView);
+    flushAndSave();
   };
 
   const handleIconChange = (
@@ -806,24 +796,19 @@ function LayoutTabContent({ virtualMcpId }: { virtualMcpId: string }) {
     toolName: string,
     icon: string | null,
   ) => {
-    setPinnedViews((prev) =>
-      prev.map((v) =>
+    writePinned(
+      pinnedViews.map((v) =>
         v.connectionId === connectionId && v.toolName === toolName
           ? { ...v, icon }
           : v,
       ),
     );
-    const nextPinned = pinnedViews.map((v) =>
-      v.connectionId === connectionId && v.toolName === toolName
-        ? { ...v, icon }
-        : v,
-    );
-    saveLayout(nextPinned, defaultMainView);
+    flushAndSave();
   };
 
   const handleDefaultMainViewChange = (value: string) => {
-    setDefaultMainView(value);
-    saveLayout(pinnedViews, value);
+    writeLayout({ defaultMainView: parseDefaultMainView(value) });
+    flushAndSave();
   };
 
   const noConnections = connectionIds.length === 0;
@@ -840,9 +825,8 @@ function LayoutTabContent({ virtualMcpId }: { virtualMcpId: string }) {
   // matching the gating in main-panel-tabs/index.tsx.
   const defaultMainOptions: { value: string; label: string }[] = [
     { value: "chat", label: "Chat" },
-    { value: "instructions", label: "Instructions" },
-    { value: "connections", label: "Connections" },
-    { value: "layout", label: "Layout" },
+    { value: "settings", label: "Settings" },
+    { value: "automations", label: "Automations" },
   ];
   if (hasGithubRepo) {
     defaultMainOptions.push({ value: "env", label: "Terminal" });
@@ -855,195 +839,184 @@ function LayoutTabContent({ virtualMcpId }: { virtualMcpId: string }) {
     });
   }
 
+  const hasPinnedContent =
+    connectionsData.length > 0 || noConnections || noInteractiveTools;
+
   return (
-    <div className="flex flex-col gap-6">
-      <Page.Title>Layout</Page.Title>
-      <div className="space-y-3">
-        {/* Default view card */}
-        <Card className="hover:bg-card p-6 gap-6">
-          <CardContent className="p-0 space-y-4">
-            <div className="flex items-center justify-between gap-4">
-              <div className="space-y-0.5">
-                <Label className="font-normal text-foreground">Main view</Label>
-                <p className="text-xs text-muted-foreground">
-                  Configure what users see when they first open this agent.
-                </p>
-              </div>
-              <Select
-                value={defaultMainView}
-                onValueChange={handleDefaultMainViewChange}
-              >
-                <SelectTrigger className="w-44 h-8 text-sm capitalize">
-                  <SelectValue />
-                </SelectTrigger>
-                <SelectContent>
-                  {defaultMainOptions.map((opt) => (
-                    <SelectItem
-                      key={opt.value}
-                      value={opt.value}
-                      className="capitalize"
-                    >
-                      {opt.label}
-                    </SelectItem>
-                  ))}
-                </SelectContent>
-              </Select>
+    <div className="flex flex-col gap-3">
+      <div className="flex items-center justify-between gap-3">
+        <h2 className="text-sm font-medium text-foreground">Layout</h2>
+      </div>
+      <Card className="p-6 gap-5">
+        <CardContent className="p-0 space-y-5">
+          <div className="flex items-center justify-between gap-4">
+            <div className="space-y-0.5 min-w-0">
+              <Label className="font-normal text-foreground">Main view</Label>
+              <p className="text-xs text-muted-foreground">
+                What users see when they first open this agent.
+              </p>
             </div>
+            <Select
+              value={defaultMainView}
+              onValueChange={handleDefaultMainViewChange}
+            >
+              <SelectTrigger className="w-44 h-8 text-sm capitalize shrink-0">
+                <SelectValue />
+              </SelectTrigger>
+              <SelectContent>
+                {defaultMainOptions.map((opt) => (
+                  <SelectItem
+                    key={opt.value}
+                    value={opt.value}
+                    className="capitalize"
+                  >
+                    {opt.label}
+                  </SelectItem>
+                ))}
+              </SelectContent>
+            </Select>
+          </div>
 
-            <div className="flex items-center justify-between gap-4">
-              <div className="space-y-0.5">
-                <Label className="font-normal text-foreground">Show chat</Label>
+          <div className="flex items-center justify-between gap-4">
+            <div className="space-y-0.5 min-w-0">
+              <Label className="font-normal text-foreground">Show chat</Label>
+              <p className="text-xs text-muted-foreground">
+                Display the chat panel alongside the main view.
+              </p>
+            </div>
+            <Tooltip delayDuration={0}>
+              <TooltipTrigger asChild>
+                <span className="shrink-0">
+                  <Switch
+                    checked={
+                      defaultMainView === "chat" ? true : chatDefaultOpen
+                    }
+                    disabled={defaultMainView === "chat"}
+                    onCheckedChange={(checked) => {
+                      writeLayout({ chatDefaultOpen: checked });
+                      flushAndSave();
+                    }}
+                  />
+                </span>
+              </TooltipTrigger>
+              {defaultMainView === "chat" && (
+                <TooltipContent side="top">
+                  Chat is always shown when it is the default view
+                </TooltipContent>
+              )}
+            </Tooltip>
+          </div>
+        </CardContent>
+
+        {hasPinnedContent && (
+          <>
+            <div className="border-t border-border -mx-6" />
+            <CardContent className="p-0 space-y-3">
+              <div className="flex items-center justify-between gap-4">
+                <div className="space-y-0.5 min-w-0">
+                  <Label className="font-normal text-foreground">
+                    Pinned views
+                  </Label>
+                  <p className="text-xs text-muted-foreground">
+                    Surface interactive tools as top-level tabs in the agent.
+                  </p>
+                </div>
+              </div>
+              {noConnections && (
                 <p className="text-xs text-muted-foreground">
-                  Display the chat panel alongside the main view
+                  Add a connection above to configure pinned views.
                 </p>
-              </div>
-              <Tooltip delayDuration={0}>
-                <TooltipTrigger asChild>
-                  <span>
-                    <Switch
-                      checked={
-                        defaultMainView === "chat" ? true : chatDefaultOpen
-                      }
-                      disabled={defaultMainView === "chat" || isSaving}
-                      onCheckedChange={(checked) => {
-                        setChatDefaultOpen(checked);
-                        saveLayout(pinnedViews, defaultMainView, checked);
-                      }}
-                    />
-                  </span>
-                </TooltipTrigger>
-                {defaultMainView === "chat" && (
-                  <TooltipContent side="top">
-                    Chat is always shown when it is the default view
-                  </TooltipContent>
-                )}
-              </Tooltip>
-            </div>
-          </CardContent>
-        </Card>
-
-        {/* Pinned views card */}
-        <Card className="hover:bg-card p-6 gap-4">
-          <CardHeader className="p-0">
-            <span className="text-sm font-normal">Pinned views</span>
-          </CardHeader>
-          <CardContent className="p-0">
-            {noConnections && (
-              <p className="text-sm text-muted-foreground">
-                No connections yet. Add connections in the Connections tab to
-                configure pinned views.
-              </p>
-            )}
-            {noInteractiveTools && !noConnections && (
-              <p className="text-sm text-muted-foreground">
-                None of the connected servers have interactive tools available.
-              </p>
-            )}
-            {connectionsData.length > 0 && (
-              <div className="space-y-4">
-                {connectionsData.map((conn, connIdx) => (
-                  <div key={conn.id}>
-                    {connIdx > 0 && (
-                      <div className="border-t border-border -mx-6 mb-4" />
-                    )}
-                    <div className="flex items-center gap-2 mb-3">
-                      <IntegrationIcon
-                        icon={conn.icon}
-                        name={conn.title}
-                        size="xs"
-                        className="shrink-0"
-                      />
-                      <span className="text-sm font-medium text-muted-foreground">
-                        {conn.title}
-                      </span>
-                    </div>
-                    <div className="space-y-2">
-                      {conn.uiTools.map((tool) => {
-                        const pinned = pinnedViews.some(
-                          (v) =>
-                            v.connectionId === conn.id &&
-                            v.toolName === tool.name,
-                        );
-                        const pinnedView = pinnedViews.find(
-                          (v) =>
-                            v.connectionId === conn.id &&
-                            v.toolName === tool.name,
-                        );
-                        return (
-                          <div
-                            key={tool.name}
-                            className={cn(
-                              "flex items-center justify-between gap-3 px-3 py-2.5 rounded-lg border border-border transition-colors",
-                              pinned ? "bg-accent/30" : "bg-muted/20",
-                            )}
-                          >
-                            <div className="min-w-0 flex-1 flex items-center gap-2">
-                              <SimpleIconPicker
-                                value={pinnedView?.icon ?? null}
-                                onChange={(icon) =>
-                                  handleIconChange(conn.id, tool.name, icon)
-                                }
-                                disabled={!pinned || isSaving}
-                              />
-                              <Input
-                                value={
-                                  pinned && pinnedView
-                                    ? pinnedView.label
-                                    : tool.name.replace(/_/g, " ")
-                                }
-                                onChange={(e) =>
-                                  handleLabelChange(
-                                    conn.id,
-                                    tool.name,
-                                    e.target.value,
-                                  )
+              )}
+              {noInteractiveTools && !noConnections && (
+                <p className="text-xs text-muted-foreground">
+                  None of the connected servers expose interactive tools.
+                </p>
+              )}
+              {connectionsData.length > 0 && (
+                <div className="space-y-4 pt-1">
+                  {connectionsData.map((conn, connIdx) => (
+                    <div key={conn.id}>
+                      {connIdx > 0 && (
+                        <div className="border-t border-border -mx-6 mb-4" />
+                      )}
+                      <div className="flex items-center gap-2 mb-2.5">
+                        <IntegrationIcon
+                          icon={conn.icon}
+                          name={conn.title}
+                          size="xs"
+                          className="shrink-0"
+                        />
+                        <span className="text-xs font-medium text-muted-foreground">
+                          {conn.title}
+                        </span>
+                      </div>
+                      <div className="space-y-1.5">
+                        {conn.uiTools.map((tool) => {
+                          const pinned = pinnedViews.some(
+                            (v) =>
+                              v.connectionId === conn.id &&
+                              v.toolName === tool.name,
+                          );
+                          const pinnedView = pinnedViews.find(
+                            (v) =>
+                              v.connectionId === conn.id &&
+                              v.toolName === tool.name,
+                          );
+                          return (
+                            <div
+                              key={tool.name}
+                              className={cn(
+                                "flex items-center justify-between gap-3 px-3 py-2 rounded-lg border transition-colors",
+                                pinned
+                                  ? "bg-accent/40 border-border"
+                                  : "bg-transparent border-border",
+                              )}
+                            >
+                              <div className="min-w-0 flex-1 flex items-center gap-2">
+                                <SimpleIconPicker
+                                  value={pinnedView?.icon ?? null}
+                                  onChange={(icon) =>
+                                    handleIconChange(conn.id, tool.name, icon)
+                                  }
+                                  disabled={!pinned}
+                                />
+                                <Input
+                                  value={
+                                    pinned && pinnedView
+                                      ? pinnedView.label
+                                      : toTitleCase(tool.name)
+                                  }
+                                  onChange={(e) =>
+                                    handleLabelChange(
+                                      conn.id,
+                                      tool.name,
+                                      e.target.value,
+                                    )
+                                  }
+                                  onBlur={handleLabelBlur}
+                                  className="h-7 text-sm w-40"
+                                  disabled={!pinned}
+                                  readOnly={!pinned}
+                                />
+                              </div>
+                              <Switch
+                                checked={pinned}
+                                onCheckedChange={() =>
+                                  handleTogglePin(conn.id, tool.name)
                                 }
-                                onBlur={handleLabelBlur}
-                                className="h-7 text-sm w-40 capitalize"
-                                disabled={!pinned || isSaving}
-                                readOnly={!pinned}
                               />
                             </div>
-                            <Switch
-                              checked={pinned}
-                              onCheckedChange={() =>
-                                handleTogglePin(conn.id, tool.name)
-                              }
-                              disabled={isSaving}
-                            />
-                          </div>
-                        );
-                      })}
+                          );
+                        })}
+                      </div>
                     </div>
-                  </div>
-                ))}
-              </div>
-            )}
-          </CardContent>
-        </Card>
-
-        <div className="flex justify-end">
-          <Tooltip delayDuration={0}>
-            <TooltipTrigger asChild>
-              <Button
-                onClick={() => {
-                  navigate({
-                    to: "/$org/$taskId",
-                    params: {
-                      org: org.slug,
-                      taskId: crypto.randomUUID(),
-                    },
-                    search: { virtualmcpid: virtualMcpId },
-                  });
-                }}
-              >
-                Test layout
-              </Button>
-            </TooltipTrigger>
-            <TooltipContent side="top">Test agent page layout</TooltipContent>
-          </Tooltip>
-        </div>
-      </div>
+                  ))}
+                </div>
+              )}
+            </CardContent>
+          </>
+        )}
+      </Card>
     </div>
   );
 }
@@ -1055,13 +1028,9 @@ function LayoutTabContent({ virtualMcpId }: { virtualMcpId: string }) {
 
 function VirtualMcpDetailViewWithData({
   virtualMcp,
-  forceTab,
-  hideOwnTabBar,
   hideOwnTitle,
 }: {
   virtualMcp: VirtualMCPEntity;
-  forceTab?: "instructions" | "connections" | "layout";
-  hideOwnTabBar?: boolean;
   hideOwnTitle?: boolean;
 }) {
   const { org } = useProjectContext();
@@ -1071,6 +1040,7 @@ function VirtualMcpDetailViewWithData({
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   // Form setup
@@ -1093,81 +1063,142 @@ function VirtualMcpDetailViewWithData({
     settingsConnectionId: null,
   });
 
-  // Tab state — internal unless forced externally (e.g. by MainPanelContent)
-  const validTabIds = ["instructions", "connections", "layout"];
-  const [internalTab, setInternalTab] = useState(() => {
-    const stored = localStorage.getItem("agent-detail-tab") || "instructions";
-    // Migrate old "sidebar" tab to "layout"
-    const effective = stored === "sidebar" ? "layout" : stored;
-    return validTabIds.includes(effective) ? effective : "instructions";
-  });
-  const activeTab = forceTab ?? internalTab;
-  const setActiveTab = (id: string) => {
-    if (forceTab) return;
-    setInternalTab(id);
-  };
-  const { createTaskWithMessage } = useChatTask();
-  const { setChatMode } = useChatPrefs();
-  const { createNewTask } = usePanelActions();
+  const [instructionsFullscreen, setInstructionsFullscreen] = useState(false);
+  const [isImproving, setIsImproving] = useState(false);
+  const { createNewTask, setChatOpen } = usePanelActions();
+  const { sendMessage } = useChatBridge();
+  const ensureStudioPack = useEnsureStudioPack();
 
-  const handleImprovePrompt = () => {
+  const handleImprovePrompt = async () => {
+    if (isImproving) return;
     const currentInstructions = form.getValues("metadata.instructions");
     if (!currentInstructions?.trim()) return;
 
-    setChatMode("plan");
+    setIsImproving(true);
+    try {
+      forceSessionFlush();
+      track("agent_instructions_improve_clicked", {
+        agent_id: virtualMcp.id,
+        instructions_length: currentInstructions.length,
+      });
+
+      await ensureStudioPack(["studio-agent-manager"]);
 
-    createTaskWithMessage({
-      virtualMcpId: getDecopilotId(org.id),
-      message: {
-        parts: [
-          {
-            type: "text",
-            text: `/writing-prompts ${virtualMcp.id}\n\n<instructions>\n${currentInstructions}\n</instructions>`,
-          },
-        ],
-      },
-    });
+      setChatOpen(true);
+
+      await sendMessage({
+        tiptapDoc: buildImprovePromptDoc({
+          managerAgentId: StudioPackAgentId.AGENT_MANAGER(org.id),
+          managerName: "Agent Manager",
+          kind: "agent",
+          id: virtualMcp.id,
+          instructions: currentInstructions,
+        }),
+      });
+    } finally {
+      setIsImproving(false);
+    }
   };
 
   const handleTestAgent = () => {
+    forceSessionFlush();
+    track("agent_test_clicked", { agent_id: virtualMcp.id });
     createNewTask();
   };
 
-  const saveTimerRef = useRef<ReturnType<typeof setTimeout> | null>(null);
+  // Session-based tracking for agent_updated. Auto-saves persist every ~1s but
+  // we only emit one PostHog event per edit-session (aggregated fields +
+  // save_count + edit_duration_ms). A session ends after 30s of quiet.
+  const [editSession, dispatchEditSession] = useReducer(
+    editSessionReducer,
+    null,
+  );
 
-  const saveForm = async () => {
-    if (saveTimerRef.current) {
-      clearTimeout(saveTimerRef.current);
-      saveTimerRef.current = null;
-    }
+  const flushEditSession = () => {
+    if (editSession === null) return;
+    track("agent_updated", {
+      agent_id: virtualMcp.id,
+      fields: Array.from(editSession.fields),
+      instructions_length: editSession.instructionsLength,
+      save_count: editSession.saveCount,
+      edit_duration_ms: Date.now() - editSession.start,
+    });
+    dispatchEditSession({ type: "reset" });
+  };
+
+  const { schedule: scheduleSessionFlush, flush: forceSessionFlush } =
+    useDebouncedAutosave({
+      delayMs: 30_000,
+      save: async () => flushEditSession(),
+    });
 
-    const hasDirtyFields = Object.keys(form.formState.dirtyFields).length > 0;
-    if (!hasDirtyFields) return;
+  const saveForm = async () => {
+    // form.formState is a Proxy over React state. When saveForm runs
+    // synchronously after setValue (e.g. via flushAndSave), React hasn't
+    // processed the batched state update yet and form.formState.dirtyFields
+    // returns the previous render's snapshot — empty on the first edit — so
+    // the save would bail. Read control._formState.dirtyFields for the live,
+    // synchronously-updated value.
+    const dirtyKeys = Object.keys(
+      (
+        form.control as unknown as {
+          _formState: { dirtyFields: Record<string, unknown> };
+        }
+      )._formState.dirtyFields,
+    );
+    if (dirtyKeys.length === 0) return;
+    const instructionsDirty = dirtyKeys.includes("metadata");
 
     const formData = form.getValues();
-    const data = await actions.update.mutateAsync({
+    // Rebase the dirty baseline to the snapshot we're about to send so that
+    // an edit during the in-flight save that returns a value to its pre-save
+    // default still registers as dirty. keepValues preserves the user's
+    // current form values; only _defaultValues advances.
+    form.reset(formData, { keepValues: true });
+
+    await actions.update.mutateAsync({
       id: virtualMcp.id,
       data: formData,
     });
-    form.reset(data);
-  };
 
-  const debouncedSave = () => {
-    if (saveTimerRef.current) clearTimeout(saveTimerRef.current);
-    saveTimerRef.current = setTimeout(() => {
-      saveForm();
-    }, 1000);
+    // Accumulate into the current edit session and (re)schedule a flush
+    // 30s after the last save.
+    dispatchEditSession({
+      type: "accumulate",
+      now: Date.now(),
+      fields: dirtyKeys,
+      instructionsLength: instructionsDirty
+        ? (formData.metadata?.instructions?.length ?? 0)
+        : null,
+    });
+    scheduleSessionFlush();
   };
 
-  const watchSubscribedRef = useRef(false);
-  if (!watchSubscribedRef.current) {
-    watchSubscribedRef.current = true;
-    form.watch(() => {
-      debouncedSave();
-    });
-  }
+  const { schedule: debouncedSave, flush: flushAndSave } = useDebouncedAutosave(
+    { save: saveForm },
+  );
+
+  // form.watch(callback) fires whenever a value changes via setValue, but not
+  // on form.reset({ keepValues: true }) (which only emits state, no `values`
+  // key) — so saveForm's pre-mutate rebase does NOT loop. Edit handlers
+  // can just call form.setValue and trust this subscription to schedule the
+  // save. flushAndSave remains for explicit "save NOW" semantics (blurs,
+  // toggles).
+  // oxlint-disable-next-line ban-use-effect/ban-use-effect
+  useEffect(() => {
+    const sub = form.watch(() => debouncedSave());
+    return () => sub.unsubscribe();
+    // debouncedSave is stable for our purpose: its closure only mediates
+    // through stable refs inside useDebouncedAutosave, so the mount-time
+    // reference stays valid for the component's lifetime.
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, []);
 
   const handleOpenAddDialog = () => {
+    track("connections_dialog_opened", {
+      source: "agent_settings",
+      mode: "add",
+    });
     dispatch({ type: "SET_ADD_DIALOG_OPEN", payload: true });
   };
 
@@ -1192,10 +1223,14 @@ function VirtualMcpDetailViewWithData({
     dispatch({ type: "SET_ADD_DIALOG_OPEN", payload: false });
 
     // Auto-trigger OAuth if the connection needs authorization
-    const mcpProxyUrl = new URL(`/mcp/${connectionId}`, window.location.origin);
+    const mcpProxyUrl = new URL(
+      `/api/${org.slug}/mcp/${connectionId}`,
+      window.location.origin,
+    );
     const authStatus = await isConnectionAuthenticated({
       url: mcpProxyUrl.href,
       token: null,
+      orgId: org.id,
     });
     if (authStatus.supportsOAuth && !authStatus.isAuthenticated) {
       await handleAuthenticate(connectionId);
@@ -1260,10 +1295,14 @@ function VirtualMcpDetailViewWithData({
       });
 
       // Handle OAuth if needed
-      const mcpProxyUrl = new URL(`/mcp/${newId}`, window.location.origin);
+      const mcpProxyUrl = new URL(
+        `/api/${org.slug}/mcp/${newId}`,
+        window.location.origin,
+      );
       const authStatus = await isConnectionAuthenticated({
         url: mcpProxyUrl.href,
         token: null,
+        orgId: org.id,
       });
       if (authStatus.supportsOAuth && !authStatus.isAuthenticated) {
         const email = await handleAuthenticate(newId);
@@ -1296,6 +1335,8 @@ function VirtualMcpDetailViewWithData({
   ): Promise<string | null> => {
     const { token, tokenInfo, error } = await authenticateMcp({
       connectionId,
+      orgSlug: org.slug,
+      scope: "offline_access",
     });
     if (error || !token) {
       toast.error(`Authentication failed: ${error}`);
@@ -1305,10 +1346,12 @@ function VirtualMcpDetailViewWithData({
     if (tokenInfo) {
       try {
         const response = await fetch(
-          `/api/connections/${connectionId}/oauth-token`,
+          `/api/${org.slug}/connections/${connectionId}/oauth-token`,
           {
             method: "POST",
-            headers: { "Content-Type": "application/json" },
+            headers: {
+              "Content-Type": "application/json",
+            },
             credentials: "include",
             body: JSON.stringify({
               accessToken: tokenInfo.accessToken,
@@ -1354,7 +1397,10 @@ function VirtualMcpDetailViewWithData({
       });
     }
 
-    const mcpProxyUrl = new URL(`/mcp/${connectionId}`, window.location.origin);
+    const mcpProxyUrl = new URL(
+      `/api/${org.slug}/mcp/${connectionId}`,
+      window.location.origin,
+    );
     await queryClient.invalidateQueries({
       queryKey: KEYS.isMCPAuthenticated(mcpProxyUrl.href, null),
     });
@@ -1401,8 +1447,13 @@ Define step-by-step how the agent should handle requests.
   const [deleteDialogOpen, setDeleteDialogOpen] = useState(false);
 
   const handleDelete = async () => {
+    forceSessionFlush();
     try {
       await actions.delete.mutateAsync(virtualMcp.id);
+      track("agent_deleted", {
+        agent_id: virtualMcp.id,
+        source: "agent_detail",
+      });
       toast.success(`Deleted "${virtualMcp.title}"`);
       navigate({ to: "/$org", params: { org: org.slug } });
     } catch {
@@ -1410,25 +1461,11 @@ Define step-by-step how the agent should handle requests.
     }
   };
 
-  // Variant-specific tabs
-  const tabs = [
-    {
-      id: "instructions",
-      label: "Instructions",
-    },
-    {
-      id: "connections",
-      label: "Connections",
-      count: connections.length || undefined,
-    },
-    { id: "layout", label: "Layout" },
-  ];
-
   return (
     <Page>
       <Page.Content>
         <Page.Body>
-          <div className="flex flex-col gap-6">
+          <div className="flex flex-col gap-10">
             {!hideOwnTitle && (
               <Page.Title
                 actions={
@@ -1456,134 +1493,198 @@ Define step-by-step how the agent should handle requests.
               </Page.Title>
             )}
 
-            {/* Tabs */}
-            {!hideOwnTabBar && (
-              <div className="flex flex-wrap items-center justify-between gap-3">
-                <CollectionTabs
-                  tabs={tabs}
-                  activeTab={activeTab}
-                  onTabChange={(id) => {
-                    setActiveTab(id);
-                    localStorage.setItem("agent-detail-tab", id);
-                  }}
+            {/* Agent identity header */}
+            <div className="flex items-center gap-3">
+              <Controller
+                name="icon"
+                control={form.control}
+                render={({ field }) => (
+                  <IconPicker
+                    value={field.value ?? null}
+                    onChange={(icon) => {
+                      field.onChange(icon);
+                      flushAndSave();
+                    }}
+                    onColorChange={(color) => {
+                      form.setValue("metadata.ui.themeColor", color, {
+                        shouldDirty: true,
+                      });
+                      flushAndSave();
+                    }}
+                    name={form.watch("title") || "Agent"}
+                    size="md"
+                    className="shrink-0"
+                    avatarClassName="[&_svg]:w-1/2 [&_svg]:h-1/2"
+                    disabled={hasGithubRepo}
+                  />
+                )}
+              />
+              <div className="flex flex-col flex-1 min-w-0">
+                <Controller
+                  name="title"
+                  control={form.control}
+                  render={({ field }) => (
+                    <input
+                      {...field}
+                      type="text"
+                      value={field.value ?? ""}
+                      onChange={(e) => {
+                        field.onChange(e);
+                      }}
+                      onBlur={() => {
+                        field.onBlur();
+                        flushAndSave();
+                      }}
+                      disabled={hasGithubRepo}
+                      placeholder="Agent name"
+                      className="text-lg font-medium leading-tight text-foreground bg-transparent border-none outline-none px-1 -mx-1 rounded hover:bg-input/25 focus:bg-input/25 transition-colors w-full truncate disabled:hover:bg-transparent disabled:focus:bg-transparent disabled:opacity-50"
+                    />
+                  )}
+                />
+                <Controller
+                  name="description"
+                  control={form.control}
+                  render={({ field }) => (
+                    <input
+                      {...field}
+                      type="text"
+                      value={field.value ?? ""}
+                      onChange={(e) => {
+                        field.onChange(e);
+                      }}
+                      onBlur={() => {
+                        field.onBlur();
+                        flushAndSave();
+                      }}
+                      disabled={hasGithubRepo}
+                      placeholder="Add a description..."
+                      className="text-sm text-muted-foreground bg-transparent border-none outline-none px-1 -mx-1 rounded hover:bg-input/25 focus:bg-input/25 transition-colors w-full truncate disabled:hover:bg-transparent disabled:focus:bg-transparent disabled:opacity-50"
+                    />
+                  )}
                 />
-                {activeTab === "connections" && (
+              </div>
+              <Button
+                variant="outline"
+                size="sm"
+                className="shrink-0"
+                onClick={() => {
+                  track("agent_connect_modal_opened", {
+                    agent_id: virtualMcp.id,
+                  });
+                  dispatch({
+                    type: "SET_SHARE_DIALOG_OPEN",
+                    payload: true,
+                  });
+                }}
+              >
+                <span className="flex items-center -space-x-1.5 mr-0.5">
+                  <span className="inline-flex items-center justify-center size-4 rounded-full bg-black ring-1 ring-white/20 shrink-0">
+                    <img
+                      src="/logos/cursor.svg"
+                      alt="Cursor"
+                      className="size-2.5 brightness-0 invert"
+                    />
+                  </span>
+                  <span
+                    className="relative z-10 inline-flex items-center justify-center size-4 rounded-full ring-1 ring-background shrink-0"
+                    style={{ backgroundColor: "#D97757" }}
+                  >
+                    <img
+                      src="/logos/Claude Code.svg"
+                      alt="Claude"
+                      className="size-2.5 brightness-0 invert"
+                    />
+                  </span>
+                </span>
+                Connect
+              </Button>
+            </div>
+
+            {/* Creator metadata */}
+            <div className="flex items-center gap-2 -mt-6 text-muted-foreground">
+              <User
+                id={virtualMcp.created_by}
+                size="2xs"
+                className="text-sm text-muted-foreground"
+              />
+              <span className="text-muted-foreground/50 text-sm">·</span>
+              <span className="text-sm">
+                {new Date(virtualMcp.created_at).toLocaleDateString("en-US", {
+                  month: "short",
+                  day: "numeric",
+                  year: "numeric",
+                })}
+              </span>
+            </div>
+
+            {/* Connections section */}
+            <section className="flex flex-col gap-3">
+              <div className="flex items-center justify-between gap-3">
+                <h2 className="text-sm font-medium text-foreground">
+                  Connections
+                </h2>
+                {connections.length > 0 && (
                   <Button
                     variant="outline"
                     size="sm"
                     onClick={handleOpenAddDialog}
                   >
-                    <Plus size={13} />
-                    Add
+                    <Plus size={14} />
+                    Add connection
                   </Button>
                 )}
               </div>
-            )}
-
-            {/* Tab content */}
-            {activeTab === "instructions" && (
-              <>
-                <div className="flex items-center gap-3">
-                  <Controller
-                    name="icon"
-                    control={form.control}
-                    render={({ field }) => (
-                      <IconPicker
-                        value={field.value ?? null}
-                        onChange={(icon) => {
-                          field.onChange(icon);
-                          saveForm();
-                        }}
-                        onColorChange={(color) => {
-                          form.setValue("metadata.ui.themeColor", color, {
-                            shouldDirty: true,
-                          });
-                          saveForm();
-                        }}
-                        name={form.watch("title") || "Agent"}
-                        size="md"
-                        className="shrink-0"
-                        avatarClassName="[&_svg]:w-1/2 [&_svg]:h-1/2"
-                        disabled={hasGithubRepo}
-                      />
-                    )}
-                  />
-                  <div className="flex flex-col flex-1 min-w-0">
-                    <Controller
-                      name="title"
-                      control={form.control}
-                      render={({ field }) => (
-                        <input
-                          {...field}
-                          type="text"
-                          value={field.value ?? ""}
-                          onBlur={() => {
-                            field.onBlur();
-                            saveForm();
-                          }}
-                          disabled={hasGithubRepo}
-                          placeholder="Agent name"
-                          className="text-lg font-medium leading-tight text-foreground bg-transparent border-none outline-none px-1 -mx-1 rounded hover:bg-input/25 focus:bg-input/25 transition-colors w-full truncate disabled:hover:bg-transparent disabled:focus:bg-transparent disabled:opacity-50"
-                        />
-                      )}
-                    />
-                    <Controller
-                      name="description"
-                      control={form.control}
-                      render={({ field }) => (
-                        <input
-                          {...field}
-                          type="text"
-                          value={field.value ?? ""}
-                          onBlur={() => {
-                            field.onBlur();
-                            saveForm();
-                          }}
-                          disabled={hasGithubRepo}
-                          placeholder="Add a description..."
-                          className="text-sm text-muted-foreground bg-transparent border-none outline-none px-1 -mx-1 rounded hover:bg-input/25 focus:bg-input/25 transition-colors w-full truncate disabled:hover:bg-transparent disabled:focus:bg-transparent disabled:opacity-50"
-                        />
-                      )}
-                    />
-                  </div>
-                  <Button
-                    variant="outline"
-                    size="sm"
-                    className="shrink-0"
-                    onClick={() =>
-                      dispatch({
-                        type: "SET_SHARE_DIALOG_OPEN",
-                        payload: true,
-                      })
-                    }
+              <div className="flex flex-col gap-2">
+                {connections.length === 0 ? (
+                  <button
+                    type="button"
+                    onClick={handleOpenAddDialog}
+                    className="flex items-center gap-3 px-3 py-2.5 rounded-lg border border-dashed border-border hover:bg-accent/50 transition-colors w-full text-left cursor-pointer"
                   >
-                    <span className="flex items-center -space-x-1.5 mr-0.5">
-                      {/* Cursor — behind */}
-                      <span className="inline-flex items-center justify-center size-4 rounded-full bg-black ring-1 ring-white/20 shrink-0">
-                        <img
-                          src="/logos/cursor.svg"
-                          alt="Cursor"
-                          className="size-2.5 brightness-0 invert"
-                        />
-                      </span>
-                      {/* Claude — on top */}
-                      <span
-                        className="relative z-10 inline-flex items-center justify-center size-4 rounded-full ring-1 ring-background shrink-0"
-                        style={{ backgroundColor: "#D97757" }}
-                      >
-                        <img
-                          src="/logos/Claude Code.svg"
-                          alt="Claude"
-                          className="size-2.5 brightness-0 invert"
-                        />
-                      </span>
+                    <div className="flex items-center justify-center size-8 rounded-md text-muted-foreground/75 border border-dashed border-border shrink-0">
+                      <Plus size={16} />
+                    </div>
+                    <span className="text-sm text-muted-foreground">
+                      No connections yet. Add one to get started.
                     </span>
-                    Connect
-                  </Button>
-                </div>
-
+                  </button>
+                ) : (
+                  connections.map((conn) => (
+                    <ErrorBoundary
+                      key={conn.connection_id}
+                      fallback={() => null}
+                    >
+                      <Suspense fallback={<ConnectionItemSkeleton />}>
+                        <ConnectionItem
+                          connection_id={conn.connection_id}
+                          usedConnectionIds={addedConnectionIds}
+                          onOpenSettings={() =>
+                            handleOpenSettings(conn.connection_id)
+                          }
+                          onRemove={() =>
+                            handleRemoveConnection(conn.connection_id)
+                          }
+                          onAuthenticate={handleAuthenticate}
+                          onSwitchInstance={handleSwitchInstance}
+                          onNewInstance={() =>
+                            handleNewInstance(conn.connection_id)
+                          }
+                        />
+                      </Suspense>
+                    </ErrorBoundary>
+                  ))
+                )}
+              </div>
+            </section>
+
+            {/* Instructions section */}
+            <section className="flex flex-col gap-3">
+              <div className="flex items-center justify-between gap-3">
+                <h2 className="text-sm font-medium text-foreground">
+                  Instructions
+                </h2>
                 {!hasGithubRepo && (
-                  <div className="flex items-center justify-end gap-2">
+                  <div className="flex items-center gap-2">
                     {!form.watch("metadata.instructions")?.trim() && (
                       <Button
                         variant="outline"
@@ -1596,7 +1697,10 @@ Define step-by-step how the agent should handle requests.
                     <Button
                       variant="outline"
                       size="sm"
-                      disabled={!form.watch("metadata.instructions")?.trim()}
+                      disabled={
+                        isImproving ||
+                        !form.watch("metadata.instructions")?.trim()
+                      }
                       onClick={handleImprovePrompt}
                     >
                       <Stars01 size={13} />
@@ -1604,89 +1708,72 @@ Define step-by-step how the agent should handle requests.
                     </Button>
                   </div>
                 )}
-
-                <Controller
-                  name="metadata.instructions"
-                  control={form.control}
-                  render={({ field }) => (
+              </div>
+              <Controller
+                name="metadata.instructions"
+                control={form.control}
+                render={({ field }) => (
+                  <div className="relative rounded-xl card-shadow bg-card focus-within:ring-1 focus-within:ring-ring">
                     <Textarea
                       {...field}
                       value={field.value ?? ""}
+                      onChange={(e) => {
+                        field.onChange(e);
+                      }}
                       onBlur={() => {
                         field.onBlur();
-                        saveForm();
+                        flushAndSave();
                       }}
                       disabled={hasGithubRepo}
                       placeholder="Define how this agent should behave, what tone to use, any constraints or guidelines..."
-                      className="min-h-[300px] flex-1 resize-none text-base text-muted-foreground placeholder:text-muted-foreground/40 leading-relaxed border-0 rounded-none shadow-none px-0 focus-visible:ring-0 focus-visible:ring-offset-0 focus:border-0 bg-transparent"
+                      className="min-h-[200px] max-h-[360px] overflow-auto resize-none text-base text-muted-foreground placeholder:text-muted-foreground/40 leading-relaxed border-0 shadow-none px-4 py-3 pr-11 focus-visible:ring-0 focus-visible:ring-offset-0 bg-transparent"
                       style={{ boxShadow: "none" }}
                     />
-                  )}
-                />
-              </>
-            )}
-
-            {activeTab === "connections" && (
-              <div className="flex flex-col gap-6">
-                <Page.Title
-                  actions={
-                    connections.length > 0 ? (
-                      <Button size="sm" onClick={handleOpenAddDialog}>
-                        <Plus size={14} />
-                        Add connection
-                      </Button>
-                    ) : undefined
-                  }
-                >
-                  Connections
-                </Page.Title>
-                <div className="flex flex-col gap-2">
-                  {connections.length === 0 ? (
-                    <button
-                      type="button"
-                      onClick={handleOpenAddDialog}
-                      className="flex items-center gap-3 px-3 py-2.5 rounded-lg border border-dashed border-border hover:bg-accent/50 transition-colors w-full text-left cursor-pointer"
-                    >
-                      <div className="flex items-center justify-center size-8 rounded-md text-muted-foreground/75 border border-dashed border-border shrink-0">
-                        <Plus size={16} />
-                      </div>
-                      <span className="text-sm text-muted-foreground">
-                        No connections yet. Add one to get started.
-                      </span>
-                    </button>
-                  ) : (
-                    connections.map((conn) => (
-                      <ErrorBoundary
-                        key={conn.connection_id}
-                        fallback={() => null}
-                      >
-                        <Suspense fallback={<ConnectionItemSkeleton />}>
-                          <ConnectionItem
-                            connection_id={conn.connection_id}
-                            usedConnectionIds={addedConnectionIds}
-                            onOpenSettings={() =>
-                              handleOpenSettings(conn.connection_id)
-                            }
-                            onRemove={() =>
-                              handleRemoveConnection(conn.connection_id)
-                            }
-                            onAuthenticate={handleAuthenticate}
-                            onSwitchInstance={handleSwitchInstance}
-                            onNewInstance={() =>
-                              handleNewInstance(conn.connection_id)
-                            }
-                          />
-                        </Suspense>
-                      </ErrorBoundary>
-                    ))
-                  )}
-                </div>
+                    <Tooltip delayDuration={0}>
+                      <TooltipTrigger asChild>
+                        <Button
+                          type="button"
+                          variant="ghost"
+                          size="icon"
+                          className="absolute top-2 right-2 h-7 w-7 text-muted-foreground"
+                          onClick={() => setInstructionsFullscreen(true)}
+                          aria-label="Open fullscreen editor"
+                        >
+                          <Maximize01 size={14} />
+                        </Button>
+                      </TooltipTrigger>
+                      <TooltipContent side="left">Fullscreen</TooltipContent>
+                    </Tooltip>
+                  </div>
+                )}
+              />
+            </section>
+
+            {/* Layout section */}
+            <LayoutTabContent
+              virtualMcpId={virtualMcp.id}
+              form={form}
+              flushAndSave={flushAndSave}
+            />
+
+            {/* Danger zone */}
+            <section className="flex items-center justify-between border-t border-border pt-6">
+              <div>
+                <p className="text-sm font-medium">Delete agent</p>
+                <p className="text-sm text-muted-foreground">
+                  Permanently delete this agent and all its data.
+                </p>
               </div>
-            )}
-
-            {activeTab === "layout" && (
-              <LayoutTabContent virtualMcpId={virtualMcp.id} />
-            )}
+              <Button
+                variant="outline"
+                size="sm"
+                className="text-destructive border-destructive/40 hover:bg-destructive/10 hover:text-destructive shrink-0"
+                onClick={() => setDeleteDialogOpen(true)}
+              >
+                <Trash01 size={14} />
+                Delete agent
+              </Button>
+            </section>
           </div>
         </Page.Body>
       </Page.Content>
@@ -1721,6 +1808,7 @@ Define step-by-step how the agent should handle requests.
         onOpenChange={(open) =>
           dispatch({ type: "SET_ADD_DIALOG_OPEN", payload: open })
         }
+        agentId={virtualMcp.id}
         addedConnectionIds={addedConnectionIds}
         onAdd={handleAddConnection}
       />
@@ -1745,6 +1833,40 @@ Define step-by-step how the agent should handle requests.
         }
         virtualMcp={virtualMcp}
       />
+
+      <Dialog
+        open={instructionsFullscreen}
+        onOpenChange={setInstructionsFullscreen}
+      >
+        <DialogContent className="w-[90vw] sm:max-w-6xl h-[85vh] flex flex-col p-0 gap-0">
+          <DialogHeader className="px-6 pt-6 pb-3 border-b border-border shrink-0">
+            <DialogTitle>Instructions</DialogTitle>
+          </DialogHeader>
+          <div className="flex-1 min-h-0 p-6">
+            <Controller
+              name="metadata.instructions"
+              control={form.control}
+              render={({ field }) => (
+                <Textarea
+                  {...field}
+                  value={field.value ?? ""}
+                  onChange={(e) => {
+                    field.onChange(e);
+                  }}
+                  onBlur={() => {
+                    field.onBlur();
+                    flushAndSave();
+                  }}
+                  disabled={hasGithubRepo}
+                  placeholder="Define how this agent should behave, what tone to use, any constraints or guidelines..."
+                  className="w-full h-full resize-none text-base text-muted-foreground placeholder:text-muted-foreground/40 leading-relaxed rounded-xl card-shadow px-4 py-3 focus-visible:ring-1 focus-visible:ring-ring focus-visible:ring-offset-0 bg-card border-0"
+                  style={{ boxShadow: "none" }}
+                />
+              )}
+            />
+          </div>
+        </DialogContent>
+      </Dialog>
     </Page>
   );
 }
@@ -1755,13 +1877,9 @@ Define step-by-step how the agent should handle requests.
 
 export function VirtualMcpDetailView({
   virtualMcpId,
-  forceTab,
-  hideOwnTabBar,
   hideOwnTitle,
 }: {
   virtualMcpId: string;
-  forceTab?: "instructions" | "connections" | "layout";
-  hideOwnTabBar?: boolean;
   hideOwnTitle?: boolean;
 }) {
   const navigate = useNavigate();
@@ -1796,8 +1914,6 @@ export function VirtualMcpDetailView({
     <VirtualMcpDetailViewWithData
       key={getActiveGithubRepo(virtualMcp)?.connectionId ?? ""}
       virtualMcp={virtualMcp}
-      forceTab={forceTab}
-      hideOwnTabBar={hideOwnTabBar}
       hideOwnTitle={hideOwnTitle}
     />
   );
diff --git a/apps/mesh/src/web/views/virtual-mcp/virtual-mcp-share-modal.tsx b/apps/mesh/src/web/views/virtual-mcp/virtual-mcp-share-modal.tsx
index c2a9531ce3..3a3b5e508b 100644
--- a/apps/mesh/src/web/views/virtual-mcp/virtual-mcp-share-modal.tsx
+++ b/apps/mesh/src/web/views/virtual-mcp/virtual-mcp-share-modal.tsx
@@ -22,6 +22,7 @@ import { Check, Copy01, Key01, Loading01 } from "@untitledui/icons";
 import { cn } from "@deco/ui/lib/utils.ts";
 import { Suspense, useState } from "react";
 import { toast } from "sonner";
+import { track } from "@/web/lib/posthog-client";
 
 /**
  * Unicode-safe base64 encoding for browser environments
@@ -40,6 +41,7 @@ function utf8ToBase64(str: string): string {
  */
 interface ShareButtonProps {
   url: string;
+  agentId: string;
 }
 
 interface ShareWithNameProps extends ShareButtonProps {
@@ -49,10 +51,14 @@ interface ShareWithNameProps extends ShareButtonProps {
 /**
  * Copy URL Button Component
  */
-function CopyUrlButton({ url }: ShareButtonProps) {
+function CopyUrlButton({ url, agentId }: ShareButtonProps) {
   const [copied, setCopied] = useState(false);
 
   const handleCopy = async () => {
+    track("agent_connect_action", {
+      agent_id: agentId,
+      action: "copy_url",
+    });
     await navigator.clipboard.writeText(url);
     setCopied(true);
     toast.success("Agent URL copied to clipboard");
@@ -81,8 +87,12 @@ function CopyUrlButton({ url }: ShareButtonProps) {
 /**
  * Install on Cursor Button Component
  */
-function InstallCursorButton({ url, serverName }: ShareWithNameProps) {
+function InstallCursorButton({ url, serverName, agentId }: ShareWithNameProps) {
   const handleInstall = () => {
+    track("agent_connect_action", {
+      agent_id: agentId,
+      action: "install_cursor",
+    });
     const slugifiedServerName = slugify(serverName);
     const connectionConfig = {
       type: "http",
@@ -124,10 +134,14 @@ function InstallCursorButton({ url, serverName }: ShareWithNameProps) {
 /**
  * Install on Claude Code Button Component
  */
-function InstallClaudeButton({ url, serverName }: ShareWithNameProps) {
+function InstallClaudeButton({ url, serverName, agentId }: ShareWithNameProps) {
   const [copied, setCopied] = useState(false);
 
   const handleInstall = async () => {
+    track("agent_connect_action", {
+      agent_id: agentId,
+      action: "install_claude_code",
+    });
     const slugifiedServerName = slugify(serverName);
     const connectionConfig = {
       type: "http",
@@ -180,6 +194,7 @@ function TypegenSectionInner({ virtualMcp }: { virtualMcp: VirtualMCPEntity }) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   const [apiKey, setApiKey] = useState<string | null>(null);
   const [generating, setGenerating] = useState(false);
@@ -204,7 +219,9 @@ function TypegenSectionInner({ virtualMcp }: { virtualMcp: VirtualMCPEntity }) {
       const key = result.structuredContent?.key;
       if (!key) throw new Error("No key in response");
       setApiKey(key);
+      track("agent_typegen_key_generated", { agent_id: mcpId });
     } catch {
+      track("agent_typegen_key_failed", { agent_id: mcpId });
       toast.error("Failed to generate API key");
     } finally {
       setGenerating(false);
@@ -212,6 +229,11 @@ function TypegenSectionInner({ virtualMcp }: { virtualMcp: VirtualMCPEntity }) {
   };
 
   const handleCopy = async () => {
+    track("agent_connect_action", {
+      agent_id: mcpId,
+      action: "typegen_copy_command",
+      has_api_key: Boolean(apiKey),
+    });
     await navigator.clipboard.writeText(command);
     setCopied(true);
     toast.success("Command copied to clipboard");
@@ -283,12 +305,18 @@ function TypegenSectionInner({ virtualMcp }: { virtualMcp: VirtualMCPEntity }) {
       <p className="text-xs font-medium text-muted-foreground">
         Runtime variables
       </p>
-      <EnvVarsBlock apiKey={apiKey} />
+      <EnvVarsBlock apiKey={apiKey} agentId={mcpId} />
     </div>
   );
 }
 
-function EnvVarsBlock({ apiKey }: { apiKey: string | null }) {
+function EnvVarsBlock({
+  apiKey,
+  agentId,
+}: {
+  apiKey: string | null;
+  agentId: string;
+}) {
   const [copied, setCopied] = useState(false);
   const meshUrl = window.location.origin;
   const keyLine = apiKey ? `MESH_API_KEY=${apiKey}` : `MESH_API_KEY=<api-key>`;
@@ -296,6 +324,11 @@ function EnvVarsBlock({ apiKey }: { apiKey: string | null }) {
   const envBlock = `${keyLine}\n${urlLine}`;
 
   const handleCopy = async () => {
+    track("agent_connect_action", {
+      agent_id: agentId,
+      action: "typegen_copy_env",
+      has_api_key: Boolean(apiKey),
+    });
     await navigator.clipboard.writeText(envBlock);
     setCopied(true);
     setTimeout(() => setCopied(false), 2000);
@@ -349,9 +382,10 @@ export function VirtualMCPShareModal({
   onOpenChange: (open: boolean) => void;
   virtualMcp: VirtualMCPEntity;
 }) {
+  const { org } = useProjectContext();
   // Virtual MCPs (agents) are accessed via the virtual-mcp endpoint
   const virtualMcpUrl = new URL(
-    `/mcp/virtual-mcp/${virtualMcp.id}`,
+    `/api/${org.slug}/mcp/virtual-mcp/${virtualMcp.id}`,
     window.location.origin,
   );
 
@@ -366,14 +400,16 @@ export function VirtualMCPShareModal({
       {/* Action Buttons */}
       <div className="flex flex-col gap-3 pt-2">
         <div className="grid grid-cols-3 gap-2">
-          <CopyUrlButton url={virtualMcpUrl.href} />
+          <CopyUrlButton url={virtualMcpUrl.href} agentId={virtualMcp.id} />
           <InstallCursorButton
             url={virtualMcpUrl.href}
             serverName={serverName}
+            agentId={virtualMcp.id}
           />
           <InstallClaudeButton
             url={virtualMcpUrl.href}
             serverName={serverName}
+            agentId={virtualMcp.id}
           />
         </div>
       </div>
diff --git a/bun.lock b/bun.lock
index 6fca37ca33..c72533667d 100644
--- a/bun.lock
+++ b/bun.lock
@@ -53,7 +53,7 @@
     },
     "apps/mesh": {
       "name": "decocms",
-      "version": "2.261.0",
+      "version": "2.302.6",
       "bin": {
         "deco": "./dist/server/cli.js",
       },
@@ -65,12 +65,10 @@
         "@aws-sdk/client-s3": "^3.1013.0",
         "@aws-sdk/s3-request-presigner": "^3.1013.0",
         "@clickhouse/client": "^1.8.1",
+        "@deco-cx/warp-node": "^0.3.20",
         "@dnd-kit/core": "^6.3.1",
         "@dnd-kit/sortable": "^10.0.0",
         "@dnd-kit/utilities": "^3.2.2",
-        "@freestyle-sh/with-bun": "^0.2.12",
-        "@freestyle-sh/with-deno": "^0.0.4",
-        "@freestyle-sh/with-nodejs": "^0.2.9",
         "@inkjs/ui": "^2.0.0",
         "@modelcontextprotocol/ext-apps": "^1.2.2",
         "@openrouter/ai-sdk-provider": "^2.2.5",
@@ -81,10 +79,12 @@
         "ai-sdk-provider-claude-code": "^3.4.4",
         "ai-sdk-provider-codex-cli": "^1.1.0",
         "embedded-postgres": "^18.3.0-beta.16",
-        "freestyle-sandboxes": "^0.1.46",
         "ink": "^6.8.0",
         "kysely": "^0.28.12",
         "nats": "^2.29.3",
+        "node-pty": "^1.0.0",
+        "posthog-js": "^1.371.1",
+        "posthog-node": "^5.0.0",
         "react": "^19.2.0",
         "react-dom": "^19.2.0",
       },
@@ -100,6 +100,7 @@
         "@decocms/mcp-utils": "workspace:*",
         "@decocms/mesh-sdk": "workspace:*",
         "@decocms/runtime": "workspace:*",
+        "@decocms/sandbox": "workspace:*",
         "@decocms/vite-plugin": "workspace:*",
         "@electric-sql/pglite": "^0.3.15",
         "@floating-ui/react": "^0.27.16",
@@ -185,6 +186,10 @@
       },
       "optionalDependencies": {
         "@duckdb/node-api": "^1.5.0-r.1",
+        "@freestyle-sh/with-bun": "^0.2.12",
+        "@freestyle-sh/with-deno": "^0.0.4",
+        "@freestyle-sh/with-nodejs": "^0.2.9",
+        "freestyle-sandboxes": "^0.1.46",
       },
     },
     "packages/bindings": {
@@ -269,7 +274,7 @@
     },
     "packages/runtime": {
       "name": "@decocms/runtime",
-      "version": "1.4.0",
+      "version": "1.6.0",
       "dependencies": {
         "@ai-sdk/provider": "^3.0.0",
         "@cloudflare/workers-types": "^4.20250617.0",
@@ -289,6 +294,25 @@
         "ai": ">=6.0.0",
       },
     },
+    "packages/sandbox": {
+      "name": "@decocms/sandbox",
+      "version": "0.3.2",
+      "dependencies": {
+        "@kubernetes/client-node": "^1.4.0",
+        "@opentelemetry/api": "^1.9.0",
+        "node-pty": "^1.0.0",
+      },
+      "devDependencies": {
+        "@types/bun": "latest",
+        "typescript": "^5.8.3",
+      },
+      "optionalDependencies": {
+        "@freestyle-sh/with-bun": "^0.2.12",
+        "@freestyle-sh/with-deno": "^0.0.4",
+        "@freestyle-sh/with-nodejs": "^0.2.9",
+        "freestyle-sandboxes": "^0.1.46",
+      },
+    },
     "packages/typegen": {
       "name": "@decocms/typegen",
       "version": "0.1.3",
@@ -374,6 +398,7 @@
     },
   },
   "trustedDependencies": [
+    "node-pty",
     "@duckdb/node-bindings",
     "@duckdb/node-api",
   ],
@@ -410,23 +435,39 @@
     "fast-xml-parser": "5.4.2",
   },
   "packages": {
-    "@ai-sdk/anthropic": ["@ai-sdk/anthropic@3.0.58", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.19" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-/53SACgmVukO4bkms4dpxpRlYhW8Ct6QZRe6sj1Pi5H00hYhxIrqfiLbZBGxkdRvjsBQeP/4TVGsXgH5rQeb8Q=="],
+    "@ai-sdk/anthropic": ["@ai-sdk/anthropic@3.0.71", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.23" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-bUWOzrzR0gJKJO/PLGMR4uH2dqEgqGhrsCV+sSpk4KtOEnUQlfjZI/F7BFlqSvVpFbjdgYRRLysAeEZpJ6S1lg=="],
 
-    "@ai-sdk/gateway": ["@ai-sdk/gateway@3.0.66", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.19", "@vercel/oidc": "3.1.0" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-SIQ0YY0iMuv+07HLsZ+bB990zUJ6S4ujORAh+Jv1V2KGNn73qQKnGO0JBk+w+Res8YqOFSycwDoWcFlQrVxS4A=="],
+    "@ai-sdk/gateway": ["@ai-sdk/gateway@3.0.104", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.23", "@vercel/oidc": "3.2.0" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-ZKX5n74io8VIRlhIMSLWVlvT3sXC8Z7cZ9GHuWBWZDVi96+62AIsWuLGvMfcBA1STYuSoDrp6rIziZmvrTq0TA=="],
 
-    "@ai-sdk/google": ["@ai-sdk/google@3.0.60", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.23" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-ye/hG0LeO24VmjLbfgkFZV8V8k/l4nVBODutpJQkFPyUiGOCbFtFUTgxSeC7+njrk5+HhgyHrzJay4zmhwMH+w=="],
+    "@ai-sdk/google": ["@ai-sdk/google@3.0.64", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.23" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-CbR82EgGPNrj/6q0HtclwuCqe0/pDShyv3nWDP/A9DroujzWXnLMlUJVrgPOsg4b40zQCwwVs2XSKCxvt/4QaA=="],
 
-    "@ai-sdk/openai": ["@ai-sdk/openai@3.0.50", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.22" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-7M7bklrS+gckzPdpQpC3iG5aN5aQPRJdAJQ5jt7sEgYCqDgUuef9x4Nd570+ghIfKTZvV6tSqeeTuD6De/bZig=="],
+    "@ai-sdk/openai": ["@ai-sdk/openai@3.0.53", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.23" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-Wld+Rbc05KaUn08uBt06eEuwcgalcIFtIl32Yp+GxuZXUQwOb6YeAuq+C6da4ch6BurFoqEaLemJVwjBb7x+PQ=="],
 
     "@ai-sdk/provider": ["@ai-sdk/provider@3.0.8", "", { "dependencies": { "json-schema": "^0.4.0" } }, "sha512-oGMAgGoQdBXbZqNG0Ze56CHjDZ1IDYOwGYxYjO5KLSlz5HiNQ9udIXsPZ61VWaHGZ5XW/jyjmr6t2xz2jGVwbQ=="],
 
-    "@ai-sdk/provider-utils": ["@ai-sdk/provider-utils@4.0.19", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@standard-schema/spec": "^1.1.0", "eventsource-parser": "^3.0.6" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-3eG55CrSWCu2SXlqq2QCsFjo3+E7+Gmg7i/oRVoSZzIodTuDSfLb3MRje67xE9RFea73Zao7Lm4mADIfUETKGg=="],
+    "@ai-sdk/provider-utils": ["@ai-sdk/provider-utils@4.0.23", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@standard-schema/spec": "^1.1.0", "eventsource-parser": "^3.0.6" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-z8GlDaCmRSDlqkMF2f4/RFgWxdarvIbyuk+m6WXT1LYgsnGiXRJGTD2Z1+SDl3LqtFuRtGX1aghYvQLoHL/9pg=="],
 
-    "@ai-sdk/react": ["@ai-sdk/react@3.0.118", "", { "dependencies": { "@ai-sdk/provider-utils": "4.0.19", "ai": "6.0.116", "swr": "^2.2.5", "throttleit": "2.1.0" }, "peerDependencies": { "react": "^18 || ~19.0.1 || ~19.1.2 || ^19.2.1" } }, "sha512-fBAix8Jftxse6/2YJnOFkwW1/O6EQK4DK68M9DlFmZGAzBmsaHXEPVS77sVIlkaOWCy11bE7434NAVXRY+3OsQ=="],
+    "@ai-sdk/react": ["@ai-sdk/react@3.0.170", "", { "dependencies": { "@ai-sdk/provider-utils": "4.0.23", "ai": "6.0.168", "swr": "^2.2.5", "throttleit": "2.1.0" }, "peerDependencies": { "react": "^18 || ~19.0.1 || ~19.1.2 || ^19.2.1" } }, "sha512-YUDn+mK0c8iUz14rCBf1A0zg6SV5b5aSVUz+azF1bdBd1SFXVI19dKYR+PQSpZY+0+z+zs252AAsacUqiO98Kw=="],
 
     "@alcalzone/ansi-tokenize": ["@alcalzone/ansi-tokenize@0.2.5", "", { "dependencies": { "ansi-styles": "^6.2.1", "is-fullwidth-code-point": "^5.0.0" } }, "sha512-3NX/MpTdroi0aKz134A6RC2Gb2iXVECN4QaAXnvCIxxIm3C3AVB1mkUe8NaaiyvOpDfsrqWhYtj+Q6a62RrTsw=="],
 
-    "@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.2.80", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.34.2", "@img/sharp-darwin-x64": "^0.34.2", "@img/sharp-linux-arm": "^0.34.2", "@img/sharp-linux-arm64": "^0.34.2", "@img/sharp-linux-x64": "^0.34.2", "@img/sharp-linuxmusl-arm64": "^0.34.2", "@img/sharp-linuxmusl-x64": "^0.34.2", "@img/sharp-win32-arm64": "^0.34.2", "@img/sharp-win32-x64": "^0.34.2" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-9vMzf38ZeV8b70RPcaC/ZrJZKL6G56KTS8zXoBbBBRkPDLCgrGLC8sP2AfrR62eliSkw5u+sOcP9kKX+t54CHg=="],
+    "@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.2.119", "", { "dependencies": { "@anthropic-ai/sdk": "^0.81.0", "@modelcontextprotocol/sdk": "^1.29.0" }, "optionalDependencies": { "@anthropic-ai/claude-agent-sdk-darwin-arm64": "0.2.119", "@anthropic-ai/claude-agent-sdk-darwin-x64": "0.2.119", "@anthropic-ai/claude-agent-sdk-linux-arm64": "0.2.119", "@anthropic-ai/claude-agent-sdk-linux-arm64-musl": "0.2.119", "@anthropic-ai/claude-agent-sdk-linux-x64": "0.2.119", "@anthropic-ai/claude-agent-sdk-linux-x64-musl": "0.2.119", "@anthropic-ai/claude-agent-sdk-win32-arm64": "0.2.119", "@anthropic-ai/claude-agent-sdk-win32-x64": "0.2.119" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-6AvthpsaOTlkn514brSGOcCSLHDXODnU+ExN1O3CJCjxr5RBcmzR057C9EIM0G7IchnXsRfMZgRO1QKsjTXdbA=="],
+
+    "@anthropic-ai/claude-agent-sdk-darwin-arm64": ["@anthropic-ai/claude-agent-sdk-darwin-arm64@0.2.119", "", { "os": "darwin", "cpu": "arm64" }, "sha512-kxnG37SZqUata2Jcp/YQ0n9Y7o/sinE/8LdG4ltM1gePh+z+0Mfa4vBUUTEBMBFth9PTovKoesIuVuyFpvO/Cw=="],
+
+    "@anthropic-ai/claude-agent-sdk-darwin-x64": ["@anthropic-ai/claude-agent-sdk-darwin-x64@0.2.119", "", { "os": "darwin", "cpu": "x64" }, "sha512-9Aj8g3ELsmZuOFg17TCkikeg/Wt2ucVT8hOOPQUatzLd7BKhydrHLA0RP42nBpWECO1B/n/mPdQ4iS/LS3s2Fg=="],
+
+    "@anthropic-ai/claude-agent-sdk-linux-arm64": ["@anthropic-ai/claude-agent-sdk-linux-arm64@0.2.119", "", { "os": "linux", "cpu": "arm64" }, "sha512-v3o464XkiYehp/OKidQQirxdVb+aGSvdJvHF2zH9p33W8M/NC21zwwh4dhwDnKsyrtBIgkt2CcMwzIl30r0OtA=="],
+
+    "@anthropic-ai/claude-agent-sdk-linux-arm64-musl": ["@anthropic-ai/claude-agent-sdk-linux-arm64-musl@0.2.119", "", { "os": "linux", "cpu": "arm64" }, "sha512-IPGWgtz+gGnD7fxKAvSf913EUT/lYBTBE8EZ7lh3+x5ZP2859LWLmrCm053Lf3nMWo/CWikZsVPwkDVwpz6tIQ=="],
+
+    "@anthropic-ai/claude-agent-sdk-linux-x64": ["@anthropic-ai/claude-agent-sdk-linux-x64@0.2.119", "", { "os": "linux", "cpu": "x64" }, "sha512-9ePt4ZN+hsqDw4AgS4KtcWIGKfL9Oq28kwkrTER/QAcSrVKxiLonp81cCLzg7Ok/IUJu4Cfd71GZbFv/WE54zw=="],
+
+    "@anthropic-ai/claude-agent-sdk-linux-x64-musl": ["@anthropic-ai/claude-agent-sdk-linux-x64-musl@0.2.119", "", { "os": "linux", "cpu": "x64" }, "sha512-QYxFNAe4FFridPkKhGlNcNBJ0TaIygWYyvfI9g4kX0i+RVbresUWuZVkWY06ioJ0fXoixFJ+HNQBMB7dLrIp8Q=="],
+
+    "@anthropic-ai/claude-agent-sdk-win32-arm64": ["@anthropic-ai/claude-agent-sdk-win32-arm64@0.2.119", "", { "os": "win32", "cpu": "arm64" }, "sha512-p/TjcKQvkCYtXGPlR+mdyNwqCmvRcQL34Wtq0yUZ+iqmI/eyCe59IJ3AZrE0EZoqmiAevEYzatPIt9sncC9uxw=="],
+
+    "@anthropic-ai/claude-agent-sdk-win32-x64": ["@anthropic-ai/claude-agent-sdk-win32-x64@0.2.119", "", { "os": "win32", "cpu": "x64" }, "sha512-k98Ju0wtktm6FhqTE/cXlVr6K4kGqBolVjEGzeKkW6ZILc7124euwNapAvkQCwMAavAxS/ZnO3jdKMtHtwTVTA=="],
 
     "@anthropic-ai/sdk": ["@anthropic-ai/sdk@0.79.0", "", { "dependencies": { "json-schema-to-ts": "^3.1.1" }, "peerDependencies": { "zod": "^3.25.0 || ^4.0.0" }, "optionalPeers": ["zod"], "bin": { "anthropic-ai-sdk": "bin/cli" } }, "sha512-ietmtM6glcnnrWq26H+BZm8J07iay9Cob6hRzDTr/A9QWF1m2T//TQhFO4MTKcZht2/7LS8bG9wUYEhcizKRnA=="],
 
@@ -462,73 +503,73 @@
 
     "@aws-crypto/util": ["@aws-crypto/util@5.2.0", "", { "dependencies": { "@aws-sdk/types": "^3.222.0", "@smithy/util-utf8": "^2.0.0", "tslib": "^2.6.2" } }, "sha512-4RkU9EsI6ZpBve5fseQlGNUWKMa1RLPQ1dnjnQoe07ldfIzcsGb5hC5W0Dm7u423KWzawlrpbjXBrXCEv9zazQ=="],
 
-    "@aws-sdk/client-s3": ["@aws-sdk/client-s3@3.1013.0", "", { "dependencies": { "@aws-crypto/sha1-browser": "5.2.0", "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", "@aws-sdk/core": "^3.973.22", "@aws-sdk/credential-provider-node": "^3.972.23", "@aws-sdk/middleware-bucket-endpoint": "^3.972.8", "@aws-sdk/middleware-expect-continue": "^3.972.8", "@aws-sdk/middleware-flexible-checksums": "^3.974.2", "@aws-sdk/middleware-host-header": "^3.972.8", "@aws-sdk/middleware-location-constraint": "^3.972.8", "@aws-sdk/middleware-logger": "^3.972.8", "@aws-sdk/middleware-recursion-detection": "^3.972.8", "@aws-sdk/middleware-sdk-s3": "^3.972.22", "@aws-sdk/middleware-ssec": "^3.972.8", "@aws-sdk/middleware-user-agent": "^3.972.23", "@aws-sdk/region-config-resolver": "^3.972.8", "@aws-sdk/signature-v4-multi-region": "^3.996.10", "@aws-sdk/types": "^3.973.6", "@aws-sdk/util-endpoints": "^3.996.5", "@aws-sdk/util-user-agent-browser": "^3.972.8", "@aws-sdk/util-user-agent-node": "^3.973.9", "@smithy/config-resolver": "^4.4.11", "@smithy/core": "^3.23.12", "@smithy/eventstream-serde-browser": "^4.2.12", "@smithy/eventstream-serde-config-resolver": "^4.3.12", "@smithy/eventstream-serde-node": "^4.2.12", "@smithy/fetch-http-handler": "^5.3.15", "@smithy/hash-blob-browser": "^4.2.13", "@smithy/hash-node": "^4.2.12", "@smithy/hash-stream-node": "^4.2.12", "@smithy/invalid-dependency": "^4.2.12", "@smithy/md5-js": "^4.2.12", "@smithy/middleware-content-length": "^4.2.12", "@smithy/middleware-endpoint": "^4.4.26", "@smithy/middleware-retry": "^4.4.43", "@smithy/middleware-serde": "^4.2.15", "@smithy/middleware-stack": "^4.2.12", "@smithy/node-config-provider": "^4.3.12", "@smithy/node-http-handler": "^4.5.0", "@smithy/protocol-http": "^5.3.12", "@smithy/smithy-client": "^4.12.6", "@smithy/types": "^4.13.1", "@smithy/url-parser": "^4.2.12", "@smithy/util-base64": "^4.3.2", "@smithy/util-body-length-browser": "^4.2.2", "@smithy/util-body-length-node": "^4.2.3", "@smithy/util-defaults-mode-browser": "^4.3.42", "@smithy/util-defaults-mode-node": "^4.2.45", "@smithy/util-endpoints": "^3.3.3", "@smithy/util-middleware": "^4.2.12", "@smithy/util-retry": "^4.2.12", "@smithy/util-stream": "^4.5.20", "@smithy/util-utf8": "^4.2.2", "@smithy/util-waiter": "^4.2.13", "tslib": "^2.6.2" } }, "sha512-vFdyRyRatF+xP9Fi+4alZkmzZadqOAM34Pm6SUZsYtumNrWkgMc/pFWITnsq6eltM8qcV/vcinQ1ZBXWm/PlKg=="],
+    "@aws-sdk/client-s3": ["@aws-sdk/client-s3@3.1038.0", "", { "dependencies": { "@aws-crypto/sha1-browser": "5.2.0", "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", "@aws-sdk/core": "^3.974.6", "@aws-sdk/credential-provider-node": "^3.972.37", "@aws-sdk/middleware-bucket-endpoint": "^3.972.10", "@aws-sdk/middleware-expect-continue": "^3.972.10", "@aws-sdk/middleware-flexible-checksums": "^3.974.14", "@aws-sdk/middleware-host-header": "^3.972.10", "@aws-sdk/middleware-location-constraint": "^3.972.10", "@aws-sdk/middleware-logger": "^3.972.10", "@aws-sdk/middleware-recursion-detection": "^3.972.11", "@aws-sdk/middleware-sdk-s3": "^3.972.35", "@aws-sdk/middleware-ssec": "^3.972.10", "@aws-sdk/middleware-user-agent": "^3.972.36", "@aws-sdk/region-config-resolver": "^3.972.13", "@aws-sdk/signature-v4-multi-region": "^3.996.23", "@aws-sdk/types": "^3.973.8", "@aws-sdk/util-endpoints": "^3.996.8", "@aws-sdk/util-user-agent-browser": "^3.972.10", "@aws-sdk/util-user-agent-node": "^3.973.22", "@smithy/config-resolver": "^4.4.17", "@smithy/core": "^3.23.17", "@smithy/eventstream-serde-browser": "^4.2.14", "@smithy/eventstream-serde-config-resolver": "^4.3.14", "@smithy/eventstream-serde-node": "^4.2.14", "@smithy/fetch-http-handler": "^5.3.17", "@smithy/hash-blob-browser": "^4.2.15", "@smithy/hash-node": "^4.2.14", "@smithy/hash-stream-node": "^4.2.14", "@smithy/invalid-dependency": "^4.2.14", "@smithy/md5-js": "^4.2.14", "@smithy/middleware-content-length": "^4.2.14", "@smithy/middleware-endpoint": "^4.4.32", "@smithy/middleware-retry": "^4.5.6", "@smithy/middleware-serde": "^4.2.20", "@smithy/middleware-stack": "^4.2.14", "@smithy/node-config-provider": "^4.3.14", "@smithy/node-http-handler": "^4.6.1", "@smithy/protocol-http": "^5.3.14", "@smithy/smithy-client": "^4.12.13", "@smithy/types": "^4.14.1", "@smithy/url-parser": "^4.2.14", "@smithy/util-base64": "^4.3.2", "@smithy/util-body-length-browser": "^4.2.2", "@smithy/util-body-length-node": "^4.2.3", "@smithy/util-defaults-mode-browser": "^4.3.49", "@smithy/util-defaults-mode-node": "^4.2.54", "@smithy/util-endpoints": "^3.4.2", "@smithy/util-middleware": "^4.2.14", "@smithy/util-retry": "^4.3.5", "@smithy/util-stream": "^4.5.25", "@smithy/util-utf8": "^4.2.2", "@smithy/util-waiter": "^4.3.0", "tslib": "^2.6.2" } }, "sha512-k60qm50bWkaqNfCJe1z28WaqgpztE0wbWVMZw6ZJcTOGfrWFhsJeLCEqtkH8w00iEozKx9GQwdQXz4G0sMGdKA=="],
 
-    "@aws-sdk/core": ["@aws-sdk/core@3.973.22", "", { "dependencies": { "@aws-sdk/types": "^3.973.6", "@aws-sdk/xml-builder": "^3.972.14", "@smithy/core": "^3.23.12", "@smithy/node-config-provider": "^4.3.12", "@smithy/property-provider": "^4.2.12", "@smithy/protocol-http": "^5.3.12", "@smithy/signature-v4": "^5.3.12", "@smithy/smithy-client": "^4.12.6", "@smithy/types": "^4.13.1", "@smithy/util-base64": "^4.3.2", "@smithy/util-middleware": "^4.2.12", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-lY6g5L95jBNgOUitUhfV2N/W+i08jHEl3xuLODYSQH5Sf50V+LkVYBSyZRLtv2RyuXZXiV7yQ+acpswK1tlrOA=="],
+    "@aws-sdk/core": ["@aws-sdk/core@3.974.6", "", { "dependencies": { "@aws-sdk/types": "^3.973.8", "@aws-sdk/xml-builder": "^3.972.20", "@smithy/core": "^3.23.17", "@smithy/node-config-provider": "^4.3.14", "@smithy/property-provider": "^4.2.14", "@smithy/protocol-http": "^5.3.14", "@smithy/signature-v4": "^5.3.14", "@smithy/smithy-client": "^4.12.13", "@smithy/types": "^4.14.1", "@smithy/util-base64": "^4.3.2", "@smithy/util-middleware": "^4.2.14", "@smithy/util-retry": "^4.3.5", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-8Vu7zGxu+39ChR/s5J7nXBw3a2kMHAi0OfKT8ohgTVjX0qYed/8mIfdBb638oBmKrWCwwKjYAM5J/4gMJ8nAJA=="],
 
-    "@aws-sdk/crc64-nvme": ["@aws-sdk/crc64-nvme@3.972.5", "", { "dependencies": { "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-2VbTstbjKdT+yKi8m7b3a9CiVac+pL/IY2PHJwsaGkkHmuuqkJZIErPck1h6P3T9ghQMLSdMPyW6Qp7Di5swFg=="],
+    "@aws-sdk/crc64-nvme": ["@aws-sdk/crc64-nvme@3.972.7", "", { "dependencies": { "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-QUagVVBbC8gODCF6e1aV0mE2TXWB9Opz4k8EJFdNrujUVQm5R4AjJa1mpOqzwOuROBzqJU9zawzig7M96L8Ejg=="],
 
-    "@aws-sdk/credential-provider-env": ["@aws-sdk/credential-provider-env@3.972.20", "", { "dependencies": { "@aws-sdk/core": "^3.973.22", "@aws-sdk/types": "^3.973.6", "@smithy/property-provider": "^4.2.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-vI0QN96DFx3g9AunfOWF3CS4cMkqFiR/WM/FyP9QHr5rZ2dKPkYwP3tCgAOvGuu9CXI7dC1vU2FVUuZ+tfpNvQ=="],
+    "@aws-sdk/credential-provider-env": ["@aws-sdk/credential-provider-env@3.972.32", "", { "dependencies": { "@aws-sdk/core": "^3.974.6", "@aws-sdk/types": "^3.973.8", "@smithy/property-provider": "^4.2.14", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-7vA4GHg8NSmQxquJHSBcSM3RgB4ZaaRi6u4+zGFKOmOH6aqlgr2Sda46clkZDYzlirgfY96w15Zj0jh6PT48ng=="],
 
-    "@aws-sdk/credential-provider-http": ["@aws-sdk/credential-provider-http@3.972.22", "", { "dependencies": { "@aws-sdk/core": "^3.973.22", "@aws-sdk/types": "^3.973.6", "@smithy/fetch-http-handler": "^5.3.15", "@smithy/node-http-handler": "^4.5.0", "@smithy/property-provider": "^4.2.12", "@smithy/protocol-http": "^5.3.12", "@smithy/smithy-client": "^4.12.6", "@smithy/types": "^4.13.1", "@smithy/util-stream": "^4.5.20", "tslib": "^2.6.2" } }, "sha512-aS/81smalpe7XDnuQfOq4LIPuaV2PRKU2aMTrHcqO5BD4HwO5kESOHNcec2AYfBtLtIDqgF6RXisgBnfK/jt0w=="],
+    "@aws-sdk/credential-provider-http": ["@aws-sdk/credential-provider-http@3.972.34", "", { "dependencies": { "@aws-sdk/core": "^3.974.6", "@aws-sdk/types": "^3.973.8", "@smithy/fetch-http-handler": "^5.3.17", "@smithy/node-http-handler": "^4.6.1", "@smithy/property-provider": "^4.2.14", "@smithy/protocol-http": "^5.3.14", "@smithy/smithy-client": "^4.12.13", "@smithy/types": "^4.14.1", "@smithy/util-stream": "^4.5.25", "tslib": "^2.6.2" } }, "sha512-vBrhWujFCLp1u8ptJRWYlipMutzPptb8pDQ00rKVH9q67T7rGd3VTWIj63aKrlLuY6qSsw1Rt5F/D/7wnNgryA=="],
 
-    "@aws-sdk/credential-provider-ini": ["@aws-sdk/credential-provider-ini@3.972.22", "", { "dependencies": { "@aws-sdk/core": "^3.973.22", "@aws-sdk/credential-provider-env": "^3.972.20", "@aws-sdk/credential-provider-http": "^3.972.22", "@aws-sdk/credential-provider-login": "^3.972.22", "@aws-sdk/credential-provider-process": "^3.972.20", "@aws-sdk/credential-provider-sso": "^3.972.22", "@aws-sdk/credential-provider-web-identity": "^3.972.22", "@aws-sdk/nested-clients": "^3.996.12", "@aws-sdk/types": "^3.973.6", "@smithy/credential-provider-imds": "^4.2.12", "@smithy/property-provider": "^4.2.12", "@smithy/shared-ini-file-loader": "^4.4.7", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-rpF8fBT0LllMDp78s62aL2A/8MaccjyJ0ORzqu+ZADeECLSrrCWIeeXsuRam+pxiAMkI1uIyDZJmgLGdadkPXw=="],
+    "@aws-sdk/credential-provider-ini": ["@aws-sdk/credential-provider-ini@3.972.36", "", { "dependencies": { "@aws-sdk/core": "^3.974.6", "@aws-sdk/credential-provider-env": "^3.972.32", "@aws-sdk/credential-provider-http": "^3.972.34", "@aws-sdk/credential-provider-login": "^3.972.36", "@aws-sdk/credential-provider-process": "^3.972.32", "@aws-sdk/credential-provider-sso": "^3.972.36", "@aws-sdk/credential-provider-web-identity": "^3.972.36", "@aws-sdk/nested-clients": "^3.997.4", "@aws-sdk/types": "^3.973.8", "@smithy/credential-provider-imds": "^4.2.14", "@smithy/property-provider": "^4.2.14", "@smithy/shared-ini-file-loader": "^4.4.9", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-FBHyCmV8EB0gUvh1d+CZm87zt2PrdC7OyWexLRoH3I5zWSOUGa+9t58Y5jbxRfwUp3AWpHAFvKY6YzgR845sVA=="],
 
-    "@aws-sdk/credential-provider-login": ["@aws-sdk/credential-provider-login@3.972.22", "", { "dependencies": { "@aws-sdk/core": "^3.973.22", "@aws-sdk/nested-clients": "^3.996.12", "@aws-sdk/types": "^3.973.6", "@smithy/property-provider": "^4.2.12", "@smithy/protocol-http": "^5.3.12", "@smithy/shared-ini-file-loader": "^4.4.7", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-u33CO9zeNznlVSg9tWTCRYxaGkqr1ufU6qeClpmzAabXZa8RZxQoVXxL5T53oZJFzQYj+FImORCSsi7H7B77gQ=="],
+    "@aws-sdk/credential-provider-login": ["@aws-sdk/credential-provider-login@3.972.36", "", { "dependencies": { "@aws-sdk/core": "^3.974.6", "@aws-sdk/nested-clients": "^3.997.4", "@aws-sdk/types": "^3.973.8", "@smithy/property-provider": "^4.2.14", "@smithy/protocol-http": "^5.3.14", "@smithy/shared-ini-file-loader": "^4.4.9", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-IFap01lJKxQc0C/OHmZwZQr/cKq0DhrcmKedRrdnnl42D+P0SImnnnWQjv07uIPqpEdtqmkPXb9TiPYTU+prxQ=="],
 
-    "@aws-sdk/credential-provider-node": ["@aws-sdk/credential-provider-node@3.972.23", "", { "dependencies": { "@aws-sdk/credential-provider-env": "^3.972.20", "@aws-sdk/credential-provider-http": "^3.972.22", "@aws-sdk/credential-provider-ini": "^3.972.22", "@aws-sdk/credential-provider-process": "^3.972.20", "@aws-sdk/credential-provider-sso": "^3.972.22", "@aws-sdk/credential-provider-web-identity": "^3.972.22", "@aws-sdk/types": "^3.973.6", "@smithy/credential-provider-imds": "^4.2.12", "@smithy/property-provider": "^4.2.12", "@smithy/shared-ini-file-loader": "^4.4.7", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-U8tyLbLOZItuVWTH0ay9gWo4xMqZwqQbg1oMzdU4FQSkTpqXemm4X0uoKBR6llqAStgBp30ziKFJHTA43l4qMw=="],
+    "@aws-sdk/credential-provider-node": ["@aws-sdk/credential-provider-node@3.972.37", "", { "dependencies": { "@aws-sdk/credential-provider-env": "^3.972.32", "@aws-sdk/credential-provider-http": "^3.972.34", "@aws-sdk/credential-provider-ini": "^3.972.36", "@aws-sdk/credential-provider-process": "^3.972.32", "@aws-sdk/credential-provider-sso": "^3.972.36", "@aws-sdk/credential-provider-web-identity": "^3.972.36", "@aws-sdk/types": "^3.973.8", "@smithy/credential-provider-imds": "^4.2.14", "@smithy/property-provider": "^4.2.14", "@smithy/shared-ini-file-loader": "^4.4.9", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-/WFixFAAiw8WpmjZcI0l4t3DerXLmVinOIfuotmRZnu2qmsFPoqqmstASz0z8bi1pGdFXzeLzf6bwucM3mZcUQ=="],
 
-    "@aws-sdk/credential-provider-process": ["@aws-sdk/credential-provider-process@3.972.20", "", { "dependencies": { "@aws-sdk/core": "^3.973.22", "@aws-sdk/types": "^3.973.6", "@smithy/property-provider": "^4.2.12", "@smithy/shared-ini-file-loader": "^4.4.7", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-QRfk7GbA4/HDRjhP3QYR6QBr/QKreVoOzvvlRHnOuGgYJkeoPgPY3LAI1kK1ZMgZ4hH9KiGp757/ntol+INAig=="],
+    "@aws-sdk/credential-provider-process": ["@aws-sdk/credential-provider-process@3.972.32", "", { "dependencies": { "@aws-sdk/core": "^3.974.6", "@aws-sdk/types": "^3.973.8", "@smithy/property-provider": "^4.2.14", "@smithy/shared-ini-file-loader": "^4.4.9", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-uZp4tlGbpczV8QxmtIwOpSkcyGtBRR8/T4BAumRKfAt1nwCig3FSCZvrKl6ARDIDVRYn5p2oRcAsfFR01EgMGA=="],
 
-    "@aws-sdk/credential-provider-sso": ["@aws-sdk/credential-provider-sso@3.972.22", "", { "dependencies": { "@aws-sdk/core": "^3.973.22", "@aws-sdk/nested-clients": "^3.996.12", "@aws-sdk/token-providers": "3.1013.0", "@aws-sdk/types": "^3.973.6", "@smithy/property-provider": "^4.2.12", "@smithy/shared-ini-file-loader": "^4.4.7", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-4vqlSaUbBj4aNPVKfB6yXuIQ2Z2mvLfIGba2OzzF6zUkN437/PGWsxBU2F8QPSFHti6seckvyCXidU3H+R8NvQ=="],
+    "@aws-sdk/credential-provider-sso": ["@aws-sdk/credential-provider-sso@3.972.36", "", { "dependencies": { "@aws-sdk/core": "^3.974.6", "@aws-sdk/nested-clients": "^3.997.4", "@aws-sdk/token-providers": "3.1038.0", "@aws-sdk/types": "^3.973.8", "@smithy/property-provider": "^4.2.14", "@smithy/shared-ini-file-loader": "^4.4.9", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-DsLr0UHMyKzRJKe2bjlwU8q1cfoXg8TIJKV/xwvnalAemiZLOZunFzj/whGnFDZIBVLdnbLiwv5SvRf1+CSwkg=="],
 
-    "@aws-sdk/credential-provider-web-identity": ["@aws-sdk/credential-provider-web-identity@3.972.22", "", { "dependencies": { "@aws-sdk/core": "^3.973.22", "@aws-sdk/nested-clients": "^3.996.12", "@aws-sdk/types": "^3.973.6", "@smithy/property-provider": "^4.2.12", "@smithy/shared-ini-file-loader": "^4.4.7", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-/wN1CYg2rVLhW8/jLxMWacQrkpaynnL+4j/Z+e6X1PfoE6NiC0BeOw3i0JmtZrKun85wNV5GmspvuWJihfeeUw=="],
+    "@aws-sdk/credential-provider-web-identity": ["@aws-sdk/credential-provider-web-identity@3.972.36", "", { "dependencies": { "@aws-sdk/core": "^3.974.6", "@aws-sdk/nested-clients": "^3.997.4", "@aws-sdk/types": "^3.973.8", "@smithy/property-provider": "^4.2.14", "@smithy/shared-ini-file-loader": "^4.4.9", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-uzrURO7frJhHQVVNR5zBJcCYeMYflmXcWBK1+MiBym2Dfjh6nXATrMixrmGZi+97Q7ETZ+y/4lUwAy0Nfnznjw=="],
 
-    "@aws-sdk/middleware-bucket-endpoint": ["@aws-sdk/middleware-bucket-endpoint@3.972.8", "", { "dependencies": { "@aws-sdk/types": "^3.973.6", "@aws-sdk/util-arn-parser": "^3.972.3", "@smithy/node-config-provider": "^4.3.12", "@smithy/protocol-http": "^5.3.12", "@smithy/types": "^4.13.1", "@smithy/util-config-provider": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-WR525Rr2QJSETa9a050isktyWi/4yIGcmY3BQ1kpHqb0LqUglQHCS8R27dTJxxWNZvQ0RVGtEZjTCbZJpyF3Aw=="],
+    "@aws-sdk/middleware-bucket-endpoint": ["@aws-sdk/middleware-bucket-endpoint@3.972.10", "", { "dependencies": { "@aws-sdk/types": "^3.973.8", "@aws-sdk/util-arn-parser": "^3.972.3", "@smithy/node-config-provider": "^4.3.14", "@smithy/protocol-http": "^5.3.14", "@smithy/types": "^4.14.1", "@smithy/util-config-provider": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-Vbc2frZH7wXlMNd+ZZSXUEs/l1Sv8Jj4zUnIfwrYF5lwaLdXHZ9xx4U3rjUcaye3HRhFVc+E5DbBxpRAbB16BA=="],
 
-    "@aws-sdk/middleware-expect-continue": ["@aws-sdk/middleware-expect-continue@3.972.8", "", { "dependencies": { "@aws-sdk/types": "^3.973.6", "@smithy/protocol-http": "^5.3.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-5DTBTiotEES1e2jOHAq//zyzCjeMB78lEHd35u15qnrid4Nxm7diqIf9fQQ3Ov0ChH1V3Vvt13thOnrACmfGVQ=="],
+    "@aws-sdk/middleware-expect-continue": ["@aws-sdk/middleware-expect-continue@3.972.10", "", { "dependencies": { "@aws-sdk/types": "^3.973.8", "@smithy/protocol-http": "^5.3.14", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-2Yn0f1Qiq/DjxYR3wfI3LokXnjOhFM7Ssn4LTdFDIxRMCE6I32MAsVnhPX1cUZsuVA9tiZtwwhlSLAtFGxAZlQ=="],
 
-    "@aws-sdk/middleware-flexible-checksums": ["@aws-sdk/middleware-flexible-checksums@3.974.2", "", { "dependencies": { "@aws-crypto/crc32": "5.2.0", "@aws-crypto/crc32c": "5.2.0", "@aws-crypto/util": "5.2.0", "@aws-sdk/core": "^3.973.22", "@aws-sdk/crc64-nvme": "^3.972.5", "@aws-sdk/types": "^3.973.6", "@smithy/is-array-buffer": "^4.2.2", "@smithy/node-config-provider": "^4.3.12", "@smithy/protocol-http": "^5.3.12", "@smithy/types": "^4.13.1", "@smithy/util-middleware": "^4.2.12", "@smithy/util-stream": "^4.5.20", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-4soN/N4R6ptdnHw7hXPVDZMIIL+vhN8rwtLdDyS0uD7ExhadtJzolTBIM5eKSkbw5uBEbIwtJc8HCG2NM6tN/g=="],
+    "@aws-sdk/middleware-flexible-checksums": ["@aws-sdk/middleware-flexible-checksums@3.974.14", "", { "dependencies": { "@aws-crypto/crc32": "5.2.0", "@aws-crypto/crc32c": "5.2.0", "@aws-crypto/util": "5.2.0", "@aws-sdk/core": "^3.974.6", "@aws-sdk/crc64-nvme": "^3.972.7", "@aws-sdk/types": "^3.973.8", "@smithy/is-array-buffer": "^4.2.2", "@smithy/node-config-provider": "^4.3.14", "@smithy/protocol-http": "^5.3.14", "@smithy/types": "^4.14.1", "@smithy/util-middleware": "^4.2.14", "@smithy/util-stream": "^4.5.25", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-mhTO3amGzYv/DQNbbqZo6UkHquBHlEEVRZwXmjeRqLmy1l9z3xCiFzglPL7n9JpVc2DZc9kjaraAn3JQrueZbw=="],
 
-    "@aws-sdk/middleware-host-header": ["@aws-sdk/middleware-host-header@3.972.8", "", { "dependencies": { "@aws-sdk/types": "^3.973.6", "@smithy/protocol-http": "^5.3.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-wAr2REfKsqoKQ+OkNqvOShnBoh+nkPurDKW7uAeVSu6kUECnWlSJiPvnoqxGlfousEY/v9LfS9sNc46hjSYDIQ=="],
+    "@aws-sdk/middleware-host-header": ["@aws-sdk/middleware-host-header@3.972.10", "", { "dependencies": { "@aws-sdk/types": "^3.973.8", "@smithy/protocol-http": "^5.3.14", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-IJSsIMeVQ8MMCPbuh1AbltkFhLBLXn7aejzfX5YKT/VLDHn++Dcz8886tXckE+wQssyPUhaXrJhdakO2VilRhg=="],
 
-    "@aws-sdk/middleware-location-constraint": ["@aws-sdk/middleware-location-constraint@3.972.8", "", { "dependencies": { "@aws-sdk/types": "^3.973.6", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-KaUoFuoFPziIa98DSQsTPeke1gvGXlc5ZGMhy+b+nLxZ4A7jmJgLzjEF95l8aOQN2T/qlPP3MrAyELm8ExXucw=="],
+    "@aws-sdk/middleware-location-constraint": ["@aws-sdk/middleware-location-constraint@3.972.10", "", { "dependencies": { "@aws-sdk/types": "^3.973.8", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-rI3NZvJcEvjoD0+0PI0iUAwlPw2IlSlhyvgBK/3WkKJQE/YiKFedd9dMN2lVacdNxPNhxL/jzQaKQdrGtQagjQ=="],
 
-    "@aws-sdk/middleware-logger": ["@aws-sdk/middleware-logger@3.972.8", "", { "dependencies": { "@aws-sdk/types": "^3.973.6", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-CWl5UCM57WUFaFi5kB7IBY1UmOeLvNZAZ2/OZ5l20ldiJ3TiIz1pC65gYj8X0BCPWkeR1E32mpsCk1L1I4n+lA=="],
+    "@aws-sdk/middleware-logger": ["@aws-sdk/middleware-logger@3.972.10", "", { "dependencies": { "@aws-sdk/types": "^3.973.8", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-OOuGvvz1Dm20SjZo5oEBePFqxt5nf8AwkNDSyUHvD9/bfNASmstcYxFAHUowy4n6Io7mWUZ04JURZwSBvyQanQ=="],
 
-    "@aws-sdk/middleware-recursion-detection": ["@aws-sdk/middleware-recursion-detection@3.972.8", "", { "dependencies": { "@aws-sdk/types": "^3.973.6", "@aws/lambda-invoke-store": "^0.2.2", "@smithy/protocol-http": "^5.3.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-BnnvYs2ZEpdlmZ2PNlV2ZyQ8j8AEkMTjN79y/YA475ER1ByFYrkVR85qmhni8oeTaJcDqbx364wDpitDAA/wCA=="],
+    "@aws-sdk/middleware-recursion-detection": ["@aws-sdk/middleware-recursion-detection@3.972.11", "", { "dependencies": { "@aws-sdk/types": "^3.973.8", "@aws/lambda-invoke-store": "^0.2.2", "@smithy/protocol-http": "^5.3.14", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-+zz6f79Kj9V5qFK2P+D8Ehjnw4AhphAlCAsPjUqEcInA9umtSSKMrHbSagEeOIsDNuvVrH98bjRHcyQukTrhaQ=="],
 
-    "@aws-sdk/middleware-sdk-s3": ["@aws-sdk/middleware-sdk-s3@3.972.22", "", { "dependencies": { "@aws-sdk/core": "^3.973.22", "@aws-sdk/types": "^3.973.6", "@aws-sdk/util-arn-parser": "^3.972.3", "@smithy/core": "^3.23.12", "@smithy/node-config-provider": "^4.3.12", "@smithy/protocol-http": "^5.3.12", "@smithy/signature-v4": "^5.3.12", "@smithy/smithy-client": "^4.12.6", "@smithy/types": "^4.13.1", "@smithy/util-config-provider": "^4.2.2", "@smithy/util-middleware": "^4.2.12", "@smithy/util-stream": "^4.5.20", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-dkUcRxF4rVpPbyHpxjCApGK6b7JpnSeo7tDoNakpRKmiLMCqgy4tlGBgeEYJnZgLrA4xc5jVKuXgvgqKqU18Kw=="],
+    "@aws-sdk/middleware-sdk-s3": ["@aws-sdk/middleware-sdk-s3@3.972.35", "", { "dependencies": { "@aws-sdk/core": "^3.974.6", "@aws-sdk/types": "^3.973.8", "@aws-sdk/util-arn-parser": "^3.972.3", "@smithy/core": "^3.23.17", "@smithy/node-config-provider": "^4.3.14", "@smithy/protocol-http": "^5.3.14", "@smithy/signature-v4": "^5.3.14", "@smithy/smithy-client": "^4.12.13", "@smithy/types": "^4.14.1", "@smithy/util-config-provider": "^4.2.2", "@smithy/util-middleware": "^4.2.14", "@smithy/util-stream": "^4.5.25", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-lLppaNTAz+wNgLdi4FtHzrlwrGF0ODTnBWHBaFg85SKs0eJ+M+tP5ifrA8f/0lNd+Ak3MC1NGC6RavV3ny4HTg=="],
 
-    "@aws-sdk/middleware-ssec": ["@aws-sdk/middleware-ssec@3.972.8", "", { "dependencies": { "@aws-sdk/types": "^3.973.6", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-wqlK0yO/TxEC2UsY9wIlqeeutF6jjLe0f96Pbm40XscTo57nImUk9lBcw0dPgsm0sppFtAkSlDrfpK+pC30Wqw=="],
+    "@aws-sdk/middleware-ssec": ["@aws-sdk/middleware-ssec@3.972.10", "", { "dependencies": { "@aws-sdk/types": "^3.973.8", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-Gli9A0u8EVVb+5bFDGS/QbSVg28w/wpEidg1ggVcSj65BDTdGR6punsOcVjqdiu1i42WHWo51MCvARPIIz9juw=="],
 
-    "@aws-sdk/middleware-user-agent": ["@aws-sdk/middleware-user-agent@3.972.23", "", { "dependencies": { "@aws-sdk/core": "^3.973.22", "@aws-sdk/types": "^3.973.6", "@aws-sdk/util-endpoints": "^3.996.5", "@smithy/core": "^3.23.12", "@smithy/protocol-http": "^5.3.12", "@smithy/types": "^4.13.1", "@smithy/util-retry": "^4.2.12", "tslib": "^2.6.2" } }, "sha512-HQu8QoqGZZTvg0Spl9H39QTsSMFwgu+8yz/QGKndXFLk9FZMiCiIgBCVlTVKMDvVbgqIzD9ig+/HmXsIL2Rb+g=="],
+    "@aws-sdk/middleware-user-agent": ["@aws-sdk/middleware-user-agent@3.972.36", "", { "dependencies": { "@aws-sdk/core": "^3.974.6", "@aws-sdk/types": "^3.973.8", "@aws-sdk/util-endpoints": "^3.996.8", "@smithy/core": "^3.23.17", "@smithy/protocol-http": "^5.3.14", "@smithy/types": "^4.14.1", "@smithy/util-retry": "^4.3.5", "tslib": "^2.6.2" } }, "sha512-O2beToxguBvrZFFZ+fFgPbbae8MvyIBjQ6lImee4APHEXXNAD5ZJ2ayLF1mb7rsKw86TM81y5czg82bZncjSjg=="],
 
-    "@aws-sdk/nested-clients": ["@aws-sdk/nested-clients@3.996.12", "", { "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", "@aws-sdk/core": "^3.973.22", "@aws-sdk/middleware-host-header": "^3.972.8", "@aws-sdk/middleware-logger": "^3.972.8", "@aws-sdk/middleware-recursion-detection": "^3.972.8", "@aws-sdk/middleware-user-agent": "^3.972.23", "@aws-sdk/region-config-resolver": "^3.972.8", "@aws-sdk/types": "^3.973.6", "@aws-sdk/util-endpoints": "^3.996.5", "@aws-sdk/util-user-agent-browser": "^3.972.8", "@aws-sdk/util-user-agent-node": "^3.973.9", "@smithy/config-resolver": "^4.4.11", "@smithy/core": "^3.23.12", "@smithy/fetch-http-handler": "^5.3.15", "@smithy/hash-node": "^4.2.12", "@smithy/invalid-dependency": "^4.2.12", "@smithy/middleware-content-length": "^4.2.12", "@smithy/middleware-endpoint": "^4.4.26", "@smithy/middleware-retry": "^4.4.43", "@smithy/middleware-serde": "^4.2.15", "@smithy/middleware-stack": "^4.2.12", "@smithy/node-config-provider": "^4.3.12", "@smithy/node-http-handler": "^4.5.0", "@smithy/protocol-http": "^5.3.12", "@smithy/smithy-client": "^4.12.6", "@smithy/types": "^4.13.1", "@smithy/url-parser": "^4.2.12", "@smithy/util-base64": "^4.3.2", "@smithy/util-body-length-browser": "^4.2.2", "@smithy/util-body-length-node": "^4.2.3", "@smithy/util-defaults-mode-browser": "^4.3.42", "@smithy/util-defaults-mode-node": "^4.2.45", "@smithy/util-endpoints": "^3.3.3", "@smithy/util-middleware": "^4.2.12", "@smithy/util-retry": "^4.2.12", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-KLdQGJPSm98uLINolQ0Tol8OAbk7g0Y7zplHJ1K83vbMIH13aoCvR6Tho66xueW4l4aZlEgVGLWBnD8ifUMsGQ=="],
+    "@aws-sdk/nested-clients": ["@aws-sdk/nested-clients@3.997.4", "", { "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", "@aws-sdk/core": "^3.974.6", "@aws-sdk/middleware-host-header": "^3.972.10", "@aws-sdk/middleware-logger": "^3.972.10", "@aws-sdk/middleware-recursion-detection": "^3.972.11", "@aws-sdk/middleware-user-agent": "^3.972.36", "@aws-sdk/region-config-resolver": "^3.972.13", "@aws-sdk/signature-v4-multi-region": "^3.996.23", "@aws-sdk/types": "^3.973.8", "@aws-sdk/util-endpoints": "^3.996.8", "@aws-sdk/util-user-agent-browser": "^3.972.10", "@aws-sdk/util-user-agent-node": "^3.973.22", "@smithy/config-resolver": "^4.4.17", "@smithy/core": "^3.23.17", "@smithy/fetch-http-handler": "^5.3.17", "@smithy/hash-node": "^4.2.14", "@smithy/invalid-dependency": "^4.2.14", "@smithy/middleware-content-length": "^4.2.14", "@smithy/middleware-endpoint": "^4.4.32", "@smithy/middleware-retry": "^4.5.6", "@smithy/middleware-serde": "^4.2.20", "@smithy/middleware-stack": "^4.2.14", "@smithy/node-config-provider": "^4.3.14", "@smithy/node-http-handler": "^4.6.1", "@smithy/protocol-http": "^5.3.14", "@smithy/smithy-client": "^4.12.13", "@smithy/types": "^4.14.1", "@smithy/url-parser": "^4.2.14", "@smithy/util-base64": "^4.3.2", "@smithy/util-body-length-browser": "^4.2.2", "@smithy/util-body-length-node": "^4.2.3", "@smithy/util-defaults-mode-browser": "^4.3.49", "@smithy/util-defaults-mode-node": "^4.2.54", "@smithy/util-endpoints": "^3.4.2", "@smithy/util-middleware": "^4.2.14", "@smithy/util-retry": "^4.3.5", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-4Sf+WY1lMJzXlw5MiyCMe/UzdILCwvuaHThbqMXS6dfh9gZy3No360I42RXquOI/ULUOhWy2HCyU0Fp20fQGPQ=="],
 
-    "@aws-sdk/region-config-resolver": ["@aws-sdk/region-config-resolver@3.972.8", "", { "dependencies": { "@aws-sdk/types": "^3.973.6", "@smithy/config-resolver": "^4.4.11", "@smithy/node-config-provider": "^4.3.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-1eD4uhTDeambO/PNIDVG19A6+v4NdD7xzwLHDutHsUqz0B+i661MwQB2eYO4/crcCvCiQG4SRm1k81k54FEIvw=="],
+    "@aws-sdk/region-config-resolver": ["@aws-sdk/region-config-resolver@3.972.13", "", { "dependencies": { "@aws-sdk/types": "^3.973.8", "@smithy/config-resolver": "^4.4.17", "@smithy/node-config-provider": "^4.3.14", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-CvJ2ZIjK/jVD/lbOpowBVElJyC1YxLTIJ13yM0AEo0t2v7swOzGjSA6lJGH+DwZXQhcjUjoYwc8bVYCX5MDr1A=="],
 
-    "@aws-sdk/s3-request-presigner": ["@aws-sdk/s3-request-presigner@3.1013.0", "", { "dependencies": { "@aws-sdk/signature-v4-multi-region": "^3.996.10", "@aws-sdk/types": "^3.973.6", "@aws-sdk/util-format-url": "^3.972.8", "@smithy/middleware-endpoint": "^4.4.26", "@smithy/protocol-http": "^5.3.12", "@smithy/smithy-client": "^4.12.6", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-ndMG/QJ3W9ViBKiMUI/PQv9cYVXuLFtP0PC6Z1Dqn3GTlBufSO8vkGuU2X90aAKcoQ6U/GsUeDrjYVio5d2GjQ=="],
+    "@aws-sdk/s3-request-presigner": ["@aws-sdk/s3-request-presigner@3.1038.0", "", { "dependencies": { "@aws-sdk/signature-v4-multi-region": "^3.996.23", "@aws-sdk/types": "^3.973.8", "@aws-sdk/util-format-url": "^3.972.10", "@smithy/middleware-endpoint": "^4.4.32", "@smithy/protocol-http": "^5.3.14", "@smithy/smithy-client": "^4.12.13", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-2PNCm+2Mx8v2GKRREKMS3PavahzRhmMMJjuJxUpLneQV4w3oMs2bpme62oU6l+hip1pyeyPimWHeabjhaURocw=="],
 
-    "@aws-sdk/signature-v4-multi-region": ["@aws-sdk/signature-v4-multi-region@3.996.10", "", { "dependencies": { "@aws-sdk/middleware-sdk-s3": "^3.972.22", "@aws-sdk/types": "^3.973.6", "@smithy/protocol-http": "^5.3.12", "@smithy/signature-v4": "^5.3.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-yJSbFTedh1McfqXa9wZzjchqQ2puq5PI/qRz5kUjg2UXS5mO4MBYBbeXaZ2rp/h+ZbkcYEdo4Qsiah9psyoxrA=="],
+    "@aws-sdk/signature-v4-multi-region": ["@aws-sdk/signature-v4-multi-region@3.996.23", "", { "dependencies": { "@aws-sdk/middleware-sdk-s3": "^3.972.35", "@aws-sdk/types": "^3.973.8", "@smithy/protocol-http": "^5.3.14", "@smithy/signature-v4": "^5.3.14", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-wBbys3Y53Ikly556vyADurKpYQHXS7Jjaskbz+Ga9PZCz7PB/9f3VdKbDlz7dqIzn+xwz7L/a6TR4iXcOi8IRw=="],
 
-    "@aws-sdk/token-providers": ["@aws-sdk/token-providers@3.1013.0", "", { "dependencies": { "@aws-sdk/core": "^3.973.22", "@aws-sdk/nested-clients": "^3.996.12", "@aws-sdk/types": "^3.973.6", "@smithy/property-provider": "^4.2.12", "@smithy/shared-ini-file-loader": "^4.4.7", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-IL1c54UvbuERrs9oLm5rvkzMciwhhpn1FL0SlC3XUMoLlFhdBsWJgQKK8O5fsQLxbFVqjbjFx9OBkrn44X9PHw=="],
+    "@aws-sdk/token-providers": ["@aws-sdk/token-providers@3.1038.0", "", { "dependencies": { "@aws-sdk/core": "^3.974.6", "@aws-sdk/nested-clients": "^3.997.4", "@aws-sdk/types": "^3.973.8", "@smithy/property-provider": "^4.2.14", "@smithy/shared-ini-file-loader": "^4.4.9", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-Qniru+9oGGb/HNK/gGZWbV3jsD0k71ngE7qMQ/x6gYNYLd2EOwHCS6E2E6jfkaqO4i0d+nNKmfRy8bNcshKdGQ=="],
 
-    "@aws-sdk/types": ["@aws-sdk/types@3.973.6", "", { "dependencies": { "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-Atfcy4E++beKtwJHiDln2Nby8W/mam64opFPTiHEqgsthqeydFS1pY+OUlN1ouNOmf8ArPU/6cDS65anOP3KQw=="],
+    "@aws-sdk/types": ["@aws-sdk/types@3.973.8", "", { "dependencies": { "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-gjlAdtHMbtR9X5iIhVUvbVcy55KnznpC6bkDUWW9z915bi0ckdUr5cjf16Kp6xq0bP5HBD2xzgbL9F9Quv5vUw=="],
 
     "@aws-sdk/util-arn-parser": ["@aws-sdk/util-arn-parser@3.972.3", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-HzSD8PMFrvgi2Kserxuff5VitNq2sgf3w9qxmskKDiDTThWfVteJxuCS9JXiPIPtmCrp+7N9asfIaVhBFORllA=="],
 
-    "@aws-sdk/util-endpoints": ["@aws-sdk/util-endpoints@3.996.5", "", { "dependencies": { "@aws-sdk/types": "^3.973.6", "@smithy/types": "^4.13.1", "@smithy/url-parser": "^4.2.12", "@smithy/util-endpoints": "^3.3.3", "tslib": "^2.6.2" } }, "sha512-Uh93L5sXFNbyR5sEPMzUU8tJ++Ku97EY4udmC01nB8Zu+xfBPwpIwJ6F7snqQeq8h2pf+8SGN5/NoytfKgYPIw=="],
+    "@aws-sdk/util-endpoints": ["@aws-sdk/util-endpoints@3.996.8", "", { "dependencies": { "@aws-sdk/types": "^3.973.8", "@smithy/types": "^4.14.1", "@smithy/url-parser": "^4.2.14", "@smithy/util-endpoints": "^3.4.2", "tslib": "^2.6.2" } }, "sha512-oOZHcRDihk5iEe5V25NVWg45b3qEA8OpHWVdU/XQh8Zj4heVPAJqWvMphQnU7LkufmUo10EpvFPZuQMiFLJK3g=="],
 
-    "@aws-sdk/util-format-url": ["@aws-sdk/util-format-url@3.972.8", "", { "dependencies": { "@aws-sdk/types": "^3.973.6", "@smithy/querystring-builder": "^4.2.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-J6DS9oocrgxM8xlUTTmQOuwRF6rnAGEujAN9SAzllcrQmwn5iJ58ogxy3SEhD0Q7JZvlA5jvIXBkpQRqEqlE9A=="],
+    "@aws-sdk/util-format-url": ["@aws-sdk/util-format-url@3.972.10", "", { "dependencies": { "@aws-sdk/types": "^3.973.8", "@smithy/querystring-builder": "^4.2.14", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-DEKiHNJVtNxdyTeQspzY+15Po/kHm6sF0Cs4HV9Q2+lplB63+DrvdeiSoOSdWEWAoO2RcY1veoXVDz2tWxWCgQ=="],
 
     "@aws-sdk/util-locate-window": ["@aws-sdk/util-locate-window@3.965.5", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-WhlJNNINQB+9qtLtZJcpQdgZw3SCDCpXdUJP7cToGwHbCWCnRckGlc6Bx/OhWwIYFNAn+FIydY8SZ0QmVu3xTQ=="],
 
-    "@aws-sdk/util-user-agent-browser": ["@aws-sdk/util-user-agent-browser@3.972.8", "", { "dependencies": { "@aws-sdk/types": "^3.973.6", "@smithy/types": "^4.13.1", "bowser": "^2.11.0", "tslib": "^2.6.2" } }, "sha512-B3KGXJviV2u6Cdw2SDY2aDhoJkVfY/Q/Trwk2CMSkikE1Oi6gRzxhvhIfiRpHfmIsAhV4EA54TVEX8K6CbHbkA=="],
+    "@aws-sdk/util-user-agent-browser": ["@aws-sdk/util-user-agent-browser@3.972.10", "", { "dependencies": { "@aws-sdk/types": "^3.973.8", "@smithy/types": "^4.14.1", "bowser": "^2.11.0", "tslib": "^2.6.2" } }, "sha512-FAzqXvfEssGdSIz8ejatan0bOdx1qefBWKF/gWmVBXIP1HkS7v/wjjaqrAGGKvyihrXTXW00/2/1nTJtxpXz7g=="],
 
-    "@aws-sdk/util-user-agent-node": ["@aws-sdk/util-user-agent-node@3.973.9", "", { "dependencies": { "@aws-sdk/middleware-user-agent": "^3.972.23", "@aws-sdk/types": "^3.973.6", "@smithy/node-config-provider": "^4.3.12", "@smithy/types": "^4.13.1", "@smithy/util-config-provider": "^4.2.2", "tslib": "^2.6.2" }, "peerDependencies": { "aws-crt": ">=1.0.0" }, "optionalPeers": ["aws-crt"] }, "sha512-jeFqqp8KD/P5O+qeKxyGeu7WEVIZFNprnkaDjGmBOjwxYwafCBhpxTgV1TlW6L8e76Vh/siNylNmN/OmSIFBUQ=="],
+    "@aws-sdk/util-user-agent-node": ["@aws-sdk/util-user-agent-node@3.973.22", "", { "dependencies": { "@aws-sdk/middleware-user-agent": "^3.972.36", "@aws-sdk/types": "^3.973.8", "@smithy/node-config-provider": "^4.3.14", "@smithy/types": "^4.14.1", "@smithy/util-config-provider": "^4.2.2", "tslib": "^2.6.2" }, "peerDependencies": { "aws-crt": ">=1.0.0" }, "optionalPeers": ["aws-crt"] }, "sha512-YTYqTmOUrwbm1h99Ee4y/mVYpFRl0oSO/amtP5cc1BZZWdaAVWs9zj3TkyRHWvR9aI/ZS8m3mS6awXtYUlWyaw=="],
 
-    "@aws-sdk/xml-builder": ["@aws-sdk/xml-builder@3.972.14", "", { "dependencies": { "@smithy/types": "^4.13.1", "fast-xml-parser": "5.5.6", "tslib": "^2.6.2" } }, "sha512-G/Yd8Bnnyh8QrqLf8jWJbixEnScUFW24e/wOBGYdw1Cl4r80KX/DvHyM2GVZ2vTp7J4gTEr8IXJlTadA8+UfuQ=="],
+    "@aws-sdk/xml-builder": ["@aws-sdk/xml-builder@3.972.20", "", { "dependencies": { "@nodable/entities": "2.1.0", "@smithy/types": "^4.14.1", "fast-xml-parser": "5.7.2", "tslib": "^2.6.2" } }, "sha512-MDcUfroaMAnDAHn29vN781t0wudR8zjfgg+r3s5otx8TJXFWg01NZB7HvHkBbOf7UUmKEwIZf5kHxiaVUgwjlQ=="],
 
     "@aws/lambda-invoke-store": ["@aws/lambda-invoke-store@0.2.4", "", {}, "sha512-iY8yvjE0y651BixKNPgmv1WrQc+GZ142sb0z4gYnChDDY2YqI4P/jsSopBWrKfAt7LOJAkOXt7rC/hms+WclQQ=="],
 
@@ -556,15 +597,15 @@
 
     "@babel/helper-validator-option": ["@babel/helper-validator-option@7.27.1", "", {}, "sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg=="],
 
-    "@babel/helpers": ["@babel/helpers@7.28.6", "", { "dependencies": { "@babel/template": "^7.28.6", "@babel/types": "^7.28.6" } }, "sha512-xOBvwq86HHdB7WUDTfKfT/Vuxh7gElQ+Sfti2Cy6yIWNW05P8iUslOVcZ4/sKbE+/jQaukQAdz/gf3724kYdqw=="],
+    "@babel/helpers": ["@babel/helpers@7.29.2", "", { "dependencies": { "@babel/template": "^7.28.6", "@babel/types": "^7.29.0" } }, "sha512-HoGuUs4sCZNezVEKdVcwqmZN8GoHirLUcLaYVNBK2J0DadGtdcqgr3BCbvH8+XUo4NGjNl3VOtSjEKNzqfFgKw=="],
 
-    "@babel/parser": ["@babel/parser@7.29.0", "", { "dependencies": { "@babel/types": "^7.29.0" }, "bin": "./bin/babel-parser.js" }, "sha512-IyDgFV5GeDUVX4YdF/3CPULtVGSXXMLh1xVIgdCgxApktqnQV0r7/8Nqthg+8YLGaAtdyIlo2qIdZrbCv4+7ww=="],
+    "@babel/parser": ["@babel/parser@7.29.2", "", { "dependencies": { "@babel/types": "^7.29.0" }, "bin": "./bin/babel-parser.js" }, "sha512-4GgRzy/+fsBa72/RZVJmGKPmZu9Byn8o4MoLpmNe1m8ZfYnz5emHLQz3U4gLud6Zwl0RZIcgiLD7Uq7ySFuDLA=="],
 
     "@babel/plugin-transform-react-jsx-self": ["@babel/plugin-transform-react-jsx-self@7.27.1", "", { "dependencies": { "@babel/helper-plugin-utils": "^7.27.1" }, "peerDependencies": { "@babel/core": "^7.0.0-0" } }, "sha512-6UzkCs+ejGdZ5mFFC/OCUrv028ab2fp1znZmCZjAOBKiBK2jXD1O+BPSfX8X2qjJ75fZBMSnQn3Rq2mrBJK2mw=="],
 
     "@babel/plugin-transform-react-jsx-source": ["@babel/plugin-transform-react-jsx-source@7.27.1", "", { "dependencies": { "@babel/helper-plugin-utils": "^7.27.1" }, "peerDependencies": { "@babel/core": "^7.0.0-0" } }, "sha512-zbwoTsBruTeKB9hSq73ha66iFeJHuaFkUbwvqElnygoNbj/jHRsSeokowZFN3CZ64IvEqcmmkVe89OPXc7ldAw=="],
 
-    "@babel/runtime": ["@babel/runtime@7.28.6", "", {}, "sha512-05WQkdpL9COIMz4LjTxGpPNCdlpyimKppYNoJ5Di5EUObifl8t4tuLuUBBZEpoLYOmfvIWrsp9fCl0HoPRVTdA=="],
+    "@babel/runtime": ["@babel/runtime@7.29.2", "", {}, "sha512-JiDShH45zKHWyGe4ZNVRrCjBz8Nh9TMmZG1kh4QTK8hCBTWBi8Da+i7s1fJw7/lYpM4ccepSNfqzZ/QvABBi5g=="],
 
     "@babel/template": ["@babel/template@7.28.6", "", { "dependencies": { "@babel/code-frame": "^7.28.6", "@babel/parser": "^7.28.6", "@babel/types": "^7.28.6" } }, "sha512-YA6Ma2KsCdGb+WC6UpBVFJGXL58MDA6oyONbjyF/+5sBgxY/dwkhLogbMT2GXXyU84/IhRw/2D1Os1B/giz+BQ=="],
 
@@ -572,9 +613,11 @@
 
     "@babel/types": ["@babel/types@7.29.0", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.28.5" } }, "sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A=="],
 
+    "@better-auth/api-key": ["@better-auth/api-key@1.6.9", "", { "dependencies": { "zod": "^4.3.6" }, "peerDependencies": { "@better-auth/core": "^1.6.9", "@better-auth/utils": "0.4.0", "better-auth": "^1.6.9" } }, "sha512-MPDNmvcCwDpix911kFYRn9XCebJjaCNuj16OA//difNCJoPRn2kD6KQ/3+B3rlSWl46x098SgN7Y3e8kU8nIwg=="],
+
     "@better-auth/core": ["@better-auth/core@1.4.6-beta.3", "", { "dependencies": { "@standard-schema/spec": "^1.0.0", "zod": "^4.1.12" }, "peerDependencies": { "@better-auth/utils": "0.3.0", "@better-fetch/fetch": "1.1.18", "better-call": "1.1.4", "jose": "^6.1.0", "kysely": "^0.28.5", "nanostores": "^1.0.1" } }, "sha512-yjiu7wva4a0HFiWNWoaKfazLXMOx0+2mpyIbB5A1ov1Ta/YXZAg7jeh9A9uyBGXI8Y2qBVMYExumXVp1m1Xz+w=="],
 
-    "@better-auth/passkey": ["@better-auth/passkey@1.5.5", "", { "dependencies": { "@simplewebauthn/browser": "^13.2.2", "@simplewebauthn/server": "^13.2.3", "zod": "^4.3.6" }, "peerDependencies": { "@better-auth/core": "1.5.5", "@better-auth/utils": "0.3.1", "@better-fetch/fetch": "1.1.21", "better-auth": "1.5.5", "better-call": "1.3.2", "nanostores": "^1.0.1" } }, "sha512-waGngvVophgoi/yqyU8fPZS04ZRMfjPBlxRlbV49nOgqFXcA9+914cGUedmaePXlTH6q6Z9K3dXUlg8H4g5tTQ=="],
+    "@better-auth/passkey": ["@better-auth/passkey@1.6.9", "", { "dependencies": { "@simplewebauthn/browser": "^13.2.2", "@simplewebauthn/server": "^13.2.3", "zod": "^4.3.6" }, "peerDependencies": { "@better-auth/core": "^1.6.9", "@better-auth/utils": "0.4.0", "@better-fetch/fetch": "1.1.21", "better-auth": "^1.6.9", "better-call": "1.3.5", "nanostores": "^1.0.1" } }, "sha512-MFpi+2G/pG2wVcTuL/PcnWxP2ddFL4jmFByTCbgvr61tp7u96d5liBptxpTqfS5IuCi2o8bBRmjiQnDZAvxmHg=="],
 
     "@better-auth/sso": ["@better-auth/sso@1.4.1", "", { "dependencies": { "@better-fetch/fetch": "1.1.18", "fast-xml-parser": "^5.2.5", "jose": "^6.1.0", "samlify": "^2.10.1", "zod": "^4.1.12" }, "peerDependencies": { "better-auth": "1.4.1" } }, "sha512-EG3P6uxieSFQvOR4Xxs210YrIrLGGlUDluvPxKx1qMgVxfbt3S8ziQ3wnLScTJKe3WjzsCX8JdN6hLhbO76YAA=="],
 
@@ -602,41 +645,43 @@
 
     "@biomejs/cli-win32-x64": ["@biomejs/cli-win32-x64@2.2.5", "", { "os": "win32", "cpu": "x64" }, "sha512-F/jhuXCssPFAuciMhHKk00xnCAxJRS/pUzVfXYmOMUp//XW7mO6QeCjsjvnm8L4AO/dG2VOB0O+fJPiJ2uXtIw=="],
 
-    "@bufbuild/protobuf": ["@bufbuild/protobuf@2.11.0", "", {}, "sha512-sBXGT13cpmPR5BMgHE6UEEfEaShh5Ror6rfN3yEK5si7QVrtZg8LEPQb0VVhiLRUslD2yLnXtnRzG035J/mZXQ=="],
+    "@bufbuild/protobuf": ["@bufbuild/protobuf@2.12.0", "", {}, "sha512-B/XlCaFIP8LOwzo+bz5uFzATYokcwCKQcghqnlfwSmM5eX/qTkvDBnDPs+gXtX/RyjxJ4DRikECcPJbyALA8FA=="],
 
     "@capsizecss/unpack": ["@capsizecss/unpack@4.0.0", "", { "dependencies": { "fontkitten": "^1.0.0" } }, "sha512-VERIM64vtTP1C4mxQ5thVT9fK0apjPFobqybMtA1UdUujWka24ERHbRHFGmpbbhp73MhV+KSsHQH9C6uOTdEQA=="],
 
-    "@captchafox/react": ["@captchafox/react@1.11.0", "", { "dependencies": { "@captchafox/types": "^1.4.0" }, "peerDependencies": { "react": ">=16.8.0", "react-dom": ">=16.8.0" } }, "sha512-/oF/PahBiNwk/ZVC0XQBl9hHwwRo7Eg8k6tz0U835jH15OJpIZvGHPN4xZ5cRTct+sXAdVcMqfuEP0bsg4yTBw=="],
+    "@captchafox/react": ["@captchafox/react@1.12.0", "", { "dependencies": { "@captchafox/types": "^1.4.0" }, "peerDependencies": { "react": ">=16.8.0", "react-dom": ">=16.8.0" } }, "sha512-ALJWVvSBL3H16KMrGg3exO6EufI32zY63LBB0UC0l7jW+Ynz832tG7wwg0PbDWNle0CiN35DAfxDzH/29sDp3g=="],
 
-    "@captchafox/types": ["@captchafox/types@1.4.0", "", {}, "sha512-4xnPMICLinsXghw6zWEF436lhMsBmLxui2QmU7xAEz/+572BRdvc518Sz5OoofbJ7GZG6QPz/wOtJoN8BfKyCg=="],
+    "@captchafox/types": ["@captchafox/types@1.5.0", "", {}, "sha512-uReDnNoAarRjhbxC0w4hEueKLCx8w22dv+XqzDjR4rUFo3fCj8Dh3A6D27OFAYlfSr/nwomDatAxz7ixwJ5y5w=="],
 
-    "@clickhouse/client": ["@clickhouse/client@1.18.2", "", { "dependencies": { "@clickhouse/client-common": "1.18.2" } }, "sha512-fuquQswRSHWM6D079ZeuGqkMOsqtcUPL06UdTnowmoeeYjVrqisfVmvnw8pc3OeKS4kVb91oygb/MfLDiMs0TQ=="],
+    "@clickhouse/client": ["@clickhouse/client@1.18.3", "", { "dependencies": { "@clickhouse/client-common": "1.18.3" } }, "sha512-340ngdYktL8PLUBK2QKSwe0o02tYfZSz1mSn1uXCEU8TxHvwh9pnQxElf9YHumDGj5gX/IdgxPsJTGMs82Hgug=="],
 
-    "@clickhouse/client-common": ["@clickhouse/client-common@1.18.2", "", {}, "sha512-J0SG6q9V31ydxonglpj9xhNRsUxCsF71iEZ784yldqMYwsHixj/9xHFDgBDX3DuMiDx/kPDfXnf+pimp08wIBA=="],
+    "@clickhouse/client-common": ["@clickhouse/client-common@1.18.3", "", {}, "sha512-3axzO3zvrsGT5PzDenxgWscltYCNRDbhaHWUgdsmcM9OnW/VnZn9EarOcZogr9P82Z0mQh+Jd2x+p2K4TFD2fA=="],
 
     "@cloudflare/kv-asset-handler": ["@cloudflare/kv-asset-handler@0.4.2", "", {}, "sha512-SIOD2DxrRRwQ+jgzlXCqoEFiKOFqaPjhnNTGKXSRLvp1HiOvapLaFG2kEr9dYQTYe8rKrd9uvDUzmAITeNyaHQ=="],
 
-    "@cloudflare/unenv-preset": ["@cloudflare/unenv-preset@2.15.0", "", { "peerDependencies": { "unenv": "2.0.0-rc.24", "workerd": "1.20260301.1 || ~1.20260302.1 || ~1.20260303.1 || ~1.20260304.1 || >1.20260305.0 <2.0.0-0" }, "optionalPeers": ["workerd"] }, "sha512-EGYmJaGZKWl+X8tXxcnx4v2bOZSjQeNI5dWFeXivgX9+YCT69AkzHHwlNbVpqtEUTbew8eQurpyOpeN8fg00nw=="],
+    "@cloudflare/unenv-preset": ["@cloudflare/unenv-preset@2.16.1", "", { "peerDependencies": { "unenv": "2.0.0-rc.24", "workerd": ">1.20260305.0 <2.0.0-0" }, "optionalPeers": ["workerd"] }, "sha512-ECxObrMfyTl5bhQf/lZCXwo5G6xX9IAUo+nDMKK4SZ8m4Jvvxp52vilxyySSWh2YTZz8+HQ07qGH/2rEom1vDw=="],
 
-    "@cloudflare/vite-plugin": ["@cloudflare/vite-plugin@1.28.0", "", { "dependencies": { "@cloudflare/unenv-preset": "2.15.0", "miniflare": "4.20260312.0", "unenv": "2.0.0-rc.24", "wrangler": "4.73.0", "ws": "8.18.0" }, "peerDependencies": { "vite": "^6.1.0 || ^7.0.0" } }, "sha512-h2idr5fZ5GojyWZOZ506NHaDAVq3zpvcKgk8ZzDLlnHHvOwXZlFDPRf9Kkffv0fe+J6GPn7gVjJxgT0YRXAbew=="],
+    "@cloudflare/vite-plugin": ["@cloudflare/vite-plugin@1.33.2", "", { "dependencies": { "@cloudflare/unenv-preset": "2.16.1", "miniflare": "4.20260424.0", "unenv": "2.0.0-rc.24", "wrangler": "4.85.0", "ws": "8.18.0" }, "peerDependencies": { "vite": "^6.1.0 || ^7.0.0 || ^8.0.0" } }, "sha512-XI6+XkDn8W6tlvtYUoS6C89Te7fwhyDLrhUBUbagPO1StJ6ofbR0vpqNNqNskUp9592xTRCDk5ukqcjz6xMo+g=="],
 
-    "@cloudflare/workerd-darwin-64": ["@cloudflare/workerd-darwin-64@1.20260312.1", "", { "os": "darwin", "cpu": "x64" }, "sha512-HUAtDWaqUduS6yasV6+NgsK7qBpP1qGU49ow/Wb117IHjYp+PZPUGReDYocpB4GOMRoQlvdd4L487iFxzdARpw=="],
+    "@cloudflare/workerd-darwin-64": ["@cloudflare/workerd-darwin-64@1.20260424.1", "", { "os": "darwin", "cpu": "x64" }, "sha512-yFR1XaJbSDLg/qbwtrYaU2xwFXatIPKR5nrMQCN1q/m6+Qe/j6r+kCnFEvOJjMZOm9iCKsE6Qly5clgl4u32qw=="],
 
-    "@cloudflare/workerd-darwin-arm64": ["@cloudflare/workerd-darwin-arm64@1.20260312.1", "", { "os": "darwin", "cpu": "arm64" }, "sha512-DOn7TPTHSxJYfi4m4NYga/j32wOTqvJf/pY4Txz5SDKWIZHSTXFyGz2K4B+thoPWLop/KZxGoyTv7db0mk/qyw=="],
+    "@cloudflare/workerd-darwin-arm64": ["@cloudflare/workerd-darwin-arm64@1.20260424.1", "", { "os": "darwin", "cpu": "arm64" }, "sha512-LqWKcE7x/9KyC2iQvKPeb20hKST3dYXDZlYTvFymgR1DfLS0OFOCzVGTloVNd7WqvK4SkdzBYfxo7QMIAeBK0w=="],
 
-    "@cloudflare/workerd-linux-64": ["@cloudflare/workerd-linux-64@1.20260312.1", "", { "os": "linux", "cpu": "x64" }, "sha512-TdkIh3WzPXYHuvz7phAtFEEvAxvFd30tHrm4gsgpw0R0F5b8PtoM3hfL2uY7EcBBWVYUBtkY2ahDYFfufnXw/g=="],
+    "@cloudflare/workerd-linux-64": ["@cloudflare/workerd-linux-64@1.20260424.1", "", { "os": "linux", "cpu": "x64" }, "sha512-YlEBFbAYZHe/ylzl8WEYQEU/jr+0XMqXaST2oBk5oVjksdb1NGuJaggluCdZAzuJJ8UqdTmyhY5u/qrasbiFWA=="],
 
-    "@cloudflare/workerd-linux-arm64": ["@cloudflare/workerd-linux-arm64@1.20260312.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-kNauZhL569Iy94t844OMwa1zP6zKFiL3xiJ4tGLS+TFTEfZ3pZsRH6lWWOtkXkjTyCmBEOog0HSEKjIV4oAffw=="],
+    "@cloudflare/workerd-linux-arm64": ["@cloudflare/workerd-linux-arm64@1.20260424.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-qJ0X0m6cL8fWDUPDg8K4IxYZXNJI6XbeOihqjnqKbAClrjdPDn8VUSd+z2XiCQ5NylMtMrpa/skC9UfaR6mh8g=="],
 
-    "@cloudflare/workerd-windows-64": ["@cloudflare/workerd-windows-64@1.20260312.1", "", { "os": "win32", "cpu": "x64" }, "sha512-5dBrlSK+nMsZy5bYQpj8t9iiQNvCRlkm9GGvswJa9vVU/1BNO4BhJMlqOLWT24EmFyApZ+kaBiPJMV8847NDTg=="],
+    "@cloudflare/workerd-windows-64": ["@cloudflare/workerd-windows-64@1.20260424.1", "", { "os": "win32", "cpu": "x64" }, "sha512-tZ7Z9qmYNAP6z1/+8r/zKbk8F8DZmpmwNzMeN+zkde2Wnhfr3FBqOkJXT/5zmli8HPoWrIXxSiyqcNDMy8V2Zg=="],
 
-    "@cloudflare/workers-types": ["@cloudflare/workers-types@4.20260313.1", "", {}, "sha512-jMEeX3RKfOSVqqXRKr/ulgglcTloeMzSH3FdzIfqJHtvc12/ELKd5Ldsg8ZHahKX/4eRxYdw3kbzb8jLXbq/jQ=="],
+    "@cloudflare/workers-types": ["@cloudflare/workers-types@4.20260426.1", "", {}, "sha512-cBYeQaWwv/jFV8ualmwp6wIxmAf0rDe2DPPQwPbslKmPHqgv861YpAvm45r05K40QboZgxNQVIPgNkmtHqZeJQ=="],
 
     "@cspotcode/source-map-support": ["@cspotcode/source-map-support@0.8.1", "", { "dependencies": { "@jridgewell/trace-mapping": "0.3.9" } }, "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw=="],
 
     "@daveyplate/better-auth-tanstack": ["@daveyplate/better-auth-tanstack@1.3.6", "", { "peerDependencies": { "@tanstack/query-core": ">=5.65.0", "@tanstack/react-query": ">=5.65.0", "better-auth": ">=1.2.8", "react": ">=18.0.0", "react-dom": ">=18.0.0" } }, "sha512-GvIGdbjRMZCEfAffU7LeWpGpie4vSli8V9jmNFCQOziZZMEFbO4cd53HBFmAushC9oEYIyhSNZBgV2ADzW94Ww=="],
 
-    "@daveyplate/better-auth-ui": ["@daveyplate/better-auth-ui@3.3.15", "", { "dependencies": { "@better-fetch/fetch": "^1.1.21", "@hcaptcha/react-hcaptcha": "^1.17.1", "@noble/hashes": "^2.0.1", "@react-email/components": "^1.0.1", "@wojtekmaj/react-recaptcha-v3": "^0.1.4", "react-google-recaptcha": "^3.1.0", "react-qr-code": "^2.0.18", "ua-parser-js": "^2.0.7", "vaul": "^1.1.2" }, "peerDependencies": { "@better-auth/passkey": ">=1.4.6", "@captchafox/react": "^1.10.0", "@daveyplate/better-auth-tanstack": "^1.3.6", "@hookform/resolvers": ">=5.2.0", "@instantdb/react": ">=0.18.0", "@marsidev/react-turnstile": ">=1.1.0", "@radix-ui/react-avatar": ">=1.1.0", "@radix-ui/react-checkbox": ">=1.1.0", "@radix-ui/react-context": ">=1.1.0", "@radix-ui/react-dialog": ">=1.1.0", "@radix-ui/react-dropdown-menu": ">=2.1.0", "@radix-ui/react-label": ">=2.1.0", "@radix-ui/react-primitive": ">=2.0.0", "@radix-ui/react-select": ">=2.2.0", "@radix-ui/react-separator": ">=1.1.0", "@radix-ui/react-slot": ">=1.1.0", "@radix-ui/react-tabs": ">=1.1.0", "@radix-ui/react-tooltip": ">=1.2.0", "@radix-ui/react-use-callback-ref": ">=1.1.0", "@radix-ui/react-use-layout-effect": ">=1.1.0", "@tanstack/react-query": ">=5.66.0", "@triplit/client": ">=1.0.0", "@triplit/react": ">=1.0.0", "better-auth": "^1.4.6", "class-variance-authority": ">=0.7.0", "clsx": ">=2.1.0", "input-otp": ">=1.4.0", "lucide-react": ">=0.469.0", "react": ">=18.0.0", "react-dom": ">=18.0.0", "react-hook-form": ">=7.55.0", "sonner": ">=1.7.0", "tailwind-merge": ">=2.6.0", "tailwindcss": ">=3.0.0", "zod": ">=3.0.0" } }, "sha512-vvsQ70EJha+WTBKjLbw4U/ycRjL0IgKHZ3RphZAONGnR/2BfdfVn8CEfrrsydmkYKMB8HGxtoMiU7/uu3qD72g=="],
+    "@daveyplate/better-auth-ui": ["@daveyplate/better-auth-ui@3.4.0", "", { "dependencies": { "@better-auth/api-key": "^1.5.6", "@better-fetch/fetch": "^1.1.21", "@hcaptcha/react-hcaptcha": "^2.0.2", "@noble/hashes": "^2.0.1", "@react-email/components": "^1.0.10", "@wojtekmaj/react-recaptcha-v3": "^0.1.4", "better-call": "2.0.2", "bowser": "^2.11.0", "react-google-recaptcha": "^3.1.0", "react-qr-code": "^2.0.18", "vaul": "^1.1.2" }, "peerDependencies": { "@better-auth/passkey": ">=1.4.6", "@captchafox/react": "^1.10.0", "@daveyplate/better-auth-tanstack": "^1.3.6", "@hookform/resolvers": ">=5.2.0", "@instantdb/react": ">=0.18.0", "@marsidev/react-turnstile": ">=1.1.0", "@radix-ui/react-avatar": ">=1.1.0", "@radix-ui/react-checkbox": ">=1.1.0", "@radix-ui/react-context": ">=1.1.0", "@radix-ui/react-dialog": ">=1.1.0", "@radix-ui/react-dropdown-menu": ">=2.1.0", "@radix-ui/react-label": ">=2.1.0", "@radix-ui/react-primitive": ">=2.0.0", "@radix-ui/react-select": ">=2.2.0", "@radix-ui/react-separator": ">=1.1.0", "@radix-ui/react-slot": ">=1.1.0", "@radix-ui/react-tabs": ">=1.1.0", "@radix-ui/react-tooltip": ">=1.2.0", "@radix-ui/react-use-callback-ref": ">=1.1.0", "@radix-ui/react-use-layout-effect": ">=1.1.0", "@tanstack/react-query": ">=5.66.0", "@triplit/client": ">=1.0.0", "@triplit/react": ">=1.0.0", "better-auth": "^1.4.6", "class-variance-authority": ">=0.7.0", "clsx": ">=2.1.0", "input-otp": ">=1.4.0", "lucide-react": ">=0.469.0", "react": ">=18.0.0", "react-dom": ">=18.0.0", "react-hook-form": ">=7.55.0", "sonner": ">=1.7.0", "tailwind-merge": ">=2.6.0", "tailwindcss": ">=3.0.0", "zod": ">=3.0.0" } }, "sha512-mGA0cKsAk0AcoKkxjff2xQOviMrUDDN+9SsRusURP/kiTmoLvWAv8utaPex0GFLHKm1w3BrLBdJRg9B2LkT7Bw=="],
+
+    "@deco-cx/warp-node": ["@deco-cx/warp-node@0.3.20", "", { "dependencies": { "undici": "^6.21.0", "ws": "^8.18.0" } }, "sha512-rdRWrT5eMhu1zhAzliRkoQCUr2j6Dg9npUKoP4uP+rV9wIbYKSmXJbM2z/fOiy5FVvzQlpvY16ACNRIRz+UWqw=="],
 
     "@deco/ui": ["@deco/ui@workspace:packages/ui"],
 
@@ -654,6 +699,8 @@
 
     "@decocms/runtime": ["@decocms/runtime@workspace:packages/runtime"],
 
+    "@decocms/sandbox": ["@decocms/sandbox@workspace:packages/sandbox"],
+
     "@decocms/typegen": ["@decocms/typegen@workspace:packages/typegen"],
 
     "@decocms/vite-plugin": ["@decocms/vite-plugin@workspace:packages/vite-plugin-deco"],
@@ -684,27 +731,27 @@
 
     "@electric-sql/pglite": ["@electric-sql/pglite@0.3.16", "", {}, "sha512-mZkZfOd9OqTMHsK+1cje8OSzfAQcpD7JmILXTl5ahdempjUDdmg4euf1biDex5/LfQIDJ3gvCu6qDgdnDxfJmA=="],
 
-    "@embedded-postgres/darwin-arm64": ["@embedded-postgres/darwin-arm64@18.3.0-beta.16", "", { "os": "darwin", "cpu": "arm64" }, "sha512-VBZ/xRS9Qdzq7MQnus9ScgO+89Ri2mHHqvbSVG3AOFY6xYne65Y9Br+6X1OcKOBWGR/mURBIFfe7CIqVp0Uf3Q=="],
+    "@embedded-postgres/darwin-arm64": ["@embedded-postgres/darwin-arm64@18.3.0-beta.17", "", { "os": "darwin", "cpu": "arm64" }, "sha512-Pvrej3Xz5flfyVc9mchVfekrKoTJyvPtM3U0vjuXamZkRKmi+inP2zRmnmzYecIVbr7Zhu82xbsCENMXrwMp9Q=="],
 
-    "@embedded-postgres/darwin-x64": ["@embedded-postgres/darwin-x64@18.3.0-beta.16", "", { "os": "darwin", "cpu": "x64" }, "sha512-ZoS5GpvPWMtijusa+znxT7nMjz535LHi+8VX7CSCPhDi3IyPE5jcebedboyW6fHjUdtnpkTpfCBMwBRYXJL5tA=="],
+    "@embedded-postgres/darwin-x64": ["@embedded-postgres/darwin-x64@18.3.0-beta.17", "", { "os": "darwin", "cpu": "x64" }, "sha512-MVWe+C47pPoMD9LlIWGQkvZ5Xsu3IBo54CYqnIps/Z1byMIUBNc7y/dZ3mfqEwiCbVDVqirG0CU462xnrSEfKA=="],
 
-    "@embedded-postgres/linux-arm": ["@embedded-postgres/linux-arm@18.3.0-beta.16", "", { "os": "linux", "cpu": "arm" }, "sha512-9DlgGPcSq6IrfZoUK8n0omG2HPFTSeWaF2FBrs8RG6Mjs4dMZcWKsViWFKHbZIHH3ikbZAc3pu3c6lHa4cyuDw=="],
+    "@embedded-postgres/linux-arm": ["@embedded-postgres/linux-arm@18.3.0-beta.17", "", { "os": "linux", "cpu": "arm" }, "sha512-Y2vw7p80PO/Ko7CDm8CCpStnNfMe+oc11e0WZtqAVRjxO6H0oic/ehULhUsWU3mZm5jq7wQAv37VMzf4JN+SFQ=="],
 
-    "@embedded-postgres/linux-arm64": ["@embedded-postgres/linux-arm64@18.3.0-beta.16", "", { "os": "linux", "cpu": "arm64" }, "sha512-FJqXZX3heEcTeusXLt6VuPxR//7x2ETtlapNfPfKyanjGrRHEriVFEhEy2nYkcqTecEtdUfUXTbZ1mPTVXEDBw=="],
+    "@embedded-postgres/linux-arm64": ["@embedded-postgres/linux-arm64@18.3.0-beta.17", "", { "os": "linux", "cpu": "arm64" }, "sha512-hXp7yHJHYWkdjkgF6As8whEHbdYxhBdmXeLpLTw0aiac0O6+0Cbqk3cOR9U+e49oyIpElHVwZUo6OewquSRhSg=="],
 
-    "@embedded-postgres/linux-ia32": ["@embedded-postgres/linux-ia32@18.3.0-beta.16", "", { "os": "linux", "cpu": "ia32" }, "sha512-BL0PH7u/t4dfUPU1foggHtbeQZFz5gaedTXGXduze3j46o9Fjyym2afkkLqmgMGBjZXdoo3IFEdiqyFmZsFMzg=="],
+    "@embedded-postgres/linux-ia32": ["@embedded-postgres/linux-ia32@18.3.0-beta.17", "", { "os": "linux", "cpu": "ia32" }, "sha512-hVUOM+7QxkzAIdN3gewfVwL1EpJIx+0qUiNTD8cMqRtaZyU87e4AFIvBS0UiDJ9xzMTVWr/X24wePtbvIbkopg=="],
 
-    "@embedded-postgres/linux-ppc64": ["@embedded-postgres/linux-ppc64@18.3.0-beta.16", "", { "os": "linux", "cpu": "ppc64" }, "sha512-VndcTVmzhEsGWDiJza0j8FiifnX9/lYUEizDB/+/r8BBz45f02XxdLJwaUc+9Y72kLgnfUGYbN9+fyNMQoMPyg=="],
+    "@embedded-postgres/linux-ppc64": ["@embedded-postgres/linux-ppc64@18.3.0-beta.17", "", { "os": "linux", "cpu": "ppc64" }, "sha512-p3/u4YUqSdE2CKUBlC84JGZCi6RnE1fyeLPIIVy2DJUiKtExR5rE3OpDJcVoN40uecYGL+nR4qFocGzDwG1TBw=="],
 
-    "@embedded-postgres/linux-x64": ["@embedded-postgres/linux-x64@18.3.0-beta.16", "", { "os": "linux", "cpu": "x64" }, "sha512-SRnH75c2PenxtlJPAdDz3ckVA6/3AB6g/wOJiK33LsR55a2AWjoLrUkPqS0x8PlVAOaQHCzgnq8EDRxrbP1+Dg=="],
+    "@embedded-postgres/linux-x64": ["@embedded-postgres/linux-x64@18.3.0-beta.17", "", { "os": "linux", "cpu": "x64" }, "sha512-8orSD6NNopSLtjqir4dWQBrj+g8j1eJjWd9mB60A3xbWMzIBIPQpzT7XzbacW9YFSl/DejOLnRXfff+Wr13Tgw=="],
 
-    "@embedded-postgres/windows-x64": ["@embedded-postgres/windows-x64@18.3.0-beta.16", "", { "os": "win32", "cpu": "x64" }, "sha512-REupF2FhJMEsXqdeUG+wVWSKpykbruh9Ro5bHG/7RCBuSa/ncJ/8qhtVSI71RTJn1Cb9Shqa/gbnorz+8hat9Q=="],
+    "@embedded-postgres/windows-x64": ["@embedded-postgres/windows-x64@18.3.0-beta.17", "", { "os": "win32", "cpu": "x64" }, "sha512-kDC5aBsmhWDjeQjj2V4g+Bk+pMeDU27b7l0rBbaKgtt2gsNmCB34ULg/5cqs2kqUKSk/tiGMHKCNE+zQZ+s4rg=="],
 
-    "@emnapi/core": ["@emnapi/core@1.9.0", "", { "dependencies": { "@emnapi/wasi-threads": "1.2.0", "tslib": "^2.4.0" } }, "sha512-0DQ98G9ZQZOxfUcQn1waV2yS8aWdZ6kJMbYCJB3oUBecjWYO1fqJ+a1DRfPF3O5JEkwqwP1A9QEN/9mYm2Yd0w=="],
+    "@emnapi/core": ["@emnapi/core@1.10.0", "", { "dependencies": { "@emnapi/wasi-threads": "1.2.1", "tslib": "^2.4.0" } }, "sha512-yq6OkJ4p82CAfPl0u9mQebQHKPJkY7WrIuk205cTYnYe+k2Z8YBh11FrbRG/H6ihirqcacOgl2BIO8oyMQLeXw=="],
 
-    "@emnapi/runtime": ["@emnapi/runtime@1.9.0", "", { "dependencies": { "tslib": "^2.4.0" } }, "sha512-QN75eB0IH2ywSpRpNddCRfQIhmJYBCJ1x5Lb3IscKAL8bMnVAKnRg8dCoXbHzVLLH7P38N2Z3mtulB7W0J0FKw=="],
+    "@emnapi/runtime": ["@emnapi/runtime@1.10.0", "", { "dependencies": { "tslib": "^2.4.0" } }, "sha512-ewvYlk86xUoGI0zQRNq/mC+16R1QeDlKQy21Ki3oSYXNgLb45GV1P6A0M+/s6nyCuNDqe5VpaY84BzXGwVbwFA=="],
 
-    "@emnapi/wasi-threads": ["@emnapi/wasi-threads@1.2.0", "", { "dependencies": { "tslib": "^2.4.0" } }, "sha512-N10dEJNSsUx41Z6pZsXU8FjPjpBEplgH24sfkmITrBED1/U2Esum9F3lfLrMjKHHjmi557zQn7kR9R+XWXu5Rg=="],
+    "@emnapi/wasi-threads": ["@emnapi/wasi-threads@1.2.1", "", { "dependencies": { "tslib": "^2.4.0" } }, "sha512-uTII7OYF+/Mes/MrcIOYp5yOtSMLBWSIoLPpcgwipoiKbli6k322tcoFsxoIIxPDqW01SQGAgko4EzZi2BNv2w=="],
 
     "@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.27.3", "", { "os": "aix", "cpu": "ppc64" }, "sha512-9fJMTNFTWZMh5qwrBItuziu834eOCUcEqymSH7pY+zoMVEZg3gcPuBNxH1EvfVYe9h0x/Ptw8KBzv7qxb7l8dg=="],
 
@@ -768,29 +815,27 @@
 
     "@floating-ui/utils": ["@floating-ui/utils@0.2.11", "", {}, "sha512-RiB/yIh78pcIxl6lLMG0CgBXAZ2Y0eVHqMPYugu+9U0AeT6YBeiJpf7lbdJNIugFP5SIjwNRgo4DhR1Qxi26Gg=="],
 
-    "@freestyle-sh/with-bun": ["@freestyle-sh/with-bun@0.2.12", "", { "dependencies": { "@freestyle-sh/with-type-js": "0.2.9", "freestyle-sandboxes": "^0.1.43" } }, "sha512-ujpcwye+RwNx76dUeTQeWxR7xDufdFHlRNHfFhW2hC16wSXNk9Nn62klxtjlJ2VAugt969CxiQlD+B5esJMRtw=="],
+    "@freestyle-sh/with-bun": ["@freestyle-sh/with-bun@0.2.14", "", { "dependencies": { "@freestyle-sh/with-type-js": "0.2.11", "freestyle": "^0.1.46" } }, "sha512-AkFzVdVQTdEfHkyvV/28KtFKW2DUIYA8WXyoMzMDP1512IEQ3JXKCNnG0IVmrdHaNTTyMUh5uzciJqETow9FtA=="],
 
     "@freestyle-sh/with-deno": ["@freestyle-sh/with-deno@0.0.4", "", { "dependencies": { "@freestyle-sh/with-type-js": "0.2.9", "freestyle-sandboxes": "^0.1.43" } }, "sha512-tImFxG97Kjel/LAqSIjCIz1mdxlfN5K0eRJDhkQWjWri352jZRIYqHUWIn+0CaMiZxl1ciHc+KQIUXW7ss6h7Q=="],
 
-    "@freestyle-sh/with-nodejs": ["@freestyle-sh/with-nodejs@0.2.9", "", { "dependencies": { "@freestyle-sh/with-type-js": "^0.2.9", "freestyle-sandboxes": "^0.1.41" } }, "sha512-LvflGKQcVe3U6AdCVNKTPdZBb2xRoG/67hq9WiOEABI0+ODjiV/lQYZzNRTQvqemvY+cn1ueRFBtfQJ+VW90bw=="],
+    "@freestyle-sh/with-nodejs": ["@freestyle-sh/with-nodejs@0.2.12", "", { "dependencies": { "@freestyle-sh/with-type-js": "^0.2.11", "freestyle": "^0.1.46" } }, "sha512-jcx7B1uwqOLfSUsU5003eRTiVHuytbjclpePBcv68DUzmqEZ4muil7yQKb3qU+m3pOUNb7UAaJqUfRIIH1QIdQ=="],
 
-    "@freestyle-sh/with-type-js": ["@freestyle-sh/with-type-js@0.2.9", "", { "dependencies": { "@freestyle-sh/with-type-js-deps": "^0.2.9", "@freestyle-sh/with-type-run-code": "^0.2.9", "freestyle-sandboxes": "^0.1.28" } }, "sha512-W6rit2s71ekvD+0H+1rIzgovWHAa186mREJWyn4e+y4etW4+SrZ0Q+CF6a+EnkIWwnkPSL164SIbnJHUj3jp8w=="],
+    "@freestyle-sh/with-type-js": ["@freestyle-sh/with-type-js@0.2.11", "", { "dependencies": { "@freestyle-sh/with-type-js-deps": "^0.2.10", "@freestyle-sh/with-type-run-code": "^0.2.10", "freestyle": "^0.1.46" } }, "sha512-fAC4w1lt+znNjwK3YsXJ5JTzCHCncu/p3rDXmWS/NZynQwByKoysxDst7gfc6zqmJqdG5ayoVexcQOrhErhDRg=="],
 
-    "@freestyle-sh/with-type-js-deps": ["@freestyle-sh/with-type-js-deps@0.2.9", "", { "dependencies": { "freestyle-sandboxes": "^0.1.28" } }, "sha512-h4RR3hgTaKY4Gt7TTSgqhhgmq+oEi+3GR/T0Ol1vk00MQXE+iKvLTela5ECeZu1I1sMcKtDkVsOSIztF6Lpu2Q=="],
+    "@freestyle-sh/with-type-js-deps": ["@freestyle-sh/with-type-js-deps@0.2.10", "", { "dependencies": { "freestyle": "^0.1.46" } }, "sha512-w72dGEGjPDP1Gm9A1Fg/irBW4KUIieKvIRzV9stLgIbybRX836JEEDeVDbgaVUv/FQqKbvJW595asmPriwOLEA=="],
 
-    "@freestyle-sh/with-type-run-code": ["@freestyle-sh/with-type-run-code@0.2.9", "", { "dependencies": { "freestyle-sandboxes": "^0.1.28" } }, "sha512-RkuB513J9CsqaAELArTwUsWV8VQR1u9YVvn00LgFy4gBJRBWQc2OOKzipdm7+XG2Sf7CIo6ZYgbVkm+Q3sCe4g=="],
+    "@freestyle-sh/with-type-run-code": ["@freestyle-sh/with-type-run-code@0.2.10", "", { "dependencies": { "freestyle": "^0.1.46" } }, "sha512-onr8lGnnjfDsmbvgzr1aSLGesS2h4+9RqcDLR0RYnrt6gQ1SZW1j46AeOpjtZpIln7Pbawd0xFK4ypzXWGMgqA=="],
 
     "@grpc/grpc-js": ["@grpc/grpc-js@1.14.3", "", { "dependencies": { "@grpc/proto-loader": "^0.8.0", "@js-sdsl/ordered-map": "^4.4.2" } }, "sha512-Iq8QQQ/7X3Sac15oB6p0FmUg/klxQvXLeileoqrTRGJYLV+/9tubbr9ipz0GKHjmXVsgFPo/+W+2cA8eNcR+XA=="],
 
     "@grpc/proto-loader": ["@grpc/proto-loader@0.8.0", "", { "dependencies": { "lodash.camelcase": "^4.3.0", "long": "^5.0.0", "protobufjs": "^7.5.3", "yargs": "^17.7.2" }, "bin": { "proto-loader-gen-types": "build/bin/proto-loader-gen-types.js" } }, "sha512-rc1hOQtjIWGxcxpb9aHAfLpIctjEnsDehj0DAiVfBlmT84uvR0uUtN2hEi/ecvWVjXUGf5qPF4qEgiLOx1YIMQ=="],
 
-    "@hcaptcha/loader": ["@hcaptcha/loader@2.3.0", "", {}, "sha512-i4lnNxKBe+COf3R1nFZEWaZoHIoJjvDgWqvcNrdZq8ehoSNMN6KVZ56dcQ02qKie2h3+BkbkwlJA9DOIuLlK/g=="],
-
-    "@hcaptcha/react-hcaptcha": ["@hcaptcha/react-hcaptcha@1.17.4", "", { "dependencies": { "@babel/runtime": "^7.17.9", "@hcaptcha/loader": "^2.3.0" }, "peerDependencies": { "react": ">= 16.3.0", "react-dom": ">= 16.3.0" } }, "sha512-rIvgesG1N7SS9sAYYHFoWm+nXqRrxq7RcA9z2pKkDWV+S1GdfmrTNYA1aPyVWVe3eowphTCwyDJvl97Swwy0mw=="],
+    "@hcaptcha/react-hcaptcha": ["@hcaptcha/react-hcaptcha@2.0.2", "", {}, "sha512-VbuH6VJ6m3BHmVBHs0fL9t+suZd7PQEqCzqL2BiUbBvbHI3XfvSgdiug2QiEPN8zskbPTIV/FfGPF53JCckrow=="],
 
     "@hexagon/base64": ["@hexagon/base64@1.1.28", "", {}, "sha512-lhqDEAvWixy3bZ+UOYbPwUbBkwBq5C1LAJ/xPC8Oi+lL54oyakv/npbA0aU2hgCsx/1NUd4IBvV03+aUBWxerw=="],
 
-    "@hono/node-server": ["@hono/node-server@1.19.11", "", { "peerDependencies": { "hono": "^4" } }, "sha512-dr8/3zEaB+p0D2n/IUrlPF1HZm586qgJNXK1a9fhg/PzdtkK7Ksd5l312tJX2yBuALqDYBlG20QEbayqPyxn+g=="],
+    "@hono/node-server": ["@hono/node-server@1.19.14", "", { "peerDependencies": { "hono": "^4" } }, "sha512-GwtvgtXxnWsucXvbQXkRgqksiH2Qed37H9xHZocE5sA3N8O8O8/8FA3uclQXxXVzc9XBZuEOMK7+r02FmSpHtw=="],
 
     "@hookform/resolvers": ["@hookform/resolvers@5.2.2", "", { "dependencies": { "@standard-schema/utils": "^0.3.0" }, "peerDependencies": { "react-hook-form": "^7.55.0" } }, "sha512-A/IxlMLShx3KjV/HeTcTfaMxdwy690+L/ZADoeaTltLx+CVuzkeVIPuybK3jrRfw7YZnmdKsVVHAlEPIAEUNlA=="],
 
@@ -846,13 +891,13 @@
 
     "@inkjs/ui": ["@inkjs/ui@2.0.0", "", { "dependencies": { "chalk": "^5.3.0", "cli-spinners": "^3.0.0", "deepmerge": "^4.3.1", "figures": "^6.1.0" }, "peerDependencies": { "ink": ">=5" } }, "sha512-5+8fJmwtF9UvikzLfph9sA+LS+l37Ij/szQltkuXLOAXwNkBX9innfzh4pLGXIB59vKEQUtc6D4qGvhD7h3pAg=="],
 
-    "@instantdb/core": ["@instantdb/core@0.22.158", "", { "dependencies": { "@instantdb/version": "0.22.158", "mutative": "^1.0.10", "uuid": "^11.1.0" } }, "sha512-nq0FddMU7CyJymE5QCWjfcBTTH/Ac6NzL99++92aFhRnt8JilHbcLljUKC9N5k0uVkzRaxAo2uBcP/LIZ8OgYA=="],
+    "@instantdb/core": ["@instantdb/core@1.0.20", "", { "dependencies": { "@instantdb/version": "1.0.20", "mutative": "^1.0.10", "uuid": "^11.1.0" } }, "sha512-bh/VZftslcvYQzM70Ik4HC3kyUouDO8NQknxTdhogqBYHQHv1JV/Aj08l5aaajmNQD+ZiIwHP2SRqUO1NbSgTA=="],
 
-    "@instantdb/react": ["@instantdb/react@0.22.158", "", { "dependencies": { "@instantdb/core": "0.22.158", "@instantdb/react-common": "0.22.158", "@instantdb/version": "0.22.158", "eventsource": "^4.0.0" }, "peerDependencies": { "react": ">=16" } }, "sha512-tMX1qEQAk5euW27dlRwvjg/x9V1AfFGOOl8oo2Ia/NPh+MxL+1gd7HHcIy+JZq95G2IuGoPfqpAZKhYisMdW4w=="],
+    "@instantdb/react": ["@instantdb/react@1.0.20", "", { "dependencies": { "@instantdb/core": "1.0.20", "@instantdb/react-common": "1.0.20", "@instantdb/version": "1.0.20", "eventsource": "^4.0.0" }, "peerDependencies": { "react": ">=16" } }, "sha512-KnK8uniMgCPLenybLAri5NI1r2p+TrT3doyxMExbVvlUITb/HHIaqtMuS7uUkOowOMMAdkstSf5FiV8SRcHkLw=="],
 
-    "@instantdb/react-common": ["@instantdb/react-common@0.22.158", "", { "dependencies": { "@instantdb/core": "0.22.158", "@instantdb/version": "0.22.158" }, "peerDependencies": { "react": ">=16" } }, "sha512-1ojK7N4JYRZoPlIoGDx+vyIKIq57XVCLBKr+daduCOP0v87eQPgdlLaKfQbxKSOix63Mk/X3r0Izs545W1l6HQ=="],
+    "@instantdb/react-common": ["@instantdb/react-common@1.0.20", "", { "dependencies": { "@instantdb/core": "1.0.20", "@instantdb/version": "1.0.20" }, "peerDependencies": { "react": ">=16" } }, "sha512-AmZQtF/JPEkJ8CcLsPFl4KH6Gb7oi/K7NCW4ESM2FYnbtHHZUKdq0XAUw2jSVcJ1hTW6FJNdxldvS30RfSj71g=="],
 
-    "@instantdb/version": ["@instantdb/version@0.22.158", "", {}, "sha512-RkO73PcZbYdczZMUGfwM5u0OPCG2Bzs1e/cI9adAPmh/1tSvEpJDCU4j0R9JQnHAoMGJ/XNrGT2DqHfkfBV8Cw=="],
+    "@instantdb/version": ["@instantdb/version@1.0.20", "", {}, "sha512-WuoEBXO01Bnhnk+uCbWliugnas0ny6c9Xx+dSdC5/P9fb3TGinVltfWxu1YxwnbMz3IN2jlMOmqNCdlFfrc8/g=="],
 
     "@isaacs/fs-minipass": ["@isaacs/fs-minipass@4.0.1", "", { "dependencies": { "minipass": "^7.0.4" } }, "sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w=="],
 
@@ -874,15 +919,21 @@
 
     "@jsdevtools/ono": ["@jsdevtools/ono@7.1.3", "", {}, "sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg=="],
 
+    "@jsep-plugin/assignment": ["@jsep-plugin/assignment@1.3.0", "", { "peerDependencies": { "jsep": "^0.4.0||^1.0.0" } }, "sha512-VVgV+CXrhbMI3aSusQyclHkenWSAm95WaiKrMxRFam3JSUiIaQjoMIw2sEs/OX4XifnqeQUN4DYbJjlA8EfktQ=="],
+
+    "@jsep-plugin/regex": ["@jsep-plugin/regex@1.0.4", "", { "peerDependencies": { "jsep": "^0.4.0||^1.0.0" } }, "sha512-q7qL4Mgjs1vByCaTnDFcBnV9HS7GVPJX5vyVoCgZHNSC9rjwIlmbXG5sUuorR5ndfHAIlJ8pVStxvjXHbNvtUg=="],
+
+    "@kubernetes/client-node": ["@kubernetes/client-node@1.4.0", "", { "dependencies": { "@types/js-yaml": "^4.0.1", "@types/node": "^24.0.0", "@types/node-fetch": "^2.6.13", "@types/stream-buffers": "^3.0.3", "form-data": "^4.0.0", "hpagent": "^1.2.0", "isomorphic-ws": "^5.0.0", "js-yaml": "^4.1.0", "jsonpath-plus": "^10.3.0", "node-fetch": "^2.7.0", "openid-client": "^6.1.3", "rfc4648": "^1.3.0", "socks-proxy-agent": "^8.0.4", "stream-buffers": "^3.0.2", "tar-fs": "^3.0.9", "ws": "^8.18.2" } }, "sha512-Zge3YvF7DJi264dU1b3wb/GmzR99JhUpqTvp+VGHfwZT+g7EOOYNScDJNZwXy9cszyIGPIs0VHr+kk8e95qqrA=="],
+
     "@levischuck/tiny-cbor": ["@levischuck/tiny-cbor@0.2.11", "", {}, "sha512-llBRm4dT4Z89aRsm6u2oEZ8tfwL/2l6BwpZ7JcyieouniDECM5AqNgr/y08zalEIvW3RSK4upYyybDcmjXqAow=="],
 
     "@mapbox/node-pre-gyp": ["@mapbox/node-pre-gyp@2.0.3", "", { "dependencies": { "consola": "^3.2.3", "detect-libc": "^2.0.0", "https-proxy-agent": "^7.0.5", "node-fetch": "^2.6.7", "nopt": "^8.0.0", "semver": "^7.5.3", "tar": "^7.4.0" }, "bin": { "node-pre-gyp": "bin/node-pre-gyp" } }, "sha512-uwPAhccfFJlsfCxMYTwOdVfOz3xqyj8xYL3zJj8f0pb30tLohnnFPhLuqp4/qoEz8sNxe4SESZedcBojRefIzg=="],
 
-    "@marsidev/react-turnstile": ["@marsidev/react-turnstile@1.4.2", "", { "peerDependencies": { "react": "^17.0.2 || ^18.0.0 || ^19.0", "react-dom": "^17.0.2 || ^18.0.0 || ^19.0" } }, "sha512-xs1qOuyeMOz6t9BXXCXWiukC0/0+48vR08B7uwNdG05wCMnbcNgxiFmdFKDOFbM76qFYFRYlGeRfhfq1U/iZmA=="],
+    "@marsidev/react-turnstile": ["@marsidev/react-turnstile@1.5.1", "", { "peerDependencies": { "react": "^17.0.2 || ^18.0.0 || ^19.0", "react-dom": "^17.0.2 || ^18.0.0 || ^19.0" } }, "sha512-dGZeOWEh1t9AfkR0G94k48+gciIzTNz8GhEatIGTk43ZBynWFfHxmgv1ZiSPkJBYBhSqeqfgFMp+nqFbZAViyQ=="],
 
     "@mdx-js/mdx": ["@mdx-js/mdx@3.1.1", "", { "dependencies": { "@types/estree": "^1.0.0", "@types/estree-jsx": "^1.0.0", "@types/hast": "^3.0.0", "@types/mdx": "^2.0.0", "acorn": "^8.0.0", "collapse-white-space": "^2.0.0", "devlop": "^1.0.0", "estree-util-is-identifier-name": "^3.0.0", "estree-util-scope": "^1.0.0", "estree-walker": "^3.0.0", "hast-util-to-jsx-runtime": "^2.0.0", "markdown-extensions": "^2.0.0", "recma-build-jsx": "^1.0.0", "recma-jsx": "^1.0.0", "recma-stringify": "^1.0.0", "rehype-recma": "^1.0.0", "remark-mdx": "^3.0.0", "remark-parse": "^11.0.0", "remark-rehype": "^11.0.0", "source-map": "^0.7.0", "unified": "^11.0.0", "unist-util-position-from-estree": "^2.0.0", "unist-util-stringify-position": "^4.0.0", "unist-util-visit": "^5.0.0", "vfile": "^6.0.0" } }, "sha512-f6ZO2ifpwAQIpzGWaBQT2TXxPv6z3RBzQKpVftEWN78Vl/YweF1uwussDx8ECAXVtr3Rs89fKyG9YlzUs9DyGQ=="],
 
-    "@modelcontextprotocol/ext-apps": ["@modelcontextprotocol/ext-apps@1.2.2", "", { "peerDependencies": { "@modelcontextprotocol/sdk": "^1.24.0", "react": "^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom": "^17.0.0 || ^18.0.0 || ^19.0.0", "zod": "^3.25.0 || ^4.0.0" }, "optionalPeers": ["react", "react-dom"] }, "sha512-qMnhIKb8tyPesl+kZU76Xz9Bi9putCO+LcgvBJ00fDdIniiLZsnQbAeTKoq+sTiYH1rba2Fvj8NPAFxij+gyxw=="],
+    "@modelcontextprotocol/ext-apps": ["@modelcontextprotocol/ext-apps@1.7.1", "", { "dependencies": { "@standard-schema/spec": "^1.1.0" }, "peerDependencies": { "@modelcontextprotocol/sdk": "^1.29.0", "react": "^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom": "^17.0.0 || ^18.0.0 || ^19.0.0", "zod": "^3.25.0 || ^4.0.0" }, "optionalPeers": ["react", "react-dom"] }, "sha512-J3WdG1A4JSSKnSWKyU+895dBVYBV2Utgtf7fUsUK45mlkETm53a/1DR6Pm3hUGKqLLQthZLmpxOg8VPzJi/lyg=="],
 
     "@modelcontextprotocol/sdk": ["@modelcontextprotocol/sdk@1.27.1", "", { "dependencies": { "@hono/node-server": "^1.19.9", "ajv": "^8.17.1", "ajv-formats": "^3.0.1", "content-type": "^1.0.5", "cors": "^2.8.5", "cross-spawn": "^7.0.5", "eventsource": "^3.0.2", "eventsource-parser": "^3.0.0", "express": "^5.2.1", "express-rate-limit": "^8.2.1", "hono": "^4.11.4", "jose": "^6.1.3", "json-schema-typed": "^8.0.2", "pkce-challenge": "^5.0.0", "raw-body": "^3.0.0", "zod": "^3.25 || ^4.0", "zod-to-json-schema": "^3.25.1" }, "peerDependencies": { "@cfworker/json-schema": "^4.1.1" }, "optionalPeers": ["@cfworker/json-schema"] }, "sha512-sr6GbP+4edBwFndLbM60gf07z0FQ79gaExpnsjMGePXqFcSSb7t6iscpjk9DhFhwd+mTEQrzNafGP8/iGGFYaA=="],
 
@@ -890,11 +941,13 @@
 
     "@monaco-editor/react": ["@monaco-editor/react@4.7.0", "", { "dependencies": { "@monaco-editor/loader": "^1.5.0" }, "peerDependencies": { "monaco-editor": ">= 0.25.0 < 1", "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-cyzXQCtO47ydzxpQtCGSQGOC8Gk3ZUeBXFAxD+CWXYFo5OqZyZUonFl0DwUlTyAfRHntBfw2p3w4s9R6oe1eCA=="],
 
-    "@napi-rs/wasm-runtime": ["@napi-rs/wasm-runtime@1.1.1", "", { "dependencies": { "@emnapi/core": "^1.7.1", "@emnapi/runtime": "^1.7.1", "@tybys/wasm-util": "^0.10.1" } }, "sha512-p64ah1M1ld8xjWv3qbvFwHiFVWrq1yFvV4f7w+mzaqiR4IlSgkqhcRdHwsGgomwzBH51sRY4NEowLxnaBjcW/A=="],
+    "@napi-rs/wasm-runtime": ["@napi-rs/wasm-runtime@1.1.4", "", { "dependencies": { "@tybys/wasm-util": "^0.10.1" }, "peerDependencies": { "@emnapi/core": "^1.7.1", "@emnapi/runtime": "^1.7.1" } }, "sha512-3NQNNgA1YSlJb/kMH1ildASP9HW7/7kYnRI2szWJaofaS1hWmbGI4H+d3+22aGzXXN9IJ+n+GiFVcGipJP18ow=="],
 
-    "@noble/ciphers": ["@noble/ciphers@2.1.1", "", {}, "sha512-bysYuiVfhxNJuldNXlFEitTVdNnYUc+XNJZd7Qm2a5j1vZHgY+fazadNFWFaMK/2vye0JVlxV3gHmC0WDfAOQw=="],
+    "@noble/ciphers": ["@noble/ciphers@2.2.0", "", {}, "sha512-Z6pjIZ/8IJcCGzb2S/0Px5J81yij85xASuk1teLNeg75bfT07MV3a/O2Mtn1I2se43k3lkVEcFaR10N4cgQcZA=="],
 
-    "@noble/hashes": ["@noble/hashes@2.0.1", "", {}, "sha512-XlOlEbQcE9fmuXxrVTXCTlG2nlRXa9Rj3rr5Ue/+tX+nmkgbX720YHh0VR3hBF9xDvwnb8D2shVGOwNx+ulArw=="],
+    "@noble/hashes": ["@noble/hashes@2.2.0", "", {}, "sha512-IYqDGiTXab6FniAgnSdZwgWbomxpy9FtYvLKs7wCUs2a8RkITG+DFGO1DM9cr+E3/RgADRpFjrKVaJ1z6sjtEg=="],
+
+    "@nodable/entities": ["@nodable/entities@2.1.0", "", {}, "sha512-nyT7T3nbMyBI/lvr6L5TyWbFJAI9FTgVRakNoBqCD+PmID8DzFrrNdLLtHMwMszOtqZa8PAOV24ZqDnQrhQINA=="],
 
     "@nodelib/fs.scandir": ["@nodelib/fs.scandir@2.1.5", "", { "dependencies": { "@nodelib/fs.stat": "2.0.5", "run-parallel": "^1.1.9" } }, "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g=="],
 
@@ -902,7 +955,7 @@
 
     "@nodelib/fs.walk": ["@nodelib/fs.walk@1.2.8", "", { "dependencies": { "@nodelib/fs.scandir": "2.1.5", "fastq": "^1.6.0" } }, "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg=="],
 
-    "@oclif/core": ["@oclif/core@4.9.0", "", { "dependencies": { "ansi-escapes": "^4.3.2", "ansis": "^3.17.0", "clean-stack": "^3.0.1", "cli-spinners": "^2.9.2", "debug": "^4.4.3", "ejs": "^3.1.10", "get-package-type": "^0.1.0", "indent-string": "^4.0.0", "is-wsl": "^2.2.0", "lilconfig": "^3.1.3", "minimatch": "^10.2.4", "semver": "^7.7.3", "string-width": "^4.2.3", "supports-color": "^8", "tinyglobby": "^0.2.14", "widest-line": "^3.1.0", "wordwrap": "^1.0.0", "wrap-ansi": "^7.0.0" } }, "sha512-k/ntRgDcUprTT+aaNoF+whk3cY3f9fRD2lkF6ul7JeCUg2MaMXVXZXfbRhJCfsiX51X8/5Pqo0LGdO9SLYXNHg=="],
+    "@oclif/core": ["@oclif/core@4.10.6", "", { "dependencies": { "ansi-escapes": "^4.3.2", "ansis": "^3.17.0", "clean-stack": "^3.0.1", "cli-spinners": "^2.9.2", "debug": "^4.4.3", "ejs": "^3.1.10", "get-package-type": "^0.1.0", "indent-string": "^4.0.0", "is-wsl": "^2.2.0", "lilconfig": "^3.1.3", "minimatch": "^10.2.5", "semver": "^7.7.3", "string-width": "^4.2.3", "supports-color": "^8", "tinyglobby": "^0.2.14", "widest-line": "^3.1.0", "wordwrap": "^1.0.0", "wrap-ansi": "^7.0.0" } }, "sha512-ySCOYnPKZE3KACT1V9It99hWG9b8E5MpagbRdWxPNRO3beMqmbr4SLUQoFtZ9XRtW++kks1ZVwZOdpnR8rpb9A=="],
 
     "@openai/codex": ["@openai/codex@0.105.0", "", { "optionalDependencies": { "@openai/codex-darwin-arm64": "npm:@openai/codex@0.105.0-darwin-arm64", "@openai/codex-darwin-x64": "npm:@openai/codex@0.105.0-darwin-x64", "@openai/codex-linux-arm64": "npm:@openai/codex@0.105.0-linux-arm64", "@openai/codex-linux-x64": "npm:@openai/codex@0.105.0-linux-x64", "@openai/codex-win32-arm64": "npm:@openai/codex@0.105.0-win32-arm64", "@openai/codex-win32-x64": "npm:@openai/codex@0.105.0-win32-x64" }, "bin": { "codex": "bin/codex.js" } }, "sha512-enoNmQs3aOgUhsKYC6kfuKEG0AogS4q01pqcySPwf9zl2r8OcKuMUoLw1v5n4Y7sd3B6qGS7UtTABqbcT5FaMA=="],
 
@@ -922,13 +975,13 @@
 
     "@openrouter/sdk": ["@openrouter/sdk@0.1.27", "", { "dependencies": { "zod": "^3.25.0 || ^4.0.0" } }, "sha512-RH//L10bSmc81q25zAZudiI4kNkLgxF2E+WU42vghp3N6TEvZ6F0jK7uT3tOxkEn91gzmMw9YVmDENy7SJsajQ=="],
 
-    "@opentelemetry/api": ["@opentelemetry/api@1.9.0", "", {}, "sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg=="],
+    "@opentelemetry/api": ["@opentelemetry/api@1.9.1", "", {}, "sha512-gLyJlPHPZYdAk1JENA9LeHejZe1Ti77/pTeFm/nMXmQH/HFZlcS/O2XJB+L8fkbrNSqhdtlvjBVjxwUYanNH5Q=="],
 
     "@opentelemetry/api-logs": ["@opentelemetry/api-logs@0.211.0", "", { "dependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-swFdZq8MCdmdR22jTVGQDhwqDzcI4M10nhjXkLr1EsIzXgZBqm4ZlmmcWsg3TSNf+3mzgOiqveXmBLZuDi2Lgg=="],
 
     "@opentelemetry/context-async-hooks": ["@opentelemetry/context-async-hooks@2.2.0", "", { "peerDependencies": { "@opentelemetry/api": ">=1.0.0 <1.10.0" } }, "sha512-qRkLWiUEZNAmYapZ7KGS5C4OmBLcP/H2foXeOEaowYCR0wi89fHejrfYfbuLVCMLp/dWZXKvQusdbUEZjERfwQ=="],
 
-    "@opentelemetry/core": ["@opentelemetry/core@2.6.0", "", { "dependencies": { "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.0.0 <1.10.0" } }, "sha512-HLM1v2cbZ4TgYN6KEOj+Bbj8rAKriOdkF9Ed3tG25FoprSiQl7kYc+RRT6fUZGOvx0oMi5U67GoFdT+XUn8zEg=="],
+    "@opentelemetry/core": ["@opentelemetry/core@2.7.0", "", { "dependencies": { "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.0.0 <1.10.0" } }, "sha512-DT12SXVwV2eoJrGf4nnsvZojxxeQo+LlNAsoYGRRObPWTeN6APiqZ2+nqDCQDvQX40eLi1AePONS0onoASp3yQ=="],
 
     "@opentelemetry/exporter-logs-otlp-grpc": ["@opentelemetry/exporter-logs-otlp-grpc@0.207.0", "", { "dependencies": { "@grpc/grpc-js": "^1.7.1", "@opentelemetry/core": "2.2.0", "@opentelemetry/otlp-exporter-base": "0.207.0", "@opentelemetry/otlp-grpc-exporter-base": "0.207.0", "@opentelemetry/otlp-transformer": "0.207.0", "@opentelemetry/sdk-logs": "0.207.0" }, "peerDependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-K92RN+kQGTMzFDsCzsYNGqOsXRUnko/Ckk+t/yPJao72MewOLgBUTWVHhebgkNfRCYqDz1v3K0aPT9OJkemvgg=="],
 
@@ -970,11 +1023,11 @@
 
     "@opentelemetry/sdk-logs": ["@opentelemetry/sdk-logs@0.211.0", "", { "dependencies": { "@opentelemetry/api-logs": "0.211.0", "@opentelemetry/core": "2.5.0", "@opentelemetry/resources": "2.5.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.4.0 <1.10.0" } }, "sha512-O5nPwzgg2JHzo59kpQTPUOTzFi0Nv5LxryG27QoXBciX3zWM3z83g+SNOHhiQVYRWFSxoWn1JM2TGD5iNjOwdA=="],
 
-    "@opentelemetry/sdk-metrics": ["@opentelemetry/sdk-metrics@2.6.0", "", { "dependencies": { "@opentelemetry/core": "2.6.0", "@opentelemetry/resources": "2.6.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.9.0 <1.10.0" } }, "sha512-CicxWZxX6z35HR83jl+PLgtFgUrKRQ9LCXyxgenMnz5A1lgYWfAog7VtdOvGkJYyQgMNPhXQwkYrDLujk7z1Iw=="],
+    "@opentelemetry/sdk-metrics": ["@opentelemetry/sdk-metrics@2.7.0", "", { "dependencies": { "@opentelemetry/core": "2.7.0", "@opentelemetry/resources": "2.7.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.9.0 <1.10.0" } }, "sha512-Vd7h95av/LYRsAVN7wbprvvJnHkq7swMXAo7Uad0Uxf9jl6NSReLa0JNivrcc5BVIx/vl2t+cgdVQQbnVhsR9w=="],
 
     "@opentelemetry/sdk-node": ["@opentelemetry/sdk-node@0.207.0", "", { "dependencies": { "@opentelemetry/api-logs": "0.207.0", "@opentelemetry/core": "2.2.0", "@opentelemetry/exporter-logs-otlp-grpc": "0.207.0", "@opentelemetry/exporter-logs-otlp-http": "0.207.0", "@opentelemetry/exporter-logs-otlp-proto": "0.207.0", "@opentelemetry/exporter-metrics-otlp-grpc": "0.207.0", "@opentelemetry/exporter-metrics-otlp-http": "0.207.0", "@opentelemetry/exporter-metrics-otlp-proto": "0.207.0", "@opentelemetry/exporter-prometheus": "0.207.0", "@opentelemetry/exporter-trace-otlp-grpc": "0.207.0", "@opentelemetry/exporter-trace-otlp-http": "0.207.0", "@opentelemetry/exporter-trace-otlp-proto": "0.207.0", "@opentelemetry/exporter-zipkin": "2.2.0", "@opentelemetry/instrumentation": "0.207.0", "@opentelemetry/propagator-b3": "2.2.0", "@opentelemetry/propagator-jaeger": "2.2.0", "@opentelemetry/resources": "2.2.0", "@opentelemetry/sdk-logs": "0.207.0", "@opentelemetry/sdk-metrics": "2.2.0", "@opentelemetry/sdk-trace-base": "2.2.0", "@opentelemetry/sdk-trace-node": "2.2.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-hnRsX/M8uj0WaXOBvFenQ8XsE8FLVh2uSnn1rkWu4mx+qu7EKGUZvZng6y/95cyzsqOfiaDDr08Ek4jppkIDNg=="],
 
-    "@opentelemetry/sdk-trace-base": ["@opentelemetry/sdk-trace-base@2.6.0", "", { "dependencies": { "@opentelemetry/core": "2.6.0", "@opentelemetry/resources": "2.6.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-g/OZVkqlxllgFM7qMKqbPV9c1DUPhQ7d4n3pgZFcrnrNft9eJXZM2TNHTPYREJBrtNdRytYyvwjgL5geDKl3EQ=="],
+    "@opentelemetry/sdk-trace-base": ["@opentelemetry/sdk-trace-base@2.7.0", "", { "dependencies": { "@opentelemetry/core": "2.7.0", "@opentelemetry/resources": "2.7.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-Yg9zEXJB50DLVLpsKPk7NmNqlPlS+OvqhJGh0A8oawIOTPOwlm4eXs9BMJV7L79lvEwI+dWtAj+YjTyddV336A=="],
 
     "@opentelemetry/sdk-trace-node": ["@opentelemetry/sdk-trace-node@2.2.0", "", { "dependencies": { "@opentelemetry/context-async-hooks": "2.2.0", "@opentelemetry/core": "2.2.0", "@opentelemetry/sdk-trace-base": "2.2.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.0.0 <1.10.0" } }, "sha512-+OaRja3f0IqGG2kptVeYsrZQK9nKRSpfFrKtRBq4uh6nIB8bTBgaGvYQrQoRrQWQMA5dK5yLhDMDc0dvYvCOIQ=="],
 
@@ -1090,7 +1143,7 @@
 
     "@peculiar/x509": ["@peculiar/x509@1.14.3", "", { "dependencies": { "@peculiar/asn1-cms": "^2.6.0", "@peculiar/asn1-csr": "^2.6.0", "@peculiar/asn1-ecc": "^2.6.0", "@peculiar/asn1-pkcs9": "^2.6.0", "@peculiar/asn1-rsa": "^2.6.0", "@peculiar/asn1-schema": "^2.6.0", "@peculiar/asn1-x509": "^2.6.0", "pvtsutils": "^1.3.6", "reflect-metadata": "^0.2.2", "tslib": "^2.8.1", "tsyringe": "^4.10.0" } }, "sha512-C2Xj8FZ0uHWeCXXqX5B4/gVFQmtSkiuOolzAgutjTfseNOHT3pUjljDZsTSxXFGgio54bCzVFqmEOUrIVk8RDA=="],
 
-    "@playwright/test": ["@playwright/test@1.58.2", "", { "dependencies": { "playwright": "1.58.2" }, "bin": { "playwright": "cli.js" } }, "sha512-akea+6bHYBBfA9uQqSYmlJXn61cTa+jbO87xVLCWbTqbWadRVmhxlXATaOjOgcBaWU4ePo0wB41KMFv3o35IXA=="],
+    "@playwright/test": ["@playwright/test@1.59.1", "", { "dependencies": { "playwright": "1.59.1" }, "bin": { "playwright": "cli.js" } }, "sha512-PG6q63nQg5c9rIi4/Z5lR5IVF7yU5MqmKaPOe0HSc0O2cX1fPi96sUQu5j7eo4gKCkB2AnNGoWt7y4/Xx3Kcqg=="],
 
     "@poppinss/colors": ["@poppinss/colors@4.1.6", "", { "dependencies": { "kleur": "^4.1.5" } }, "sha512-H9xkIdFswbS8n1d6vmRd8+c10t2Qe+rZITbbDHHkQixH5+2x1FDGmi/0K+WgWiqQFKPSlIYB7jlH6Kpfn6Fleg=="],
 
@@ -1098,11 +1151,15 @@
 
     "@poppinss/exception": ["@poppinss/exception@1.2.3", "", {}, "sha512-dCED+QRChTVatE9ibtoaxc+WkdzOSjYTKi/+uacHWIsfodVfpsueo3+DKpgU5Px8qXjgmXkSvhXvSCz3fnP9lw=="],
 
+    "@posthog/core": ["@posthog/core@1.27.7", "", { "dependencies": { "@posthog/types": "1.372.3" } }, "sha512-6rzOZajUkhuezgPeF+ReMMly0D9oiwIZtMQrsJtZcS/mwi5OtvuYgxeaohgP9PKOhkK1c7cvGskX0Y2YUtBYCw=="],
+
+    "@posthog/types": ["@posthog/types@1.372.3", "", {}, "sha512-4mkXC9AhsquJnvogWtWsCi+ReODj/jbK0d3fkwCNLLTOpaiAF125FJ6OJyRFax2u+dEKXAPA/dCTGx1S2WF0nw=="],
+
     "@protobufjs/aspromise": ["@protobufjs/aspromise@1.1.2", "", {}, "sha512-j+gKExEuLmKwvz3OgROXtrJ2UG2x8Ch2YZUxahh+s1F2HZ+wAceUNLkvy6zKCPVRkU++ZWQrdxsUeQXmcg4uoQ=="],
 
     "@protobufjs/base64": ["@protobufjs/base64@1.1.2", "", {}, "sha512-AZkcAA5vnN/v4PDqKyMR5lx7hZttPDgClv83E//FMNhR2TMcLUhfRUBHCmSl0oi9zMgDDqRUJkSxO3wm85+XLg=="],
 
-    "@protobufjs/codegen": ["@protobufjs/codegen@2.0.4", "", {}, "sha512-YyFaikqM5sH0ziFZCN3xDC7zeGaB/d0IUb9CATugHWbd1FRFwWwt4ld4OYMPWu5a3Xe01mGAULCdqhMlPl29Jg=="],
+    "@protobufjs/codegen": ["@protobufjs/codegen@2.0.5", "", {}, "sha512-zgXFLzW3Ap33e6d0Wlj4MGIm6Ce8O89n/apUaGNB/jx+hw+ruWEp7EwGUshdLKVRCxZW12fp9r40E1mQrf/34g=="],
 
     "@protobufjs/eventemitter": ["@protobufjs/eventemitter@1.1.0", "", {}, "sha512-j9ednRT81vYJ9OfVuXG6ERSTdEL1xVsNgqpkxMsbIabzSo3goCjDIveeGv5d03om39ML71RdmrGNjG5SReBP/Q=="],
 
@@ -1110,13 +1167,13 @@
 
     "@protobufjs/float": ["@protobufjs/float@1.0.2", "", {}, "sha512-Ddb+kVXlXst9d+R9PfTIxh1EdNkgoRe5tOX6t01f1lYWOvJnSPDBlG241QLzcyPdoNTsblLUdujGSE4RzrTZGQ=="],
 
-    "@protobufjs/inquire": ["@protobufjs/inquire@1.1.0", "", {}, "sha512-kdSefcPdruJiFMVSbn801t4vFK7KB/5gd2fYvrxhuJYg8ILrmn9SKSX2tZdV6V+ksulWqS7aXjBcRXl3wHoD9Q=="],
+    "@protobufjs/inquire": ["@protobufjs/inquire@1.1.1", "", {}, "sha512-mnzgDV26ueAvk7rsbt9L7bE0SuAoqyuys/sMMrmVcN5x9VsxpcG3rqAUSgDyLp0UZlmNfIbQ4fHfCtreVBk8Ew=="],
 
     "@protobufjs/path": ["@protobufjs/path@1.1.2", "", {}, "sha512-6JOcJ5Tm08dOHAbdR3GrvP+yUUfkjG5ePsHYczMFLq3ZmMkAD98cDgcT2iA1lJ9NVwFd4tH/iSSoe44YWkltEA=="],
 
     "@protobufjs/pool": ["@protobufjs/pool@1.1.0", "", {}, "sha512-0kELaGSIDBKvcgS4zkjz1PeddatrjYcmMWOlAuAPwAeccUrPHdUqo/J6LiymHHEiJT5NrF1UVwxY14f+fy4WQw=="],
 
-    "@protobufjs/utf8": ["@protobufjs/utf8@1.1.0", "", {}, "sha512-Vvn3zZrhQZkkBE8LSuW3em98c0FwgO4nxzv6OdSxPKJIEKY2bGbHn+mhGIPerzI4twdxaP8/0+06HBpwf345Lw=="],
+    "@protobufjs/utf8": ["@protobufjs/utf8@1.1.1", "", {}, "sha512-oOAWABowe8EAbMyWKM0tYDKi8Yaox52D+HWZhAIJqQXbqe0xI/GV7FhLWqlEKreMkfDjshR5FKgi3mnle0h6Eg=="],
 
     "@radix-ui/number": ["@radix-ui/number@1.1.1", "", {}, "sha512-MkKCwxlXTgz6CFoJx3pCwn07GKp36+aZyu/u2Ln2VrA5DcdyCZkASEDBTd8x5whTQQL5CiYf4prXKLcgQdv29g=="],
 
@@ -1238,7 +1295,7 @@
 
     "@react-email/column": ["@react-email/column@0.0.14", "", { "peerDependencies": { "react": "^18.0 || ^19.0 || ^19.0.0-rc" } }, "sha512-f+W+Bk2AjNO77zynE33rHuQhyqVICx4RYtGX9NKsGUg0wWjdGP0qAuIkhx9Rnmk4/hFMo1fUrtYNqca9fwJdHg=="],
 
-    "@react-email/components": ["@react-email/components@1.0.9", "", { "dependencies": { "@react-email/body": "0.3.0", "@react-email/button": "0.2.1", "@react-email/code-block": "0.2.1", "@react-email/code-inline": "0.0.6", "@react-email/column": "0.0.14", "@react-email/container": "0.0.16", "@react-email/font": "0.0.10", "@react-email/head": "0.0.13", "@react-email/heading": "0.0.16", "@react-email/hr": "0.0.12", "@react-email/html": "0.0.12", "@react-email/img": "0.0.12", "@react-email/link": "0.0.13", "@react-email/markdown": "0.0.18", "@react-email/preview": "0.0.14", "@react-email/render": "2.0.4", "@react-email/row": "0.0.13", "@react-email/section": "0.0.17", "@react-email/tailwind": "2.0.5", "@react-email/text": "0.1.6" }, "peerDependencies": { "react": "^18.0 || ^19.0 || ^19.0.0-rc" } }, "sha512-2vi1w423KdjGa9rLUJAq8daTq5xVvB5VHDuI8fRu3/JfqqihzUu5r0bET3qWDw9QpKOIXcZzWO3jN2+yMVtzUw=="],
+    "@react-email/components": ["@react-email/components@1.0.12", "", { "dependencies": { "@react-email/body": "0.3.0", "@react-email/button": "0.2.1", "@react-email/code-block": "0.2.1", "@react-email/code-inline": "0.0.6", "@react-email/column": "0.0.14", "@react-email/container": "0.0.16", "@react-email/font": "0.0.10", "@react-email/head": "0.0.13", "@react-email/heading": "0.0.16", "@react-email/hr": "0.0.12", "@react-email/html": "0.0.12", "@react-email/img": "0.0.12", "@react-email/link": "0.0.13", "@react-email/markdown": "0.0.18", "@react-email/preview": "0.0.14", "@react-email/render": "2.0.6", "@react-email/row": "0.0.13", "@react-email/section": "0.0.17", "@react-email/tailwind": "2.0.7", "@react-email/text": "0.1.6" }, "peerDependencies": { "react": "^18.0 || ^19.0 || ^19.0.0-rc" } }, "sha512-tH18JhPDWgE+3jnYkzyB6ZrZdfNnEsFe4PwmuXmlOw4NGIysP8wPY5aXZg++pTG9qUabXg1nzX/FGHGkObH8xQ=="],
 
     "@react-email/container": ["@react-email/container@0.0.16", "", { "peerDependencies": { "react": "^18.0 || ^19.0 || ^19.0.0-rc" } }, "sha512-QWBB56RkkU0AJ9h+qy33gfT5iuZknPC7Un/IjZv9B0QmMIK+WWacc0cH6y2SV5Cv/b99hU94fjEMOOO4enpkbQ=="],
 
@@ -1260,13 +1317,13 @@
 
     "@react-email/preview": ["@react-email/preview@0.0.14", "", { "peerDependencies": { "react": "^18.0 || ^19.0 || ^19.0.0-rc" } }, "sha512-aYK8q0IPkBXyMsbpMXgxazwHxYJxTrXrV95GFuu2HbEiIToMwSyUgb8HDFYwPqqfV03/jbwqlsXmFxsOd+VNaw=="],
 
-    "@react-email/render": ["@react-email/render@2.0.4", "", { "dependencies": { "html-to-text": "^9.0.5", "prettier": "^3.5.3" }, "peerDependencies": { "react": "^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^18.0 || ^19.0 || ^19.0.0-rc" } }, "sha512-kht2oTFQ1SwrLpd882ahTvUtNa9s53CERHstiTbzhm6aR2Hbykp/mQ4tpPvsBGkKAEvKRlDEoooh60Uk6nHK1g=="],
+    "@react-email/render": ["@react-email/render@2.0.6", "", { "dependencies": { "html-to-text": "^9.0.5", "prettier": "^3.5.3" }, "peerDependencies": { "react": "^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^18.0 || ^19.0 || ^19.0.0-rc" } }, "sha512-xOzaYkH3jLZKqN5MqrTXYnmqBYUnZSVbkxdb5PGGmDcK6sKDVMliaDiSwfXajRC9JtSHTcGc2tmGLHWuCgVpog=="],
 
     "@react-email/row": ["@react-email/row@0.0.13", "", { "peerDependencies": { "react": "^18.0 || ^19.0 || ^19.0.0-rc" } }, "sha512-bYnOac40vIKCId7IkwuLAAsa3fKfSfqCvv6epJKmPE0JBuu5qI4FHFCl9o9dVpIIS08s/ub+Y/txoMt0dYziGw=="],
 
     "@react-email/section": ["@react-email/section@0.0.17", "", { "peerDependencies": { "react": "^18.0 || ^19.0 || ^19.0.0-rc" } }, "sha512-qNl65ye3W0Rd5udhdORzTV9ezjb+GFqQQSae03NDzXtmJq6sqVXNWNiVolAjvJNypim+zGXmv6J9TcV5aNtE/w=="],
 
-    "@react-email/tailwind": ["@react-email/tailwind@2.0.5", "", { "dependencies": { "tailwindcss": "^4.1.18" }, "peerDependencies": { "@react-email/body": "0.2.1", "@react-email/button": "0.2.1", "@react-email/code-block": "0.2.1", "@react-email/code-inline": "0.0.6", "@react-email/container": "0.0.16", "@react-email/heading": "0.0.16", "@react-email/hr": "0.0.12", "@react-email/img": "0.0.12", "@react-email/link": "0.0.13", "@react-email/preview": "0.0.14", "@react-email/text": "0.1.6", "react": "^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@react-email/body", "@react-email/button", "@react-email/code-block", "@react-email/code-inline", "@react-email/container", "@react-email/heading", "@react-email/hr", "@react-email/img", "@react-email/link", "@react-email/preview"] }, "sha512-7Ey+kiWliJdxPMCLYsdDts8ffp4idlP//w4Ui3q/A5kokVaLSNKG8DOg/8qAuzWmRiGwNQVOKBk7PXNlK5W+sg=="],
+    "@react-email/tailwind": ["@react-email/tailwind@2.0.7", "", { "dependencies": { "tailwindcss": "^4.1.18" }, "peerDependencies": { "@react-email/body": ">=0", "@react-email/button": ">=0", "@react-email/code-block": ">=0", "@react-email/code-inline": ">=0", "@react-email/container": ">=0", "@react-email/heading": ">=0", "@react-email/hr": ">=0", "@react-email/img": ">=0", "@react-email/link": ">=0", "@react-email/preview": ">=0", "@react-email/text": ">=0", "react": "^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@react-email/body", "@react-email/button", "@react-email/code-block", "@react-email/code-inline", "@react-email/container", "@react-email/heading", "@react-email/hr", "@react-email/img", "@react-email/link", "@react-email/preview"] }, "sha512-kGw80weVFXikcnCXbigTGXGWQ0MRCSYNCudcdkWxebkWYd0FG6/NPoN3V1p/u68/4+NxZwYPVi2fhnp0x23HdA=="],
 
     "@react-email/text": ["@react-email/text@0.1.6", "", { "peerDependencies": { "react": "^18.0 || ^19.0 || ^19.0.0-rc" } }, "sha512-TYqkioRS45wTR5il3dYk/SbUjjEdhSwh9BtRNB99qNH1pXAwA45H7rAuxehiu8iJQJH0IyIr+6n62gBz9ezmsw=="],
 
@@ -1278,67 +1335,67 @@
 
     "@repeaterjs/repeater": ["@repeaterjs/repeater@3.0.6", "", {}, "sha512-Javneu5lsuhwNCryN+pXH93VPQ8g0dBX7wItHFgYiwQmzE1sVdg5tWHiOgHywzL2W21XQopa7IwIEnNbmeUJYA=="],
 
-    "@rjsf/core": ["@rjsf/core@6.4.1", "", { "dependencies": { "lodash": "^4.17.23", "lodash-es": "^4.17.23", "markdown-to-jsx": "^8.0.0", "prop-types": "^15.8.1" }, "peerDependencies": { "@rjsf/utils": "^6.4.x", "react": ">=18" } }, "sha512-+QaiSgQnOuO6ghIsohH2u/QcylkN+Da2968a75g/i4oARYJRYVxXDm2u3JR5aXndpMb4t4jTFrYyG8cNIv6oEg=="],
+    "@rjsf/core": ["@rjsf/core@6.5.1", "", { "dependencies": { "lodash": "^4.18.1", "lodash-es": "^4.18.1", "markdown-to-jsx": "^8.0.0", "prop-types": "^15.8.1" }, "peerDependencies": { "@rjsf/utils": "^6.5.x", "react": ">=18" } }, "sha512-H5GY9OU6wpLXGHaVzd8/1qGZ+zylCA86maD32tMdeOiUIJTmH6+VeheRx4Wr6OnprxbD/ybkEH48vIqS68wwxg=="],
 
-    "@rjsf/shadcn": ["@rjsf/shadcn@6.4.1", "", { "dependencies": { "@radix-ui/react-checkbox": "^1.3.3", "@radix-ui/react-dialog": "^1.1.15", "@radix-ui/react-icons": "^1.3.2", "@radix-ui/react-label": "^2.1.8", "@radix-ui/react-popover": "^1.1.15", "@radix-ui/react-radio-group": "^1.3.8", "@radix-ui/react-select": "^2.2.6", "@radix-ui/react-separator": "^1.1.8", "@radix-ui/react-slider": "^1.3.6", "@radix-ui/react-slot": "^1.2.0", "@react-icons/all-files": "^4.1.0", "class-variance-authority": "^0.7.1", "clsx": "^2.1.1", "cmdk": "^1.1.1", "lodash": "^4.17.23", "lodash-es": "^4.17.23", "lucide-react": "^0.548.0", "tailwind-merge": "^3.4.0", "tailwindcss-animate": "^1.0.7", "uuid": "^13.0.0" }, "peerDependencies": { "@rjsf/core": "^6.4.x", "@rjsf/utils": "^6.4.x", "react": ">=18" } }, "sha512-WzwXW3XY7K1jo9XrBv6M41ScdHrnQDKpSxip5i1N6xCgEE6hiyX+wn7pDO689OoidvL3lWQmtnoqMdcoJvEWjw=="],
+    "@rjsf/shadcn": ["@rjsf/shadcn@6.5.1", "", { "dependencies": { "@radix-ui/react-checkbox": "^1.3.3", "@radix-ui/react-dialog": "^1.1.15", "@radix-ui/react-icons": "^1.3.2", "@radix-ui/react-label": "^2.1.8", "@radix-ui/react-popover": "^1.1.15", "@radix-ui/react-radio-group": "^1.3.8", "@radix-ui/react-select": "^2.2.6", "@radix-ui/react-separator": "^1.1.8", "@radix-ui/react-slider": "^1.3.6", "@radix-ui/react-slot": "^1.2.0", "@react-icons/all-files": "^4.1.0", "class-variance-authority": "^0.7.1", "clsx": "^2.1.1", "cmdk": "^1.1.1", "lodash": "^4.18.1", "lodash-es": "^4.18.1", "lucide-react": "^0.548.0", "tailwind-merge": "^3.5.0", "tailwindcss-animate": "^1.0.7", "uuid": "^13.0.0" }, "peerDependencies": { "@rjsf/core": "^6.5.x", "@rjsf/utils": "^6.5.x", "react": ">=18" } }, "sha512-6azuQMvMwZvHh2qvrT5vHcS4lqpjvf7quRIRdB7KQTMzElj+kZSuew451MJsOl0YPKysMTGKpCDFEUCun6io9Q=="],
 
-    "@rjsf/utils": ["@rjsf/utils@6.4.1", "", { "dependencies": { "@x0k/json-schema-merge": "^1.0.2", "fast-uri": "^3.1.0", "jsonpointer": "^5.0.1", "lodash": "^4.17.23", "lodash-es": "^4.17.23", "react-is": "^18.3.1" }, "peerDependencies": { "react": ">=18" } }, "sha512-5NL3jwt3rIS5/WRTrKt++y40FS/ScKGVwYJ3jIrHSQHSwBdLnd4cHf2zcnA97L1Klj8I6tvS/ugh+blf/Diwuw=="],
+    "@rjsf/utils": ["@rjsf/utils@6.5.1", "", { "dependencies": { "@x0k/json-schema-merge": "^1.0.3", "fast-uri": "^3.1.0", "jsonpointer": "^5.0.1", "lodash": "^4.18.1", "lodash-es": "^4.18.1", "react-is": "^18.3.1" }, "peerDependencies": { "react": ">=18" } }, "sha512-c+x2VJNEp0BsamxX+Ryy9sEmwJ/7V9WFsVWjhADwyEU53r7DaVd7a7hmtx0bz464kJ8oJYZ6XghrmXXH2y7l8g=="],
 
-    "@rjsf/validator-ajv8": ["@rjsf/validator-ajv8@6.4.1", "", { "dependencies": { "ajv": "^8.17.1", "ajv-formats": "^2.1.1", "lodash": "^4.17.23", "lodash-es": "^4.17.23" }, "peerDependencies": { "@rjsf/utils": "^6.4.x" } }, "sha512-Gx28sRIV7E4CYs2c7BxOGLX44p5IlJE+IaD7GbVk1S+6TxDATqFBSYYZukLB+/vNk3urpndQMreQLKW3W7POHQ=="],
+    "@rjsf/validator-ajv8": ["@rjsf/validator-ajv8@6.5.1", "", { "dependencies": { "ajv": "^8.18.0", "ajv-formats": "^2.1.1", "lodash": "^4.18.1", "lodash-es": "^4.18.1" }, "peerDependencies": { "@rjsf/utils": "^6.5.x" } }, "sha512-0EfPRRe0ia3dvcqWt8vY1sUGB1vb4e+3GfivBXuJZmSBtw+zlHwyClAJnPW/4Qde2g21u0k344/2miP9DZJmCw=="],
 
     "@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-rc.3", "", {}, "sha512-eybk3TjzzzV97Dlj5c+XrBFW57eTNhzod66y9HrBlzJ6NsCrWCp/2kaPS3K9wJmurBC0Tdw4yPjXKZqlznim3Q=="],
 
     "@rollup/pluginutils": ["@rollup/pluginutils@5.3.0", "", { "dependencies": { "@types/estree": "^1.0.0", "estree-walker": "^2.0.2", "picomatch": "^4.0.2" }, "peerDependencies": { "rollup": "^1.20.0||^2.0.0||^3.0.0||^4.0.0" }, "optionalPeers": ["rollup"] }, "sha512-5EdhGZtnu3V88ces7s53hhfK5KSASnJZv8Lulpc04cWO3REESroJXg73DFsOmgbU2BhwV0E20bu2IDZb3VKW4Q=="],
 
-    "@rollup/rollup-android-arm-eabi": ["@rollup/rollup-android-arm-eabi@4.59.0", "", { "os": "android", "cpu": "arm" }, "sha512-upnNBkA6ZH2VKGcBj9Fyl9IGNPULcjXRlg0LLeaioQWueH30p6IXtJEbKAgvyv+mJaMxSm1l6xwDXYjpEMiLMg=="],
+    "@rollup/rollup-android-arm-eabi": ["@rollup/rollup-android-arm-eabi@4.60.2", "", { "os": "android", "cpu": "arm" }, "sha512-dnlp69efPPg6Uaw2dVqzWRfAWRnYVb1XJ8CyyhIbZeaq4CA5/mLeZ1IEt9QqQxmbdvagjLIm2ZL8BxXv5lH4Yw=="],
 
-    "@rollup/rollup-android-arm64": ["@rollup/rollup-android-arm64@4.59.0", "", { "os": "android", "cpu": "arm64" }, "sha512-hZ+Zxj3SySm4A/DylsDKZAeVg0mvi++0PYVceVyX7hemkw7OreKdCvW2oQ3T1FMZvCaQXqOTHb8qmBShoqk69Q=="],
+    "@rollup/rollup-android-arm64": ["@rollup/rollup-android-arm64@4.60.2", "", { "os": "android", "cpu": "arm64" }, "sha512-OqZTwDRDchGRHHm/hwLOL7uVPB9aUvI0am/eQuWMNyFHf5PSEQmyEeYYheA0EPPKUO/l0uigCp+iaTjoLjVoHg=="],
 
-    "@rollup/rollup-darwin-arm64": ["@rollup/rollup-darwin-arm64@4.59.0", "", { "os": "darwin", "cpu": "arm64" }, "sha512-W2Psnbh1J8ZJw0xKAd8zdNgF9HRLkdWwwdWqubSVk0pUuQkoHnv7rx4GiF9rT4t5DIZGAsConRE3AxCdJ4m8rg=="],
+    "@rollup/rollup-darwin-arm64": ["@rollup/rollup-darwin-arm64@4.60.2", "", { "os": "darwin", "cpu": "arm64" }, "sha512-UwRE7CGpvSVEQS8gUMBe1uADWjNnVgP3Iusyda1nSRwNDCsRjnGc7w6El6WLQsXmZTbLZx9cecegumcitNfpmA=="],
 
-    "@rollup/rollup-darwin-x64": ["@rollup/rollup-darwin-x64@4.59.0", "", { "os": "darwin", "cpu": "x64" }, "sha512-ZW2KkwlS4lwTv7ZVsYDiARfFCnSGhzYPdiOU4IM2fDbL+QGlyAbjgSFuqNRbSthybLbIJ915UtZBtmuLrQAT/w=="],
+    "@rollup/rollup-darwin-x64": ["@rollup/rollup-darwin-x64@4.60.2", "", { "os": "darwin", "cpu": "x64" }, "sha512-gjEtURKLCC5VXm1I+2i1u9OhxFsKAQJKTVB8WvDAHF+oZlq0GTVFOlTlO1q3AlCTE/DF32c16ESvfgqR7343/g=="],
 
-    "@rollup/rollup-freebsd-arm64": ["@rollup/rollup-freebsd-arm64@4.59.0", "", { "os": "freebsd", "cpu": "arm64" }, "sha512-EsKaJ5ytAu9jI3lonzn3BgG8iRBjV4LxZexygcQbpiU0wU0ATxhNVEpXKfUa0pS05gTcSDMKpn3Sx+QB9RlTTA=="],
+    "@rollup/rollup-freebsd-arm64": ["@rollup/rollup-freebsd-arm64@4.60.2", "", { "os": "freebsd", "cpu": "arm64" }, "sha512-Bcl6CYDeAgE70cqZaMojOi/eK63h5Me97ZqAQoh77VPjMysA/4ORQBRGo3rRy45x4MzVlU9uZxs8Uwy7ZaKnBw=="],
 
-    "@rollup/rollup-freebsd-x64": ["@rollup/rollup-freebsd-x64@4.59.0", "", { "os": "freebsd", "cpu": "x64" }, "sha512-d3DuZi2KzTMjImrxoHIAODUZYoUUMsuUiY4SRRcJy6NJoZ6iIqWnJu9IScV9jXysyGMVuW+KNzZvBLOcpdl3Vg=="],
+    "@rollup/rollup-freebsd-x64": ["@rollup/rollup-freebsd-x64@4.60.2", "", { "os": "freebsd", "cpu": "x64" }, "sha512-LU+TPda3mAE2QB0/Hp5VyeKJivpC6+tlOXd1VMoXV/YFMvk/MNk5iXeBfB4MQGRWyOYVJ01625vjkr0Az98OJQ=="],
 
-    "@rollup/rollup-linux-arm-gnueabihf": ["@rollup/rollup-linux-arm-gnueabihf@4.59.0", "", { "os": "linux", "cpu": "arm" }, "sha512-t4ONHboXi/3E0rT6OZl1pKbl2Vgxf9vJfWgmUoCEVQVxhW6Cw/c8I6hbbu7DAvgp82RKiH7TpLwxnJeKv2pbsw=="],
+    "@rollup/rollup-linux-arm-gnueabihf": ["@rollup/rollup-linux-arm-gnueabihf@4.60.2", "", { "os": "linux", "cpu": "arm" }, "sha512-2QxQrM+KQ7DAW4o22j+XZ6RKdxjLD7BOWTP0Bv0tmjdyhXSsr2Ul1oJDQqh9Zf5qOwTuTc7Ek83mOFaKnodPjg=="],
 
-    "@rollup/rollup-linux-arm-musleabihf": ["@rollup/rollup-linux-arm-musleabihf@4.59.0", "", { "os": "linux", "cpu": "arm" }, "sha512-CikFT7aYPA2ufMD086cVORBYGHffBo4K8MQ4uPS/ZnY54GKj36i196u8U+aDVT2LX4eSMbyHtyOh7D7Zvk2VvA=="],
+    "@rollup/rollup-linux-arm-musleabihf": ["@rollup/rollup-linux-arm-musleabihf@4.60.2", "", { "os": "linux", "cpu": "arm" }, "sha512-TbziEu2DVsTEOPif2mKWkMeDMLoYjx95oESa9fkQQK7r/Orta0gnkcDpzwufEcAO2BLBsD7mZkXGFqEdMRRwfw=="],
 
-    "@rollup/rollup-linux-arm64-gnu": ["@rollup/rollup-linux-arm64-gnu@4.59.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-jYgUGk5aLd1nUb1CtQ8E+t5JhLc9x5WdBKew9ZgAXg7DBk0ZHErLHdXM24rfX+bKrFe+Xp5YuJo54I5HFjGDAA=="],
+    "@rollup/rollup-linux-arm64-gnu": ["@rollup/rollup-linux-arm64-gnu@4.60.2", "", { "os": "linux", "cpu": "arm64" }, "sha512-bO/rVDiDUuM2YfuCUwZ1t1cP+/yqjqz+Xf2VtkdppefuOFS2OSeAfgafaHNkFn0t02hEyXngZkxtGqXcXwO8Rg=="],
 
-    "@rollup/rollup-linux-arm64-musl": ["@rollup/rollup-linux-arm64-musl@4.59.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-peZRVEdnFWZ5Bh2KeumKG9ty7aCXzzEsHShOZEFiCQlDEepP1dpUl/SrUNXNg13UmZl+gzVDPsiCwnV1uI0RUA=="],
+    "@rollup/rollup-linux-arm64-musl": ["@rollup/rollup-linux-arm64-musl@4.60.2", "", { "os": "linux", "cpu": "arm64" }, "sha512-hr26p7e93Rl0Za+JwW7EAnwAvKkehh12BU1Llm9Ykiibg4uIr2rbpxG9WCf56GuvidlTG9KiiQT/TXT1yAWxTA=="],
 
-    "@rollup/rollup-linux-loong64-gnu": ["@rollup/rollup-linux-loong64-gnu@4.59.0", "", { "os": "linux", "cpu": "none" }, "sha512-gbUSW/97f7+r4gHy3Jlup8zDG190AuodsWnNiXErp9mT90iCy9NKKU0Xwx5k8VlRAIV2uU9CsMnEFg/xXaOfXg=="],
+    "@rollup/rollup-linux-loong64-gnu": ["@rollup/rollup-linux-loong64-gnu@4.60.2", "", { "os": "linux", "cpu": "none" }, "sha512-pOjB/uSIyDt+ow3k/RcLvUAOGpysT2phDn7TTUB3n75SlIgZzM6NKAqlErPhoFU+npgY3/n+2HYIQVbF70P9/A=="],
 
-    "@rollup/rollup-linux-loong64-musl": ["@rollup/rollup-linux-loong64-musl@4.59.0", "", { "os": "linux", "cpu": "none" }, "sha512-yTRONe79E+o0FWFijasoTjtzG9EBedFXJMl888NBEDCDV9I2wGbFFfJQQe63OijbFCUZqxpHz1GzpbtSFikJ4Q=="],
+    "@rollup/rollup-linux-loong64-musl": ["@rollup/rollup-linux-loong64-musl@4.60.2", "", { "os": "linux", "cpu": "none" }, "sha512-2/w+q8jszv9Ww1c+6uJT3OwqhdmGP2/4T17cu8WuwyUuuaCDDJ2ojdyYwZzCxx0GcsZBhzi3HmH+J5pZNXnd+Q=="],
 
-    "@rollup/rollup-linux-ppc64-gnu": ["@rollup/rollup-linux-ppc64-gnu@4.59.0", "", { "os": "linux", "cpu": "ppc64" }, "sha512-sw1o3tfyk12k3OEpRddF68a1unZ5VCN7zoTNtSn2KndUE+ea3m3ROOKRCZxEpmT9nsGnogpFP9x6mnLTCaoLkA=="],
+    "@rollup/rollup-linux-ppc64-gnu": ["@rollup/rollup-linux-ppc64-gnu@4.60.2", "", { "os": "linux", "cpu": "ppc64" }, "sha512-11+aL5vKheYgczxtPVVRhdptAM2H7fcDR5Gw4/bTcteuZBlH4oP9f5s9zYO9aGZvoGeBpqXI/9TZZihZ609wKw=="],
 
-    "@rollup/rollup-linux-ppc64-musl": ["@rollup/rollup-linux-ppc64-musl@4.59.0", "", { "os": "linux", "cpu": "ppc64" }, "sha512-+2kLtQ4xT3AiIxkzFVFXfsmlZiG5FXYW7ZyIIvGA7Bdeuh9Z0aN4hVyXS/G1E9bTP/vqszNIN/pUKCk/BTHsKA=="],
+    "@rollup/rollup-linux-ppc64-musl": ["@rollup/rollup-linux-ppc64-musl@4.60.2", "", { "os": "linux", "cpu": "ppc64" }, "sha512-i16fokAGK46IVZuV8LIIwMdtqhin9hfYkCh8pf8iC3QU3LpwL+1FSFGej+O7l3E/AoknL6Dclh2oTdnRMpTzFQ=="],
 
-    "@rollup/rollup-linux-riscv64-gnu": ["@rollup/rollup-linux-riscv64-gnu@4.59.0", "", { "os": "linux", "cpu": "none" }, "sha512-NDYMpsXYJJaj+I7UdwIuHHNxXZ/b/N2hR15NyH3m2qAtb/hHPA4g4SuuvrdxetTdndfj9b1WOmy73kcPRoERUg=="],
+    "@rollup/rollup-linux-riscv64-gnu": ["@rollup/rollup-linux-riscv64-gnu@4.60.2", "", { "os": "linux", "cpu": "none" }, "sha512-49FkKS6RGQoriDSK/6E2GkAsAuU5kETFCh7pG4yD/ylj9rKhTmO3elsnmBvRD4PgJPds5W2PkhC82aVwmUcJ7A=="],
 
-    "@rollup/rollup-linux-riscv64-musl": ["@rollup/rollup-linux-riscv64-musl@4.59.0", "", { "os": "linux", "cpu": "none" }, "sha512-nLckB8WOqHIf1bhymk+oHxvM9D3tyPndZH8i8+35p/1YiVoVswPid2yLzgX7ZJP0KQvnkhM4H6QZ5m0LzbyIAg=="],
+    "@rollup/rollup-linux-riscv64-musl": ["@rollup/rollup-linux-riscv64-musl@4.60.2", "", { "os": "linux", "cpu": "none" }, "sha512-mjYNkHPfGpUR00DuM1ZZIgs64Hpf4bWcz9Z41+4Q+pgDx73UwWdAYyf6EG/lRFldmdHHzgrYyge5akFUW0D3mQ=="],
 
-    "@rollup/rollup-linux-s390x-gnu": ["@rollup/rollup-linux-s390x-gnu@4.59.0", "", { "os": "linux", "cpu": "s390x" }, "sha512-oF87Ie3uAIvORFBpwnCvUzdeYUqi2wY6jRFWJAy1qus/udHFYIkplYRW+wo+GRUP4sKzYdmE1Y3+rY5Gc4ZO+w=="],
+    "@rollup/rollup-linux-s390x-gnu": ["@rollup/rollup-linux-s390x-gnu@4.60.2", "", { "os": "linux", "cpu": "s390x" }, "sha512-ALyvJz965BQk8E9Al/JDKKDLH2kfKFLTGMlgkAbbYtZuJt9LU8DW3ZoDMCtQpXAltZxwBHevXz5u+gf0yA0YoA=="],
 
-    "@rollup/rollup-linux-x64-gnu": ["@rollup/rollup-linux-x64-gnu@4.59.0", "", { "os": "linux", "cpu": "x64" }, "sha512-3AHmtQq/ppNuUspKAlvA8HtLybkDflkMuLK4DPo77DfthRb71V84/c4MlWJXixZz4uruIH4uaa07IqoAkG64fg=="],
+    "@rollup/rollup-linux-x64-gnu": ["@rollup/rollup-linux-x64-gnu@4.60.2", "", { "os": "linux", "cpu": "x64" }, "sha512-UQjrkIdWrKI626Du8lCQ6MJp/6V1LAo2bOK9OTu4mSn8GGXIkPXk/Vsp4bLHCd9Z9Iz2OTEaokUE90VweJgIYQ=="],
 
-    "@rollup/rollup-linux-x64-musl": ["@rollup/rollup-linux-x64-musl@4.59.0", "", { "os": "linux", "cpu": "x64" }, "sha512-2UdiwS/9cTAx7qIUZB/fWtToJwvt0Vbo0zmnYt7ED35KPg13Q0ym1g442THLC7VyI6JfYTP4PiSOWyoMdV2/xg=="],
+    "@rollup/rollup-linux-x64-musl": ["@rollup/rollup-linux-x64-musl@4.60.2", "", { "os": "linux", "cpu": "x64" }, "sha512-bTsRGj6VlSdn/XD4CGyzMnzaBs9bsRxy79eTqTCBsA8TMIEky7qg48aPkvJvFe1HyzQ5oMZdg7AnVlWQSKLTnw=="],
 
-    "@rollup/rollup-openbsd-x64": ["@rollup/rollup-openbsd-x64@4.59.0", "", { "os": "openbsd", "cpu": "x64" }, "sha512-M3bLRAVk6GOwFlPTIxVBSYKUaqfLrn8l0psKinkCFxl4lQvOSz8ZrKDz2gxcBwHFpci0B6rttydI4IpS4IS/jQ=="],
+    "@rollup/rollup-openbsd-x64": ["@rollup/rollup-openbsd-x64@4.60.2", "", { "os": "openbsd", "cpu": "x64" }, "sha512-6d4Z3534xitaA1FcMWP7mQPq5zGwBmGbhphh2DwaA1aNIXUu3KTOfwrWpbwI4/Gr0uANo7NTtaykFyO2hPuFLg=="],
 
-    "@rollup/rollup-openharmony-arm64": ["@rollup/rollup-openharmony-arm64@4.59.0", "", { "os": "none", "cpu": "arm64" }, "sha512-tt9KBJqaqp5i5HUZzoafHZX8b5Q2Fe7UjYERADll83O4fGqJ49O1FsL6LpdzVFQcpwvnyd0i+K/VSwu/o/nWlA=="],
+    "@rollup/rollup-openharmony-arm64": ["@rollup/rollup-openharmony-arm64@4.60.2", "", { "os": "none", "cpu": "arm64" }, "sha512-NetAg5iO2uN7eB8zE5qrZ3CSil+7IJt4WDFLcC75Ymywq1VZVD6qJ6EvNLjZ3rEm6gB7XW5JdT60c6MN35Z85Q=="],
 
-    "@rollup/rollup-win32-arm64-msvc": ["@rollup/rollup-win32-arm64-msvc@4.59.0", "", { "os": "win32", "cpu": "arm64" }, "sha512-V5B6mG7OrGTwnxaNUzZTDTjDS7F75PO1ae6MJYdiMu60sq0CqN5CVeVsbhPxalupvTX8gXVSU9gq+Rx1/hvu6A=="],
+    "@rollup/rollup-win32-arm64-msvc": ["@rollup/rollup-win32-arm64-msvc@4.60.2", "", { "os": "win32", "cpu": "arm64" }, "sha512-NCYhOotpgWZ5kdxCZsv6Iudx0wX8980Q/oW4pNFNihpBKsDbEA1zpkfxJGC0yugsUuyDZ7gL37dbzwhR0VI7pQ=="],
 
-    "@rollup/rollup-win32-ia32-msvc": ["@rollup/rollup-win32-ia32-msvc@4.59.0", "", { "os": "win32", "cpu": "ia32" }, "sha512-UKFMHPuM9R0iBegwzKF4y0C4J9u8C6MEJgFuXTBerMk7EJ92GFVFYBfOZaSGLu6COf7FxpQNqhNS4c4icUPqxA=="],
+    "@rollup/rollup-win32-ia32-msvc": ["@rollup/rollup-win32-ia32-msvc@4.60.2", "", { "os": "win32", "cpu": "ia32" }, "sha512-RXsaOqXxfoUBQoOgvmmijVxJnW2IGB0eoMO7F8FAjaj0UTywUO/luSqimWBJn04WNgUkeNhh7fs7pESXajWmkg=="],
 
-    "@rollup/rollup-win32-x64-gnu": ["@rollup/rollup-win32-x64-gnu@4.59.0", "", { "os": "win32", "cpu": "x64" }, "sha512-laBkYlSS1n2L8fSo1thDNGrCTQMmxjYY5G0WFWjFFYZkKPjsMBsgJfGf4TLxXrF6RyhI60L8TMOjBMvXiTcxeA=="],
+    "@rollup/rollup-win32-x64-gnu": ["@rollup/rollup-win32-x64-gnu@4.60.2", "", { "os": "win32", "cpu": "x64" }, "sha512-qdAzEULD+/hzObedtmV6iBpdL5TIbKVztGiK7O3/KYSf+HIzU257+MX1EXJcyIiDbMAqmbwaufcYPvyRryeZtA=="],
 
-    "@rollup/rollup-win32-x64-msvc": ["@rollup/rollup-win32-x64-msvc@4.59.0", "", { "os": "win32", "cpu": "x64" }, "sha512-2HRCml6OztYXyJXAvdDXPKcawukWY2GpR5/nxKp4iBgiO3wcoEGkAaqctIbZcNB6KlUQBIqt8VYkNSj2397EfA=="],
+    "@rollup/rollup-win32-x64-msvc": ["@rollup/rollup-win32-x64-msvc@4.60.2", "", { "os": "win32", "cpu": "x64" }, "sha512-Nd/SgG27WoA9e+/TdK74KnHz852TLa94ovOYySo/yMPuTmpckK/jIF2jSwS3g7ELSKXK13/cVdmg1Z/DaCWKxA=="],
 
     "@selderee/plugin-htmlparser2": ["@selderee/plugin-htmlparser2@0.11.0", "", { "dependencies": { "domhandler": "^5.0.3", "selderee": "^0.11.0" } }, "sha512-P33hHGdldxGabLFjPPpaTxVolMrzrcegejx+0GxjrIb9Zv48D8yAIA/QTDR2dFl7Uz7urX8aX6+5bCZslr+gWQ=="],
 
@@ -1364,75 +1421,73 @@
 
     "@sindresorhus/merge-streams": ["@sindresorhus/merge-streams@2.3.0", "", {}, "sha512-LtoMMhxAlorcGhmFYI+LhPgbPZCkgP6ra1YL604EeF6U98pLlQ3iWIGMdWSC+vWmPBWBNgmDBAhnAobLROJmwg=="],
 
-    "@smithy/abort-controller": ["@smithy/abort-controller@4.2.12", "", { "dependencies": { "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-xolrFw6b+2iYGl6EcOL7IJY71vvyZ0DJ3mcKtpykqPe2uscwtzDZJa1uVQXyP7w9Dd+kGwYnPbMsJrGISKiY/Q=="],
-
     "@smithy/chunked-blob-reader": ["@smithy/chunked-blob-reader@5.2.2", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-St+kVicSyayWQca+I1rGitaOEH6uKgE8IUWoYnnEX26SWdWQcL6LvMSD19Lg+vYHKdT9B2Zuu7rd3i6Wnyb/iw=="],
 
     "@smithy/chunked-blob-reader-native": ["@smithy/chunked-blob-reader-native@4.2.3", "", { "dependencies": { "@smithy/util-base64": "^4.3.2", "tslib": "^2.6.2" } }, "sha512-jA5k5Udn7Y5717L86h4EIv06wIr3xn8GM1qHRi/Nf31annXcXHJjBKvgztnbn2TxH3xWrPBfgwHsOwZf0UmQWw=="],
 
-    "@smithy/config-resolver": ["@smithy/config-resolver@4.4.13", "", { "dependencies": { "@smithy/node-config-provider": "^4.3.12", "@smithy/types": "^4.13.1", "@smithy/util-config-provider": "^4.2.2", "@smithy/util-endpoints": "^3.3.3", "@smithy/util-middleware": "^4.2.12", "tslib": "^2.6.2" } }, "sha512-iIzMC5NmOUP6WL6o8iPBjFhUhBZ9pPjpUpQYWMUFQqKyXXzOftbfK8zcQCz/jFV1Psmf05BK5ypx4K2r4Tnwdg=="],
+    "@smithy/config-resolver": ["@smithy/config-resolver@4.4.17", "", { "dependencies": { "@smithy/node-config-provider": "^4.3.14", "@smithy/types": "^4.14.1", "@smithy/util-config-provider": "^4.2.2", "@smithy/util-endpoints": "^3.4.2", "@smithy/util-middleware": "^4.2.14", "tslib": "^2.6.2" } }, "sha512-TzDZcAnhTyAHbXVxWZo7/tEcrIeFq20IBk8So3OLOetWpR8EwY/yEqBMBFaJMeyEiREDq4NfEl+qO3OAUD+vbQ=="],
 
-    "@smithy/core": ["@smithy/core@3.23.12", "", { "dependencies": { "@smithy/protocol-http": "^5.3.12", "@smithy/types": "^4.13.1", "@smithy/url-parser": "^4.2.12", "@smithy/util-base64": "^4.3.2", "@smithy/util-body-length-browser": "^4.2.2", "@smithy/util-middleware": "^4.2.12", "@smithy/util-stream": "^4.5.20", "@smithy/util-utf8": "^4.2.2", "@smithy/uuid": "^1.1.2", "tslib": "^2.6.2" } }, "sha512-o9VycsYNtgC+Dy3I0yrwCqv9CWicDnke0L7EVOrZtJpjb2t0EjaEofmMrYc0T1Kn3yk32zm6cspxF9u9Bj7e5w=="],
+    "@smithy/core": ["@smithy/core@3.23.17", "", { "dependencies": { "@smithy/protocol-http": "^5.3.14", "@smithy/types": "^4.14.1", "@smithy/url-parser": "^4.2.14", "@smithy/util-base64": "^4.3.2", "@smithy/util-body-length-browser": "^4.2.2", "@smithy/util-middleware": "^4.2.14", "@smithy/util-stream": "^4.5.25", "@smithy/util-utf8": "^4.2.2", "@smithy/uuid": "^1.1.2", "tslib": "^2.6.2" } }, "sha512-x7BlLbUFL8NWCGjMF9C+1N5cVCxcPa7g6Tv9B4A2luWx3be3oU8hQ96wIwxe/s7OhIzvoJH73HAUSg5JXVlEtQ=="],
 
-    "@smithy/credential-provider-imds": ["@smithy/credential-provider-imds@4.2.12", "", { "dependencies": { "@smithy/node-config-provider": "^4.3.12", "@smithy/property-provider": "^4.2.12", "@smithy/types": "^4.13.1", "@smithy/url-parser": "^4.2.12", "tslib": "^2.6.2" } }, "sha512-cr2lR792vNZcYMriSIj+Um3x9KWrjcu98kn234xA6reOAFMmbRpQMOv8KPgEmLLtx3eldU6c5wALKFqNOhugmg=="],
+    "@smithy/credential-provider-imds": ["@smithy/credential-provider-imds@4.2.14", "", { "dependencies": { "@smithy/node-config-provider": "^4.3.14", "@smithy/property-provider": "^4.2.14", "@smithy/types": "^4.14.1", "@smithy/url-parser": "^4.2.14", "tslib": "^2.6.2" } }, "sha512-Au28zBN48ZAoXdooGUHemuVBrkE+Ie6RPmGNIAJsFqj33Vhb6xAgRifUydZ2aY+M+KaMAETAlKk5NC5h1G7wpg=="],
 
-    "@smithy/eventstream-codec": ["@smithy/eventstream-codec@4.2.12", "", { "dependencies": { "@aws-crypto/crc32": "5.2.0", "@smithy/types": "^4.13.1", "@smithy/util-hex-encoding": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-FE3bZdEl62ojmy8x4FHqxq2+BuOHlcxiH5vaZ6aqHJr3AIZzwF5jfx8dEiU/X0a8RboyNDjmXjlbr8AdEyLgiA=="],
+    "@smithy/eventstream-codec": ["@smithy/eventstream-codec@4.2.14", "", { "dependencies": { "@aws-crypto/crc32": "5.2.0", "@smithy/types": "^4.14.1", "@smithy/util-hex-encoding": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-erZq0nOIpzfeZdCyzZjdJb4nVSKLUmSkaQUVkRGQTXs30gyUGeKnrYEg+Xe1W5gE3aReS7IgsvANwVPxSzY6Pw=="],
 
-    "@smithy/eventstream-serde-browser": ["@smithy/eventstream-serde-browser@4.2.12", "", { "dependencies": { "@smithy/eventstream-serde-universal": "^4.2.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-XUSuMxlTxV5pp4VpqZf6Sa3vT/Q75FVkLSpSSE3KkWBvAQWeuWt1msTv8fJfgA4/jcJhrbrbMzN1AC/hvPmm5A=="],
+    "@smithy/eventstream-serde-browser": ["@smithy/eventstream-serde-browser@4.2.14", "", { "dependencies": { "@smithy/eventstream-serde-universal": "^4.2.14", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-8IelTCtTctWRbb+0Dcy+C0aICh1qa0qWXqgjcXDmMuCvPJRnv26hiDZoAau2ILOniki65mCPKqOQs/BaWvO4CQ=="],
 
-    "@smithy/eventstream-serde-config-resolver": ["@smithy/eventstream-serde-config-resolver@4.3.12", "", { "dependencies": { "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-7epsAZ3QvfHkngz6RXQYseyZYHlmWXSTPOfPmXkiS+zA6TBNo1awUaMFL9vxyXlGdoELmCZyZe1nQE+imbmV+Q=="],
+    "@smithy/eventstream-serde-config-resolver": ["@smithy/eventstream-serde-config-resolver@4.3.14", "", { "dependencies": { "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-sqHiHpYRYo3FJlaIxD1J8PhbcmJAm7IuM16mVnwSkCToD7g00IBZzKuiLNMGmftULmEUX6/UAz8/NN5uMP8bVA=="],
 
-    "@smithy/eventstream-serde-node": ["@smithy/eventstream-serde-node@4.2.12", "", { "dependencies": { "@smithy/eventstream-serde-universal": "^4.2.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-D1pFuExo31854eAvg89KMn9Oab/wEeJR6Buy32B49A9Ogdtx5fwZPqBHUlDzaCDpycTFk2+fSQgX689Qsk7UGA=="],
+    "@smithy/eventstream-serde-node": ["@smithy/eventstream-serde-node@4.2.14", "", { "dependencies": { "@smithy/eventstream-serde-universal": "^4.2.14", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-Ht/8BuGlKfFTy0H3+8eEu0vdpwGztCnaLLXtpXNdQqiR7Hj4vFScU3T436vRAjATglOIPjJXronY+1WxxNLSiw=="],
 
-    "@smithy/eventstream-serde-universal": ["@smithy/eventstream-serde-universal@4.2.12", "", { "dependencies": { "@smithy/eventstream-codec": "^4.2.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-+yNuTiyBACxOJUTvbsNsSOfH9G9oKbaJE1lNL3YHpGcuucl6rPZMi3nrpehpVOVR2E07YqFFmtwpImtpzlouHQ=="],
+    "@smithy/eventstream-serde-universal": ["@smithy/eventstream-serde-universal@4.2.14", "", { "dependencies": { "@smithy/eventstream-codec": "^4.2.14", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-lWyt4T2XQZUZgK3tQ3Wn0w3XBvZsK/vjTuJl6bXbnGZBHH0ZUSONTYiK9TgjTTzU54xQr3DRFwpjmhp0oLm3gg=="],
 
-    "@smithy/fetch-http-handler": ["@smithy/fetch-http-handler@5.3.15", "", { "dependencies": { "@smithy/protocol-http": "^5.3.12", "@smithy/querystring-builder": "^4.2.12", "@smithy/types": "^4.13.1", "@smithy/util-base64": "^4.3.2", "tslib": "^2.6.2" } }, "sha512-T4jFU5N/yiIfrtrsb9uOQn7RdELdM/7HbyLNr6uO/mpkj1ctiVs7CihVr51w4LyQlXWDpXFn4BElf1WmQvZu/A=="],
+    "@smithy/fetch-http-handler": ["@smithy/fetch-http-handler@5.3.17", "", { "dependencies": { "@smithy/protocol-http": "^5.3.14", "@smithy/querystring-builder": "^4.2.14", "@smithy/types": "^4.14.1", "@smithy/util-base64": "^4.3.2", "tslib": "^2.6.2" } }, "sha512-bXOvQzaSm6MnmLaWA1elgfQcAtN4UP3vXqV97bHuoOrHQOJiLT3ds6o9eo5bqd0TJfRFpzdGnDQdW3FACiAVdw=="],
 
-    "@smithy/hash-blob-browser": ["@smithy/hash-blob-browser@4.2.13", "", { "dependencies": { "@smithy/chunked-blob-reader": "^5.2.2", "@smithy/chunked-blob-reader-native": "^4.2.3", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-YrF4zWKh+ghLuquldj6e/RzE3xZYL8wIPfkt0MqCRphVICjyyjH8OwKD7LLlKpVEbk4FLizFfC1+gwK6XQdR3g=="],
+    "@smithy/hash-blob-browser": ["@smithy/hash-blob-browser@4.2.15", "", { "dependencies": { "@smithy/chunked-blob-reader": "^5.2.2", "@smithy/chunked-blob-reader-native": "^4.2.3", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-0PJ4Al3fg2nM4qKrAIxyNcApgqHAXcBkN8FeizOz69z0rb26uZ6lMESYtxegaTlXB5Hj84JfwMPavMrwDMjucA=="],
 
-    "@smithy/hash-node": ["@smithy/hash-node@4.2.12", "", { "dependencies": { "@smithy/types": "^4.13.1", "@smithy/util-buffer-from": "^4.2.2", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-QhBYbGrbxTkZ43QoTPrK72DoYviDeg6YKDrHTMJbbC+A0sml3kSjzFtXP7BtbyJnXojLfTQldGdUR0RGD8dA3w=="],
+    "@smithy/hash-node": ["@smithy/hash-node@4.2.14", "", { "dependencies": { "@smithy/types": "^4.14.1", "@smithy/util-buffer-from": "^4.2.2", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-8ZBDY2DD4wr+GGjTpPtiglEsqr0lUP+KHqgZcWczFf6qeZ/YRjMIOoQWVQlmwu7EtxKTd8YXD8lblmYcpBIA1g=="],
 
-    "@smithy/hash-stream-node": ["@smithy/hash-stream-node@4.2.12", "", { "dependencies": { "@smithy/types": "^4.13.1", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-O3YbmGExeafuM/kP7Y8r6+1y0hIh3/zn6GROx0uNlB54K9oihAL75Qtc+jFfLNliTi6pxOAYZrRKD9A7iA6UFw=="],
+    "@smithy/hash-stream-node": ["@smithy/hash-stream-node@4.2.14", "", { "dependencies": { "@smithy/types": "^4.14.1", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-tw4GANWkZPb6+BdD4Fgucqzey2+r73Z/GRo9zklsCdwrnxxumUV83ZIaBDdudV4Ylazw3EPTiJZhpX42105ruQ=="],
 
-    "@smithy/invalid-dependency": ["@smithy/invalid-dependency@4.2.12", "", { "dependencies": { "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-/4F1zb7Z8LOu1PalTdESFHR0RbPwHd3FcaG1sI3UEIriQTWakysgJr65lc1jj6QY5ye7aFsisajotH6UhWfm/g=="],
+    "@smithy/invalid-dependency": ["@smithy/invalid-dependency@4.2.14", "", { "dependencies": { "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-c21qJiTSb25xvvOp+H2TNZzPCngrvl5vIPqPB8zQ/DmJF4QWXO19x1dWfMJZ6wZuuWUPPm0gV8C0cU3+ifcWuw=="],
 
     "@smithy/is-array-buffer": ["@smithy/is-array-buffer@4.2.2", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-n6rQ4N8Jj4YTQO3YFrlgZuwKodf4zUFs7EJIWH86pSCWBaAtAGBFfCM7Wx6D2bBJ2xqFNxGBSrUWswT3M0VJow=="],
 
-    "@smithy/md5-js": ["@smithy/md5-js@4.2.12", "", { "dependencies": { "@smithy/types": "^4.13.1", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-W/oIpHCpWU2+iAkfZYyGWE+qkpuf3vEXHLxQQDx9FPNZTTdnul0dZ2d/gUFrtQ5je1G2kp4cjG0/24YueG2LbQ=="],
+    "@smithy/md5-js": ["@smithy/md5-js@4.2.14", "", { "dependencies": { "@smithy/types": "^4.14.1", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-V2v0vx+h0iUSNG1Alt+GNBMSLGCrl9iVsdd+Ap67HPM9PN479x12V8LkuMoKImNZxn3MXeuyUjls+/7ZACZghA=="],
 
-    "@smithy/middleware-content-length": ["@smithy/middleware-content-length@4.2.12", "", { "dependencies": { "@smithy/protocol-http": "^5.3.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-YE58Yz+cvFInWI/wOTrB+DbvUVz/pLn5mC5MvOV4fdRUc6qGwygyngcucRQjAhiCEbmfLOXX0gntSIcgMvAjmA=="],
+    "@smithy/middleware-content-length": ["@smithy/middleware-content-length@4.2.14", "", { "dependencies": { "@smithy/protocol-http": "^5.3.14", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-xhHq7fX4/3lv5NHxLUk3OeEvl0xZ+Ek3qIbWaCL4f9JwgDZEclPBElljaZCAItdGPQl/kSM4LPMOpy1MYgprpw=="],
 
-    "@smithy/middleware-endpoint": ["@smithy/middleware-endpoint@4.4.27", "", { "dependencies": { "@smithy/core": "^3.23.12", "@smithy/middleware-serde": "^4.2.15", "@smithy/node-config-provider": "^4.3.12", "@smithy/shared-ini-file-loader": "^4.4.7", "@smithy/types": "^4.13.1", "@smithy/url-parser": "^4.2.12", "@smithy/util-middleware": "^4.2.12", "tslib": "^2.6.2" } }, "sha512-T3TFfUgXQlpcg+UdzcAISdZpj4Z+XECZ/cefgA6wLBd6V4lRi0svN2hBouN/be9dXQ31X4sLWz3fAQDf+nt6BA=="],
+    "@smithy/middleware-endpoint": ["@smithy/middleware-endpoint@4.4.32", "", { "dependencies": { "@smithy/core": "^3.23.17", "@smithy/middleware-serde": "^4.2.20", "@smithy/node-config-provider": "^4.3.14", "@smithy/shared-ini-file-loader": "^4.4.9", "@smithy/types": "^4.14.1", "@smithy/url-parser": "^4.2.14", "@smithy/util-middleware": "^4.2.14", "tslib": "^2.6.2" } }, "sha512-ZZkgyjnJppiZbIm6Qbx92pbXYi1uzenIvGhBSCDlc7NwuAkiqSgS75j1czAD25ZLs2FjMjYy1q7gyRVWG6JA0Q=="],
 
-    "@smithy/middleware-retry": ["@smithy/middleware-retry@4.4.44", "", { "dependencies": { "@smithy/node-config-provider": "^4.3.12", "@smithy/protocol-http": "^5.3.12", "@smithy/service-error-classification": "^4.2.12", "@smithy/smithy-client": "^4.12.7", "@smithy/types": "^4.13.1", "@smithy/util-middleware": "^4.2.12", "@smithy/util-retry": "^4.2.12", "@smithy/uuid": "^1.1.2", "tslib": "^2.6.2" } }, "sha512-Y1Rav7m5CFRPQyM4CI0koD/bXjyjJu3EQxZZhtLGD88WIrBrQ7kqXM96ncd6rYnojwOo/u9MXu57JrEvu/nLrA=="],
+    "@smithy/middleware-retry": ["@smithy/middleware-retry@4.5.6", "", { "dependencies": { "@smithy/core": "^3.23.17", "@smithy/node-config-provider": "^4.3.14", "@smithy/protocol-http": "^5.3.14", "@smithy/service-error-classification": "^4.3.1", "@smithy/smithy-client": "^4.12.13", "@smithy/types": "^4.14.1", "@smithy/util-middleware": "^4.2.14", "@smithy/util-retry": "^4.3.5", "@smithy/uuid": "^1.1.2", "tslib": "^2.6.2" } }, "sha512-5zhmo2AkstmM/RMKYP0NHfmuYWBR+/umlmSuALgajLxf0X0rLE6d17MfzTxpzkILWVhwvCJkCyPH0AfMlbaucQ=="],
 
-    "@smithy/middleware-serde": ["@smithy/middleware-serde@4.2.15", "", { "dependencies": { "@smithy/core": "^3.23.12", "@smithy/protocol-http": "^5.3.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-ExYhcltZSli0pgAKOpQQe1DLFBLryeZ22605y/YS+mQpdNWekum9Ujb/jMKfJKgjtz1AZldtwA/wCYuKJgjjlg=="],
+    "@smithy/middleware-serde": ["@smithy/middleware-serde@4.2.20", "", { "dependencies": { "@smithy/core": "^3.23.17", "@smithy/protocol-http": "^5.3.14", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-Lx9JMO9vArPtiChE3wbEZ5akMIDQpWQtlu90lhACQmNOXcGXRbaDywMHDzuDZ2OkZzP+9wQfZi3YJT9F67zTQQ=="],
 
-    "@smithy/middleware-stack": ["@smithy/middleware-stack@4.2.12", "", { "dependencies": { "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-kruC5gRHwsCOuyCd4ouQxYjgRAym2uDlCvQ5acuMtRrcdfg7mFBg6blaxcJ09STpt3ziEkis6bhg1uwrWU7txw=="],
+    "@smithy/middleware-stack": ["@smithy/middleware-stack@4.2.14", "", { "dependencies": { "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-2dvkUKLuFdKsCRmOE4Mn63co0Djtsm+JMh0bYZQupN1pJwMeE8FmQmRLLzzEMN0dnNi7CDCYYH8F0EVwWiPBeA=="],
 
-    "@smithy/node-config-provider": ["@smithy/node-config-provider@4.3.12", "", { "dependencies": { "@smithy/property-provider": "^4.2.12", "@smithy/shared-ini-file-loader": "^4.4.7", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-tr2oKX2xMcO+rBOjobSwVAkV05SIfUKz8iI53rzxEmgW3GOOPOv0UioSDk+J8OpRQnpnhsO3Af6IEBabQBVmiw=="],
+    "@smithy/node-config-provider": ["@smithy/node-config-provider@4.3.14", "", { "dependencies": { "@smithy/property-provider": "^4.2.14", "@smithy/shared-ini-file-loader": "^4.4.9", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-S+gFjyo/weSVL0P1b9Ts8C/CwIfNCgUPikk3sl6QVsfE/uUuO+QsF+NsE/JkpvWqqyz1wg7HFdiaZuj5CoBMRg=="],
 
-    "@smithy/node-http-handler": ["@smithy/node-http-handler@4.5.0", "", { "dependencies": { "@smithy/abort-controller": "^4.2.12", "@smithy/protocol-http": "^5.3.12", "@smithy/querystring-builder": "^4.2.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-Rnq9vQWiR1+/I6NZZMNzJHV6pZYyEHt2ZnuV3MG8z2NNenC4i/8Kzttz7CjZiHSmsN5frhXhg17z3Zqjjhmz1A=="],
+    "@smithy/node-http-handler": ["@smithy/node-http-handler@4.6.1", "", { "dependencies": { "@smithy/protocol-http": "^5.3.14", "@smithy/querystring-builder": "^4.2.14", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-iB+orM4x3xrr57X3YaXazfKnntl0LHlZB1kcXSGzMV1Tt0+YwEjGlbjk/44qEGtBzXAz6yFDzkYTKSV6Pj2HUg=="],
 
-    "@smithy/property-provider": ["@smithy/property-provider@4.2.12", "", { "dependencies": { "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-jqve46eYU1v7pZ5BM+fmkbq3DerkSluPr5EhvOcHxygxzD05ByDRppRwRPPpFrsFo5yDtCYLKu+kreHKVrvc7A=="],
+    "@smithy/property-provider": ["@smithy/property-provider@4.2.14", "", { "dependencies": { "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-WuM31CgfsnQ/10i7NYr0PyxqknD72Y5uMfUMVSniPjbEPceiTErb4eIqJQ+pdxNEAUEWrewrGjIRjVbVHsxZiQ=="],
 
-    "@smithy/protocol-http": ["@smithy/protocol-http@5.3.12", "", { "dependencies": { "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-fit0GZK9I1xoRlR4jXmbLhoN0OdEpa96ul8M65XdmXnxXkuMxM0Y8HDT0Fh0Xb4I85MBvBClOzgSrV1X2s1Hxw=="],
+    "@smithy/protocol-http": ["@smithy/protocol-http@5.3.14", "", { "dependencies": { "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-dN5F8kHx8RNU0r+pCwNmFZyz6ChjMkzShy/zup6MtkRmmix4vZzJdW+di7x//b1LiynIev88FM18ie+wwPcQtQ=="],
 
-    "@smithy/querystring-builder": ["@smithy/querystring-builder@4.2.12", "", { "dependencies": { "@smithy/types": "^4.13.1", "@smithy/util-uri-escape": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-6wTZjGABQufekycfDGMEB84BgtdOE/rCVTov+EDXQ8NHKTUNIp/j27IliwP7tjIU9LR+sSzyGBOXjeEtVgzCHg=="],
+    "@smithy/querystring-builder": ["@smithy/querystring-builder@4.2.14", "", { "dependencies": { "@smithy/types": "^4.14.1", "@smithy/util-uri-escape": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-XYA5Z0IqTeF+5XDdh4BBmSA0HvbgVZIyv4cmOoUheDNR57K1HgBp9ukUMx3Cr3XpDHHpLBnexPE3LAtDsZkj2A=="],
 
-    "@smithy/querystring-parser": ["@smithy/querystring-parser@4.2.12", "", { "dependencies": { "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-P2OdvrgiAKpkPNKlKUtWbNZKB1XjPxM086NeVhK+W+wI46pIKdWBe5QyXvhUm3MEcyS/rkLvY8rZzyUdmyDZBw=="],
+    "@smithy/querystring-parser": ["@smithy/querystring-parser@4.2.14", "", { "dependencies": { "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-hr+YyqBD23GVvRxGGrcc/oOeNlK3PzT5Fu4dzrDXxzS1LpFiuL2PQQqKPs87M79aW7ziMs+nvB3qdw77SqE7Lw=="],
 
-    "@smithy/service-error-classification": ["@smithy/service-error-classification@4.2.12", "", { "dependencies": { "@smithy/types": "^4.13.1" } }, "sha512-LlP29oSQN0Tw0b6D0Xo6BIikBswuIiGYbRACy5ujw/JgWSzTdYj46U83ssf6Ux0GyNJVivs2uReU8pt7Eu9okQ=="],
+    "@smithy/service-error-classification": ["@smithy/service-error-classification@4.3.1", "", { "dependencies": { "@smithy/types": "^4.14.1" } }, "sha512-aUQuDGh760ts/8MU+APjIZhlLPKhIIfqyzZaJikLEIMrdxFvxuLYD0WxWzaYWpmLbQlXDe9p7EWM3HsBe0K6Gw=="],
 
-    "@smithy/shared-ini-file-loader": ["@smithy/shared-ini-file-loader@4.4.7", "", { "dependencies": { "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-HrOKWsUb+otTeo1HxVWeEb99t5ER1XrBi/xka2Wv6NVmTbuCUC1dvlrksdvxFtODLBjsC+PHK+fuy2x/7Ynyiw=="],
+    "@smithy/shared-ini-file-loader": ["@smithy/shared-ini-file-loader@4.4.9", "", { "dependencies": { "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-495/V2I15SHgedSJoDPD23JuSfKAp726ZI1V0wtjB07Wh7q/0tri/0e0DLefZCHgxZonrGKt/OCTpAtP1wE1kQ=="],
 
-    "@smithy/signature-v4": ["@smithy/signature-v4@5.3.12", "", { "dependencies": { "@smithy/is-array-buffer": "^4.2.2", "@smithy/protocol-http": "^5.3.12", "@smithy/types": "^4.13.1", "@smithy/util-hex-encoding": "^4.2.2", "@smithy/util-middleware": "^4.2.12", "@smithy/util-uri-escape": "^4.2.2", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-B/FBwO3MVOL00DaRSXfXfa/TRXRheagt/q5A2NM13u7q+sHS59EOVGQNfG7DkmVtdQm5m3vOosoKAXSqn/OEgw=="],
+    "@smithy/signature-v4": ["@smithy/signature-v4@5.3.14", "", { "dependencies": { "@smithy/is-array-buffer": "^4.2.2", "@smithy/protocol-http": "^5.3.14", "@smithy/types": "^4.14.1", "@smithy/util-hex-encoding": "^4.2.2", "@smithy/util-middleware": "^4.2.14", "@smithy/util-uri-escape": "^4.2.2", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-1D9Y/nmlVjCeSivCbhZ7hgEpmHyY1h0GvpSZt3l0xcD9JjmjVC1CHOozS6+Gh+/ldMH8JuJ6cujObQqfayAVFA=="],
 
-    "@smithy/smithy-client": ["@smithy/smithy-client@4.12.7", "", { "dependencies": { "@smithy/core": "^3.23.12", "@smithy/middleware-endpoint": "^4.4.27", "@smithy/middleware-stack": "^4.2.12", "@smithy/protocol-http": "^5.3.12", "@smithy/types": "^4.13.1", "@smithy/util-stream": "^4.5.20", "tslib": "^2.6.2" } }, "sha512-q3gqnwml60G44FECaEEsdQMplYhDMZYCtYhMCzadCnRnnHIobZJjegmdoUo6ieLQlPUzvrMdIJUpx6DoPmzANQ=="],
+    "@smithy/smithy-client": ["@smithy/smithy-client@4.12.13", "", { "dependencies": { "@smithy/core": "^3.23.17", "@smithy/middleware-endpoint": "^4.4.32", "@smithy/middleware-stack": "^4.2.14", "@smithy/protocol-http": "^5.3.14", "@smithy/types": "^4.14.1", "@smithy/util-stream": "^4.5.25", "tslib": "^2.6.2" } }, "sha512-y/Pcj1V9+qG98gyu1gvftHB7rDpdh+7kIBIggs55yGm3JdtBV8GT8IFF3a1qxZ79QnaJHX9GXzvBG6tAd+czJA=="],
 
-    "@smithy/types": ["@smithy/types@4.13.1", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-787F3yzE2UiJIQ+wYW1CVg2odHjmaWLGksnKQHUrK/lYZSEcy1msuLVvxaR/sI2/aDe9U+TBuLsXnr3vod1g0g=="],
+    "@smithy/types": ["@smithy/types@4.14.1", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-59b5HtSVrVR/eYNei3BUj3DCPKD/G7EtDDe7OEJE7i7FtQFugYo6MxbotS8mVJkLNVf8gYaAlEBwwtJ9HzhWSg=="],
 
-    "@smithy/url-parser": ["@smithy/url-parser@4.2.12", "", { "dependencies": { "@smithy/querystring-parser": "^4.2.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-wOPKPEpso+doCZGIlr+e1lVI6+9VAKfL4kZWFgzVgGWY2hZxshNKod4l2LXS3PRC9otH/JRSjtEHqQ/7eLciRA=="],
+    "@smithy/url-parser": ["@smithy/url-parser@4.2.14", "", { "dependencies": { "@smithy/querystring-parser": "^4.2.14", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-p06BiBigJ8bTA3MgnOfCtDUWnAMY0YfedO/GRpmc7p+wg3KW8vbXy1xwSu5ASy0wV7rRYtlfZOIKH4XqfhjSQQ=="],
 
     "@smithy/util-base64": ["@smithy/util-base64@4.3.2", "", { "dependencies": { "@smithy/util-buffer-from": "^4.2.2", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-XRH6b0H/5A3SgblmMa5ErXQ2XKhfbQB+Fm/oyLZ2O2kCUrwgg55bU0RekmzAhuwOjA9qdN5VU2BprOvGGUkOOQ=="],
 
@@ -1444,65 +1499,65 @@
 
     "@smithy/util-config-provider": ["@smithy/util-config-provider@4.2.2", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-dWU03V3XUprJwaUIFVv4iOnS1FC9HnMHDfUrlNDSh4315v0cWyaIErP8KiqGVbf5z+JupoVpNM7ZB3jFiTejvQ=="],
 
-    "@smithy/util-defaults-mode-browser": ["@smithy/util-defaults-mode-browser@4.3.43", "", { "dependencies": { "@smithy/property-provider": "^4.2.12", "@smithy/smithy-client": "^4.12.7", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-Qd/0wCKMaXxev/z00TvNzGCH2jlKKKxXP1aDxB6oKwSQthe3Og2dMhSayGCnsma1bK/kQX1+X7SMP99t6FgiiQ=="],
+    "@smithy/util-defaults-mode-browser": ["@smithy/util-defaults-mode-browser@4.3.49", "", { "dependencies": { "@smithy/property-provider": "^4.2.14", "@smithy/smithy-client": "^4.12.13", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-a5bNrdiONYB/qE2BuKegvUMd/+ZDwdg4vsNuuSzYE8qs2EYAdK9CynL+Rzn29PbPiUqoz/cbpRbcLzD5lEevHw=="],
 
-    "@smithy/util-defaults-mode-node": ["@smithy/util-defaults-mode-node@4.2.47", "", { "dependencies": { "@smithy/config-resolver": "^4.4.13", "@smithy/credential-provider-imds": "^4.2.12", "@smithy/node-config-provider": "^4.3.12", "@smithy/property-provider": "^4.2.12", "@smithy/smithy-client": "^4.12.7", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-qSRbYp1EQ7th+sPFuVcVO05AE0QH635hycdEXlpzIahqHHf2Fyd/Zl+8v0XYMJ3cgDVPa0lkMefU7oNUjAP+DQ=="],
+    "@smithy/util-defaults-mode-node": ["@smithy/util-defaults-mode-node@4.2.54", "", { "dependencies": { "@smithy/config-resolver": "^4.4.17", "@smithy/credential-provider-imds": "^4.2.14", "@smithy/node-config-provider": "^4.3.14", "@smithy/property-provider": "^4.2.14", "@smithy/smithy-client": "^4.12.13", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-g1cvrJvOnzeJgEdf7AE4luI7gp6L8weE0y9a9wQUSGtjb8QRHDbCJYuE4Sy0SD9N8RrnNPFsPltAz/OSoBR9Zw=="],
 
-    "@smithy/util-endpoints": ["@smithy/util-endpoints@3.3.3", "", { "dependencies": { "@smithy/node-config-provider": "^4.3.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-VACQVe50j0HZPjpwWcjyT51KUQ4AnsvEaQ2lKHOSL4mNLD0G9BjEniQ+yCt1qqfKfiAHRAts26ud7hBjamrwig=="],
+    "@smithy/util-endpoints": ["@smithy/util-endpoints@3.4.2", "", { "dependencies": { "@smithy/node-config-provider": "^4.3.14", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-a55Tr+3OKld4TTtnT+RhKOQHyPxm3j/xL4OR83WBUhLJaKDS9dnJ7arRMOp3t31dcLhApwG9bgvrRXBHlLdIkg=="],
 
     "@smithy/util-hex-encoding": ["@smithy/util-hex-encoding@4.2.2", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-Qcz3W5vuHK4sLQdyT93k/rfrUwdJ8/HZ+nMUOyGdpeGA1Wxt65zYwi3oEl9kOM+RswvYq90fzkNDahPS8K0OIg=="],
 
-    "@smithy/util-middleware": ["@smithy/util-middleware@4.2.12", "", { "dependencies": { "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-Er805uFUOvgc0l8nv0e0su0VFISoxhJ/AwOn3gL2NWNY2LUEldP5WtVcRYSQBcjg0y9NfG8JYrCJaYDpupBHJQ=="],
+    "@smithy/util-middleware": ["@smithy/util-middleware@4.2.14", "", { "dependencies": { "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-1Su2vj9RYNDEv/V+2E+jXkkwGsgR7dc4sfHn9Z7ruzQHJIEni9zzw5CauvRXlFJfmgcqYP8fWa0dkh2Q2YaQyw=="],
 
-    "@smithy/util-retry": ["@smithy/util-retry@4.2.12", "", { "dependencies": { "@smithy/service-error-classification": "^4.2.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-1zopLDUEOwumjcHdJ1mwBHddubYF8GMQvstVCLC54Y46rqoHwlIU+8ZzUeaBcD+WCJHyDGSeZ2ml9YSe9aqcoQ=="],
+    "@smithy/util-retry": ["@smithy/util-retry@4.3.5", "", { "dependencies": { "@smithy/service-error-classification": "^4.3.1", "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-h1IJsbgMDA+jaTjrco/JsyfWOgHRJBv8myB1y4AEI2fjIzD6ktZ7pFAyTw+gwN9GKIAygvC6db0mq0j8N2rFOg=="],
 
-    "@smithy/util-stream": ["@smithy/util-stream@4.5.20", "", { "dependencies": { "@smithy/fetch-http-handler": "^5.3.15", "@smithy/node-http-handler": "^4.5.0", "@smithy/types": "^4.13.1", "@smithy/util-base64": "^4.3.2", "@smithy/util-buffer-from": "^4.2.2", "@smithy/util-hex-encoding": "^4.2.2", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-4yXLm5n/B5SRBR2p8cZ90Sbv4zL4NKsgxdzCzp/83cXw2KxLEumt5p+GAVyRNZgQOSrzXn9ARpO0lUe8XSlSDw=="],
+    "@smithy/util-stream": ["@smithy/util-stream@4.5.25", "", { "dependencies": { "@smithy/fetch-http-handler": "^5.3.17", "@smithy/node-http-handler": "^4.6.1", "@smithy/types": "^4.14.1", "@smithy/util-base64": "^4.3.2", "@smithy/util-buffer-from": "^4.2.2", "@smithy/util-hex-encoding": "^4.2.2", "@smithy/util-utf8": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-/PFpG4k8Ze8Ei+mMKj3oiPICYekthuzePZMgZbCqMiXIHHf4n2aZ4Ps0aSRShycFTGuj/J6XldmC0x0DwednIA=="],
 
     "@smithy/util-uri-escape": ["@smithy/util-uri-escape@4.2.2", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-2kAStBlvq+lTXHyAZYfJRb/DfS3rsinLiwb+69SstC9Vb0s9vNWkRwpnj918Pfi85mzi42sOqdV72OLxWAISnw=="],
 
     "@smithy/util-utf8": ["@smithy/util-utf8@4.2.2", "", { "dependencies": { "@smithy/util-buffer-from": "^4.2.2", "tslib": "^2.6.2" } }, "sha512-75MeYpjdWRe8M5E3AW0O4Cx3UadweS+cwdXjwYGBW5h/gxxnbeZ877sLPX/ZJA9GVTlL/qG0dXP29JWFCD1Ayw=="],
 
-    "@smithy/util-waiter": ["@smithy/util-waiter@4.2.13", "", { "dependencies": { "@smithy/abort-controller": "^4.2.12", "@smithy/types": "^4.13.1", "tslib": "^2.6.2" } }, "sha512-2zdZ9DTHngRtcYxJK1GUDxruNr53kv5W2Lupe0LMU+Imr6ohQg8M2T14MNkj1Y0wS3FFwpgpGQyvuaMF7CiTmQ=="],
+    "@smithy/util-waiter": ["@smithy/util-waiter@4.3.0", "", { "dependencies": { "@smithy/types": "^4.14.1", "tslib": "^2.6.2" } }, "sha512-JyjYmLAfS+pdxF92o4yLgEoy0zhayKTw73FU1aofLWwLcJw7iSqIY2exGmMTrl/lmZugP5p/zxdFSippJDfKWA=="],
 
     "@smithy/uuid": ["@smithy/uuid@1.1.2", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-O/IEdcCUKkubz60tFbGA7ceITTAJsty+lBjNoorP4Z6XRqaFb/OjQjZODophEcuq68nKm6/0r+6/lLQ+XVpk8g=="],
 
-    "@speed-highlight/core": ["@speed-highlight/core@1.2.14", "", {}, "sha512-G4ewlBNhUtlLvrJTb88d2mdy2KRijzs4UhnlrOSRT4bmjh/IqNElZa3zkrZ+TC47TwtlDWzVLFADljF1Ijp5hA=="],
+    "@speed-highlight/core": ["@speed-highlight/core@1.2.15", "", {}, "sha512-BMq1K3DsElxDWawkX6eLg9+CKJrTVGCBAWVuHXVUV2u0s2711qiChLSId6ikYPfxhdYocLNt3wWwSvDiTvFabw=="],
 
     "@standard-schema/spec": ["@standard-schema/spec@1.1.0", "", {}, "sha512-l2aFy5jALhniG5HgqrD6jXLi/rUWrKvqN/qJx6yoJsgKhblVd+iqqU4RCXavm/jPityDo5TCvKMnpjKnOriy0w=="],
 
     "@standard-schema/utils": ["@standard-schema/utils@0.3.0", "", {}, "sha512-e7Mew686owMaPJVNNLs55PUvgz371nKgwsc4vxE49zsODpJEnxgxRo2y/OKrqueavXgZNMDVj3DdHFlaSAeU8g=="],
 
-    "@tailwindcss/node": ["@tailwindcss/node@4.2.1", "", { "dependencies": { "@jridgewell/remapping": "^2.3.5", "enhanced-resolve": "^5.19.0", "jiti": "^2.6.1", "lightningcss": "1.31.1", "magic-string": "^0.30.21", "source-map-js": "^1.2.1", "tailwindcss": "4.2.1" } }, "sha512-jlx6sLk4EOwO6hHe1oCGm1Q4AN/s0rSrTTPBGPM0/RQ6Uylwq17FuU8IeJJKEjtc6K6O07zsvP+gDO6MMWo7pg=="],
+    "@tailwindcss/node": ["@tailwindcss/node@4.2.4", "", { "dependencies": { "@jridgewell/remapping": "^2.3.5", "enhanced-resolve": "^5.19.0", "jiti": "^2.6.1", "lightningcss": "1.32.0", "magic-string": "^0.30.21", "source-map-js": "^1.2.1", "tailwindcss": "4.2.4" } }, "sha512-Ai7+yQPxz3ddrDQzFfBKdHEVBg0w3Zl83jnjuwxnZOsnH9pGn93QHQtpU0p/8rYWxvbFZHneni6p1BSLK4DkGA=="],
 
-    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.2.1", "", { "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.2.1", "@tailwindcss/oxide-darwin-arm64": "4.2.1", "@tailwindcss/oxide-darwin-x64": "4.2.1", "@tailwindcss/oxide-freebsd-x64": "4.2.1", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.2.1", "@tailwindcss/oxide-linux-arm64-gnu": "4.2.1", "@tailwindcss/oxide-linux-arm64-musl": "4.2.1", "@tailwindcss/oxide-linux-x64-gnu": "4.2.1", "@tailwindcss/oxide-linux-x64-musl": "4.2.1", "@tailwindcss/oxide-wasm32-wasi": "4.2.1", "@tailwindcss/oxide-win32-arm64-msvc": "4.2.1", "@tailwindcss/oxide-win32-x64-msvc": "4.2.1" } }, "sha512-yv9jeEFWnjKCI6/T3Oq50yQEOqmpmpfzG1hcZsAOaXFQPfzWprWrlHSdGPEF3WQTi8zu8ohC9Mh9J470nT5pUw=="],
+    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.2.4", "", { "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.2.4", "@tailwindcss/oxide-darwin-arm64": "4.2.4", "@tailwindcss/oxide-darwin-x64": "4.2.4", "@tailwindcss/oxide-freebsd-x64": "4.2.4", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.2.4", "@tailwindcss/oxide-linux-arm64-gnu": "4.2.4", "@tailwindcss/oxide-linux-arm64-musl": "4.2.4", "@tailwindcss/oxide-linux-x64-gnu": "4.2.4", "@tailwindcss/oxide-linux-x64-musl": "4.2.4", "@tailwindcss/oxide-wasm32-wasi": "4.2.4", "@tailwindcss/oxide-win32-arm64-msvc": "4.2.4", "@tailwindcss/oxide-win32-x64-msvc": "4.2.4" } }, "sha512-9El/iI069DKDSXwTvB9J4BwdO5JhRrOweGaK25taBAvBXyXqJAX+Jqdvs8r8gKpsI/1m0LeJLyQYTf/WLrBT1Q=="],
 
-    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.2.1", "", { "os": "android", "cpu": "arm64" }, "sha512-eZ7G1Zm5EC8OOKaesIKuw77jw++QJ2lL9N+dDpdQiAB/c/B2wDh0QPFHbkBVrXnwNugvrbJFk1gK2SsVjwWReg=="],
+    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.2.4", "", { "os": "android", "cpu": "arm64" }, "sha512-e7MOr1SAn9U8KlZzPi1ZXGZHeC5anY36qjNwmZv9pOJ8E4Q6jmD1vyEHkQFmNOIN7twGPEMXRHmitN4zCMN03g=="],
 
-    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.2.1", "", { "os": "darwin", "cpu": "arm64" }, "sha512-q/LHkOstoJ7pI1J0q6djesLzRvQSIfEto148ppAd+BVQK0JYjQIFSK3JgYZJa+Yzi0DDa52ZsQx2rqytBnf8Hw=="],
+    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.2.4", "", { "os": "darwin", "cpu": "arm64" }, "sha512-tSC/Kbqpz/5/o/C2sG7QvOxAKqyd10bq+ypZNf+9Fi2TvbVbv1zNpcEptcsU7DPROaSbVgUXmrzKhurFvo5eDg=="],
 
-    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.2.1", "", { "os": "darwin", "cpu": "x64" }, "sha512-/f/ozlaXGY6QLbpvd/kFTro2l18f7dHKpB+ieXz+Cijl4Mt9AI2rTrpq7V+t04nK+j9XBQHnSMdeQRhbGyt6fw=="],
+    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.2.4", "", { "os": "darwin", "cpu": "x64" }, "sha512-yPyUXn3yO/ufR6+Kzv0t4fCg2qNr90jxXc5QqBpjlPNd0NqyDXcmQb/6weunH/MEDXW5dhyEi+agTDiqa3WsGg=="],
 
-    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.2.1", "", { "os": "freebsd", "cpu": "x64" }, "sha512-5e/AkgYJT/cpbkys/OU2Ei2jdETCLlifwm7ogMC7/hksI2fC3iiq6OcXwjibcIjPung0kRtR3TxEITkqgn0TcA=="],
+    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.2.4", "", { "os": "freebsd", "cpu": "x64" }, "sha512-BoMIB4vMQtZsXdGLVc2z+P9DbETkiopogfWZKbWwM8b/1Vinbs4YcUwo+kM/KeLkX3Ygrf4/PsRndKaYhS8Eiw=="],
 
-    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.2.1", "", { "os": "linux", "cpu": "arm" }, "sha512-Uny1EcVTTmerCKt/1ZuKTkb0x8ZaiuYucg2/kImO5A5Y/kBz41/+j0gxUZl+hTF3xkWpDmHX+TaWhOtba2Fyuw=="],
+    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.2.4", "", { "os": "linux", "cpu": "arm" }, "sha512-7pIHBLTHYRAlS7V22JNuTh33yLH4VElwKtB3bwchK/UaKUPpQ0lPQiOWcbm4V3WP2I6fNIJ23vABIvoy2izdwA=="],
 
-    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.2.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-CTrwomI+c7n6aSSQlsPL0roRiNMDQ/YzMD9EjcR+H4f0I1SQ8QqIuPnsVp7QgMkC1Qi8rtkekLkOFjo7OlEFRQ=="],
+    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.2.4", "", { "os": "linux", "cpu": "arm64" }, "sha512-+E4wxJ0ZGOzSH325reXTWB48l42i93kQqMvDyz5gqfRzRZ7faNhnmvlV4EPGJU3QJM/3Ab5jhJ5pCRUsKn6OQw=="],
 
-    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.2.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-WZA0CHRL/SP1TRbA5mp9htsppSEkWuQ4KsSUumYQnyl8ZdT39ntwqmz4IUHGN6p4XdSlYfJwM4rRzZLShHsGAQ=="],
+    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.2.4", "", { "os": "linux", "cpu": "arm64" }, "sha512-bBADEGAbo4ASnppIziaQJelekCxdMaxisrk+fB7Thit72IBnALp9K6ffA2G4ruj90G9XRS2VQ6q2bCKbfFV82g=="],
 
-    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.2.1", "", { "os": "linux", "cpu": "x64" }, "sha512-qMFzxI2YlBOLW5PhblzuSWlWfwLHaneBE0xHzLrBgNtqN6mWfs+qYbhryGSXQjFYB1Dzf5w+LN5qbUTPhW7Y5g=="],
+    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.2.4", "", { "os": "linux", "cpu": "x64" }, "sha512-7Mx25E4WTfnht0TVRTyC00j3i0M+EeFe7wguMDTlX4mRxafznw0CA8WJkFjWYH5BlgELd1kSjuU2JiPnNZbJDA=="],
 
-    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.2.1", "", { "os": "linux", "cpu": "x64" }, "sha512-5r1X2FKnCMUPlXTWRYpHdPYUY6a1Ar/t7P24OuiEdEOmms5lyqjDRvVY1yy9Rmioh+AunQ0rWiOTPE8F9A3v5g=="],
+    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.2.4", "", { "os": "linux", "cpu": "x64" }, "sha512-2wwJRF7nyhOR0hhHoChc04xngV3iS+akccHTGtz965FwF0up4b2lOdo6kI1EbDaEXKgvcrFBYcYQQ/rrnWFVfA=="],
 
-    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.2.1", "", { "dependencies": { "@emnapi/core": "^1.8.1", "@emnapi/runtime": "^1.8.1", "@emnapi/wasi-threads": "^1.1.0", "@napi-rs/wasm-runtime": "^1.1.1", "@tybys/wasm-util": "^0.10.1", "tslib": "^2.8.1" }, "cpu": "none" }, "sha512-MGFB5cVPvshR85MTJkEvqDUnuNoysrsRxd6vnk1Lf2tbiqNlXpHYZqkqOQalydienEWOHHFyyuTSYRsLfxFJ2Q=="],
+    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.2.4", "", { "dependencies": { "@emnapi/core": "^1.8.1", "@emnapi/runtime": "^1.8.1", "@emnapi/wasi-threads": "^1.1.0", "@napi-rs/wasm-runtime": "^1.1.1", "@tybys/wasm-util": "^0.10.1", "tslib": "^2.8.1" }, "cpu": "none" }, "sha512-FQsqApeor8Fo6gUEklzmaa9994orJZZDBAlQpK2Mq+DslRKFJeD6AjHpBQ0kZFQohVr8o85PPh8eOy86VlSCmw=="],
 
-    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.2.1", "", { "os": "win32", "cpu": "arm64" }, "sha512-YlUEHRHBGnCMh4Nj4GnqQyBtsshUPdiNroZj8VPkvTZSoHsilRCwXcVKnG9kyi0ZFAS/3u+qKHBdDc81SADTRA=="],
+    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.2.4", "", { "os": "win32", "cpu": "arm64" }, "sha512-L9BXqxC4ToVgwMFqj3pmZRqyHEztulpUJzCxUtLjobMCzTPsGt1Fa9enKbOpY2iIyVtaHNeNvAK8ERP/64sqGQ=="],
 
-    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.2.1", "", { "os": "win32", "cpu": "x64" }, "sha512-rbO34G5sMWWyrN/idLeVxAZgAKWrn5LiR3/I90Q9MkA67s6T1oB0xtTe+0heoBvHSpbU9Mk7i6uwJnpo4u21XQ=="],
+    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.2.4", "", { "os": "win32", "cpu": "x64" }, "sha512-ESlKG0EpVJQwRjXDDa9rLvhEAh0mhP1sF7sap9dNZT0yyl9SAG6T7gdP09EH0vIv0UNTlo6jPWyujD6559fZvw=="],
 
     "@tailwindcss/typography": ["@tailwindcss/typography@0.5.19", "", { "dependencies": { "postcss-selector-parser": "6.0.10" }, "peerDependencies": { "tailwindcss": ">=3.0.0 || insiders || >=4.0.0-alpha.20 || >=4.0.0-beta.1" } }, "sha512-w31dd8HOx3k9vPtcQh5QHP9GwKcgbMp87j58qi6xgiBnFFtKEAgCWnDw4qUT8aHwkCp8bKvb/KGKWWHedP0AAg=="],
 
-    "@tailwindcss/vite": ["@tailwindcss/vite@4.2.1", "", { "dependencies": { "@tailwindcss/node": "4.2.1", "@tailwindcss/oxide": "4.2.1", "tailwindcss": "4.2.1" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-TBf2sJjYeb28jD2U/OhwdW0bbOsxkWPwQ7SrqGf9sVcoYwZj7rkXljroBO9wKBut9XnmQLXanuDUeqQK0lGg/w=="],
+    "@tailwindcss/vite": ["@tailwindcss/vite@4.2.4", "", { "dependencies": { "@tailwindcss/node": "4.2.4", "@tailwindcss/oxide": "4.2.4", "tailwindcss": "4.2.4" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7 || ^8" } }, "sha512-pCvohwOCspk3ZFn6eJzrrX3g4n2JY73H6MmYC87XfGPyTty4YsCjYTMArRZm/zOI8dIt3+EcrLHAFPe5A4bgtw=="],
 
     "@tanstack/history": ["@tanstack/history@1.139.0", "", {}, "sha512-l6wcxwDBeh/7Dhles23U1O8lp9kNJmAb2yNjekR6olZwCRNAVA8TCXlVCrueELyFlYZqvQkh0ofxnzG62A1Kkg=="],
 
@@ -1514,13 +1569,13 @@
 
     "@tanstack/react-store": ["@tanstack/react-store@0.8.1", "", { "dependencies": { "@tanstack/store": "0.8.1", "use-sync-external-store": "^1.6.0" }, "peerDependencies": { "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-XItJt+rG8c5Wn/2L/bnxys85rBpm0BfMbhb4zmPVLXAKY9POrp1xd6IbU4PKoOI+jSEGc3vntPRfLGSgXfE2Ig=="],
 
-    "@tanstack/react-virtual": ["@tanstack/react-virtual@3.13.22", "", { "dependencies": { "@tanstack/virtual-core": "3.13.22" }, "peerDependencies": { "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-EaOrBBJLi3M0bTMQRjGkxLXRw7Gizwntoy5E2Q2UnSbML7Mo2a1P/Hfkw5tw9FLzK62bj34Jl6VNbQfRV6eJcA=="],
+    "@tanstack/react-virtual": ["@tanstack/react-virtual@3.13.24", "", { "dependencies": { "@tanstack/virtual-core": "3.14.0" }, "peerDependencies": { "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-aIJvz5OSkhNIhZIpYivrxrPTKYsjW9Uzy+sP/mx0S3sev2HyvPb7xmjbYvokzEpfgYHy/HjzJ2zFAETuUfgCpg=="],
 
     "@tanstack/router-core": ["@tanstack/router-core@1.139.7", "", { "dependencies": { "@tanstack/history": "1.139.0", "@tanstack/store": "^0.8.0", "cookie-es": "^2.0.0", "seroval": "^1.4.0", "seroval-plugins": "^1.4.0", "tiny-invariant": "^1.3.3", "tiny-warning": "^1.0.3" } }, "sha512-mqgsJi4/B2Jo6PXRUs1AsWA+06nqiqVZe1aXioA3vR6PesNeKUSXWfmIoYF6wOx3osiV0BnwB1JCBrInCOQSWA=="],
 
     "@tanstack/store": ["@tanstack/store@0.8.1", "", {}, "sha512-PtOisLjUZPz5VyPRSCGjNOlwTvabdTBQ2K80DpVL1chGVr35WRxfeavAPdNq6pm/t7F8GhoR2qtmkkqtCEtHYw=="],
 
-    "@tanstack/virtual-core": ["@tanstack/virtual-core@3.13.22", "", {}, "sha512-isuUGKsc5TAPDoHSbWTbl1SCil54zOS2MiWz/9GCWHPUQOvNTQx8qJEWC7UWR0lShhbK0Lmkcf0SZYxvch7G3g=="],
+    "@tanstack/virtual-core": ["@tanstack/virtual-core@3.14.0", "", {}, "sha512-JLANqGy/D6k4Ujmh8Tr25lGimuOXNiaVyXaCAZS0W+1390sADdGnyUdSWNIfd49gebtIxGMij4IktRVzrdr12Q=="],
 
     "@tiptap/core": ["@tiptap/core@3.20.2", "", { "peerDependencies": { "@tiptap/pm": "^3.20.2" } }, "sha512-zKW4LqZt+aNdvz9o4R0/j+D+gfhwzuFItwh7wbqz8g8bWi0jaV95VybeVFVKeg/KGTc3sAa4mm+hGgvgrY+Gvg=="],
 
@@ -1528,7 +1583,7 @@
 
     "@tiptap/extension-bold": ["@tiptap/extension-bold@3.20.2", "", { "peerDependencies": { "@tiptap/core": "^3.20.2" } }, "sha512-NLqh6ewHcDDPveTCL2f6BQcsDI5lubNjiyzvuYr0ZO9AV5Fqw8TkYwoKNijiYlgGRtm+pZLhMnf45gbLJQoymg=="],
 
-    "@tiptap/extension-bubble-menu": ["@tiptap/extension-bubble-menu@3.20.3", "", { "dependencies": { "@floating-ui/dom": "^1.0.0" }, "peerDependencies": { "@tiptap/core": "^3.20.3", "@tiptap/pm": "^3.20.3" } }, "sha512-21sVeo9ixzK44W6abCI3tbX3aSa9zwounqTkPArGCmk/imI9DQyo8JaZ+36KnnpWFJiKbiikMLhqrEdvV3Wj6w=="],
+    "@tiptap/extension-bubble-menu": ["@tiptap/extension-bubble-menu@3.22.4", "", { "dependencies": { "@floating-ui/dom": "^1.0.0" }, "peerDependencies": { "@tiptap/core": "3.22.4", "@tiptap/pm": "3.22.4" } }, "sha512-v4pux5Ql3THAEjaLMY4ldtdy/Xy2qU7PJLBkq8ugLp8qicaKC+tpqxp6sGif4vLIjz7Ap5hurRbTNbXzszyyHA=="],
 
     "@tiptap/extension-bullet-list": ["@tiptap/extension-bullet-list@3.20.2", "", { "peerDependencies": { "@tiptap/extension-list": "^3.20.2" } }, "sha512-LHmp945at3YYl2VPIg0bopyJioi52xK+YRurOz8A440EgCdnAkFa0UDGHxK/e4Y0R2y3xbPl+VBl3HzZjXPFuw=="],
 
@@ -1540,7 +1595,7 @@
 
     "@tiptap/extension-dropcursor": ["@tiptap/extension-dropcursor@3.20.2", "", { "peerDependencies": { "@tiptap/extensions": "^3.20.2" } }, "sha512-LpBZOOgTrFWkYneOWOd0xyB7HUGIZqrgEhL+Beohzxkx63uNRC3PxFAAXhju6wxcvQ49e/WMg++Z8EDwHb6f2Q=="],
 
-    "@tiptap/extension-floating-menu": ["@tiptap/extension-floating-menu@3.20.3", "", { "peerDependencies": { "@floating-ui/dom": "^1.0.0", "@tiptap/core": "^3.20.3", "@tiptap/pm": "^3.20.3" } }, "sha512-vojKVspzxlnC3DjVKhfbYkijNDDGzxHTA13Y6/J0cOJMGmx+M/QO05gjYKZMyw0JpmkhT9Rbcsg1bElwuI/SMw=="],
+    "@tiptap/extension-floating-menu": ["@tiptap/extension-floating-menu@3.22.4", "", { "peerDependencies": { "@floating-ui/dom": "^1.0.0", "@tiptap/core": "3.22.4", "@tiptap/pm": "3.22.4" } }, "sha512-DFuyYxgaZPgxum5z1yvJPbfYCvDdO8geXsdyqt0qYYdiat3aGE4ncJhiLRIFDhSHBhaZg5eCgu/YPYAN6jZnrA=="],
 
     "@tiptap/extension-gapcursor": ["@tiptap/extension-gapcursor@3.20.2", "", { "peerDependencies": { "@tiptap/extensions": "^3.20.2" } }, "sha512-IfQuD5XctZa+Xxy3mdjo9NTYbiMFqGPuzyh2ypHUqyuvIwxOIRhxTFaCijOGVYn1g3BH8nzGMhZ5rnZ48zIb6Q=="],
 
@@ -1602,7 +1657,7 @@
 
     "@types/babel__traverse": ["@types/babel__traverse@7.28.0", "", { "dependencies": { "@babel/types": "^7.28.2" } }, "sha512-8PvcXf70gTDZBgt9ptxJ8elBeBjcLOAcOtoO/mPJjtji1+CdGbHgm77om1GrsPxsiE+uXIpNSK64UYaIwQXd4Q=="],
 
-    "@types/bun": ["@types/bun@1.3.10", "", { "dependencies": { "bun-types": "1.3.10" } }, "sha512-0+rlrUrOrTSskibryHbvQkDOWRJwJZqZlxrUs1u4oOoTln8+WIXBPmAuCF35SWB2z4Zl3E84Nl/D0P7803nigQ=="],
+    "@types/bun": ["@types/bun@1.3.13", "", { "dependencies": { "bun-types": "1.3.13" } }, "sha512-9fqXWk5YIHGGnUau9TEi+qdlTYDAnOj+xLCmSTwXfAIqXr2x4tytJb43E9uCvt09zJURKXwAtkoH4nLQfzeTXw=="],
 
     "@types/d3-array": ["@types/d3-array@3.2.2", "", {}, "sha512-hOLWVbm7uRza0BYXpIIW5pxfrKe0W+D5lrFiAEYR+pb6w3N2SwSMaJbXdUfSEv+dT4MfHBLtn5js0LAWaO6otw=="],
 
@@ -1622,7 +1677,7 @@
 
     "@types/d3-timer": ["@types/d3-timer@3.0.2", "", {}, "sha512-Ps3T8E8dZDam6fUyNiMkekK3XUsaUEik+idO9/YjPtfj2qruF8tFBXS7XhtE4iIXBLxhmLjP3SXpLhVf21I9Lw=="],
 
-    "@types/debug": ["@types/debug@4.1.12", "", { "dependencies": { "@types/ms": "*" } }, "sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ=="],
+    "@types/debug": ["@types/debug@4.1.13", "", { "dependencies": { "@types/ms": "*" } }, "sha512-KSVgmQmzMwPlmtljOomayoR89W4FynCAi3E8PPs7vmDVPe84hT+vGPKkJfThkmXs0x0jAaa9U8uW8bbfyS2fWw=="],
 
     "@types/estree": ["@types/estree@1.0.8", "", {}, "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w=="],
 
@@ -1630,6 +1685,8 @@
 
     "@types/hast": ["@types/hast@3.0.4", "", { "dependencies": { "@types/unist": "*" } }, "sha512-WPs+bbQw5aCj+x6laNGWLH3wviHtoCv/P3+otBhbOhJgG8qtpdAMlTCxLtsTWA7LH1Oh/bFCHsBn0TPS5m30EQ=="],
 
+    "@types/js-yaml": ["@types/js-yaml@4.0.9", "", {}, "sha512-k4MGaQl5TGo/iipqb2UDG2UwjXziSWkh0uysQelTlJpX1qGlpUZYm8PnO4DxG1qBomtJUdYJ6qR6xdIah10JLg=="],
+
     "@types/json-schema": ["@types/json-schema@7.0.15", "", {}, "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA=="],
 
     "@types/linkify-it": ["@types/linkify-it@5.0.0", "", {}, "sha512-sVDA58zAw4eWAffKOaQH5/5j3XeayukzDk+ewSsnv3p4yJEZHCCzMDiZM8e0OUrRvmpGZ85jf4yDHkHsgBNr9Q=="],
@@ -1650,9 +1707,11 @@
 
     "@types/nlcst": ["@types/nlcst@2.0.3", "", { "dependencies": { "@types/unist": "*" } }, "sha512-vSYNSDe6Ix3q+6Z7ri9lyWqgGhJTmzRjZRqyq15N0Z/1/UnVsno9G/N40NBijoYx2seFDIl0+B2mgAb9mezUCA=="],
 
-    "@types/node": ["@types/node@24.12.0", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-GYDxsZi3ChgmckRT9HPU0WEhKLP08ev/Yfcq2AstjrDASOYCSXeyjDsHg4v5t4jOj7cyDX3vmprafKlWIG9MXQ=="],
+    "@types/node": ["@types/node@24.12.2", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-A1sre26ke7HDIuY/M23nd9gfB+nrmhtYyMINbjI1zHJxYteKR6qSMX56FsmjMcDb3SMcjJg5BiRRgOCC/yBD0g=="],
+
+    "@types/node-fetch": ["@types/node-fetch@2.6.13", "", { "dependencies": { "@types/node": "*", "form-data": "^4.0.4" } }, "sha512-QGpRVpzSaUs30JBSGPjOg4Uveu384erbHBoT1zeONvyCfwQxIkUshLAOqN/k9EjGviPRmWTTe6aH2qySWKTVSw=="],
 
-    "@types/pg": ["@types/pg@8.18.0", "", { "dependencies": { "@types/node": "*", "pg-protocol": "*", "pg-types": "^2.2.0" } }, "sha512-gT+oueVQkqnj6ajGJXblFR4iavIXWsGAFCk3dP4Kki5+a9R4NMt0JARdk6s8cUKcfUoqP5dAtDSLU8xYUTFV+Q=="],
+    "@types/pg": ["@types/pg@8.20.0", "", { "dependencies": { "@types/node": "*", "pg-protocol": "*", "pg-types": "^2.2.0" } }, "sha512-bEPFOaMAHTEP1EzpvHTbmwR8UsFyHSKsRisLIHVMXnpNefSbGA1bD6CVy+qKjGSqmZqNqBDV2azOBo8TgkcVow=="],
 
     "@types/react": ["@types/react@19.2.14", "", { "dependencies": { "csstype": "^3.2.2" } }, "sha512-ilcTH/UniCkMdtexkoCN0bI7pMcJDvmQFPvuPvmEaYA/NSfFTAgdUSLAoVjaRJm7+6PvcM+q1zYOwS4wTYMF9w=="],
 
@@ -1660,6 +1719,8 @@
 
     "@types/react-syntax-highlighter": ["@types/react-syntax-highlighter@15.5.13", "", { "dependencies": { "@types/react": "*" } }, "sha512-uLGJ87j6Sz8UaBAooU0T6lWJ0dBmjZgN1PZTrj05TNql2/XpC6+4HhMT5syIdFUUt+FASfCeLLv4kBygNU+8qA=="],
 
+    "@types/stream-buffers": ["@types/stream-buffers@3.0.8", "", { "dependencies": { "@types/node": "*" } }, "sha512-J+7VaHKNvlNPJPEJXX/fKa9DZtR/xPMwuIbe+yNOwp1YB+ApUOBv2aUpEoBJEi8nJgbgs1x8e73ttg0r1rSUdw=="],
+
     "@types/trusted-types": ["@types/trusted-types@2.0.7", "", {}, "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw=="],
 
     "@types/unist": ["@types/unist@3.0.3", "", {}, "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q=="],
@@ -1670,19 +1731,19 @@
 
     "@untitledui/icons": ["@untitledui/icons@0.0.19", "", { "peerDependencies": { "react": ">= 16" } }, "sha512-cZA7BBE5+piNpzO9CiXypbmGYSDqnT3WwHn6/TU7cUuYl7oUlwIn0AwW/kYDDkmJMPu/wRlnJDR1/OiXd4nqew=="],
 
-    "@vercel/nft": ["@vercel/nft@1.3.2", "", { "dependencies": { "@mapbox/node-pre-gyp": "^2.0.0", "@rollup/pluginutils": "^5.1.3", "acorn": "^8.6.0", "acorn-import-attributes": "^1.9.5", "async-sema": "^3.1.1", "bindings": "^1.4.0", "estree-walker": "2.0.2", "glob": "^13.0.0", "graceful-fs": "^4.2.9", "node-gyp-build": "^4.2.2", "picomatch": "^4.0.2", "resolve-from": "^5.0.0" }, "bin": { "nft": "out/cli.js" } }, "sha512-HC8venRc4Ya7vNeBsJneKHHMDDWpQie7VaKhAIOst3MKO+DES+Y/SbzSp8mFkD7OzwAE2HhHkeSuSmwS20mz3A=="],
+    "@vercel/nft": ["@vercel/nft@1.5.0", "", { "dependencies": { "@mapbox/node-pre-gyp": "^2.0.0", "@rollup/pluginutils": "^5.1.3", "acorn": "^8.6.0", "acorn-import-attributes": "^1.9.5", "async-sema": "^3.1.1", "bindings": "^1.4.0", "estree-walker": "2.0.2", "glob": "^13.0.0", "graceful-fs": "^4.2.9", "node-gyp-build": "^4.2.2", "picomatch": "^4.0.2", "resolve-from": "^5.0.0" }, "bin": { "nft": "out/cli.js" } }, "sha512-IWTDeIoWhQ7ZtRO/JRKH+jhmeQvZYhtGPmzw/QGDY+wDCQqfm25P9yIdoAFagu4fWsK4IwZXDFIjrmp5rRm/sA=="],
 
-    "@vercel/oidc": ["@vercel/oidc@3.1.0", "", {}, "sha512-Fw28YZpRnA3cAHHDlkt7xQHiJ0fcL+NRcIqsocZQUSmbzeIKRpwttJjik5ZGanXP+vlA4SbTg+AbA3bP363l+w=="],
+    "@vercel/oidc": ["@vercel/oidc@3.2.0", "", {}, "sha512-UycprH3T6n3jH0k44NHMa7pnFHGu/N05MjojYr+Mc6I7obkoLIJujSWwin1pCvdy/eOxrI/l3uDLQsmcrOb4ug=="],
 
     "@vitejs/plugin-react": ["@vitejs/plugin-react@5.2.0", "", { "dependencies": { "@babel/core": "^7.29.0", "@babel/plugin-transform-react-jsx-self": "^7.27.1", "@babel/plugin-transform-react-jsx-source": "^7.27.1", "@rolldown/pluginutils": "1.0.0-rc.3", "@types/babel__core": "^7.20.5", "react-refresh": "^0.18.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0" } }, "sha512-YmKkfhOAi3wsB1PhJq5Scj3GXMn3WvtQ/JC0xoopuHoXSdmtdStOpFrYaT1kie2YgFBcIe64ROzMYRjCrYOdYw=="],
 
     "@wojtekmaj/react-recaptcha-v3": ["@wojtekmaj/react-recaptcha-v3@0.1.4", "", { "dependencies": { "warning": "^4.0.0" }, "peerDependencies": { "@types/react": "^18.0.0 || ^19.0.0", "react": "^18.0.0 || ^19.0.0", "react-dom": "^18.0.0 || ^19.0.0" }, "optionalPeers": ["@types/react"] }, "sha512-zszMOdgI+y1Dz3496pRFr3t68n9+OmX/puLQNnOBDC7WrjM+nOKGyjIMCTe+3J14KDvzcxETeiglyDMGl0Yh/Q=="],
 
-    "@x0k/json-schema-merge": ["@x0k/json-schema-merge@1.0.2", "", { "dependencies": { "@types/json-schema": "^7.0.15" } }, "sha512-1734qiJHNX3+cJGDMMw2yz7R+7kpbAtl5NdPs1c/0gO5kYT6s4dMbLXiIfpZNsOYhGZI3aH7FWrj4Zxz7epXNg=="],
+    "@x0k/json-schema-merge": ["@x0k/json-schema-merge@1.0.3", "", { "dependencies": { "@types/json-schema": "^7.0.15" } }, "sha512-lerJC4sI9CNUQWdff3PnU1YJOqazD6TjMcvxZIPXUBjn4j1cUiXE0LvzhMnGYzKKr271TkvXJtH7gEwksrtn+w=="],
 
     "@xmldom/is-dom-node": ["@xmldom/is-dom-node@1.0.1", "", {}, "sha512-CJDxIgE5I0FH+ttq/Fxy6nRpxP70+e2O048EPe85J2use3XKdatVM7dDVvFNjQudd9B49NPoZ+8PG49zj4Er8Q=="],
 
-    "@xmldom/xmldom": ["@xmldom/xmldom@0.8.11", "", {}, "sha512-cQzWCtO6C8TQiYl1ruKNn2U6Ao4o4WBBcbL61yJl84x+j5sOWWFU9X7DpND8XZG3daDppSsigMdfAIl2upQBRw=="],
+    "@xmldom/xmldom": ["@xmldom/xmldom@0.8.13", "", {}, "sha512-KRYzxepc14G/CEpEGc3Yn+JKaAeT63smlDr+vjB8jRfgTBBI9wRj/nkQEO+ucV8p8I9bfKLWp37uHgFrbntPvw=="],
 
     "@xterm/addon-fit": ["@xterm/addon-fit@0.11.0", "", {}, "sha512-jYcgT6xtVYhnhgxh3QgYDnnNMYTcf8ElbxxFzX0IZo+vabQqSPAjC3c1wJrKB5E19VwQei89QCiZZP86DCPF7g=="],
 
@@ -1700,13 +1761,13 @@
 
     "agent-base": ["agent-base@7.1.4", "", {}, "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ=="],
 
-    "ai": ["ai@6.0.116", "", { "dependencies": { "@ai-sdk/gateway": "3.0.66", "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.19", "@opentelemetry/api": "1.9.0" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-7yM+cTmyRLeNIXwt4Vj+mrrJgVQ9RMIW5WO0ydoLoYkewIvsMcvUmqS4j2RJTUXaF1HphwmSKUMQ/HypNRGOmA=="],
+    "ai": ["ai@6.0.168", "", { "dependencies": { "@ai-sdk/gateway": "3.0.104", "@ai-sdk/provider": "3.0.8", "@ai-sdk/provider-utils": "4.0.23", "@opentelemetry/api": "1.9.0" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-2HqCJuO+1V2aV7vfYs5LFEUfxbkGX+5oa54q/gCCTL7KLTdbxcCu5D7TdLA5kwsrs3Szgjah9q6D9tpjHM3hUQ=="],
 
     "ai-sdk-provider-claude-code": ["ai-sdk-provider-claude-code@3.4.4", "", { "dependencies": { "@ai-sdk/provider": "^3.0.0", "@ai-sdk/provider-utils": "^4.0.1", "@anthropic-ai/claude-agent-sdk": "^0.2.63" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-iHcup5SHh4Tul1RIi9J+bnpngen8WX66yC3lsz1YlbtwAmRhUEzZUuGKzmFGIN8Pmx9uQrerGfLJdbFxIxKkyw=="],
 
     "ai-sdk-provider-codex-cli": ["ai-sdk-provider-codex-cli@1.1.0", "", { "dependencies": { "@ai-sdk/provider": "^3.0.0", "@ai-sdk/provider-utils": "^4.0.1", "jsonc-parser": "^3.3.1" }, "optionalDependencies": { "@openai/codex": "^0.105.0" }, "peerDependencies": { "zod": "^3.0.0 || ^4.0.0" } }, "sha512-l1ap+RAwCpdwEaLmB2cpQ4br+h2ut2IR0IvI88QvUMAAk5c3h2dSnx+vYZhwsOt1th3CS7FUQmvCTcnxqYshWg=="],
 
-    "ajv": ["ajv@8.18.0", "", { "dependencies": { "fast-deep-equal": "^3.1.3", "fast-uri": "^3.0.1", "json-schema-traverse": "^1.0.0", "require-from-string": "^2.0.2" } }, "sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A=="],
+    "ajv": ["ajv@8.20.0", "", { "dependencies": { "fast-deep-equal": "^3.1.3", "fast-uri": "^3.0.1", "json-schema-traverse": "^1.0.0", "require-from-string": "^2.0.2" } }, "sha512-Thbli+OlOj+iMPYFBVBfJ3OmCAnaSyNn4M1vz9T6Gka5Jt9ba/HIR56joy65tY6kx/FCF5VXNB819Y7/GUrBGA=="],
 
     "ajv-formats": ["ajv-formats@3.0.1", "", { "dependencies": { "ajv": "^8.0.0" } }, "sha512-8iUql50EUR+uUcdRQ3HDqa6EVyo3docL8g5WJ3FNcWmu62IbkGUue/pEyLBW8VGKKucTPgqeks4fIU1DA4yowQ=="],
 
@@ -1734,7 +1795,7 @@
 
     "asn1": ["asn1@0.2.6", "", { "dependencies": { "safer-buffer": "~2.1.0" } }, "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ=="],
 
-    "asn1js": ["asn1js@3.0.7", "", { "dependencies": { "pvtsutils": "^1.3.6", "pvutils": "^1.1.3", "tslib": "^2.8.1" } }, "sha512-uLvq6KJu04qoQM6gvBfKFjlh6Gl0vOKQuR5cJMDHQkmwfMOQeN3F3SHCv9SNYSL+CRoHvOGFfllDlVz03GQjvQ=="],
+    "asn1js": ["asn1js@3.0.10", "", { "dependencies": { "pvtsutils": "^1.3.6", "pvutils": "^1.1.5", "tslib": "^2.8.1" } }, "sha512-S2s3aOytiKdFRdulw2qPE51MzjzVOisppcVv7jVFR+Kw0kxwvFrDcYA0h7Ndqbmj0HkMIXYWaoj7fli8kgx1eg=="],
 
     "astring": ["astring@1.9.0", "", { "bin": { "astring": "bin/astring" } }, "sha512-LElXdjswlqjWrPpJFg1Fx4wpkOCxj1TDHlSV4PlaRxHGWko024xICaa97ZkMfs6DRKlCguiAI+rbXv5GWwXIkg=="],
 
@@ -1746,23 +1807,39 @@
 
     "async-sema": ["async-sema@3.1.1", "", {}, "sha512-tLRNUXati5MFePdAk8dw7Qt7DpxPB60ofAgn8WRhW6a2rcimZnYBP9oxHiv0OHy+Wz7kPMG+t4LGdt31+4EmGg=="],
 
+    "asynckit": ["asynckit@0.4.0", "", {}, "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="],
+
     "auto-bind": ["auto-bind@5.0.1", "", {}, "sha512-ooviqdwwgfIfNmDwo94wlshcdzfO64XV0Cg6oDsDYBJfITDz1EngD2z7DkbvCWn+XIMsIqW27sEVF6qcpJrRcg=="],
 
     "axobject-query": ["axobject-query@4.1.0", "", {}, "sha512-qIj0G9wZbMGNLjLmg1PT6v2mE9AH2zlnADJD/2tC6E00hgmhUOfEB6greHPAfLRSufHqROIUTkw6E+M3lH0PTQ=="],
 
+    "b4a": ["b4a@1.8.0", "", { "peerDependencies": { "react-native-b4a": "*" }, "optionalPeers": ["react-native-b4a"] }, "sha512-qRuSmNSkGQaHwNbM7J78Wwy+ghLEYF1zNrSeMxj4Kgw6y33O3mXcQ6Ie9fRvfU/YnxWkOchPXbaLb73TkIsfdg=="],
+
     "babel-plugin-react-compiler": ["babel-plugin-react-compiler@1.0.0", "", { "dependencies": { "@babel/types": "^7.26.0" } }, "sha512-Ixm8tFfoKKIPYdCCKYTsqv+Fd4IJ0DQqMyEimo+pxUOMUR9cVPlwTrFt9Avu+3cb6Zp3mAzl+t1MrG2fxxKsxw=="],
 
     "bail": ["bail@2.0.2", "", {}, "sha512-0xO6mYd7JB2YesxDKplafRpsiOzPt9V02ddPCLbY1xYGPOX24NTyN50qnUxgCPcSoYMhKpAuBTjQoRZCAkUDRw=="],
 
     "balanced-match": ["balanced-match@4.0.4", "", {}, "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA=="],
 
+    "bare-events": ["bare-events@2.8.2", "", { "peerDependencies": { "bare-abort-controller": "*" }, "optionalPeers": ["bare-abort-controller"] }, "sha512-riJjyv1/mHLIPX4RwiK+oW9/4c3TEUeORHKefKAKnZ5kyslbN+HXowtbaVEqt4IMUB7OXlfixcs6gsFeo/jhiQ=="],
+
+    "bare-fs": ["bare-fs@4.7.1", "", { "dependencies": { "bare-events": "^2.5.4", "bare-path": "^3.0.0", "bare-stream": "^2.6.4", "bare-url": "^2.2.2", "fast-fifo": "^1.3.2" }, "peerDependencies": { "bare-buffer": "*" }, "optionalPeers": ["bare-buffer"] }, "sha512-WDRsyVN52eAx/lBamKD6uyw8H4228h/x0sGGGegOamM2cd7Pag88GfMQalobXI+HaEUxpCkbKQUDOQqt9wawRw=="],
+
+    "bare-os": ["bare-os@3.9.0", "", {}, "sha512-JTjuZyNIDpw+GytMO4a6TK1VXdVKKJr6DRxEHasyuYyShV2deuiHJK/ahGZlebc+SG0/wJCB9XK8gprBGDFi/Q=="],
+
+    "bare-path": ["bare-path@3.0.0", "", { "dependencies": { "bare-os": "^3.0.1" } }, "sha512-tyfW2cQcB5NN8Saijrhqn0Zh7AnFNsnczRcuWODH0eYAXBsJ5gVxAUuNr7tsHSC6IZ77cA0SitzT+s47kot8Mw=="],
+
+    "bare-stream": ["bare-stream@2.13.0", "", { "dependencies": { "streamx": "^2.25.0", "teex": "^1.0.1" }, "peerDependencies": { "bare-abort-controller": "*", "bare-buffer": "*", "bare-events": "*" }, "optionalPeers": ["bare-abort-controller", "bare-buffer", "bare-events"] }, "sha512-3zAJRZMDFGjdn+RVnNpF9kuELw+0Fl3lpndM4NcEOhb9zwtSo/deETfuIwMSE5BXanA0FrN1qVjffGwAg2Y7EA=="],
+
+    "bare-url": ["bare-url@2.4.2", "", { "dependencies": { "bare-path": "^3.0.0" } }, "sha512-/9a2j4ac6ckpmAHvod/ob7x439OAHst/drc2Clnq+reRYd/ovddwcF4LfoxHyNk5AuGBnPg+HqFjmE/Zpq6v0A=="],
+
     "base-64": ["base-64@1.0.0", "", {}, "sha512-kwDPIFCGx0NZHog36dj+tHiwP4QMzsZ3AgMViUBKI0+V5n4U0ufTCUMhnQ04diaRI8EX/QcPfql7zlhZ7j4zgg=="],
 
-    "baseline-browser-mapping": ["baseline-browser-mapping@2.10.7", "", { "bin": { "baseline-browser-mapping": "dist/cli.cjs" } }, "sha512-1ghYO3HnxGec0TCGBXiDLVns4eCSx4zJpxnHrlqFQajmhfKMQBzUGDdkMK7fUW7PTHTeLf+j87aTuKuuwWzMGw=="],
+    "baseline-browser-mapping": ["baseline-browser-mapping@2.10.23", "", { "bin": { "baseline-browser-mapping": "dist/cli.cjs" } }, "sha512-xwVXGqevyKPsiuQdLj+dZMVjidjJV508TBqexND5HrF89cGdCYCJFB3qhcxRHSeMctdCfbR1jrxBajhDy7o29g=="],
 
     "better-auth": ["better-auth@1.4.5", "", { "dependencies": { "@better-auth/core": "1.4.5", "@better-auth/telemetry": "1.4.5", "@better-auth/utils": "0.3.0", "@better-fetch/fetch": "1.1.18", "@noble/ciphers": "^2.0.0", "@noble/hashes": "^2.0.0", "better-call": "1.1.4", "defu": "^6.1.4", "jose": "^6.1.0", "kysely": "^0.28.5", "ms": "4.0.0-nightly.202508271359", "nanostores": "^1.0.1", "zod": "^4.1.12" }, "peerDependencies": { "@lynx-js/react": "*", "@sveltejs/kit": "^2.0.0", "@tanstack/react-start": "^1.0.0", "next": "^14.0.0 || ^15.0.0 || ^16.0.0", "react": "^18.0.0 || ^19.0.0", "react-dom": "^18.0.0 || ^19.0.0", "solid-js": "^1.0.0", "svelte": "^4.0.0 || ^5.0.0", "vue": "^3.0.0" }, "optionalPeers": ["@lynx-js/react", "@sveltejs/kit", "@tanstack/react-start", "next", "react", "react-dom", "solid-js", "svelte", "vue"] }, "sha512-pHV2YE0OogRHvoA6pndHXCei4pcep/mjY7psSaHVrRgjBtumVI68SV1g9U9XPRZ4KkoGca9jfwuv+bB2UILiFw=="],
 
-    "better-call": ["better-call@1.1.5", "", { "dependencies": { "@better-auth/utils": "^0.3.0", "@better-fetch/fetch": "^1.1.4", "rou3": "^0.7.10", "set-cookie-parser": "^2.7.1" }, "peerDependencies": { "zod": "^4.0.0" }, "optionalPeers": ["zod"] }, "sha512-nQJ3S87v6wApbDwbZ++FrQiSiVxWvZdjaO+2v6lZJAG2WWggkB2CziUDjPciz3eAt9TqfRursIQMZIcpkBnvlw=="],
+    "better-call": ["better-call@2.0.2", "", { "dependencies": { "@better-auth/utils": "^0.3.1", "@better-fetch/fetch": "^1.1.21", "rou3": "^0.7.12", "set-cookie-parser": "^3.0.1" }, "peerDependencies": { "zod": "^4.0.0" }, "optionalPeers": ["zod"] }, "sha512-QqSKtfJD/ZzQdlm7BTUxT9RCA0AxcrZEMyU/yl7/uoFDoR7YCTdc555xQXjReo75M6/xkskPawPdhbn3fge4Cg=="],
 
     "binary-extensions": ["binary-extensions@2.3.0", "", {}, "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw=="],
 
@@ -1778,13 +1855,13 @@
 
     "boxen": ["boxen@8.0.1", "", { "dependencies": { "ansi-align": "^3.0.1", "camelcase": "^8.0.0", "chalk": "^5.3.0", "cli-boxes": "^3.0.0", "string-width": "^7.2.0", "type-fest": "^4.21.0", "widest-line": "^5.0.0", "wrap-ansi": "^9.0.0" } }, "sha512-F3PH5k5juxom4xktynS7MoFY+NUWH5LC4CnH11YB8NPew+HLpmBLCybSAEyb2F+4pRXhuhWqFesoQd6DAyc2hw=="],
 
-    "brace-expansion": ["brace-expansion@5.0.4", "", { "dependencies": { "balanced-match": "^4.0.2" } }, "sha512-h+DEnpVvxmfVefa4jFbCf5HdH5YMDXRsmKflpf1pILZWRFlTbJpxeU55nJl4Smt5HQaGzg1o6RHFPJaOqnmBDg=="],
+    "brace-expansion": ["brace-expansion@5.0.5", "", { "dependencies": { "balanced-match": "^4.0.2" } }, "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ=="],
 
     "braces": ["braces@3.0.3", "", { "dependencies": { "fill-range": "^7.1.1" } }, "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA=="],
 
-    "browserslist": ["browserslist@4.28.1", "", { "dependencies": { "baseline-browser-mapping": "^2.9.0", "caniuse-lite": "^1.0.30001759", "electron-to-chromium": "^1.5.263", "node-releases": "^2.0.27", "update-browserslist-db": "^1.2.0" }, "bin": { "browserslist": "cli.js" } }, "sha512-ZC5Bd0LgJXgwGqUknZY/vkUQ04r8NXnJZ3yYi4vDmSiZmC/pdSN0NbNRPxZpbtO4uAfDUAFffO8IZoM3Gj8IkA=="],
+    "browserslist": ["browserslist@4.28.2", "", { "dependencies": { "baseline-browser-mapping": "^2.10.12", "caniuse-lite": "^1.0.30001782", "electron-to-chromium": "^1.5.328", "node-releases": "^2.0.36", "update-browserslist-db": "^1.2.3" }, "bin": { "browserslist": "cli.js" } }, "sha512-48xSriZYYg+8qXna9kwqjIVzuQxi+KYWp2+5nCYnYKPTr0LvD89Jqk2Or5ogxz0NUMfIjhh2lIUX/LyX9B4oIg=="],
 
-    "bun-types": ["bun-types@1.3.10", "", { "dependencies": { "@types/node": "*" } }, "sha512-tcpfCCl6XWo6nCVnpcVrxQ+9AYN1iqMIzgrSKYMB/fjLtV2eyAVEg7AxQJuCq/26R6HpKWykQXuSOq/21RYcbg=="],
+    "bun-types": ["bun-types@1.3.13", "", { "dependencies": { "@types/node": "*" } }, "sha512-QXKeHLlOLqQX9LgYaHJfzdBaV21T63HhFJnvuRCcjZiaUDpbs5ED1MgxbMra71CsryN/1dAoXuJJJwIv/2drVA=="],
 
     "bundle-require": ["bundle-require@5.1.0", "", { "dependencies": { "load-tsconfig": "^0.2.3" }, "peerDependencies": { "esbuild": ">=0.18" } }, "sha512-3WrrOuZiyaaZPWiEt4G3+IffISVC9HYlWueJEBWED4ZH4aIAC2PnkdnuRrR94M+w6yGWn4AglWtJtBI8YqvgoA=="],
 
@@ -1798,7 +1875,7 @@
 
     "camelcase": ["camelcase@8.0.0", "", {}, "sha512-8WB3Jcas3swSvjIeA2yvCJ+Miyz5l1ZmB6HFb9R1317dt9LCQoswg/BGrmAmkWVEszSrrg4RwmO46qIm2OEnSA=="],
 
-    "caniuse-lite": ["caniuse-lite@1.0.30001778", "", {}, "sha512-PN7uxFL+ExFJO61aVmP1aIEG4i9whQd4eoSCebav62UwDyp5OHh06zN4jqKSMePVgxHifCw1QJxdRkA1Pisekg=="],
+    "caniuse-lite": ["caniuse-lite@1.0.30001791", "", {}, "sha512-yk0l/YSrOnFZk3UROpDLQD9+kC1l4meK/wed583AXrzoarMGJcbRi2Q4RaUYbKxYAsZ8sWmaSa/DsLmdBeI1vQ=="],
 
     "ccount": ["ccount@2.0.1", "", {}, "sha512-eyrF0jiFpY+3drT6383f1qhkbGsLSifNAjA61IUjZjmLCWjItY6LB9ft9YhoDgwfmclB2zhu51Lc7+95b8NRAg=="],
 
@@ -1832,7 +1909,7 @@
 
     "cli-truncate": ["cli-truncate@5.2.0", "", { "dependencies": { "slice-ansi": "^8.0.0", "string-width": "^8.2.0" } }, "sha512-xRwvIOMGrfOAnM1JYtqQImuaNtDEv9v6oIYAs4LIHwTiKee8uwvIi363igssOC0O5U04i4AlENs79LQLu9tEMw=="],
 
-    "cliui": ["cliui@8.0.1", "", { "dependencies": { "string-width": "^4.2.0", "strip-ansi": "^6.0.1", "wrap-ansi": "^7.0.0" } }, "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ=="],
+    "cliui": ["cliui@9.0.1", "", { "dependencies": { "string-width": "^7.2.0", "strip-ansi": "^7.1.0", "wrap-ansi": "^9.0.0" } }, "sha512-k7ndgKhwoQveBL+/1tqGJYNz097I7WOvwbmmU2AR5+magtbjPWQTS1C5vzGkBC8Ym8UWRzfKUzUUqFLypY4Q+w=="],
 
     "clsx": ["clsx@2.1.1", "", {}, "sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA=="],
 
@@ -1848,6 +1925,8 @@
 
     "colorjs.io": ["colorjs.io@0.5.2", "", {}, "sha512-twmVoizEW7ylZSN32OgKdXRmo1qg+wT5/6C3xu5b9QsWzSFAhHLn2xd8ro0diCsKfCj1RdaTP/nrcW+vAoQPIw=="],
 
+    "combined-stream": ["combined-stream@1.0.8", "", { "dependencies": { "delayed-stream": "~1.0.0" } }, "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg=="],
+
     "comlink": ["comlink@4.4.2", "", {}, "sha512-OxGdvBmJuNKSCMO4NTl1L47VRp6xn2wG4F/2hYzB6tiCb709otOxtEYCSvK80PtjODfXXZu8ds+Nw5kVCjqd2g=="],
 
     "comma-separated-tokens": ["comma-separated-tokens@2.0.3", "", {}, "sha512-Fu4hJdvzeylCfQPp9SGWidpzrMs7tTrlu6Vb8XGaRGck8QSNZJJp538Wrb60Lax4fPwR64ViY468OIUTbRlGZg=="],
@@ -1864,7 +1943,7 @@
 
     "consola": ["consola@3.4.2", "", {}, "sha512-5IKcdX0nnYavi6G7TtOhwkYzyjfJlatbjMjuLSfE2kYT5pMDOilZ4OvMhi637CcDICTmz3wARPoyhqyX1Y+XvA=="],
 
-    "content-disposition": ["content-disposition@1.0.1", "", {}, "sha512-oIXISMynqSqm241k6kcQ5UwttDILMK4BiurCfGEREw6+X9jkkpEe5T9FZaApyLGGOnFuyMWZpdolTXMtvEJ08Q=="],
+    "content-disposition": ["content-disposition@1.1.0", "", {}, "sha512-5jRCH9Z/+DRP7rkvY83B+yGIGX96OYdJmzngqnw2SBSxqCFPd0w2km3s5iawpGX8krnwSGmF0FW5Nhr0Hfai3g=="],
 
     "content-type": ["content-type@1.0.5", "", {}, "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA=="],
 
@@ -1874,13 +1953,13 @@
 
     "cookie": ["cookie@1.1.1", "", {}, "sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ=="],
 
-    "cookie-es": ["cookie-es@2.0.0", "", {}, "sha512-RAj4E421UYRgqokKUmotqAwuplYw15qtdXfY+hGzgCJ/MBjCVZcSoHK/kH9kocfjRjcDME7IiDWR/1WX1TM2Pg=="],
+    "cookie-es": ["cookie-es@2.0.1", "", {}, "sha512-aVf4A4hI2w70LnF7GG+7xDQUkliwiXWXFvTjkip4+b64ygDQ2sJPRSKFDHbxn8o0xu9QzPkMuuiWIXyFSE2slA=="],
 
     "cookie-signature": ["cookie-signature@1.2.2", "", {}, "sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg=="],
 
     "copy-anything": ["copy-anything@4.0.5", "", { "dependencies": { "is-what": "^5.2.0" } }, "sha512-7Vv6asjS4gMOuILabD3l739tsaxFQmC+a7pLZm02zyvs8p977bL3zEgq3yDk5rn9B0PbYgIv++jmHcuUab4RhA=="],
 
-    "core-js": ["core-js@3.48.0", "", {}, "sha512-zpEHTy1fjTMZCKLHUZoVeylt9XrzaIN2rbPXEt0k+q7JE5CkCZdo6bNq55bn24a69CH7ErAVLKijxJja4fw+UQ=="],
+    "core-js": ["core-js@3.49.0", "", {}, "sha512-es1U2+YTtzpwkxVLwAFdSpaIMyQaq0PBgm3YD1W3Qpsn1NAmO3KSgZfu+oGSWVu6NvLHoHCV/aYcsE5wiB7ALg=="],
 
     "cors": ["cors@2.8.6", "", { "dependencies": { "object-assign": "^4", "vary": "^1" } }, "sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw=="],
 
@@ -1940,29 +2019,29 @@
 
     "deepmerge": ["deepmerge@4.3.1", "", {}, "sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A=="],
 
-    "defu": ["defu@6.1.4", "", {}, "sha512-mEQCMmwJu317oSz8CwdIOdwf3xMif1ttiM8LTufzc3g6kR+9Pe236twL8j3IYT1F7GfRgGcW6MWxzZjLIkuHIg=="],
+    "defu": ["defu@6.1.7", "", {}, "sha512-7z22QmUWiQ/2d0KkdYmANbRUVABpZ9SNYyH5vx6PZ+nE5bcC0l7uFvEfHlyld/HcGBFTL536ClDt3DEcSlEJAQ=="],
 
     "degit": ["degit@2.8.4", "", { "bin": { "degit": "degit" } }, "sha512-vqYuzmSA5I50J882jd+AbAhQtgK6bdKUJIex1JNfEUPENCgYsxugzKVZlFyMwV4i06MmnV47/Iqi5Io86zf3Ng=="],
 
+    "delayed-stream": ["delayed-stream@1.0.0", "", {}, "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ=="],
+
     "depd": ["depd@2.0.0", "", {}, "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw=="],
 
     "dequal": ["dequal@2.0.3", "", {}, "sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA=="],
 
     "destr": ["destr@2.0.5", "", {}, "sha512-ugFTXCtDZunbzasqBxrK93Ik/DRYsO6S/fedkWEMKqt04xZ4csmnmwGDBAb07QWNaGMAmnTIemsYZCksjATwsA=="],
 
-    "detect-europe-js": ["detect-europe-js@0.1.2", "", {}, "sha512-lgdERlL3u0aUdHocoouzT10d9I89VVhk0qNRmll7mXdGfJT1/wqZ2ZLA4oJAjeACPY5fT1wsbq2AT+GkuInsow=="],
-
     "detect-libc": ["detect-libc@2.1.2", "", {}, "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ=="],
 
     "detect-node-es": ["detect-node-es@1.1.0", "", {}, "sha512-ypdmJU/TbBby2Dxibuv7ZLW3Bs1QEmM7nHjEANfohJLvE0XVujisn1qPJcZxg+qDucsr+bP6fLD1rPS3AhJ7EQ=="],
 
     "deterministic-object-hash": ["deterministic-object-hash@2.0.2", "", { "dependencies": { "base-64": "^1.0.0" } }, "sha512-KxektNH63SrbfUyDiwXqRb1rLwKt33AmMv+5Nhsw1kqZ13SJBRTgZHtGbE+hH3a1mVW1cz+4pqSWVPAtLVXTzQ=="],
 
-    "devalue": ["devalue@5.6.4", "", {}, "sha512-Gp6rDldRsFh/7XuouDbxMH3Mx8GMCcgzIb1pDTvNyn8pZGQ22u+Wa+lGV9dQCltFQ7uVw0MhRyb8XDskNFOReA=="],
+    "devalue": ["devalue@5.7.1", "", {}, "sha512-MUbZ586EgQqdRnC4yDrlod3BEdyvE4TapGYHMW2CiaW+KkkFmWEFqBUaLltEZCGi0iFXCEjRF0OjF0DV2QHjOA=="],
 
     "devlop": ["devlop@1.1.0", "", { "dependencies": { "dequal": "^2.0.0" } }, "sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA=="],
 
-    "diff": ["diff@8.0.3", "", {}, "sha512-qejHi7bcSD4hQAZE0tNAawRK1ZtafHDmMTMkrrIGgSLl7hTnQHmKCeB45xAcbfTqK2zowkM3j3bHt/4b/ARbYQ=="],
+    "diff": ["diff@8.0.4", "", {}, "sha512-DPi0FmjiSU5EvQV0++GFDOJ9ASQUVFh5kD+OzOnYdi7n3Wpm9hWWGfB/O2blfHcMVTL5WkQXSnRiK9makhrcnw=="],
 
     "dlv": ["dlv@1.1.3", "", {}, "sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA=="],
 
@@ -1974,11 +2053,11 @@
 
     "domhandler": ["domhandler@5.0.3", "", { "dependencies": { "domelementtype": "^2.3.0" } }, "sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w=="],
 
-    "dompurify": ["dompurify@3.2.7", "", { "optionalDependencies": { "@types/trusted-types": "^2.0.7" } }, "sha512-WhL/YuveyGXJaerVlMYGWhvQswa7myDG17P7Vu65EWC05o8vfeNbvNf4d/BOvH99+ZW+LlQsc1GDKMa1vNK6dw=="],
+    "dompurify": ["dompurify@3.4.1", "", { "optionalDependencies": { "@types/trusted-types": "^2.0.7" } }, "sha512-JahakDAIg1gyOm7dlgWSDjV4n7Ip2PKR55NIT6jrMfIgLFgWo81vdr1/QGqWtFNRqXP9UV71oVePtjqS2ebnPw=="],
 
     "domutils": ["domutils@3.2.2", "", { "dependencies": { "dom-serializer": "^2.0.0", "domelementtype": "^2.3.0", "domhandler": "^5.0.3" } }, "sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw=="],
 
-    "dotenv": ["dotenv@17.4.1", "", {}, "sha512-k8DaKGP6r1G30Lx8V4+pCsLzKr8vLmV2paqEj1Y55GdAgJuIqpRp5FfajGF8KtwMxCz9qJc6wUIJnm053d/WCw=="],
+    "dotenv": ["dotenv@17.4.2", "", {}, "sha512-nI4U3TottKAcAD9LLud4Cb7b2QztQMUEfHbvhTH09bqXTxnSie8WnjPALV/WMCrJZ6UV/qHJ6L03OqO3LcdYZw=="],
 
     "dotenv-expand": ["dotenv-expand@11.0.7", "", { "dependencies": { "dotenv": "^16.4.5" } }, "sha512-zIHwmZPRshsCdpMDyVsqGmgyP0yT8GAgXUnkdAoJisxvf33k7yO6OuoKmcTGuXPWSsm8Oh88nZicRLA9Y0rUeA=="],
 
@@ -1990,11 +2069,11 @@
 
     "ejs": ["ejs@3.1.10", "", { "dependencies": { "jake": "^10.8.5" }, "bin": { "ejs": "bin/cli.js" } }, "sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA=="],
 
-    "electron-to-chromium": ["electron-to-chromium@1.5.313", "", {}, "sha512-QBMrTWEf00GXZmJyx2lbYD45jpI3TUFnNIzJ5BBc8piGUDwMPa1GV6HJWTZVvY/eiN3fSopl7NRbgGp9sZ9LTA=="],
+    "electron-to-chromium": ["electron-to-chromium@1.5.344", "", {}, "sha512-4MxfbmNDm+KPh066EZy+eUnkcDPcZ35wNmOWzFuh/ijvHsve6kbLTLURy88uCNK5FbpN+yk2nQY6BYh1GEt+wg=="],
 
     "elen": ["elen@1.0.10", "", {}, "sha512-ZL799/V/kzxYJ6Wlfktreq6qQWfGc3VkGUQJW5lZQ8/MhsQiKTAwERPfhEwIsV2movRGe2DfV7H2MjRw76Z7Wg=="],
 
-    "embedded-postgres": ["embedded-postgres@18.3.0-beta.16", "", { "dependencies": { "async-exit-hook": "^2.0.1", "pg": "^8.7.3" }, "optionalDependencies": { "@embedded-postgres/darwin-arm64": "^18.3.0-beta.16", "@embedded-postgres/darwin-x64": "^18.3.0-beta.16", "@embedded-postgres/linux-arm": "^18.3.0-beta.16", "@embedded-postgres/linux-arm64": "^18.3.0-beta.16", "@embedded-postgres/linux-ia32": "^18.3.0-beta.16", "@embedded-postgres/linux-ppc64": "^18.3.0-beta.16", "@embedded-postgres/linux-x64": "^18.3.0-beta.16", "@embedded-postgres/windows-x64": "^18.3.0-beta.16" } }, "sha512-iCe14miQhWUr1MqER2NUnFlylXk2+8cILCqTCo7gvi2tKq4jZM0Mofy+e7ZXOy5mILh+8EdvJ1USobFK33SJow=="],
+    "embedded-postgres": ["embedded-postgres@18.3.0-beta.17", "", { "dependencies": { "async-exit-hook": "^2.0.1", "pg": "^8.7.3" }, "optionalDependencies": { "@embedded-postgres/darwin-arm64": "^18.3.0-beta.17", "@embedded-postgres/darwin-x64": "^18.3.0-beta.17", "@embedded-postgres/linux-arm": "^18.3.0-beta.17", "@embedded-postgres/linux-arm64": "^18.3.0-beta.17", "@embedded-postgres/linux-ia32": "^18.3.0-beta.17", "@embedded-postgres/linux-ppc64": "^18.3.0-beta.17", "@embedded-postgres/linux-x64": "^18.3.0-beta.17", "@embedded-postgres/windows-x64": "^18.3.0-beta.17" } }, "sha512-1biFWyuPVtAV5S9RBgcr4PGuAdNL9WhnNZVQ5Arp3gsB24Ci9X9s/8Z7RFYFSc6tJWcj9kzF55YcDAcr3jLUbQ=="],
 
     "embla-carousel": ["embla-carousel@8.6.0", "", {}, "sha512-SjWyZBHJPbqxHOzckOfo8lHisEaJWmwd23XppYFYVh10bU66/Pn5tkVkbkCMZVdbUE5eTCI2nD8OyIP4Z+uwkA=="],
 
@@ -2006,7 +2085,9 @@
 
     "encodeurl": ["encodeurl@2.0.0", "", {}, "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg=="],
 
-    "enhanced-resolve": ["enhanced-resolve@5.20.0", "", { "dependencies": { "graceful-fs": "^4.2.4", "tapable": "^2.3.0" } }, "sha512-/ce7+jQ1PQ6rVXwe+jKEg5hW5ciicHwIQUagZkp6IufBoY3YDgdTTY1azVs0qoRgVmvsNB+rbjLJxDAeHHtwsQ=="],
+    "end-of-stream": ["end-of-stream@1.4.5", "", { "dependencies": { "once": "^1.4.0" } }, "sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg=="],
+
+    "enhanced-resolve": ["enhanced-resolve@5.21.0", "", { "dependencies": { "graceful-fs": "^4.2.4", "tapable": "^2.3.3" } }, "sha512-otxSQPw4lkOZWkHpB3zaEQs6gWYEsmX4xQF68ElXC/TWvGxGMSGOvoNbaLXm6/cS/fSfHtsEdw90y20PCd+sCA=="],
 
     "entities": ["entities@4.5.0", "", {}, "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw=="],
 
@@ -2022,7 +2103,9 @@
 
     "es-object-atoms": ["es-object-atoms@1.1.1", "", { "dependencies": { "es-errors": "^1.3.0" } }, "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA=="],
 
-    "es-toolkit": ["es-toolkit@1.45.1", "", {}, "sha512-/jhoOj/Fx+A+IIyDNOvO3TItGmlMKhtX8ISAHKE90c4b/k1tqaqEZ+uUqfpU8DMnW5cgNJv606zS55jGvza0Xw=="],
+    "es-set-tostringtag": ["es-set-tostringtag@2.1.0", "", { "dependencies": { "es-errors": "^1.3.0", "get-intrinsic": "^1.2.6", "has-tostringtag": "^1.0.2", "hasown": "^2.0.2" } }, "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA=="],
+
+    "es-toolkit": ["es-toolkit@1.46.0", "", {}, "sha512-IToJ6ct9OLl5zz6WsC/1vZEwfSZ7Myil+ygl5Tf30Xjn9AEkzNB4kqp2G7VUJKF1DtTx/ra5M5KLlXvzOg51BA=="],
 
     "esast-util-from-estree": ["esast-util-from-estree@2.0.0", "", { "dependencies": { "@types/estree-jsx": "^1.0.0", "devlop": "^1.0.0", "estree-util-visit": "^2.0.0", "unist-util-position-from-estree": "^2.0.0" } }, "sha512-4CyanoAudUSBAn5K13H4JhsMH6L9ZP7XbLVe/dKybkxMO7eDyLsT8UHl9TRNrU2Gr9nz+FovfSIjuXWJ81uVwQ=="],
 
@@ -2054,13 +2137,15 @@
 
     "eventemitter3": ["eventemitter3@4.0.7", "", {}, "sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw=="],
 
+    "events-universal": ["events-universal@1.0.1", "", { "dependencies": { "bare-events": "^2.7.0" } }, "sha512-LUd5euvbMLpwOF8m6ivPCbhQeSiYVNb8Vs0fQ8QjXo0JTkEHpz8pxdQf0gStltaPpw0Cca8b39KxvK9cfKRiAw=="],
+
     "eventsource": ["eventsource@3.0.7", "", { "dependencies": { "eventsource-parser": "^3.0.1" } }, "sha512-CRT1WTyuQoD771GW56XEZFQ/ZoSfWid1alKGDYMmkt2yl8UXrVR4pspqWNEcqKvVIzg6PAltWjxcSSPrboA4iA=="],
 
-    "eventsource-parser": ["eventsource-parser@3.0.6", "", {}, "sha512-Vo1ab+QXPzZ4tCa8SwIHJFaSzy4R6SHf7BY79rFBDf0idraZWAkYrDjDj8uWaSm3S2TK+hJ7/t1CEmZ7jXw+pg=="],
+    "eventsource-parser": ["eventsource-parser@3.0.8", "", {}, "sha512-70QWGkr4snxr0OXLRWsFLeRBIRPuQOvt4s8QYjmUlmlkyTZkRqS7EDVRZtzU3TiyDbXSzaOeF0XUKy8PchzukQ=="],
 
     "express": ["express@5.2.1", "", { "dependencies": { "accepts": "^2.0.0", "body-parser": "^2.2.1", "content-disposition": "^1.0.0", "content-type": "^1.0.5", "cookie": "^0.7.1", "cookie-signature": "^1.2.1", "debug": "^4.4.0", "depd": "^2.0.0", "encodeurl": "^2.0.0", "escape-html": "^1.0.3", "etag": "^1.8.1", "finalhandler": "^2.1.0", "fresh": "^2.0.0", "http-errors": "^2.0.0", "merge-descriptors": "^2.0.0", "mime-types": "^3.0.0", "on-finished": "^2.4.1", "once": "^1.4.0", "parseurl": "^1.3.3", "proxy-addr": "^2.0.7", "qs": "^6.14.0", "range-parser": "^1.2.1", "router": "^2.2.0", "send": "^1.1.0", "serve-static": "^2.2.0", "statuses": "^2.0.1", "type-is": "^2.0.1", "vary": "^1.1.2" } }, "sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw=="],
 
-    "express-rate-limit": ["express-rate-limit@8.3.1", "", { "dependencies": { "ip-address": "10.1.0" }, "peerDependencies": { "express": ">= 4.11" } }, "sha512-D1dKN+cmyPWuvB+G2SREQDzPY1agpBIcTa9sJxOPMCNeH3gwzhqJRDWCXW3gg0y//+LQ/8j52JbMROWyrKdMdw=="],
+    "express-rate-limit": ["express-rate-limit@8.4.1", "", { "dependencies": { "ip-address": "10.1.0" }, "peerDependencies": { "express": ">= 4.11" } }, "sha512-NGVYwQSAyEQgzxX1iCM978PP9AdO/hW93gMcF6ZwQCm+rFvLsBH6w4xcXWTcliS8La5EPRN3p9wzItqBwJrfNw=="],
 
     "extend": ["extend@3.0.2", "", {}, "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="],
 
@@ -2068,11 +2153,13 @@
 
     "fast-equals": ["fast-equals@5.4.0", "", {}, "sha512-jt2DW/aNFNwke7AUd+Z+e6pz39KO5rzdbbFCg2sGafS4mk13MI7Z8O5z9cADNn5lhGODIgLwug6TZO2ctf7kcw=="],
 
+    "fast-fifo": ["fast-fifo@1.3.2", "", {}, "sha512-/d9sfos4yxzpwkDkuN7k2SqFKtYNmCTzgfEpz82x34IM9/zc8KGxQoXg1liNC/izpRM/MBdt44Nmx41ZWqk+FQ=="],
+
     "fast-glob": ["fast-glob@3.3.3", "", { "dependencies": { "@nodelib/fs.stat": "^2.0.2", "@nodelib/fs.walk": "^1.2.3", "glob-parent": "^5.1.2", "merge2": "^1.3.0", "micromatch": "^4.0.8" } }, "sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg=="],
 
     "fast-uri": ["fast-uri@3.1.0", "", {}, "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA=="],
 
-    "fast-xml-builder": ["fast-xml-builder@1.1.3", "", { "dependencies": { "path-expression-matcher": "^1.1.3" } }, "sha512-1o60KoFw2+LWKQu3IdcfcFlGTW4dpqEWmjhYec6H82AYZU2TVBXep6tMl8Z1Y+wM+ZrzCwe3BZ9Vyd9N2rIvmg=="],
+    "fast-xml-builder": ["fast-xml-builder@1.1.5", "", { "dependencies": { "path-expression-matcher": "^1.1.3" } }, "sha512-4TJn/8FKLeslLAH3dnohXqE3QSoxkhvaMzepOIZytwJXZO69Bfz0HBdDHzOTOon6G59Zrk6VQ2bEiv1t61rfkA=="],
 
     "fast-xml-parser": ["fast-xml-parser@5.4.2", "", { "dependencies": { "fast-xml-builder": "^1.0.0", "strnum": "^2.1.2" }, "bin": { "fxparser": "src/cli/cli.js" } }, "sha512-pw/6pIl4k0CSpElPEJhDppLzaixDEuWui2CUQQBH/ECDf7+y6YwA4Gf7Tyb0Rfe4DIMuZipYj4AEL0nACKglvQ=="],
 
@@ -2084,6 +2171,8 @@
 
     "fdir": ["fdir@6.5.0", "", { "peerDependencies": { "picomatch": "^3 || ^4" }, "optionalPeers": ["picomatch"] }, "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg=="],
 
+    "fflate": ["fflate@0.4.8", "", {}, "sha512-FJqqoDBR00Mdj9ppamLa/Y7vxm+PRmNWA67N846RvsoYVMKB4q3y/de5PA7gUmRMYK/8CMz2GDZQmCRN1wBcWA=="],
+
     "figures": ["figures@6.1.0", "", { "dependencies": { "is-unicode-supported": "^2.0.0" } }, "sha512-d+l3qxjSesT4V7v2fh+QnmFnUWv9lSpjarhShNTgBOfA0ttejbQUAlHLitbjkoRiDulW0OPoQPYIGhIC8ohejg=="],
 
     "file-uri-to-path": ["file-uri-to-path@1.0.0", "", {}, "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw=="],
@@ -2102,12 +2191,16 @@
 
     "fontkitten": ["fontkitten@1.0.3", "", { "dependencies": { "tiny-inflate": "^1.0.3" } }, "sha512-Wp1zXWPVUPBmfoa3Cqc9ctaKuzKAV6uLstRqlR56kSjplf5uAce+qeyYym7F+PHbGTk+tCEdkCW6RD7DX/gBZw=="],
 
+    "form-data": ["form-data@4.0.5", "", { "dependencies": { "asynckit": "^0.4.0", "combined-stream": "^1.0.8", "es-set-tostringtag": "^2.1.0", "hasown": "^2.0.2", "mime-types": "^2.1.12" } }, "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w=="],
+
     "format": ["format@0.2.2", "", {}, "sha512-wzsgA6WOq+09wrU1tsJ09udeR/YZRaeArL9e1wPbFg3GG2yDnC2ldKpxs4xunpFF9DgqCqOIra3bc1HWrJ37Ww=="],
 
     "formatly": ["formatly@0.3.0", "", { "dependencies": { "fd-package-json": "^2.0.0" }, "bin": { "formatly": "bin/index.mjs" } }, "sha512-9XNj/o4wrRFyhSMJOvsuyMwy8aUfBaZ1VrqHVfohyXf0Sw0e+yfKG+xZaY3arGCOMdwFsqObtzVOc1gU9KiT9w=="],
 
     "forwarded": ["forwarded@0.2.0", "", {}, "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow=="],
 
+    "freestyle": ["freestyle@0.1.49", "", { "optionalDependencies": { "dotenv": "^17.3.1", "glob": "^13.0.0", "yargs": "^18.0.0" }, "bin": { "freestyle": "cli.mjs", "freestyle-sandboxes": "cli.mjs" } }, "sha512-lRjWNhk0nPjR3rto4D7cA03uvKMCo1U3V5XJhY6RKSyIbplWRlDjmSA45rA060svNWBU6HSHNVnR4cYHpSLeMg=="],
+
     "freestyle-sandboxes": ["freestyle-sandboxes@0.1.46", "", { "optionalDependencies": { "dotenv": "^17.3.1", "glob": "^13.0.0", "yargs": "^18.0.0" }, "bin": { "freestyle": "cli.mjs", "freestyle-sandboxes": "cli.mjs" } }, "sha512-iQ+nd9xcqALozY+XV0X4eIl/TlpWCvPSrSBB3WA9vRu/mVkUO2vTcItu3FJwB1j4bQry/RMNNQrlItFmZu+bcg=="],
 
     "fresh": ["fresh@2.0.0", "", {}, "sha512-Rx/WycZ60HOaqLKAi6cHRKKI7zxWbJ31MhntmtwMoaTeF7XFH9hhBp8vITaMidfljRQ6eYWCKkaTK+ykVJHP2A=="],
@@ -2134,7 +2227,7 @@
 
     "get-proto": ["get-proto@1.0.1", "", { "dependencies": { "dunder-proto": "^1.0.1", "es-object-atoms": "^1.0.0" } }, "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g=="],
 
-    "get-tsconfig": ["get-tsconfig@4.13.6", "", { "dependencies": { "resolve-pkg-maps": "^1.0.0" } }, "sha512-shZT/QMiSHc/YBLxxOkMtgSid5HFoauqCE3/exfsEcwg1WkeqjG+V40yBbBrsD+jW2HDXcs28xOfcbm2jI8Ddw=="],
+    "get-tsconfig": ["get-tsconfig@4.14.0", "", { "dependencies": { "resolve-pkg-maps": "^1.0.0" } }, "sha512-yTb+8DXzDREzgvYmh6s9vHsSVCHeC0G3PI5bEXNBHtmshPnO+S5O7qgLEOn0I5QvMy6kpZN8K1NKGyilLb93wA=="],
 
     "git-diff": ["git-diff@2.0.6", "", { "dependencies": { "chalk": "^2.3.2", "diff": "^3.5.0", "loglevel": "^1.6.1", "shelljs": "^0.8.1", "shelljs.exec": "^1.1.7" } }, "sha512-/Iu4prUrydE3Pb3lCBMbcSNIf81tgGt0W1ZwknnyF62t3tHmtiJTRj0f+1ZIhp3+Rh0ktz1pJVoa7ZXUCskivA=="],
 
@@ -2152,13 +2245,15 @@
 
     "graceful-fs": ["graceful-fs@4.2.11", "", {}, "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ=="],
 
-    "h3": ["h3@1.15.6", "", { "dependencies": { "cookie-es": "^1.2.2", "crossws": "^0.3.5", "defu": "^6.1.4", "destr": "^2.0.5", "iron-webcrypto": "^1.2.1", "node-mock-http": "^1.0.4", "radix3": "^1.1.2", "ufo": "^1.6.3", "uncrypto": "^0.1.3" } }, "sha512-oi15ESLW5LRthZ+qPCi5GNasY/gvynSKUQxgiovrY63bPAtG59wtM+LSrlcwvOHAXzGrXVLnI97brbkdPF9WoQ=="],
+    "h3": ["h3@1.15.11", "", { "dependencies": { "cookie-es": "^1.2.3", "crossws": "^0.3.5", "defu": "^6.1.6", "destr": "^2.0.5", "iron-webcrypto": "^1.2.1", "node-mock-http": "^1.0.4", "radix3": "^1.1.2", "ufo": "^1.6.3", "uncrypto": "^0.1.3" } }, "sha512-L3THSe2MPeBwgIZVSH5zLdBBU90TOxarvhK9d04IDY2AmVS8j2Jz2LIWtwsGOU3lu2I5jCN7FNvVfY2+XyF+mg=="],
 
     "has-flag": ["has-flag@4.0.0", "", {}, "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ=="],
 
     "has-symbols": ["has-symbols@1.1.0", "", {}, "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ=="],
 
-    "hasown": ["hasown@2.0.2", "", { "dependencies": { "function-bind": "^1.1.2" } }, "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ=="],
+    "has-tostringtag": ["has-tostringtag@1.0.2", "", { "dependencies": { "has-symbols": "^1.0.3" } }, "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw=="],
+
+    "hasown": ["hasown@2.0.3", "", { "dependencies": { "function-bind": "^1.1.2" } }, "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg=="],
 
     "hast-util-from-html": ["hast-util-from-html@2.0.3", "", { "dependencies": { "@types/hast": "^3.0.0", "devlop": "^1.1.0", "hast-util-from-parse5": "^8.0.0", "parse5": "^7.0.0", "vfile": "^6.0.0", "vfile-message": "^4.0.0" } }, "sha512-CUSRHXyKjzHov8yKsQjGOElXy/3EKpyX56ELnkHH34vDVw1N1XSQ1ZcAvTyAPtGqLTuKP/uxM+aLkSPqF/EtMw=="],
 
@@ -2190,7 +2285,9 @@
 
     "hoist-non-react-statics": ["hoist-non-react-statics@3.3.2", "", { "dependencies": { "react-is": "^16.7.0" } }, "sha512-/gGivxi8JPKWNm/W0jSmzcMPpfpPLc3dY/6GxhX2hQ9iGj3aDfklV4ET7NjKpSinLpJ5vafa9iiGIEZg10SfBw=="],
 
-    "hono": ["hono@4.12.7", "", {}, "sha512-jq9l1DM0zVIvsm3lv9Nw9nlJnMNPOcAtsbsgiUhWcFzPE99Gvo6yRTlszSLLYacMeQ6quHD6hMfId8crVHvexw=="],
+    "hono": ["hono@4.12.15", "", {}, "sha512-qM0jDhFEaCBb4TxoW7f53Qrpv9RBiayUHo0S52JudprkhvpjIrGoU1mnnr29Fvd1U335ZFPZQY1wlkqgfGXyLg=="],
+
+    "hpagent": ["hpagent@1.2.0", "", {}, "sha512-A91dYTeIB6NoXG+PxTQpCCDDnfHsW9kc06Lvpu1TEe9gnd6ZFeiBoRO9JvzEv6xK7EX97/dUE8g/vBMTqTS3CA=="],
 
     "html-escaper": ["html-escaper@3.0.3", "", {}, "sha512-RuMffC89BOWQoY0WKGpIhn5gX3iI54O6nRA0yC124NYVtzjmFWBIiFd8M0x+ZdX0P9R4lADg1mgP8C7PxGOWuQ=="],
 
@@ -2272,23 +2369,23 @@
 
     "is-promise": ["is-promise@4.0.0", "", {}, "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ=="],
 
-    "is-standalone-pwa": ["is-standalone-pwa@0.1.1", "", {}, "sha512-9Cbovsa52vNQCjdXOzeQq5CnCbAcRk05aU62K20WO372NrTv0NxibLFCK6lQ4/iZEFdEA3p3t2VNOn8AJ53F5g=="],
-
     "is-unicode-supported": ["is-unicode-supported@2.1.0", "", {}, "sha512-mE00Gnza5EEB3Ds0HfMyllZzbBrmLOX3vfWoj9A9PEnTfratQ/BcaJOuMhnkhjXvb2+FkY3VuHqtAGpTPmglFQ=="],
 
     "is-what": ["is-what@5.5.0", "", {}, "sha512-oG7cgbmg5kLYae2N5IVd3jm2s+vldjxJzK1pcu9LfpGuQ93MQSzo0okvRna+7y5ifrD+20FE8FvjusyGaz14fw=="],
 
     "is-wsl": ["is-wsl@3.1.1", "", { "dependencies": { "is-inside-container": "^1.0.0" } }, "sha512-e6rvdUCiQCAuumZslxRJWR/Doq4VpPR82kqclvcS0efgt430SlGIk05vdCN58+VrzgtIcfNODjozVielycD4Sw=="],
 
-    "isbot": ["isbot@5.1.36", "", {}, "sha512-C/ZtXyJqDPZ7G7JPr06ApWyYoHjYexQbS6hPYD4WYCzpv2Qes6Z+CCEfTX4Owzf+1EJ933PoI2p+B9v7wpGZBQ=="],
+    "isbot": ["isbot@5.1.39", "", {}, "sha512-obH0yYahGXdzNxo+djmHhBYThUKDkz565cxkIlt2L9hXfv1NlaLKoDBHo6KxXsYrIXx2RK3x5vY36CfZcobxEw=="],
 
     "isexe": ["isexe@2.0.0", "", {}, "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw=="],
 
+    "isomorphic-ws": ["isomorphic-ws@5.0.0", "", { "peerDependencies": { "ws": "*" } }, "sha512-muId7Zzn9ywDsyXgTIafTry2sV3nySZeUDe6YedVd1Hvuuep5AsIlqK+XefWpYTyJG5e503F2xIuT2lcU6rCSw=="],
+
     "jake": ["jake@10.9.4", "", { "dependencies": { "async": "^3.2.6", "filelist": "^1.0.4", "picocolors": "^1.1.1" }, "bin": { "jake": "bin/cli.js" } }, "sha512-wpHYzhxiVQL+IV05BLE2Xn34zW1S223hvjtqk0+gsPrwd/8JNLXJgZZM/iPFsYc1xyphF+6M6EvdE5E9MBGkDA=="],
 
     "jiti": ["jiti@2.6.1", "", { "bin": { "jiti": "lib/jiti-cli.mjs" } }, "sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ=="],
 
-    "jose": ["jose@6.2.1", "", {}, "sha512-jUaKr1yrbfaImV7R2TN/b3IcZzsw38/chqMpo2XJ7i2F8AfM/lA4G1goC3JVEwg0H7UldTmSt3P68nt31W7/mw=="],
+    "jose": ["jose@6.2.3", "", {}, "sha512-YYVDInQKFJfR/xa3ojUTl8c2KoTwiL1R5Wg9YCydwH0x0B9grbzlg5HC7mMjCtUJjbQ/YnGEZIhI5tCgfTb4Hw=="],
 
     "joycon": ["joycon@3.1.1", "", {}, "sha512-34wB/Y7MW7bzjKRjUKTa46I2Z7eV62Rkhva+KkopW7Qvv/OSWBqvkSY7vusOPrNuZcUG3tApvdVgNB8POj3SPw=="],
 
@@ -2296,6 +2393,8 @@
 
     "js-yaml": ["js-yaml@4.1.1", "", { "dependencies": { "argparse": "^2.0.1" }, "bin": { "js-yaml": "bin/js-yaml.js" } }, "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA=="],
 
+    "jsep": ["jsep@1.4.0", "", {}, "sha512-B7qPcEVE3NVkmSJbaYxvv4cHkVW7DQsZz13pUMrfS8z8Q/BuShN+gcTXrUlPiGqM2/t/EEaI030bpxMqY8gMlw=="],
+
     "jsesc": ["jsesc@3.1.0", "", { "bin": { "jsesc": "bin/jsesc" } }, "sha512-/sM3dO2FOzXjKQhJuo0Q173wf2KOo8t4I8vHy6lF9poUp7bKT0/NHE8fPX23PwfhnykfqnC2xRxOnVw5XuGIaA=="],
 
     "json-schema": ["json-schema@0.4.0", "", {}, "sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA=="],
@@ -2312,15 +2411,17 @@
 
     "jsonc-parser": ["jsonc-parser@3.3.1", "", {}, "sha512-HUgH65KyejrUFPvHFPbqOY0rsFip3Bo5wb4ngvdi1EpCYWUQDC5V+Y7mZws+DLkr4M//zQJoanu1SP+87Dv1oQ=="],
 
-    "jsonfile": ["jsonfile@6.2.0", "", { "dependencies": { "universalify": "^2.0.0" }, "optionalDependencies": { "graceful-fs": "^4.1.6" } }, "sha512-FGuPw30AdOIUTRMC2OMRtQV+jkVj2cfPqSeWXv1NEAJ1qZ5zb1X6z1mFhbfOB/iy3ssJCD+3KuZ8r8C3uVFlAg=="],
+    "jsonfile": ["jsonfile@6.2.1", "", { "dependencies": { "universalify": "^2.0.0" }, "optionalDependencies": { "graceful-fs": "^4.1.6" } }, "sha512-zwOTdL3rFQ/lRdBnntKVOX6k5cKJwEc1HdilT71BWEu7J41gXIB2MRp+vxduPSwZJPWBxEzv4yH1wYLJGUHX4Q=="],
+
+    "jsonpath-plus": ["jsonpath-plus@10.4.0", "", { "dependencies": { "@jsep-plugin/assignment": "^1.3.0", "@jsep-plugin/regex": "^1.0.4", "jsep": "^1.4.0" }, "bin": { "jsonpath": "bin/jsonpath-cli.js", "jsonpath-plus": "bin/jsonpath-cli.js" } }, "sha512-T92WWatJXmhBbKsgH/0hl+jxjdXrifi5IKeMY02DWggRxX0UElcbVzPlmgLTbvsPeW1PasQ6xE2Q75stkhGbsA=="],
 
     "jsonpointer": ["jsonpointer@5.0.1", "", {}, "sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ=="],
 
     "kleur": ["kleur@3.0.3", "", {}, "sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w=="],
 
-    "knip": ["knip@5.86.0", "", { "dependencies": { "@nodelib/fs.walk": "^1.2.3", "fast-glob": "^3.3.3", "formatly": "^0.3.0", "jiti": "^2.6.0", "minimist": "^1.2.8", "oxc-resolver": "^11.19.1", "picocolors": "^1.1.1", "picomatch": "^4.0.1", "smol-toml": "^1.5.2", "strip-json-comments": "5.0.3", "unbash": "^2.2.0", "yaml": "^2.8.2", "zod": "^4.1.11" }, "peerDependencies": { "@types/node": ">=18", "typescript": ">=5.0.4 <7" }, "bin": { "knip": "bin/knip.js", "knip-bun": "bin/knip-bun.js" } }, "sha512-tGpRCbP+L+VysXnAp1bHTLQ0k/SdC3M3oX18+Cpiqax1qdS25iuCPzpK8LVmAKARZv0Ijri81Wq09Rzk0JTl+Q=="],
+    "knip": ["knip@5.88.1", "", { "dependencies": { "@nodelib/fs.walk": "^1.2.3", "fast-glob": "^3.3.3", "formatly": "^0.3.0", "jiti": "^2.6.0", "minimist": "^1.2.8", "oxc-resolver": "^11.19.1", "picocolors": "^1.1.1", "picomatch": "^4.0.1", "smol-toml": "^1.5.2", "strip-json-comments": "5.0.3", "unbash": "^2.2.0", "yaml": "^2.8.2", "zod": "^4.1.11" }, "peerDependencies": { "@types/node": ">=18", "typescript": ">=5.0.4 <7" }, "bin": { "knip": "bin/knip.js", "knip-bun": "bin/knip-bun.js" } }, "sha512-tpy5o7zu1MjawVkLPuahymVJekYY3kYjvzcoInhIchgePxTlo+api90tBv2KfhAIe5uXh+mez1tAfmbv8/TiZg=="],
 
-    "kysely": ["kysely@0.28.12", "", {}, "sha512-kWiueDWXhbCchgiotwXkwdxZE/6h56IHAeFWg4euUfW0YsmO9sxbAxzx1KLLv2lox15EfuuxHQvgJ1qIfZuHGw=="],
+    "kysely": ["kysely@0.28.16", "", {}, "sha512-3i5pmOiZvMDj00qhrIVbH0AnioVTx22DMP7Vn5At4yJO46iy+FM8Y/g61ltenLVSo3fiO8h8Q3QOFgf/gQ72ww=="],
 
     "kysely-codegen": ["kysely-codegen@0.15.0", "", { "dependencies": { "chalk": "4.1.2", "dotenv": "^16.4.5", "dotenv-expand": "^11.0.6", "git-diff": "^2.0.6", "micromatch": "^4.0.5", "minimist": "^1.2.8" }, "peerDependencies": { "@libsql/kysely-libsql": "^0.3.0", "@tediousjs/connection-string": "^0.5.0", "better-sqlite3": ">=7.6.2", "kysely": "^0.27.0", "kysely-bun-worker": "^0.5.3", "mysql2": "^2.3.3 || ^3.0.0", "pg": "^8.8.0", "tarn": "^3.0.0", "tedious": "^16.6.0 || ^17.0.0" }, "optionalPeers": ["@libsql/kysely-libsql", "@tediousjs/connection-string", "better-sqlite3", "kysely-bun-worker", "mysql2", "pg", "tarn", "tedious"], "bin": { "kysely-codegen": "dist/cli/bin.js" } }, "sha512-LPta2nQOyoEPDQ3w/Gsplc+2iyZPAsGvtWoS21VzOB0NDQ0B38Xy1gS8WlbGef542Zdw2eLJHxekud9DzVdNRw=="],
 
@@ -2328,29 +2429,29 @@
 
     "leac": ["leac@0.6.0", "", {}, "sha512-y+SqErxb8h7nE/fiEX07jsbuhrpO9lL8eca7/Y1nuWV2moNlXhyd59iDGcRf6moVyDMbmTNzL40SUyrFU/yDpg=="],
 
-    "lightningcss": ["lightningcss@1.31.1", "", { "dependencies": { "detect-libc": "^2.0.3" }, "optionalDependencies": { "lightningcss-android-arm64": "1.31.1", "lightningcss-darwin-arm64": "1.31.1", "lightningcss-darwin-x64": "1.31.1", "lightningcss-freebsd-x64": "1.31.1", "lightningcss-linux-arm-gnueabihf": "1.31.1", "lightningcss-linux-arm64-gnu": "1.31.1", "lightningcss-linux-arm64-musl": "1.31.1", "lightningcss-linux-x64-gnu": "1.31.1", "lightningcss-linux-x64-musl": "1.31.1", "lightningcss-win32-arm64-msvc": "1.31.1", "lightningcss-win32-x64-msvc": "1.31.1" } }, "sha512-l51N2r93WmGUye3WuFoN5k10zyvrVs0qfKBhyC5ogUQ6Ew6JUSswh78mbSO+IU3nTWsyOArqPCcShdQSadghBQ=="],
+    "lightningcss": ["lightningcss@1.32.0", "", { "dependencies": { "detect-libc": "^2.0.3" }, "optionalDependencies": { "lightningcss-android-arm64": "1.32.0", "lightningcss-darwin-arm64": "1.32.0", "lightningcss-darwin-x64": "1.32.0", "lightningcss-freebsd-x64": "1.32.0", "lightningcss-linux-arm-gnueabihf": "1.32.0", "lightningcss-linux-arm64-gnu": "1.32.0", "lightningcss-linux-arm64-musl": "1.32.0", "lightningcss-linux-x64-gnu": "1.32.0", "lightningcss-linux-x64-musl": "1.32.0", "lightningcss-win32-arm64-msvc": "1.32.0", "lightningcss-win32-x64-msvc": "1.32.0" } }, "sha512-NXYBzinNrblfraPGyrbPoD19C1h9lfI/1mzgWYvXUTe414Gz/X1FD2XBZSZM7rRTrMA8JL3OtAaGifrIKhQ5yQ=="],
 
-    "lightningcss-android-arm64": ["lightningcss-android-arm64@1.31.1", "", { "os": "android", "cpu": "arm64" }, "sha512-HXJF3x8w9nQ4jbXRiNppBCqeZPIAfUo8zE/kOEGbW5NZvGc/K7nMxbhIr+YlFlHW5mpbg/YFPdbnCh1wAXCKFg=="],
+    "lightningcss-android-arm64": ["lightningcss-android-arm64@1.32.0", "", { "os": "android", "cpu": "arm64" }, "sha512-YK7/ClTt4kAK0vo6w3X+Pnm0D2cf2vPHbhOXdoNti1Ga0al1P4TBZhwjATvjNwLEBCnKvjJc2jQgHXH0NEwlAg=="],
 
-    "lightningcss-darwin-arm64": ["lightningcss-darwin-arm64@1.31.1", "", { "os": "darwin", "cpu": "arm64" }, "sha512-02uTEqf3vIfNMq3h/z2cJfcOXnQ0GRwQrkmPafhueLb2h7mqEidiCzkE4gBMEH65abHRiQvhdcQ+aP0D0g67sg=="],
+    "lightningcss-darwin-arm64": ["lightningcss-darwin-arm64@1.32.0", "", { "os": "darwin", "cpu": "arm64" }, "sha512-RzeG9Ju5bag2Bv1/lwlVJvBE3q6TtXskdZLLCyfg5pt+HLz9BqlICO7LZM7VHNTTn/5PRhHFBSjk5lc4cmscPQ=="],
 
-    "lightningcss-darwin-x64": ["lightningcss-darwin-x64@1.31.1", "", { "os": "darwin", "cpu": "x64" }, "sha512-1ObhyoCY+tGxtsz1lSx5NXCj3nirk0Y0kB/g8B8DT+sSx4G9djitg9ejFnjb3gJNWo7qXH4DIy2SUHvpoFwfTA=="],
+    "lightningcss-darwin-x64": ["lightningcss-darwin-x64@1.32.0", "", { "os": "darwin", "cpu": "x64" }, "sha512-U+QsBp2m/s2wqpUYT/6wnlagdZbtZdndSmut/NJqlCcMLTWp5muCrID+K5UJ6jqD2BFshejCYXniPDbNh73V8w=="],
 
-    "lightningcss-freebsd-x64": ["lightningcss-freebsd-x64@1.31.1", "", { "os": "freebsd", "cpu": "x64" }, "sha512-1RINmQKAItO6ISxYgPwszQE1BrsVU5aB45ho6O42mu96UiZBxEXsuQ7cJW4zs4CEodPUioj/QrXW1r9pLUM74A=="],
+    "lightningcss-freebsd-x64": ["lightningcss-freebsd-x64@1.32.0", "", { "os": "freebsd", "cpu": "x64" }, "sha512-JCTigedEksZk3tHTTthnMdVfGf61Fky8Ji2E4YjUTEQX14xiy/lTzXnu1vwiZe3bYe0q+SpsSH/CTeDXK6WHig=="],
 
-    "lightningcss-linux-arm-gnueabihf": ["lightningcss-linux-arm-gnueabihf@1.31.1", "", { "os": "linux", "cpu": "arm" }, "sha512-OOCm2//MZJ87CdDK62rZIu+aw9gBv4azMJuA8/KB74wmfS3lnC4yoPHm0uXZ/dvNNHmnZnB8XLAZzObeG0nS1g=="],
+    "lightningcss-linux-arm-gnueabihf": ["lightningcss-linux-arm-gnueabihf@1.32.0", "", { "os": "linux", "cpu": "arm" }, "sha512-x6rnnpRa2GL0zQOkt6rts3YDPzduLpWvwAF6EMhXFVZXD4tPrBkEFqzGowzCsIWsPjqSK+tyNEODUBXeeVHSkw=="],
 
-    "lightningcss-linux-arm64-gnu": ["lightningcss-linux-arm64-gnu@1.31.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-WKyLWztD71rTnou4xAD5kQT+982wvca7E6QoLpoawZ1gP9JM0GJj4Tp5jMUh9B3AitHbRZ2/H3W5xQmdEOUlLg=="],
+    "lightningcss-linux-arm64-gnu": ["lightningcss-linux-arm64-gnu@1.32.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-0nnMyoyOLRJXfbMOilaSRcLH3Jw5z9HDNGfT/gwCPgaDjnx0i8w7vBzFLFR1f6CMLKF8gVbebmkUN3fa/kQJpQ=="],
 
-    "lightningcss-linux-arm64-musl": ["lightningcss-linux-arm64-musl@1.31.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-mVZ7Pg2zIbe3XlNbZJdjs86YViQFoJSpc41CbVmKBPiGmC4YrfeOyz65ms2qpAobVd7WQsbW4PdsSJEMymyIMg=="],
+    "lightningcss-linux-arm64-musl": ["lightningcss-linux-arm64-musl@1.32.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-UpQkoenr4UJEzgVIYpI80lDFvRmPVg6oqboNHfoH4CQIfNA+HOrZ7Mo7KZP02dC6LjghPQJeBsvXhJod/wnIBg=="],
 
-    "lightningcss-linux-x64-gnu": ["lightningcss-linux-x64-gnu@1.31.1", "", { "os": "linux", "cpu": "x64" }, "sha512-xGlFWRMl+0KvUhgySdIaReQdB4FNudfUTARn7q0hh/V67PVGCs3ADFjw+6++kG1RNd0zdGRlEKa+T13/tQjPMA=="],
+    "lightningcss-linux-x64-gnu": ["lightningcss-linux-x64-gnu@1.32.0", "", { "os": "linux", "cpu": "x64" }, "sha512-V7Qr52IhZmdKPVr+Vtw8o+WLsQJYCTd8loIfpDaMRWGUZfBOYEJeyJIkqGIDMZPwPx24pUMfwSxxI8phr/MbOA=="],
 
-    "lightningcss-linux-x64-musl": ["lightningcss-linux-x64-musl@1.31.1", "", { "os": "linux", "cpu": "x64" }, "sha512-eowF8PrKHw9LpoZii5tdZwnBcYDxRw2rRCyvAXLi34iyeYfqCQNA9rmUM0ce62NlPhCvof1+9ivRaTY6pSKDaA=="],
+    "lightningcss-linux-x64-musl": ["lightningcss-linux-x64-musl@1.32.0", "", { "os": "linux", "cpu": "x64" }, "sha512-bYcLp+Vb0awsiXg/80uCRezCYHNg1/l3mt0gzHnWV9XP1W5sKa5/TCdGWaR/zBM2PeF/HbsQv/j2URNOiVuxWg=="],
 
-    "lightningcss-win32-arm64-msvc": ["lightningcss-win32-arm64-msvc@1.31.1", "", { "os": "win32", "cpu": "arm64" }, "sha512-aJReEbSEQzx1uBlQizAOBSjcmr9dCdL3XuC/6HLXAxmtErsj2ICo5yYggg1qOODQMtnjNQv2UHb9NpOuFtYe4w=="],
+    "lightningcss-win32-arm64-msvc": ["lightningcss-win32-arm64-msvc@1.32.0", "", { "os": "win32", "cpu": "arm64" }, "sha512-8SbC8BR40pS6baCM8sbtYDSwEVQd4JlFTOlaD3gWGHfThTcABnNDBda6eTZeqbofalIJhFx0qKzgHJmcPTnGdw=="],
 
-    "lightningcss-win32-x64-msvc": ["lightningcss-win32-x64-msvc@1.31.1", "", { "os": "win32", "cpu": "x64" }, "sha512-I9aiFrbd7oYHwlnQDqr1Roz+fTz61oDDJX7n9tYF9FJymH1cIN1DtKw3iYt6b8WZgEjoNwVSncwF4wx/ZedMhw=="],
+    "lightningcss-win32-x64-msvc": ["lightningcss-win32-x64-msvc@1.32.0", "", { "os": "win32", "cpu": "x64" }, "sha512-Amq9B/SoZYdDi1kFrojnoqPLxYhQ4Wo5XiL8EVJrVsB8ARoC1PWW6VGtT0WKCemjy8aC+louJnjS7U18x3b06Q=="],
 
     "lilconfig": ["lilconfig@3.1.3", "", {}, "sha512-/vlFKAoH5Cgt3Ie+JLhRbwOsCQePABiU3tJ1egGvyQ+33R/vcwM2Zl2QR/LzjsBeItPt3oSVXapn+m4nQDvpzw=="],
 
@@ -2362,9 +2463,9 @@
 
     "load-tsconfig": ["load-tsconfig@0.2.5", "", {}, "sha512-IXO6OCs9yg8tMKzfPZ1YmheJbZCiEsnBdcB03l0OcfK9prKnJb96siuHCr5Fl37/yo9DnKU+TLpxzTUspw9shg=="],
 
-    "lodash": ["lodash@4.17.23", "", {}, "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w=="],
+    "lodash": ["lodash@4.18.1", "", {}, "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q=="],
 
-    "lodash-es": ["lodash-es@4.17.23", "", {}, "sha512-kVI48u3PZr38HdYz98UmfPnXl2DXrpdctLrFLCd3kOx1xUkOmpFPx7gCWWM5MPkL/fD8zb+Ph0QzjGFs4+hHWg=="],
+    "lodash-es": ["lodash-es@4.18.1", "", {}, "sha512-J8xewKD/Gk22OZbhpOVSwcs60zhd95ESDwezOFuA3/099925PdHJ7OFHNTGtajL3AlZkykD32HykiMo+BIBI8A=="],
 
     "lodash.camelcase": ["lodash.camelcase@4.3.0", "", {}, "sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA=="],
 
@@ -2378,7 +2479,7 @@
 
     "lowlight": ["lowlight@1.20.0", "", { "dependencies": { "fault": "^1.0.0", "highlight.js": "~10.7.0" } }, "sha512-8Ktj+prEb1RoCPkEOrPMYUN/nCggB7qAWe3a7OpMjWQkh3l2RD5wKRQ+o8Q8YuI9RG/xs95waaI/E6ym/7NsTw=="],
 
-    "lru-cache": ["lru-cache@11.2.7", "", {}, "sha512-aY/R+aEsRelme17KGQa/1ZSIpLpNYYrhcrepKTZgE+W3WM16YMCaPwOHLHsmopZHELU0Ojin1lPVxKR0MihncA=="],
+    "lru-cache": ["lru-cache@11.3.5", "", {}, "sha512-NxVFwLAnrd9i7KUBxC4DrUhmgjzOs+1Qm50D3oF1/oL+r1NpZ4gA7xvG0/zJ8evR7zIKn4vLf7qTNduWFtCrRw=="],
 
     "lucide-react": ["lucide-react@0.525.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-Tm1txJ2OkymCGkvwoHt33Y2JpN5xucVq1slHcgE6Lk0WjDfjgKWor5CdVER8U6DvcfMwh4M8XxmpTiyzfmfDYQ=="],
 
@@ -2522,9 +2623,9 @@
 
     "mimic-fn": ["mimic-fn@2.1.0", "", {}, "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg=="],
 
-    "miniflare": ["miniflare@4.20260312.0", "", { "dependencies": { "@cspotcode/source-map-support": "0.8.1", "sharp": "^0.34.5", "undici": "7.18.2", "workerd": "1.20260312.1", "ws": "8.18.0", "youch": "4.1.0-beta.10" }, "bin": { "miniflare": "bootstrap.js" } }, "sha512-pieP2rfXynPT6VRINYaiHe/tfMJ4c5OIhqRlIdLF6iZ9g5xgpEmvimvIgMpgAdDJuFlrLcwDUi8MfAo2R6dt/w=="],
+    "miniflare": ["miniflare@4.20260424.0", "", { "dependencies": { "@cspotcode/source-map-support": "0.8.1", "sharp": "^0.34.5", "undici": "7.24.8", "workerd": "1.20260424.1", "ws": "8.18.0", "youch": "4.1.0-beta.10" }, "bin": { "miniflare": "bootstrap.js" } }, "sha512-B6MKBBd5TJ19daUc3Ae9rWctn1nDA/VCXykXfCsp9fTxyfGxnZY27tJs1caxgE9MWEMMKGbGHouqVtgKbKGxmw=="],
 
-    "minimatch": ["minimatch@10.2.4", "", { "dependencies": { "brace-expansion": "^5.0.2" } }, "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg=="],
+    "minimatch": ["minimatch@10.2.5", "", { "dependencies": { "brace-expansion": "^5.0.5" } }, "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg=="],
 
     "minimist": ["minimist@1.2.8", "", {}, "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA=="],
 
@@ -2532,7 +2633,7 @@
 
     "minizlib": ["minizlib@3.1.0", "", { "dependencies": { "minipass": "^7.1.2" } }, "sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw=="],
 
-    "mlly": ["mlly@1.8.1", "", { "dependencies": { "acorn": "^8.16.0", "pathe": "^2.0.3", "pkg-types": "^1.3.1", "ufo": "^1.6.3" } }, "sha512-SnL6sNutTwRWWR/vcmCYHSADjiEesp5TGQQ0pXyLhW5IoeibRlF/CbSLailbB3CNqJUk9cVJ9dUDnbD7GrcHBQ=="],
+    "mlly": ["mlly@1.8.2", "", { "dependencies": { "acorn": "^8.16.0", "pathe": "^2.0.3", "pkg-types": "^1.3.1", "ufo": "^1.6.3" } }, "sha512-d+ObxMQFmbt10sretNDytwt85VrbkhhUA/JBGm1MPaWJ65Cl4wOgLaB1NYvJSZ0Ef03MMEU/0xpPMXUIQ29UfA=="],
 
     "module-details-from-path": ["module-details-from-path@1.0.4", "", {}, "sha512-EGWKgxALGMgzvxYF1UyGTy0HXX/2vHLkw6+NvDKW2jypWbHpjQuj4UMcqQWXHERJhVGKikolT06G3bcKe4fi7w=="],
 
@@ -2546,9 +2647,9 @@
 
     "mz": ["mz@2.7.0", "", { "dependencies": { "any-promise": "^1.0.0", "object-assign": "^4.0.1", "thenify-all": "^1.0.0" } }, "sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q=="],
 
-    "nanoid": ["nanoid@5.1.6", "", { "bin": { "nanoid": "bin/nanoid.js" } }, "sha512-c7+7RQ+dMB5dPwwCp4ee1/iV/q2P6aK1mTZcfr1BTuVlyW9hJYiMPybJCcnBlQtuSmTIWNeazm/zqNoZSSElBg=="],
+    "nanoid": ["nanoid@5.1.9", "", { "bin": { "nanoid": "bin/nanoid.js" } }, "sha512-ZUvP7KeBLe3OZ1ypw6dI/TzYJuvHP77IM4Ry73waSQTLn8/g8rpdjfyVAh7t1/+FjBtG4lCP42MEbDxOsRpBMw=="],
 
-    "nanostores": ["nanostores@1.1.1", "", {}, "sha512-EYJqS25r2iBeTtGQCHidXl1VfZ1jXM7Q04zXJOrMlxVVmD0ptxJaNux92n1mJ7c5lN3zTq12MhH/8x59nP+qmg=="],
+    "nanostores": ["nanostores@1.3.0", "", {}, "sha512-XPUa/jz+P1oJvN9VBxw4L9MtdFfaH3DAryqPssqhb2kXjmb9npz0dly6rCsgFWOPr4Yg9mTfM3MDZgZZ+7A3lA=="],
 
     "nats": ["nats@2.29.3", "", { "dependencies": { "nkeys.js": "1.1.0" } }, "sha512-tOQCRCwC74DgBTk4pWZ9V45sk4d7peoE2njVprMRCBXrhJ5q5cYM7i6W+Uvw2qUrcfOSnuisrX7bEx3b3Wx4QA=="],
 
@@ -2572,7 +2673,9 @@
 
     "node-mock-http": ["node-mock-http@1.0.4", "", {}, "sha512-8DY+kFsDkNXy1sJglUfuODx1/opAGJGyrTuFqEoN90oRc2Vk0ZbD4K2qmKXBBEhZQzdKHIVfEJpDU8Ak2NJEvQ=="],
 
-    "node-releases": ["node-releases@2.0.36", "", {}, "sha512-TdC8FSgHz8Mwtw9g5L4gR/Sh9XhSP/0DEkQxfEFXOpiul5IiHgHan2VhYYb6agDSfp4KuvltmGApc8HMgUrIkA=="],
+    "node-pty": ["node-pty@1.1.0", "", { "dependencies": { "node-addon-api": "^7.1.0" } }, "sha512-20JqtutY6JPXTUnL0ij1uad7Qe1baT46lyolh2sSENDd4sTzKZ4nmAFkeAARDKwmlLjPx6XKRlwRUxwjOy+lUg=="],
+
+    "node-releases": ["node-releases@2.0.38", "", {}, "sha512-3qT/88Y3FbH/Kx4szpQQ4HzUbVrHPKTLVpVocKiLfoYvw9XSGOX2FmD2d6DrXbVYyAQTF2HeF6My8jmzx7/CRw=="],
 
     "node-rsa": ["node-rsa@1.1.1", "", { "dependencies": { "asn1": "^0.2.4" } }, "sha512-Jd4cvbJMryN21r5HgxQOpMEqv+ooke/korixNNK3mGqfGJmy0M77WDDzo/05969+OkMy3XW1UuZsSmW9KQm7Fw=="],
 
@@ -2582,6 +2685,8 @@
 
     "nth-check": ["nth-check@2.1.1", "", { "dependencies": { "boolbase": "^1.0.0" } }, "sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w=="],
 
+    "oauth4webapi": ["oauth4webapi@3.8.6", "", {}, "sha512-iwemM91xz8nryHti2yTmg5fhyEMVOkOXwHNqbvcATjyajb5oQxCQzrNOA6uElRHuMhQQTKUyFKV9y/CNyg25BQ=="],
+
     "object-assign": ["object-assign@4.1.1", "", {}, "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg=="],
 
     "object-inspect": ["object-inspect@1.13.4", "", {}, "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew=="],
@@ -2596,9 +2701,11 @@
 
     "onetime": ["onetime@5.1.2", "", { "dependencies": { "mimic-fn": "^2.1.0" } }, "sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg=="],
 
-    "oniguruma-parser": ["oniguruma-parser@0.12.1", "", {}, "sha512-8Unqkvk1RYc6yq2WBYRj4hdnsAxVze8i7iPfQr8e4uSP3tRv0rpZcbGUDvxfQQcdwHt/e9PrMvGCsa8OqG9X3w=="],
+    "oniguruma-parser": ["oniguruma-parser@0.12.2", "", {}, "sha512-6HVa5oIrgMC6aA6WF6XyyqbhRPJrKR02L20+2+zpDtO5QAzGHAUGw5TKQvwi5vctNnRHkJYmjAhRVQF2EKdTQw=="],
 
-    "oniguruma-to-es": ["oniguruma-to-es@4.3.4", "", { "dependencies": { "oniguruma-parser": "^0.12.1", "regex": "^6.0.1", "regex-recursion": "^6.0.2" } }, "sha512-3VhUGN3w2eYxnTzHn+ikMI+fp/96KoRSVK9/kMTcFqj1NRDh2IhQCKvYxDnWePKRXY/AqH+Fuiyb7VHSzBjHfA=="],
+    "oniguruma-to-es": ["oniguruma-to-es@4.3.6", "", { "dependencies": { "oniguruma-parser": "^0.12.2", "regex": "^6.1.0", "regex-recursion": "^6.0.2" } }, "sha512-csuQ9x3Yr0cEIs/Zgx/OEt9iBw9vqIunAPQkx19R/fiMq2oGVTgcMqO/V3Ybqefr1TBvosI6jU539ksaBULJyA=="],
+
+    "openid-client": ["openid-client@6.8.4", "", { "dependencies": { "jose": "^6.2.2", "oauth4webapi": "^3.8.5" } }, "sha512-QSw0BA08piujetEwfZsHoTrDpMEha7GDZDicQqVwX4u0ChCjefvjDB++TZ8BTg76UpwhzIQgdvvfgfl3HpCSAw=="],
 
     "orderedmap": ["orderedmap@2.1.1", "", {}, "sha512-TvAWxi0nDe1j/rtMcWcIj94+Ffe6n7zhow33h40SKxmsmozs6dz/e+EajymfoFcHd7sxNn8yHM8839uixMOV6g=="],
 
@@ -2626,7 +2733,7 @@
 
     "patch-console": ["patch-console@2.0.0", "", {}, "sha512-0YNdUceMdaQwoKce1gatDScmMo5pu/tfABfnzEqeG0gtTmd7mh/WcwgUjtAeOU7N8nFFlbQBnFK2gXW5fGvmMA=="],
 
-    "path-expression-matcher": ["path-expression-matcher@1.1.3", "", {}, "sha512-qdVgY8KXmVdJZRSS1JdEPOKPdTiEK/pi0RkcT2sw1RhXxohdujUlJFPuS1TSkevZ9vzd3ZlL7ULl1MHGTApKzQ=="],
+    "path-expression-matcher": ["path-expression-matcher@1.5.0", "", {}, "sha512-cbrerZV+6rvdQrrD+iGMcZFEiiSrbv9Tfdkvnusy6y0x0GKBXREFg/Y65GhIfm0tnLntThhzCnfKwp1WRjeCyQ=="],
 
     "path-is-absolute": ["path-is-absolute@1.0.1", "", {}, "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg=="],
 
@@ -2664,7 +2771,7 @@
 
     "picocolors": ["picocolors@1.1.1", "", {}, "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA=="],
 
-    "picomatch": ["picomatch@4.0.3", "", {}, "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q=="],
+    "picomatch": ["picomatch@4.0.4", "", {}, "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A=="],
 
     "pirates": ["pirates@4.0.7", "", {}, "sha512-TfySrs/5nm8fQJDcBDuUng3VOUKsd7S+zqvbOTiGXHfxX4wK31ard+hoNuvkicM/2YFzlpDgABOevKSsB4G/FA=="],
 
@@ -2672,11 +2779,11 @@
 
     "pkg-types": ["pkg-types@1.3.1", "", { "dependencies": { "confbox": "^0.1.8", "mlly": "^1.7.4", "pathe": "^2.0.1" } }, "sha512-/Jm5M4RvtBFVkKWRu2BLUTNP8/M2a+UwuAX+ae4770q1qVGtfjG+WTCupoZixokjmHiry8uI+dlY8KXYV5HVVQ=="],
 
-    "playwright": ["playwright@1.58.2", "", { "dependencies": { "playwright-core": "1.58.2" }, "optionalDependencies": { "fsevents": "2.3.2" }, "bin": { "playwright": "cli.js" } }, "sha512-vA30H8Nvkq/cPBnNw4Q8TWz1EJyqgpuinBcHET0YVJVFldr8JDNiU9LaWAE1KqSkRYazuaBhTpB5ZzShOezQ6A=="],
+    "playwright": ["playwright@1.59.1", "", { "dependencies": { "playwright-core": "1.59.1" }, "optionalDependencies": { "fsevents": "2.3.2" }, "bin": { "playwright": "cli.js" } }, "sha512-C8oWjPR3F81yljW9o5OxcWzfh6avkVwDD2VYdwIGqTkl+OGFISgypqzfu7dOe4QNLL2aqcWBmI3PMtLIK233lw=="],
 
-    "playwright-core": ["playwright-core@1.58.2", "", { "bin": { "playwright-core": "cli.js" } }, "sha512-yZkEtftgwS8CsfYo7nm0KE8jsvm6i/PTgVtB8DL726wNf6H2IMsDuxCpJj59KDaxCtSnrWan2AeDqM7JBaultg=="],
+    "playwright-core": ["playwright-core@1.59.1", "", { "bin": { "playwright-core": "cli.js" } }, "sha512-HBV/RJg81z5BiiZ9yPzIiClYV/QMsDCKUyogwH9p3MCP6IYjUFu/MActgYAvK0oWyV9NlwM3GLBjADyWgydVyg=="],
 
-    "postcss": ["postcss@8.5.8", "", { "dependencies": { "nanoid": "^3.3.11", "picocolors": "^1.1.1", "source-map-js": "^1.2.1" } }, "sha512-OW/rX8O/jXnm82Ey1k44pObPtdblfiuWnrd8X7GJ7emImCOstunGbXUpp7HdBrFQX6rJzn3sPT397Wp5aCwCHg=="],
+    "postcss": ["postcss@8.5.12", "", { "dependencies": { "nanoid": "^3.3.11", "picocolors": "^1.1.1", "source-map-js": "^1.2.1" } }, "sha512-W62t/Se6rA0Az3DfCL0AqJwXuKwBeYg6nOaIgzP+xZ7N5BFCI7DYi1qs6ygUYT6rvfi6t9k65UMLJC+PHZpDAA=="],
 
     "postcss-load-config": ["postcss-load-config@6.0.1", "", { "dependencies": { "lilconfig": "^3.1.1" }, "peerDependencies": { "jiti": ">=1.21.0", "postcss": ">=8.0.9", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["jiti", "postcss", "tsx", "yaml"] }, "sha512-oPtTM4oerL+UXmx+93ytZVN82RrlY/wPUV8IeDxFrzIjXOLF1pN+EmKPLbubvKHT2HC20xXsCAH2Z+CKV6Oz/g=="],
 
@@ -2690,7 +2797,13 @@
 
     "postgres-interval": ["postgres-interval@1.2.0", "", { "dependencies": { "xtend": "^4.0.0" } }, "sha512-9ZhXKM/rw350N1ovuWHbGxnGh/SNJ4cnxHiM0rxE4VN41wsg8P8zWn9hv/buK00RP4WvlOyr/RBDiptyxVbkZQ=="],
 
-    "prettier": ["prettier@3.8.1", "", { "bin": { "prettier": "bin/prettier.cjs" } }, "sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg=="],
+    "posthog-js": ["posthog-js@1.372.3", "", { "dependencies": { "@opentelemetry/api": "^1.9.0", "@opentelemetry/api-logs": "^0.208.0", "@opentelemetry/exporter-logs-otlp-http": "^0.208.0", "@opentelemetry/resources": "^2.2.0", "@opentelemetry/sdk-logs": "^0.208.0", "@posthog/core": "1.27.7", "@posthog/types": "1.372.3", "core-js": "^3.38.1", "dompurify": "^3.3.2", "fflate": "^0.4.8", "preact": "^10.28.2", "query-selector-shadow-dom": "^1.0.1", "web-vitals": "^5.1.0" } }, "sha512-CpKWMt6RkgY4lPpyvYzKcilKKB5VhL2gmS8HgibxmXZkEk/2rUxrEtRMScH8xi4n5WDaNSluCo87dh9yo9zArQ=="],
+
+    "posthog-node": ["posthog-node@5.30.6", "", { "dependencies": { "@posthog/core": "1.27.7" }, "peerDependencies": { "rxjs": "^7.0.0" }, "optionalPeers": ["rxjs"] }, "sha512-deZuSiLkpdEipiywkww1FhQoKpVVFmJP6SAVQcZcMbugTLwJRYSGjgm+qV0Y91xghf2yP6Nr5Plfl52i9Qj15Q=="],
+
+    "preact": ["preact@10.29.1", "", {}, "sha512-gQCLc/vWroE8lIpleXtdJhTFDogTdZG9AjMUpVkDf2iTCNwYNWA+u16dL41TqUDJO4gm2IgrcMv3uTpjd4Pwmg=="],
+
+    "prettier": ["prettier@3.8.3", "", { "bin": { "prettier": "bin/prettier.cjs" } }, "sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw=="],
 
     "prismjs": ["prismjs@1.30.0", "", {}, "sha512-DEvV2ZF2r2/63V+tK8hQvrR2ZGn10srHbXviTlcv7Kpzw8jWiNTqbVgjO3IY8RxrrOUF8VPMQQFysYYYv0YZxw=="],
 
@@ -2700,7 +2813,7 @@
 
     "property-information": ["property-information@7.1.0", "", {}, "sha512-TwEZ+X+yCJmYfL7TPUOcvBZ4QfoT5YenQiJuX//0th53DE6w0xxLEtfK3iyryQFddXuvkIk51EEgrJQ0WJkOmQ=="],
 
-    "prosemirror-changeset": ["prosemirror-changeset@2.4.0", "", { "dependencies": { "prosemirror-transform": "^1.0.0" } }, "sha512-LvqH2v7Q2SF6yxatuPP2e8vSUKS/L+xAU7dPDC4RMyHMhZoGDfBC74mYuyYF4gLqOEG758wajtyhNnsTkuhvng=="],
+    "prosemirror-changeset": ["prosemirror-changeset@2.4.1", "", { "dependencies": { "prosemirror-transform": "^1.0.0" } }, "sha512-96WBLhOaYhJ+kPhLg3uW359Tz6I/MfcrQfL4EGv4SrcqKEMC1gmoGrXHecPE8eOwTVCJ4IwgfzM8fFad25wNfw=="],
 
     "prosemirror-collab": ["prosemirror-collab@1.3.1", "", { "dependencies": { "prosemirror-state": "^1.0.0" } }, "sha512-4SnynYR9TTYaQVXd/ieUvsVV4PDMBzrq2xPUWutHivDuOshZXqQ5rGbZM84HEaXKbLdItse7weMGOUdDVcLKEQ=="],
 
@@ -2718,7 +2831,7 @@
 
     "prosemirror-markdown": ["prosemirror-markdown@1.13.4", "", { "dependencies": { "@types/markdown-it": "^14.0.0", "markdown-it": "^14.0.0", "prosemirror-model": "^1.25.0" } }, "sha512-D98dm4cQ3Hs6EmjK500TdAOew4Z03EV71ajEFiWra3Upr7diytJsjF4mPV2dW+eK5uNectiRj0xFxYI9NLXDbw=="],
 
-    "prosemirror-menu": ["prosemirror-menu@1.3.0", "", { "dependencies": { "crelt": "^1.0.0", "prosemirror-commands": "^1.0.0", "prosemirror-history": "^1.0.0", "prosemirror-state": "^1.0.0" } }, "sha512-TImyPXCHPcDsSka2/lwJ6WjTASr4re/qWq1yoTTuLOqfXucwF6VcRa2LWCkM/EyTD1UO3CUwiH8qURJoWJRxwg=="],
+    "prosemirror-menu": ["prosemirror-menu@1.3.2", "", { "dependencies": { "crelt": "^1.0.0", "prosemirror-commands": "^1.0.0", "prosemirror-history": "^1.0.0", "prosemirror-state": "^1.0.0" } }, "sha512-6VgUJTYod0nMBlCaYJGhXGLu7Gt4AvcwcOq0YfJCY/6Uh+3S7UsWhpy6rJFCBFOmonq1hD8KyWOtZhkppd4YPg=="],
 
     "prosemirror-model": ["prosemirror-model@1.25.4", "", { "dependencies": { "orderedmap": "^2.0.0" } }, "sha512-PIM7E43PBxKce8OQeezAs9j4TP+5yDpZVbuurd1h5phUxEKIu+G2a+EUZzIC5nS1mJktDJWzbqS23n1tsAf5QA=="],
 
@@ -2732,14 +2845,16 @@
 
     "prosemirror-trailing-node": ["prosemirror-trailing-node@3.0.0", "", { "dependencies": { "@remirror/core-constants": "3.0.0", "escape-string-regexp": "^4.0.0" }, "peerDependencies": { "prosemirror-model": "^1.22.1", "prosemirror-state": "^1.4.2", "prosemirror-view": "^1.33.8" } }, "sha512-xiun5/3q0w5eRnGYfNlW1uU9W6x5MoFKWwq/0TIRgt09lv7Hcser2QYV8t4muXbEr+Fwo0geYn79Xs4GKywrRQ=="],
 
-    "prosemirror-transform": ["prosemirror-transform@1.11.0", "", { "dependencies": { "prosemirror-model": "^1.21.0" } }, "sha512-4I7Ce4KpygXb9bkiPS3hTEk4dSHorfRw8uI0pE8IhxlK2GXsqv5tIA7JUSxtSu7u8APVOTtbUBxTmnHIxVkIJw=="],
+    "prosemirror-transform": ["prosemirror-transform@1.12.0", "", { "dependencies": { "prosemirror-model": "^1.21.0" } }, "sha512-GxboyN4AMIsoHNtz5uf2r2Ru551i5hWeCMD6E2Ib4Eogqoub0NflniaBPVQ4MrGE5yZ8JV9tUHg9qcZTTrcN4w=="],
 
-    "prosemirror-view": ["prosemirror-view@1.41.6", "", { "dependencies": { "prosemirror-model": "^1.20.0", "prosemirror-state": "^1.0.0", "prosemirror-transform": "^1.1.0" } }, "sha512-mxpcDG4hNQa/CPtzxjdlir5bJFDlm0/x5nGBbStB2BWX+XOQ9M8ekEG+ojqB5BcVu2Rc80/jssCMZzSstJuSYg=="],
+    "prosemirror-view": ["prosemirror-view@1.41.8", "", { "dependencies": { "prosemirror-model": "^1.20.0", "prosemirror-state": "^1.0.0", "prosemirror-transform": "^1.1.0" } }, "sha512-TnKDdohEatgyZNGCDWIdccOHXhYloJwbwU+phw/a23KBvJIR9lWQWW7WHHK3vBdOLDNuF7TaX98GObUZOWkOnA=="],
 
     "protobufjs": ["protobufjs@8.0.0", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-jx6+sE9h/UryaCZhsJWbJtTEy47yXoGNYI4z8ZaRncM0zBKeRqjO2JEcOUYwrYGb1WLhXM1FfMzW3annvFv0rw=="],
 
     "proxy-addr": ["proxy-addr@2.0.7", "", { "dependencies": { "forwarded": "0.2.0", "ipaddr.js": "1.9.1" } }, "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg=="],
 
+    "pump": ["pump@3.0.4", "", { "dependencies": { "end-of-stream": "^1.1.0", "once": "^1.3.1" } }, "sha512-VS7sjc6KR7e1ukRFhQSY5LM2uBWAUPiOPa/A3mkKmiMwSmRFUITt0xuj+/lesgnCv+dPIEYlkzrcyXgquIHMcA=="],
+
     "punycode.js": ["punycode.js@2.3.1", "", {}, "sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA=="],
 
     "pvtsutils": ["pvtsutils@1.3.6", "", { "dependencies": { "tslib": "^2.8.1" } }, "sha512-PLgQXQ6H2FWCaeRak8vvk1GW462lMxB5s3Jm673N82zI4vqtVUPuZdffdZbPDFRoU8kAhItWFtPCWiPpp4/EDg=="],
@@ -2748,7 +2863,9 @@
 
     "qr.js": ["qr.js@0.0.0", "", {}, "sha512-c4iYnWb+k2E+vYpRimHqSu575b1/wKl4XFeJGpFmrJQz5I88v9aY2czh7s0w36srfCM1sXgC/xpoJz5dJfq+OQ=="],
 
-    "qs": ["qs@6.15.0", "", { "dependencies": { "side-channel": "^1.1.0" } }, "sha512-mAZTtNCeetKMH+pSjrb76NAM8V9a05I9aBZOHztWy/UqcJdQYNsf59vrRKWnojAT9Y+GbIvoTBC++CPHqpDBhQ=="],
+    "qs": ["qs@6.15.1", "", { "dependencies": { "side-channel": "^1.1.0" } }, "sha512-6YHEFRL9mfgcAvql/XhwTvf5jKcOiiupt2FiJxHkiX1z4j7WL8J/jRHYLluORvc1XxB5rV20KoeK00gVJamspg=="],
+
+    "query-selector-shadow-dom": ["query-selector-shadow-dom@1.0.1", "", {}, "sha512-lT5yCqEBgfoMYpf3F2xQRK7zEr1rhIIZuceDK6+xRkJQ4NMbHTwXqk4NkwDwQMNqXgG9r9fyHnzwNVs6zV5KRw=="],
 
     "queue-microtask": ["queue-microtask@1.2.3", "", {}, "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A=="],
 
@@ -2762,17 +2879,17 @@
 
     "raw-body": ["raw-body@3.0.2", "", { "dependencies": { "bytes": "~3.1.2", "http-errors": "~2.0.1", "iconv-lite": "~0.7.0", "unpipe": "~1.0.0" } }, "sha512-K5zQjDllxWkf7Z5xJdV0/B0WTNqx6vxG70zJE4N0kBs4LovmEYWJzQGxC9bS9RAKu3bgM40lrd5zoLJ12MQ5BA=="],
 
-    "react": ["react@19.2.4", "", {}, "sha512-9nfp2hYpCwOjAN+8TZFGhtWEwgvWHXqESH8qT89AT/lWklpLON22Lc8pEtnpsZz7VmawabSU0gCjnj8aC0euHQ=="],
+    "react": ["react@19.2.5", "", {}, "sha512-llUJLzz1zTUBrskt2pwZgLq59AemifIftw4aB7JxOqf1HY2FDaGDxgwpAPVzHU1kdWabH7FauP4i1oEeer2WCA=="],
 
     "react-async-script": ["react-async-script@1.2.0", "", { "dependencies": { "hoist-non-react-statics": "^3.3.0", "prop-types": "^15.5.0" }, "peerDependencies": { "react": ">=16.4.1" } }, "sha512-bCpkbm9JiAuMGhkqoAiC0lLkb40DJ0HOEJIku+9JDjxX3Rcs+ztEOG13wbrOskt3n2DTrjshhaQ/iay+SnGg5Q=="],
 
     "react-day-picker": ["react-day-picker@8.10.1", "", { "peerDependencies": { "date-fns": "^2.28.0 || ^3.0.0", "react": "^16.8.0 || ^17.0.0 || ^18.0.0" } }, "sha512-TMx7fNbhLk15eqcMt+7Z7S2KF7mfTId/XJDjKE8f+IUcFn0l08/kI4FiYTL/0yuOLmEcbR4Fwe3GJf/NiiMnPA=="],
 
-    "react-dom": ["react-dom@19.2.4", "", { "dependencies": { "scheduler": "^0.27.0" }, "peerDependencies": { "react": "^19.2.4" } }, "sha512-AXJdLo8kgMbimY95O2aKQqsz2iWi9jMgKJhRBAxECE4IFxfcazB2LmzloIoibJI3C12IlY20+KFaLv+71bUJeQ=="],
+    "react-dom": ["react-dom@19.2.5", "", { "dependencies": { "scheduler": "^0.27.0" }, "peerDependencies": { "react": "^19.2.5" } }, "sha512-J5bAZz+DXMMwW/wV3xzKke59Af6CHY7G4uYLN1OvBcKEsWOs4pQExj86BBKamxl/Ik5bx9whOrvBlSDfWzgSag=="],
 
     "react-google-recaptcha": ["react-google-recaptcha@3.1.0", "", { "dependencies": { "prop-types": "^15.5.0", "react-async-script": "^1.2.0" }, "peerDependencies": { "react": ">=16.4.1" } }, "sha512-cYW2/DWas8nEKZGD7SCu9BSuVz8iOcOLHChHyi7upUuVhkpkhYG/6N3KDiTQ3XAiZ2UAZkfvYKMfAHOzBOcGEg=="],
 
-    "react-hook-form": ["react-hook-form@7.71.2", "", { "peerDependencies": { "react": "^16.8.0 || ^17 || ^18 || ^19" } }, "sha512-1CHvcDYzuRUNOflt4MOq3ZM46AronNJtQ1S7tnX6YN4y72qhgiUItpacZUAQ0TyWYci3yz1X+rXaSxiuEm86PA=="],
+    "react-hook-form": ["react-hook-form@7.74.0", "", { "peerDependencies": { "react": "^16.8.0 || ^17 || ^18 || ^19" } }, "sha512-yR6wHr99p9wFv686jhRWVSFhUvDvNbdUf2dKlbno8/VKOCuoNobDGC6S+M2dua9A9Yo8vpcrp8assIYbsZCQ9g=="],
 
     "react-is": ["react-is@18.3.1", "", {}, "sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg=="],
 
@@ -2860,7 +2977,7 @@
 
     "reselect": ["reselect@5.1.1", "", {}, "sha512-K/BG6eIky/SBpzfHZv/dd+9JBFiS4SWV7FIujVyJRux6e45+73RaUHXLmIR1f7WOMaQ0U1km6qwklRQxpJJY0w=="],
 
-    "resolve": ["resolve@1.22.11", "", { "dependencies": { "is-core-module": "^2.16.1", "path-parse": "^1.0.7", "supports-preserve-symlinks-flag": "^1.0.0" }, "bin": { "resolve": "bin/resolve" } }, "sha512-RfqAvLnMl313r7c9oclB1HhUEAezcpLjz95wFH4LVuhk9JF/r22qmVP9AMmOU4vMX7Q8pN8jwNg/CSpdFnMjTQ=="],
+    "resolve": ["resolve@1.22.12", "", { "dependencies": { "es-errors": "^1.3.0", "is-core-module": "^2.16.1", "path-parse": "^1.0.7", "supports-preserve-symlinks-flag": "^1.0.0" }, "bin": { "resolve": "bin/resolve" } }, "sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA=="],
 
     "resolve-from": ["resolve-from@5.0.0", "", {}, "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw=="],
 
@@ -2878,7 +2995,9 @@
 
     "reusify": ["reusify@1.1.0", "", {}, "sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw=="],
 
-    "rollup": ["rollup@4.59.0", "", { "dependencies": { "@types/estree": "1.0.8" }, "optionalDependencies": { "@rollup/rollup-android-arm-eabi": "4.59.0", "@rollup/rollup-android-arm64": "4.59.0", "@rollup/rollup-darwin-arm64": "4.59.0", "@rollup/rollup-darwin-x64": "4.59.0", "@rollup/rollup-freebsd-arm64": "4.59.0", "@rollup/rollup-freebsd-x64": "4.59.0", "@rollup/rollup-linux-arm-gnueabihf": "4.59.0", "@rollup/rollup-linux-arm-musleabihf": "4.59.0", "@rollup/rollup-linux-arm64-gnu": "4.59.0", "@rollup/rollup-linux-arm64-musl": "4.59.0", "@rollup/rollup-linux-loong64-gnu": "4.59.0", "@rollup/rollup-linux-loong64-musl": "4.59.0", "@rollup/rollup-linux-ppc64-gnu": "4.59.0", "@rollup/rollup-linux-ppc64-musl": "4.59.0", "@rollup/rollup-linux-riscv64-gnu": "4.59.0", "@rollup/rollup-linux-riscv64-musl": "4.59.0", "@rollup/rollup-linux-s390x-gnu": "4.59.0", "@rollup/rollup-linux-x64-gnu": "4.59.0", "@rollup/rollup-linux-x64-musl": "4.59.0", "@rollup/rollup-openbsd-x64": "4.59.0", "@rollup/rollup-openharmony-arm64": "4.59.0", "@rollup/rollup-win32-arm64-msvc": "4.59.0", "@rollup/rollup-win32-ia32-msvc": "4.59.0", "@rollup/rollup-win32-x64-gnu": "4.59.0", "@rollup/rollup-win32-x64-msvc": "4.59.0", "fsevents": "~2.3.2" }, "bin": { "rollup": "dist/bin/rollup" } }, "sha512-2oMpl67a3zCH9H79LeMcbDhXW/UmWG/y2zuqnF2jQq5uq9TbM9TVyXvA4+t+ne2IIkBdrLpAaRQAvo7YI/Yyeg=="],
+    "rfc4648": ["rfc4648@1.5.4", "", {}, "sha512-rRg/6Lb+IGfJqO05HZkN50UtY7K/JhxJag1kP23+zyMfrvoB0B7RWv06MbOzoc79RgCdNTiUaNsTT1AJZ7Z+cg=="],
+
+    "rollup": ["rollup@4.60.2", "", { "dependencies": { "@types/estree": "1.0.8" }, "optionalDependencies": { "@rollup/rollup-android-arm-eabi": "4.60.2", "@rollup/rollup-android-arm64": "4.60.2", "@rollup/rollup-darwin-arm64": "4.60.2", "@rollup/rollup-darwin-x64": "4.60.2", "@rollup/rollup-freebsd-arm64": "4.60.2", "@rollup/rollup-freebsd-x64": "4.60.2", "@rollup/rollup-linux-arm-gnueabihf": "4.60.2", "@rollup/rollup-linux-arm-musleabihf": "4.60.2", "@rollup/rollup-linux-arm64-gnu": "4.60.2", "@rollup/rollup-linux-arm64-musl": "4.60.2", "@rollup/rollup-linux-loong64-gnu": "4.60.2", "@rollup/rollup-linux-loong64-musl": "4.60.2", "@rollup/rollup-linux-ppc64-gnu": "4.60.2", "@rollup/rollup-linux-ppc64-musl": "4.60.2", "@rollup/rollup-linux-riscv64-gnu": "4.60.2", "@rollup/rollup-linux-riscv64-musl": "4.60.2", "@rollup/rollup-linux-s390x-gnu": "4.60.2", "@rollup/rollup-linux-x64-gnu": "4.60.2", "@rollup/rollup-linux-x64-musl": "4.60.2", "@rollup/rollup-openbsd-x64": "4.60.2", "@rollup/rollup-openharmony-arm64": "4.60.2", "@rollup/rollup-win32-arm64-msvc": "4.60.2", "@rollup/rollup-win32-ia32-msvc": "4.60.2", "@rollup/rollup-win32-x64-gnu": "4.60.2", "@rollup/rollup-win32-x64-msvc": "4.60.2", "fsevents": "~2.3.2" }, "bin": { "rollup": "dist/bin/rollup" } }, "sha512-J9qZyW++QK/09NyN/zeO0dG/1GdGfyp9lV8ajHnRVLfo/uFsbji5mHnDgn/qYdUHyCkM2N+8VyspgZclfAh0eQ=="],
 
     "rope-sequence": ["rope-sequence@1.3.4", "", {}, "sha512-UT5EDe2cu2E/6O4igUr5PSFs23nvvukicWHx6GnOPlHAiiYbzNuCRQCuiUdHJQcqKalLKlrYJnjY0ySGsXNQXQ=="],
 
@@ -2894,49 +3013,49 @@
 
     "safer-buffer": ["safer-buffer@2.1.2", "", {}, "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="],
 
-    "samlify": ["samlify@2.11.0", "", { "dependencies": { "@authenio/xml-encryption": "^2.0.2", "@xmldom/xmldom": "^0.8.11", "camelcase": "^9.0.0", "node-rsa": "^1.1.1", "xml": "^1.0.1", "xml-crypto": "^6.1.2", "xml-escape": "^1.1.0", "xpath": "^0.0.34" } }, "sha512-1C9ukjlf0rRsuyqdzztqikdItqa33j9NCCDZgeBiWk0etU6vxNB+SWJKW4Flk07ZlhXeev/twALEKrPhIAyfDg=="],
+    "samlify": ["samlify@2.12.0", "", { "dependencies": { "@authenio/xml-encryption": "^2.0.2", "@xmldom/xmldom": "^0.8.11", "node-rsa": "^1.1.1", "xml": "^1.0.1", "xml-crypto": "^6.1.2", "xml-escape": "^1.1.0", "xpath": "^0.0.34" } }, "sha512-ewGsHyY4kInDH0BfprlAZ1rHpH1jBmbqYiXDbuI3t1Y8h71gqEt4Z7jdCFyPHFR8jItJkbdckTijUZGg14CDlg=="],
 
-    "sass": ["sass@1.98.0", "", { "dependencies": { "chokidar": "^4.0.0", "immutable": "^5.1.5", "source-map-js": ">=0.6.2 <2.0.0" }, "optionalDependencies": { "@parcel/watcher": "^2.4.1" }, "bin": { "sass": "sass.js" } }, "sha512-+4N/u9dZ4PrgzGgPlKnaaRQx64RO0JBKs9sDhQ2pLgN6JQZ25uPQZKQYaBJU48Kd5BxgXoJ4e09Dq7nMcOUW3A=="],
+    "sass": ["sass@1.99.0", "", { "dependencies": { "chokidar": "^4.0.0", "immutable": "^5.1.5", "source-map-js": ">=0.6.2 <2.0.0" }, "optionalDependencies": { "@parcel/watcher": "^2.4.1" }, "bin": { "sass": "sass.js" } }, "sha512-kgW13M54DUB7IsIRM5LvJkNlpH+WhMpooUcaWGFARkF1Tc82v9mIWkCbCYf+MBvpIUBSeSOTilpZjEPr2VYE6Q=="],
 
-    "sass-embedded": ["sass-embedded@1.98.0", "", { "dependencies": { "@bufbuild/protobuf": "^2.5.0", "colorjs.io": "^0.5.0", "immutable": "^5.1.5", "rxjs": "^7.4.0", "supports-color": "^8.1.1", "sync-child-process": "^1.0.2", "varint": "^6.0.0" }, "optionalDependencies": { "sass-embedded-all-unknown": "1.98.0", "sass-embedded-android-arm": "1.98.0", "sass-embedded-android-arm64": "1.98.0", "sass-embedded-android-riscv64": "1.98.0", "sass-embedded-android-x64": "1.98.0", "sass-embedded-darwin-arm64": "1.98.0", "sass-embedded-darwin-x64": "1.98.0", "sass-embedded-linux-arm": "1.98.0", "sass-embedded-linux-arm64": "1.98.0", "sass-embedded-linux-musl-arm": "1.98.0", "sass-embedded-linux-musl-arm64": "1.98.0", "sass-embedded-linux-musl-riscv64": "1.98.0", "sass-embedded-linux-musl-x64": "1.98.0", "sass-embedded-linux-riscv64": "1.98.0", "sass-embedded-linux-x64": "1.98.0", "sass-embedded-unknown-all": "1.98.0", "sass-embedded-win32-arm64": "1.98.0", "sass-embedded-win32-x64": "1.98.0" }, "bin": { "sass": "dist/bin/sass.js" } }, "sha512-Do7u6iRb6K+lrllcTkB1BXcHwOxcKe3rEfOF/GcCLE2w3WpddakRAosJOHFUR37DpsvimQXEt5abs3NzUjEIqg=="],
+    "sass-embedded": ["sass-embedded@1.99.0", "", { "dependencies": { "@bufbuild/protobuf": "^2.5.0", "colorjs.io": "^0.5.0", "immutable": "^5.1.5", "rxjs": "^7.4.0", "supports-color": "^8.1.1", "sync-child-process": "^1.0.2", "varint": "^6.0.0" }, "optionalDependencies": { "sass-embedded-all-unknown": "1.99.0", "sass-embedded-android-arm": "1.99.0", "sass-embedded-android-arm64": "1.99.0", "sass-embedded-android-riscv64": "1.99.0", "sass-embedded-android-x64": "1.99.0", "sass-embedded-darwin-arm64": "1.99.0", "sass-embedded-darwin-x64": "1.99.0", "sass-embedded-linux-arm": "1.99.0", "sass-embedded-linux-arm64": "1.99.0", "sass-embedded-linux-musl-arm": "1.99.0", "sass-embedded-linux-musl-arm64": "1.99.0", "sass-embedded-linux-musl-riscv64": "1.99.0", "sass-embedded-linux-musl-x64": "1.99.0", "sass-embedded-linux-riscv64": "1.99.0", "sass-embedded-linux-x64": "1.99.0", "sass-embedded-unknown-all": "1.99.0", "sass-embedded-win32-arm64": "1.99.0", "sass-embedded-win32-x64": "1.99.0" }, "bin": { "sass": "dist/bin/sass.js" } }, "sha512-gF/juR1aX02lZHkvwxdF80SapkQeg2fetoDF6gIQkNbSw5YEUFspMkyGTjPjgZSgIHuZpy+Wz4PlebKnLXMjdg=="],
 
-    "sass-embedded-all-unknown": ["sass-embedded-all-unknown@1.98.0", "", { "dependencies": { "sass": "1.98.0" }, "cpu": [ "!arm", "!x64", "!arm64", ] }, "sha512-6n4RyK7/1mhdfYvpP3CClS3fGoYqDvRmLClCESS6I7+SAzqjxvGG6u5Fo+cb1nrPNbbilgbM4QKdgcgWHO9NCA=="],
+    "sass-embedded-all-unknown": ["sass-embedded-all-unknown@1.99.0", "", { "dependencies": { "sass": "1.99.0" }, "cpu": [ "!arm", "!x64", "!arm64", ] }, "sha512-qPIRG8Uhjo6/OKyAKixTnwMliTz+t9K6Duk0mx5z+K7n0Ts38NSJz2sjDnc7cA/8V9Lb3q09H38dZ1CLwD+ssw=="],
 
-    "sass-embedded-android-arm": ["sass-embedded-android-arm@1.98.0", "", { "os": "android", "cpu": "arm" }, "sha512-LjGiMhHgu7VL1n7EJxTCre1x14bUsWd9d3dnkS2rku003IWOI/fxc7OXgaKagoVzok1kv09rzO3vFXJR5ZeONQ=="],
+    "sass-embedded-android-arm": ["sass-embedded-android-arm@1.99.0", "", { "os": "android", "cpu": "arm" }, "sha512-EHvJ0C7/VuP78Qr6f8gIUVUmCqIorEQpw2yp3cs3SMg02ZuumlhjXvkTcFBxHmFdFR23vTNk1WnhY6QSeV1nFQ=="],
 
-    "sass-embedded-android-arm64": ["sass-embedded-android-arm64@1.98.0", "", { "os": "android", "cpu": "arm64" }, "sha512-M9Ra98A6vYJHpwhoC/5EuH1eOshQ9ZyNwC8XifUDSbRl/cGeQceT1NReR9wFj3L7s1pIbmes1vMmaY2np0uAKQ=="],
+    "sass-embedded-android-arm64": ["sass-embedded-android-arm64@1.99.0", "", { "os": "android", "cpu": "arm64" }, "sha512-fNHhdnP23yqqieCbAdym4N47AleSwjbNt6OYIYx4DdACGdtERjQB4iOX/TaKsW034MupfF7SjnAAK8w7Ptldtg=="],
 
-    "sass-embedded-android-riscv64": ["sass-embedded-android-riscv64@1.98.0", "", { "os": "android", "cpu": "none" }, "sha512-WPe+0NbaJIZE1fq/RfCZANMeIgmy83x4f+SvFOG7LhUthHpZWcOcrPTsCKKmN3xMT3iw+4DXvqTYOCYGRL3hcQ=="],
+    "sass-embedded-android-riscv64": ["sass-embedded-android-riscv64@1.99.0", "", { "os": "android", "cpu": "none" }, "sha512-4zqDFRvgGDTL5vTHuIhRxUpXFoh0Cy7Gm5Ywk19ASd8Settmd14YdPRZPmMxfgS1GH292PofV1fq1ifiSEJWBw=="],
 
-    "sass-embedded-android-x64": ["sass-embedded-android-x64@1.98.0", "", { "os": "android", "cpu": "x64" }, "sha512-zrD25dT7OHPEgLWuPEByybnIfx4rnCtfge4clBgjZdZ3lF6E7qNLRBtSBmoFflh6Vg0RlEjJo5VlpnTMBM5MQQ=="],
+    "sass-embedded-android-x64": ["sass-embedded-android-x64@1.99.0", "", { "os": "android", "cpu": "x64" }, "sha512-Uk53k/dGYt04RjOL4gFjZ0Z9DH9DKh8IA8WsXUkNqsxerAygoy3zqRBS2zngfE9K2jiOM87q+1R1p87ory9oQQ=="],
 
-    "sass-embedded-darwin-arm64": ["sass-embedded-darwin-arm64@1.98.0", "", { "os": "darwin", "cpu": "arm64" }, "sha512-cgr1z9rBnCdMf8K+JabIaYd9Rag2OJi5mjq08XJfbJGMZV/TA6hFJCLGkr5/+ZOn4/geTM5/3aSfQ8z5EIJAOg=="],
+    "sass-embedded-darwin-arm64": ["sass-embedded-darwin-arm64@1.99.0", "", { "os": "darwin", "cpu": "arm64" }, "sha512-u61/7U3IGLqoO6gL+AHeiAtlTPFwJK1+964U8gp45ZN0hzh1yrARf5O1mivXv8NnNgJvbG2wWJbiNZP0lG/lTg=="],
 
-    "sass-embedded-darwin-x64": ["sass-embedded-darwin-x64@1.98.0", "", { "os": "darwin", "cpu": "x64" }, "sha512-OLBOCs/NPeiMqTdOrMFbVHBQFj19GS3bSVSxIhcCq16ZyhouUkYJEZjxQgzv9SWA2q6Ki8GCqp4k6jMeUY9dcA=="],
+    "sass-embedded-darwin-x64": ["sass-embedded-darwin-x64@1.99.0", "", { "os": "darwin", "cpu": "x64" }, "sha512-j/kkk/NcXdIameLezSfXjgCiBkVcA+G60AXrX768/3g0miK1g7M9dj7xOhCb1i7/wQeiEI3rw2LLuO63xRIn4A=="],
 
-    "sass-embedded-linux-arm": ["sass-embedded-linux-arm@1.98.0", "", { "os": "linux", "cpu": "arm" }, "sha512-03baQZCxVyEp8v1NWBRlzGYrmVT/LK7ZrHlF1piscGiGxwfdxoLXVuxsylx3qn/dD/4i/rh7Bzk7reK1br9jvQ=="],
+    "sass-embedded-linux-arm": ["sass-embedded-linux-arm@1.99.0", "", { "os": "linux", "cpu": "arm" }, "sha512-d4IjJZrX2+AwB2YCy1JySwdptJECNP/WfAQLUl8txI3ka8/d3TUI155GtelnoZUkio211PwIeFvvAeZ9RXPQnw=="],
 
-    "sass-embedded-linux-arm64": ["sass-embedded-linux-arm64@1.98.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-axOE3t2MTBwCtkUCbrdM++Gj0gC0fdHJPrgzQ+q1WUmY9NoNMGqflBtk5mBZaWUeha2qYO3FawxCB8lctFwCtw=="],
+    "sass-embedded-linux-arm64": ["sass-embedded-linux-arm64@1.99.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-btNcFpItcB56L40n8hDeL7sRSMLDXQ56nB5h2deddJx1n60rpKSElJmkaDGHtpkrY+CTtDRV0FZDjHeTJddYew=="],
 
-    "sass-embedded-linux-musl-arm": ["sass-embedded-linux-musl-arm@1.98.0", "", { "os": "linux", "cpu": "arm" }, "sha512-OBkjTDPYR4hSaueOGIM6FDpl9nt/VZwbSRpbNu9/eEJcxE8G/vynRugW8KRZmCFjPy8j/jkGBvvS+k9iOqKV3g=="],
+    "sass-embedded-linux-musl-arm": ["sass-embedded-linux-musl-arm@1.99.0", "", { "os": "linux", "cpu": "arm" }, "sha512-2gvHOupgIw3ytatXT4nFUow71LFbuOZPEwG+HUzcNQDH8ue4Ez8cr03vsv5MDv3lIjOKcXwDvWD980t18MwkoQ=="],
 
-    "sass-embedded-linux-musl-arm64": ["sass-embedded-linux-musl-arm64@1.98.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-LeqNxQA8y4opjhe68CcFvMzCSrBuJqYVFbwElEj9bagHXQHTp9xVPJRn6VcrC+0VLEDq13HVXMv7RslIuU0zmA=="],
+    "sass-embedded-linux-musl-arm64": ["sass-embedded-linux-musl-arm64@1.99.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-Hi2bt/IrM5P4FBKz6EcHAlniwfpoz9mnTdvSd58y+avA3SANM76upIkAdSayA8ZGwyL3gZokru1AKDPF9lJDNw=="],
 
-    "sass-embedded-linux-musl-riscv64": ["sass-embedded-linux-musl-riscv64@1.98.0", "", { "os": "linux", "cpu": "none" }, "sha512-7w6hSuOHKt8FZsmjRb3iGSxEzM87fO9+M8nt5JIQYMhHTj5C+JY/vcske0v715HCVj5e1xyTnbGXf8FcASeAIw=="],
+    "sass-embedded-linux-musl-riscv64": ["sass-embedded-linux-musl-riscv64@1.99.0", "", { "os": "linux", "cpu": "none" }, "sha512-mKqGvVaJ9rHMqyZsF0kikQe4NO0f4osb67+X6nLhBiVDKvyazQHJ3zJQreNefIE36yL2sjHIclSB//MprzaQDg=="],
 
-    "sass-embedded-linux-musl-x64": ["sass-embedded-linux-musl-x64@1.98.0", "", { "os": "linux", "cpu": "x64" }, "sha512-QikNyDEJOVqPmxyCFkci8ZdCwEssdItfjQFJB+D+Uy5HFqcS5Lv3d3GxWNX/h1dSb23RPyQdQc267ok5SbEyJw=="],
+    "sass-embedded-linux-musl-x64": ["sass-embedded-linux-musl-x64@1.99.0", "", { "os": "linux", "cpu": "x64" }, "sha512-huhgOMmOc30r7CH7qbRbT9LerSEGSnWuS4CYNOskr9BvNeQp4dIneFufNRGZ7hkOAxUM8DglxIZJN/cyAT95Ew=="],
 
-    "sass-embedded-linux-riscv64": ["sass-embedded-linux-riscv64@1.98.0", "", { "os": "linux", "cpu": "none" }, "sha512-E7fNytc/v4xFBQKzgzBddV/jretA4ULAPO6XmtBiQu4zZBdBozuSxsQLe2+XXeb0X4S2GIl72V7IPABdqke/vA=="],
+    "sass-embedded-linux-riscv64": ["sass-embedded-linux-riscv64@1.99.0", "", { "os": "linux", "cpu": "none" }, "sha512-mevFPIFAVhrH90THifxLfOntFmHtcEKOcdWnep2gJ0X4DVva4AiVIRlQe/7w9JFx5+gnDRE1oaJJkzuFUuYZsA=="],
 
-    "sass-embedded-linux-x64": ["sass-embedded-linux-x64@1.98.0", "", { "os": "linux", "cpu": "x64" }, "sha512-VsvP0t/uw00mMNPv3vwyYKUrFbqzxQHnRMO+bHdAMjvLw4NFf6mscpym9Bzf+NXwi1ZNKnB6DtXjmcpcvqFqYg=="],
+    "sass-embedded-linux-x64": ["sass-embedded-linux-x64@1.99.0", "", { "os": "linux", "cpu": "x64" }, "sha512-9k7IkULqIZdCIVt4Mboryt6vN8Mjmm3EhI1P3mClU5y5i3wLK5ExC3cbVWk047KsID/fvB1RLslqghXJx5BoxA=="],
 
-    "sass-embedded-unknown-all": ["sass-embedded-unknown-all@1.98.0", "", { "dependencies": { "sass": "1.98.0" }, "os": [ "!linux", "!win32", "!darwin", "!android", ] }, "sha512-C4MMzcAo3oEDQnW7L8SBgB9F2Fq5qHPnaYTZRMOH3Mp/7kM4OooBInXpCiiFjLnjY95hzP4KyctVx0uYR6MYlQ=="],
+    "sass-embedded-unknown-all": ["sass-embedded-unknown-all@1.99.0", "", { "dependencies": { "sass": "1.99.0" }, "os": [ "!linux", "!win32", "!darwin", "!android", ] }, "sha512-P7MxiUtL/XzGo3PX0CaB8lNNEFLQWKikPA8pbKytx9ZCLZSDkt2NJcdAbblB/sqMs4AV3EK2NadV8rI/diq3xg=="],
 
-    "sass-embedded-win32-arm64": ["sass-embedded-win32-arm64@1.98.0", "", { "os": "win32", "cpu": "arm64" }, "sha512-nP/10xbAiPbhQkMr3zQfXE4TuOxPzWRQe1Hgbi90jv2R4TbzbqQTuZVOaJf7KOAN4L2Bo6XCTRjK5XkVnwZuwQ=="],
+    "sass-embedded-win32-arm64": ["sass-embedded-win32-arm64@1.99.0", "", { "os": "win32", "cpu": "arm64" }, "sha512-8whpsW7S+uO8QApKfQuc36m3P9EISzbVZOgC79goob4qGy09u8Gz/rYvw8h1prJDSjltpHGhOzBE6LDz7WvzVw=="],
 
-    "sass-embedded-win32-x64": ["sass-embedded-win32-x64@1.98.0", "", { "os": "win32", "cpu": "x64" }, "sha512-/lbrVsfbcbdZQ5SJCWcV0NVPd6YRs+FtAnfedp4WbCkO/ZO7Zt/58MvI4X2BVpRY/Nt5ZBo1/7v2gYcQ+J4svQ=="],
+    "sass-embedded-win32-x64": ["sass-embedded-win32-x64@1.99.0", "", { "os": "win32", "cpu": "x64" }, "sha512-ipuOv1R2K4MHeuCEAZGpuUbAgma4gb0sdacyrTjJtMOy/OY9UvWfVlwErdB09KIkp4fPDpQJDJfvYN6bC8jeNg=="],
 
-    "sax": ["sax@1.5.0", "", {}, "sha512-21IYA3Q5cQf089Z6tgaUTr7lDAyzoTPx5HRtbhsME8Udispad8dC/+sziTNugOEx54ilvatQ9YCzl4KQLPcRHA=="],
+    "sax": ["sax@1.6.0", "", {}, "sha512-6R3J5M4AcbtLUdZmRv2SygeVaM7IhrLXu9BmnOGmmACak8fiUtOsYNWUS4uK7upbmHIBbLBeFeI//477BKLBzA=="],
 
     "scheduler": ["scheduler@0.27.0", "", {}, "sha512-eNv+WrVbKu1f3vbYJT/xtiF5syA5HPIMtf9IgY/nKg0sWqzAUEvqY/xm7OcZc/qafLx/iO9FgOmeSAp4v5ti/Q=="],
 
@@ -2946,13 +3065,13 @@
 
     "send": ["send@1.2.1", "", { "dependencies": { "debug": "^4.4.3", "encodeurl": "^2.0.0", "escape-html": "^1.0.3", "etag": "^1.8.1", "fresh": "^2.0.0", "http-errors": "^2.0.1", "mime-types": "^3.0.2", "ms": "^2.1.3", "on-finished": "^2.4.1", "range-parser": "^1.2.1", "statuses": "^2.0.2" } }, "sha512-1gnZf7DFcoIcajTjTwjwuDjzuz4PPcY2StKPlsGAQ1+YH20IRVrBaXSWmdjowTJ6u8Rc01PoYOGHXfP1mYcZNQ=="],
 
-    "seroval": ["seroval@1.5.1", "", {}, "sha512-OwrZRZAfhHww0WEnKHDY8OM0U/Qs8OTfIDWhUD4BLpNJUfXK4cGmjiagGze086m+mhI+V2nD0gfbHEnJjb9STA=="],
+    "seroval": ["seroval@1.5.2", "", {}, "sha512-xcRN39BdsnO9Tf+VzsE7b3JyTJASItIV1FVFewJKCFcW4s4haIKS3e6vj8PGB9qBwC7tnuOywQMdv5N4qkzi7Q=="],
 
-    "seroval-plugins": ["seroval-plugins@1.5.1", "", { "peerDependencies": { "seroval": "^1.0" } }, "sha512-4FbuZ/TMl02sqv0RTFexu0SP6V+ywaIe5bAWCCEik0fk17BhALgwvUDVF7e3Uvf9pxmwCEJsRPmlkUE6HdzLAw=="],
+    "seroval-plugins": ["seroval-plugins@1.5.2", "", { "peerDependencies": { "seroval": "^1.0" } }, "sha512-qpY0Cl+fKYFn4GOf3cMiq6l72CpuVaawb6ILjubOQ+diJ54LfOWaSSPsaswN8DRPIPW4Yq+tE1k5aKd7ILyaFg=="],
 
     "serve-static": ["serve-static@2.2.1", "", { "dependencies": { "encodeurl": "^2.0.0", "escape-html": "^1.0.3", "parseurl": "^1.3.3", "send": "^1.2.0" } }, "sha512-xRXBn0pPqQTVQiC8wyQrKs2MOlX24zQ0POGaj0kultvoOCstBQM5yvOhAVSUwOMjQtTvsPWoNCHfPGwaaQJhTw=="],
 
-    "set-cookie-parser": ["set-cookie-parser@2.7.2", "", {}, "sha512-oeM1lpU/UvhTxw+g3cIfxXHyJRc/uidd3yK1P242gzHds0udQBYzs3y8j4gCCW+ZJ7ad0yctld8RYO+bdurlvw=="],
+    "set-cookie-parser": ["set-cookie-parser@3.1.0", "", {}, "sha512-kjnC1DXBHcxaOaOXBHBeRtltsDG2nUiUni+jP92M9gYdW12rsmx92UsfpH7o5tDRs7I1ZZPSQJQGv3UaRfCiuw=="],
 
     "setprototypeof": ["setprototypeof@1.2.0", "", {}, "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="],
 
@@ -2972,7 +3091,7 @@
 
     "side-channel": ["side-channel@1.1.0", "", { "dependencies": { "es-errors": "^1.3.0", "object-inspect": "^1.13.3", "side-channel-list": "^1.0.0", "side-channel-map": "^1.0.1", "side-channel-weakmap": "^1.0.2" } }, "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw=="],
 
-    "side-channel-list": ["side-channel-list@1.0.0", "", { "dependencies": { "es-errors": "^1.3.0", "object-inspect": "^1.13.3" } }, "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA=="],
+    "side-channel-list": ["side-channel-list@1.0.1", "", { "dependencies": { "es-errors": "^1.3.0", "object-inspect": "^1.13.4" } }, "sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w=="],
 
     "side-channel-map": ["side-channel-map@1.0.1", "", { "dependencies": { "call-bound": "^1.0.2", "es-errors": "^1.3.0", "get-intrinsic": "^1.2.5", "object-inspect": "^1.13.3" } }, "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA=="],
 
@@ -2986,7 +3105,13 @@
 
     "slice-ansi": ["slice-ansi@8.0.0", "", { "dependencies": { "ansi-styles": "^6.2.3", "is-fullwidth-code-point": "^5.1.0" } }, "sha512-stxByr12oeeOyY2BlviTNQlYV5xOj47GirPr4yA1hE9JCtxfQN0+tVbkxwCtYDQWhEKWFHsEK48ORg5jrouCAg=="],
 
-    "smol-toml": ["smol-toml@1.6.0", "", {}, "sha512-4zemZi0HvTnYwLfrpk/CF9LOd9Lt87kAt50GnqhMpyF9U3poDAP2+iukq2bZsO/ufegbYehBkqINbsWxj4l4cw=="],
+    "smart-buffer": ["smart-buffer@4.2.0", "", {}, "sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg=="],
+
+    "smol-toml": ["smol-toml@1.6.1", "", {}, "sha512-dWUG8F5sIIARXih1DTaQAX4SsiTXhInKf1buxdY9DIg4ZYPZK5nGM1VRIYmEbDbsHt7USo99xSLFu5Q1IqTmsg=="],
+
+    "socks": ["socks@2.8.7", "", { "dependencies": { "ip-address": "^10.0.1", "smart-buffer": "^4.2.0" } }, "sha512-HLpt+uLy/pxB+bum/9DzAgiKS8CX1EvbWxI4zlmgGCExImLdiad2iCwXT5Z4c9c3Eq8rP2318mPW2c+QbtjK8A=="],
+
+    "socks-proxy-agent": ["socks-proxy-agent@8.0.5", "", { "dependencies": { "agent-base": "^7.1.2", "debug": "^4.3.4", "socks": "^2.8.3" } }, "sha512-HehCEsotFqbPW9sJ8WVYB6UbmIMv7kUUORIF2Nncq4VQvBfNBLibW9YZR5dlYCSUhwcD628pRllm7n+E+YTzJw=="],
 
     "sonner": ["sonner@2.0.7", "", { "peerDependencies": { "react": "^18.0.0 || ^19.0.0 || ^19.0.0-rc", "react-dom": "^18.0.0 || ^19.0.0 || ^19.0.0-rc" } }, "sha512-W6ZN4p58k8aDKA4XPcx2hpIQXBRAgyiWVkYhT7CvK6D3iAu7xjvVyhQHg2/iaKJZ1XVJ4r7XuwGL+WGEK37i9w=="],
 
@@ -3006,7 +3131,11 @@
 
     "statuses": ["statuses@2.0.2", "", {}, "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw=="],
 
-    "string-width": ["string-width@8.2.0", "", { "dependencies": { "get-east-asian-width": "^1.5.0", "strip-ansi": "^7.1.2" } }, "sha512-6hJPQ8N0V0P3SNmP6h2J99RLuzrWz2gvT7VnK5tKvrNqJoyS9W4/Fb8mo31UiPvy00z7DQXkP2hnKBVav76thw=="],
+    "stream-buffers": ["stream-buffers@3.0.3", "", {}, "sha512-pqMqwQCso0PBJt2PQmDO0cFj0lyqmiwOMiMSkVtRokl7e+ZTRYgDHKnuZNbqjiJXgsg4nuqtD/zxuo9KqTp0Yw=="],
+
+    "streamx": ["streamx@2.25.0", "", { "dependencies": { "events-universal": "^1.0.0", "fast-fifo": "^1.3.2", "text-decoder": "^1.1.0" } }, "sha512-0nQuG6jf1w+wddNEEXCF4nTg3LtufWINB5eFEN+5TNZW7KWJp6x87+JFL43vaAUPyCfH1wID+mNVyW6OHtFamg=="],
+
+    "string-width": ["string-width@8.2.1", "", { "dependencies": { "get-east-asian-width": "^1.5.0", "strip-ansi": "^7.1.2" } }, "sha512-IIaP0g3iy9Cyy18w3M9YcaDudujEAVHKt3a3QJg1+sr/oX96TbaGUubG0hJyCjCBThFH+tFpcIyoUHUn1ogaLA=="],
 
     "stringify-entities": ["stringify-entities@4.0.4", "", { "dependencies": { "character-entities-html4": "^2.0.0", "character-entities-legacy": "^3.0.0" } }, "sha512-IwfBptatlO+QCJUo19AqvrPNqlVMpW9YEL2LIVY+Rpv2qsjCGxaDLNRgeGsQWJhfItebuJhsGSLjaBbNSQ+ieg=="],
 
@@ -3014,7 +3143,7 @@
 
     "strip-json-comments": ["strip-json-comments@5.0.3", "", {}, "sha512-1tB5mhVo7U+ETBKNf92xT4hrQa3pm0MZ0PQvuDnWgAAGHDsfp4lPSpiS6psrSiet87wyGPh9ft6wmhOMQ0hDiw=="],
 
-    "strnum": ["strnum@2.2.0", "", {}, "sha512-Y7Bj8XyJxnPAORMZj/xltsfo55uOiyHcU2tnAVzHUnSJR/KsEX+9RoDeXEnsXtl/CX4fAcrt64gZ13aGaWPeBg=="],
+    "strnum": ["strnum@2.2.3", "", {}, "sha512-oKx6RUCuHfT3oyVjtnrmn19H1SiCqgJSg+54XqURKp5aCMbrXrhLjRN9TjuwMjiYstZ0MzDrHqkGZ5dFTKd+zg=="],
 
     "style-to-js": ["style-to-js@1.1.21", "", { "dependencies": { "style-to-object": "1.0.14" } }, "sha512-RjQetxJrrUJLQPHbLku6U/ocGtzyjbJMP9lCNK7Ag0CNh690nSH8woqWH9u16nMjYBAok+i7JO1NP2pOy8IsPQ=="],
 
@@ -3042,16 +3171,24 @@
 
     "tailwind-merge": ["tailwind-merge@3.5.0", "", {}, "sha512-I8K9wewnVDkL1NTGoqWmVEIlUcB9gFriAEkXkfCjX5ib8ezGxtR3xD7iZIxrfArjEsH7F1CHD4RFUtxefdqV/A=="],
 
-    "tailwindcss": ["tailwindcss@4.2.1", "", {}, "sha512-/tBrSQ36vCleJkAOsy9kbNTgaxvGbyOamC30PRePTQe/o1MFwEKHQk4Cn7BNGaPtjp+PuUrByJehM1hgxfq4sw=="],
+    "tailwindcss": ["tailwindcss@4.2.4", "", {}, "sha512-HhKppgO81FQof5m6TEnuBWCZGgfRAWbaeOaGT00KOy/Pf/j6oUihdvBpA7ltCeAvZpFhW3j0PTclkxsd4IXYDA=="],
 
     "tailwindcss-animate": ["tailwindcss-animate@1.0.7", "", { "peerDependencies": { "tailwindcss": ">=3.0.0 || insiders" } }, "sha512-bl6mpH3T7I3UFxuvDEXLxy/VuFxBk5bbzplh7tXI68mwMokNYd1t9qPBHlnyTwfa4JGC4zP516I1hYYtQ/vspA=="],
 
-    "tapable": ["tapable@2.3.0", "", {}, "sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg=="],
+    "tapable": ["tapable@2.3.3", "", {}, "sha512-uxc/zpqFg6x7C8vOE7lh6Lbda8eEL9zmVm/PLeTPBRhh1xCgdWaQ+J1CUieGpIfm2HdtsUpRv+HshiasBMcc6A=="],
 
-    "tar": ["tar@7.5.11", "", { "dependencies": { "@isaacs/fs-minipass": "^4.0.0", "chownr": "^3.0.0", "minipass": "^7.1.2", "minizlib": "^3.1.0", "yallist": "^5.0.0" } }, "sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ=="],
+    "tar": ["tar@7.5.13", "", { "dependencies": { "@isaacs/fs-minipass": "^4.0.0", "chownr": "^3.0.0", "minipass": "^7.1.2", "minizlib": "^3.1.0", "yallist": "^5.0.0" } }, "sha512-tOG/7GyXpFevhXVh8jOPJrmtRpOTsYqUIkVdVooZYJS/z8WhfQUX8RJILmeuJNinGAMSu1veBr4asSHFt5/hng=="],
+
+    "tar-fs": ["tar-fs@3.1.2", "", { "dependencies": { "pump": "^3.0.0", "tar-stream": "^3.1.5" }, "optionalDependencies": { "bare-fs": "^4.0.1", "bare-path": "^3.0.0" } }, "sha512-QGxxTxxyleAdyM3kpFs14ymbYmNFrfY+pHj7Z8FgtbZ7w2//VAgLMac7sT6nRpIHjppXO2AwwEOg0bPFVRcmXw=="],
+
+    "tar-stream": ["tar-stream@3.1.8", "", { "dependencies": { "b4a": "^1.6.4", "bare-fs": "^4.5.5", "fast-fifo": "^1.2.0", "streamx": "^2.15.0" } }, "sha512-U6QpVRyCGHva435KoNWy9PRoi2IFYCgtEhq9nmrPPpbRacPs9IH4aJ3gbrFC8dPcXvdSZ4XXfXT5Fshbp2MtlQ=="],
+
+    "teex": ["teex@1.0.1", "", { "dependencies": { "streamx": "^2.12.5" } }, "sha512-eYE6iEI62Ni1H8oIa7KlDU6uQBtqr4Eajni3wX7rpfXD8ysFx8z0+dri+KWEPWpBsxXfxu58x/0jvTVT1ekOSg=="],
 
     "terminal-size": ["terminal-size@4.0.1", "", {}, "sha512-avMLDQpUI9I5XFrklECw1ZEUPJhqzcwSWsyyI8blhRLT+8N1jLJWLWWYQpB2q2xthq8xDvjZPISVh53T/+CLYQ=="],
 
+    "text-decoder": ["text-decoder@1.2.7", "", { "dependencies": { "b4a": "^1.6.4" } }, "sha512-vlLytXkeP4xvEq2otHeJfSQIRyWxo/oZGEbXrtEEF9Hnmrdly59sUbzZ/QgyWuLYHctCHxFF4tRQZNQ9k60ExQ=="],
+
     "thenify": ["thenify@3.3.1", "", { "dependencies": { "any-promise": "^1.0.0" } }, "sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw=="],
 
     "thenify-all": ["thenify-all@1.6.0", "", { "dependencies": { "thenify": ">= 3.1.0 < 4" } }, "sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA=="],
@@ -3064,9 +3201,9 @@
 
     "tiny-warning": ["tiny-warning@1.0.3", "", {}, "sha512-lBN9zLN/oAf68o3zNXYrdCt1kP8WsiGW8Oo2ka41b2IM5JL/S1CTyX1rW0mb/zSuJun0ZUrDxx4sqvYS2FWzPA=="],
 
-    "tinyexec": ["tinyexec@1.0.4", "", {}, "sha512-u9r3uZC0bdpGOXtlxUIdwf9pkmvhqJdrVCH9fapQtgy/OeTTMZ1nqH7agtvEfmGui6e1XxjcdrlxvxJvc3sMqw=="],
+    "tinyexec": ["tinyexec@1.1.1", "", {}, "sha512-VKS/ZaQhhkKFMANmAOhhXVoIfBXblQxGX1myCQ2faQrfmobMftXeJPcZGp0gS07ocvGJWDLZGyOZDadDBqYIJg=="],
 
-    "tinyglobby": ["tinyglobby@0.2.15", "", { "dependencies": { "fdir": "^6.5.0", "picomatch": "^4.0.3" } }, "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ=="],
+    "tinyglobby": ["tinyglobby@0.2.16", "", { "dependencies": { "fdir": "^6.5.0", "picomatch": "^4.0.4" } }, "sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg=="],
 
     "to-regex-range": ["to-regex-range@5.0.1", "", { "dependencies": { "is-number": "^7.0.0" } }, "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ=="],
 
@@ -3100,16 +3237,12 @@
 
     "tweetnacl": ["tweetnacl@1.0.3", "", {}, "sha512-6rt+RN7aOi1nGMyC4Xa5DdYiukl2UWCbcJft7YhxReBGQD7OAM8Pbxw6YMo4r2diNEA8FEmu32YOn9rhaiE5yw=="],
 
-    "type-fest": ["type-fest@5.5.0", "", { "dependencies": { "tagged-tag": "^1.0.0" } }, "sha512-PlBfpQwiUvGViBNX84Yxwjsdhd1TUlXr6zjX7eoirtCPIr08NAmxwa+fcYBTeRQxHo9YC9wwF3m9i700sHma8g=="],
+    "type-fest": ["type-fest@5.6.0", "", { "dependencies": { "tagged-tag": "^1.0.0" } }, "sha512-8ZiHFm91orbSAe2PSAiSVBVko18pbhbiB3U9GglSzF/zCGkR+rxpHx6sEMCUm4kxY4LjDIUGgCfUMtwfZfjfUA=="],
 
     "type-is": ["type-is@2.0.1", "", { "dependencies": { "content-type": "^1.0.5", "media-typer": "^1.1.0", "mime-types": "^3.0.0" } }, "sha512-OZs6gsjF4vMp32qrCbiVSkrFmXtG/AZhY3t0iAMrMBiAZyV9oALtXO8hsrHbMXF9x6L3grlFuwW2oAz7cav+Gw=="],
 
     "typescript": ["typescript@5.9.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw=="],
 
-    "ua-is-frozen": ["ua-is-frozen@0.1.2", "", {}, "sha512-RwKDW2p3iyWn4UbaxpP2+VxwqXh0jpvdxsYpZ5j/MLLiQOfbsV5shpgQiw93+KMYQPcteeMQ289MaAFzs3G9pw=="],
-
-    "ua-parser-js": ["ua-parser-js@2.0.9", "", { "dependencies": { "detect-europe-js": "^0.1.2", "is-standalone-pwa": "^0.1.1", "ua-is-frozen": "^0.1.2" }, "bin": { "ua-parser-js": "script/cli.js" } }, "sha512-OsqGhxyo/wGdLSXMSJxuMGN6H4gDnKz6Fb3IBm4bxZFMnyy0sdf6MN96Ie8tC6z/btdO+Bsy8guxlvLdwT076w=="],
-
     "uc.micro": ["uc.micro@2.1.0", "", {}, "sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A=="],
 
     "ufo": ["ufo@1.6.3", "", {}, "sha512-yDJTmhydvl5lJzBmy/hyOAA0d+aqCBuwl818haVdYCRrWV84o7YyeVm4QlVHStqNrrJSTb6jKuFAVqAFsr+K3Q=="],
@@ -3120,7 +3253,7 @@
 
     "uncrypto": ["uncrypto@0.1.3", "", {}, "sha512-Ql87qFHB3s/De2ClA9e0gsnS6zXG27SkTiSJwjCc9MebbfapQfuPzumMIUMi38ezPZVNFcHI9sUIepeQfw8J8Q=="],
 
-    "undici": ["undici@7.18.2", "", {}, "sha512-y+8YjDFzWdQlSE9N5nzKMT3g4a5UBX1HKowfdXh0uvAnTaqqwqB92Jt4UXBAeKekDs5IaDKyJFR4X1gYVCgXcw=="],
+    "undici": ["undici@6.25.0", "", {}, "sha512-ZgpWDC5gmNiuY9CnLVXEH8rl50xhRCuLNA97fAUnKi8RRuV4E6KG31pDTsLVUKnohJE0I3XDrTeEydAXRw47xg=="],
 
     "undici-types": ["undici-types@7.16.0", "", {}, "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw=="],
 
@@ -3156,7 +3289,7 @@
 
     "unpipe": ["unpipe@1.0.0", "", {}, "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ=="],
 
-    "unstorage": ["unstorage@1.17.4", "", { "dependencies": { "anymatch": "^3.1.3", "chokidar": "^5.0.0", "destr": "^2.0.5", "h3": "^1.15.5", "lru-cache": "^11.2.0", "node-fetch-native": "^1.6.7", "ofetch": "^1.5.1", "ufo": "^1.6.3" }, "peerDependencies": { "@azure/app-configuration": "^1.8.0", "@azure/cosmos": "^4.2.0", "@azure/data-tables": "^13.3.0", "@azure/identity": "^4.6.0", "@azure/keyvault-secrets": "^4.9.0", "@azure/storage-blob": "^12.26.0", "@capacitor/preferences": "^6 || ^7 || ^8", "@deno/kv": ">=0.9.0", "@netlify/blobs": "^6.5.0 || ^7.0.0 || ^8.1.0 || ^9.0.0 || ^10.0.0", "@planetscale/database": "^1.19.0", "@upstash/redis": "^1.34.3", "@vercel/blob": ">=0.27.1", "@vercel/functions": "^2.2.12 || ^3.0.0", "@vercel/kv": "^1 || ^2 || ^3", "aws4fetch": "^1.0.20", "db0": ">=0.2.1", "idb-keyval": "^6.2.1", "ioredis": "^5.4.2", "uploadthing": "^7.4.4" }, "optionalPeers": ["@azure/app-configuration", "@azure/cosmos", "@azure/data-tables", "@azure/identity", "@azure/keyvault-secrets", "@azure/storage-blob", "@capacitor/preferences", "@deno/kv", "@netlify/blobs", "@planetscale/database", "@upstash/redis", "@vercel/blob", "@vercel/functions", "@vercel/kv", "aws4fetch", "db0", "idb-keyval", "ioredis", "uploadthing"] }, "sha512-fHK0yNg38tBiJKp/Vgsq4j0JEsCmgqH58HAn707S7zGkArbZsVr/CwINoi+nh3h98BRCwKvx1K3Xg9u3VV83sw=="],
+    "unstorage": ["unstorage@1.17.5", "", { "dependencies": { "anymatch": "^3.1.3", "chokidar": "^5.0.0", "destr": "^2.0.5", "h3": "^1.15.10", "lru-cache": "^11.2.7", "node-fetch-native": "^1.6.7", "ofetch": "^1.5.1", "ufo": "^1.6.3" }, "peerDependencies": { "@azure/app-configuration": "^1.8.0", "@azure/cosmos": "^4.2.0", "@azure/data-tables": "^13.3.0", "@azure/identity": "^4.6.0", "@azure/keyvault-secrets": "^4.9.0", "@azure/storage-blob": "^12.26.0", "@capacitor/preferences": "^6 || ^7 || ^8", "@deno/kv": ">=0.9.0", "@netlify/blobs": "^6.5.0 || ^7.0.0 || ^8.1.0 || ^9.0.0 || ^10.0.0", "@planetscale/database": "^1.19.0", "@upstash/redis": "^1.34.3", "@vercel/blob": ">=0.27.1", "@vercel/functions": "^2.2.12 || ^3.0.0", "@vercel/kv": "^1 || ^2 || ^3", "aws4fetch": "^1.0.20", "db0": ">=0.2.1", "idb-keyval": "^6.2.1", "ioredis": "^5.4.2", "uploadthing": "^7.4.4" }, "optionalPeers": ["@azure/app-configuration", "@azure/cosmos", "@azure/data-tables", "@azure/identity", "@azure/keyvault-secrets", "@azure/storage-blob", "@capacitor/preferences", "@deno/kv", "@netlify/blobs", "@planetscale/database", "@upstash/redis", "@vercel/blob", "@vercel/functions", "@vercel/kv", "aws4fetch", "db0", "idb-keyval", "ioredis", "uploadthing"] }, "sha512-0i3iqvRfx29hkNntHyQvJTpf5W9dQ9ZadSoRU8+xVlhVtT7jAX57fazYO9EHvcRCfBCyi5YRya7XCDOsbTgkPg=="],
 
     "update-browserslist-db": ["update-browserslist-db@1.2.3", "", { "dependencies": { "escalade": "^3.2.0", "picocolors": "^1.1.1" }, "peerDependencies": { "browserslist": ">= 4.21.0" }, "bin": { "update-browserslist-db": "cli.js" } }, "sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w=="],
 
@@ -3184,11 +3317,11 @@
 
     "victory-vendor": ["victory-vendor@36.9.2", "", { "dependencies": { "@types/d3-array": "^3.0.3", "@types/d3-ease": "^3.0.0", "@types/d3-interpolate": "^3.0.1", "@types/d3-scale": "^4.0.2", "@types/d3-shape": "^3.1.0", "@types/d3-time": "^3.0.0", "@types/d3-timer": "^3.0.0", "d3-array": "^3.1.6", "d3-ease": "^3.0.1", "d3-interpolate": "^3.0.1", "d3-scale": "^4.0.2", "d3-shape": "^3.1.0", "d3-time": "^3.0.0", "d3-timer": "^3.0.1" } }, "sha512-PnpQQMuxlwYdocC8fIJqVXvkeViHYzotI+NJrCuav0ZYFoq912ZHBk3mCeuj+5/VpodOjPe1z0Fk2ihgzlXqjQ=="],
 
-    "vite": ["vite@7.3.1", "", { "dependencies": { "esbuild": "^0.27.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-w+N7Hifpc3gRjZ63vYBXA56dvvRlNWRczTdmCBBa+CotUzAPf5b7YMdMR/8CQoeYE5LX3W4wj6RYTgonm1b9DA=="],
+    "vite": ["vite@7.3.2", "", { "dependencies": { "esbuild": "^0.27.0", "fdir": "^6.5.0", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rollup": "^4.43.0", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "jiti": ">=1.21.0", "less": "^4.0.0", "lightningcss": "^1.21.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-Bby3NOsna2jsjfLVOHKes8sGwgl4TT0E6vvpYgnAYDIF/tie7MRaFthmKuHx1NSXjiTueXH3do80FMQgvEktRg=="],
 
     "vite-tsconfig-paths": ["vite-tsconfig-paths@5.1.4", "", { "dependencies": { "debug": "^4.1.1", "globrex": "^0.1.2", "tsconfck": "^3.0.3" }, "peerDependencies": { "vite": "*" }, "optionalPeers": ["vite"] }, "sha512-cYj0LRuLV2c2sMqhqhGpaO3LretdtMn/BVX4cPLanIZuwwrkVl+lK84E/miEXkCHWXuq65rhNN4rXsBcOB3S4w=="],
 
-    "vitefu": ["vitefu@1.1.2", "", { "peerDependencies": { "vite": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-beta.0" }, "optionalPeers": ["vite"] }, "sha512-zpKATdUbzbsycPFBN71nS2uzBUQiVnFoOrr2rvqv34S1lcAgMKKkjWleLGeiJlZ8lwCXvtWaRn7R3ZC16SYRuw=="],
+    "vitefu": ["vitefu@1.1.3", "", { "peerDependencies": { "vite": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0" }, "optionalPeers": ["vite"] }, "sha512-ub4okH7Z5KLjb6hDyjqrGXqWtWvoYdU3IGm/NorpgHncKoLTCfRIbvlhBm7r0YstIaQRYlp4yEbFqDcKSzXSSg=="],
 
     "w3c-keyname": ["w3c-keyname@2.2.8", "", {}, "sha512-dpojBhNsCNN7T82Tm7k26A6G9ML3NkhDsnw9n/eoxSRlVBB4CEtIQ/KTCLI2Fwf3ataSXRhYFkQi3SlnFwPvPQ=="],
 
@@ -3198,6 +3331,8 @@
 
     "web-namespaces": ["web-namespaces@2.0.1", "", {}, "sha512-bKr1DkiNa2krS7qxNtdrtHAmzuYGFQLiQ13TsorsdT6ULTkPLKuu5+GsFpDlg6JFjUTwX2DyhMPG2be8uPrqsQ=="],
 
+    "web-vitals": ["web-vitals@5.2.0", "", {}, "sha512-i2z98bEmaCqSDiHEDu+gHl/dmR4Q+TxFmG3/13KkMO+o8UxQzCqWaDRCiLgEa41nlO4VpXSI0ASa1xWmO9sBlA=="],
+
     "web-worker": ["web-worker@1.5.0", "", {}, "sha512-RiMReJrTAiA+mBjGONMnjVDP2u3p9R1vkcGz6gDIrOMT3oGuYwX2WRMYI9ipkphSuE5XKEhydbhNEJh4NY9mlw=="],
 
     "webidl-conversions": ["webidl-conversions@3.0.1", "", {}, "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ=="],
@@ -3212,17 +3347,17 @@
 
     "wordwrap": ["wordwrap@1.0.0", "", {}, "sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q=="],
 
-    "workerd": ["workerd@1.20260312.1", "", { "optionalDependencies": { "@cloudflare/workerd-darwin-64": "1.20260312.1", "@cloudflare/workerd-darwin-arm64": "1.20260312.1", "@cloudflare/workerd-linux-64": "1.20260312.1", "@cloudflare/workerd-linux-arm64": "1.20260312.1", "@cloudflare/workerd-windows-64": "1.20260312.1" }, "bin": { "workerd": "bin/workerd" } }, "sha512-nNpPkw9jaqo79B+iBCOiksx+N62xC+ETIfyzofUEdY3cSOHJg6oNnVSHm7vHevzVblfV76c8Gr0cXHEapYMBEg=="],
+    "workerd": ["workerd@1.20260424.1", "", { "optionalDependencies": { "@cloudflare/workerd-darwin-64": "1.20260424.1", "@cloudflare/workerd-darwin-arm64": "1.20260424.1", "@cloudflare/workerd-linux-64": "1.20260424.1", "@cloudflare/workerd-linux-arm64": "1.20260424.1", "@cloudflare/workerd-windows-64": "1.20260424.1" }, "bin": { "workerd": "bin/workerd" } }, "sha512-oKsB0Xo/mfkYMdSACoS06XZg09VUK4rXwHfF/1t3P++sMbwzf4UHQvMO57+zxpEB2nVrY/ZkW0bYFGq4GdAFSQ=="],
 
     "worktree-devservers": ["worktree-devservers@0.3.1", "", { "bin": { "dev-worktree": "dist/cli.js" } }, "sha512-DqmrscuBnqNEJR7H9GP19xO4c//yU7FsJmnsKsbCiBWEiBkdUspbCFt4fC8HVRIsfAbPcPH5X2fhygQYhnwUTw=="],
 
-    "wrangler": ["wrangler@4.73.0", "", { "dependencies": { "@cloudflare/kv-asset-handler": "0.4.2", "@cloudflare/unenv-preset": "2.15.0", "blake3-wasm": "2.1.5", "esbuild": "0.27.3", "miniflare": "4.20260312.0", "path-to-regexp": "6.3.0", "unenv": "2.0.0-rc.24", "workerd": "1.20260312.1" }, "optionalDependencies": { "fsevents": "~2.3.2" }, "peerDependencies": { "@cloudflare/workers-types": "^4.20260312.1" }, "optionalPeers": ["@cloudflare/workers-types"], "bin": { "wrangler": "bin/wrangler.js", "wrangler2": "bin/wrangler.js" } }, "sha512-VJXsqKDFCp6OtFEHXITSOR5kh95JOknwPY8m7RyQuWJQguSybJy43m4vhoCSt42prutTef7eeuw7L4V4xiynGw=="],
+    "wrangler": ["wrangler@4.85.0", "", { "dependencies": { "@cloudflare/kv-asset-handler": "0.4.2", "@cloudflare/unenv-preset": "2.16.1", "blake3-wasm": "2.1.5", "esbuild": "0.27.3", "miniflare": "4.20260424.0", "path-to-regexp": "6.3.0", "unenv": "2.0.0-rc.24", "workerd": "1.20260424.1" }, "optionalDependencies": { "fsevents": "~2.3.2" }, "peerDependencies": { "@cloudflare/workers-types": "^4.20260424.1" }, "optionalPeers": ["@cloudflare/workers-types"], "bin": { "wrangler": "bin/wrangler.js", "wrangler2": "bin/wrangler.js" } }, "sha512-93cwt2RPb1qdcmEgPzH7ybiLN4BIKoWpscIX6SywjHrQOeIZrQk2haoc3XMLKtQTmzapxza9OuDD+kMHpsuuhg=="],
 
     "wrap-ansi": ["wrap-ansi@9.0.2", "", { "dependencies": { "ansi-styles": "^6.2.1", "string-width": "^7.0.0", "strip-ansi": "^7.1.0" } }, "sha512-42AtmgqjV+X1VpdOfyTGOYRi0/zsoLqtXQckTmqTeybT+BDIbM/Guxo7x3pE2vtpr1ok6xRqM9OpBe+Jyoqyww=="],
 
     "wrappy": ["wrappy@1.0.2", "", {}, "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="],
 
-    "ws": ["ws@8.18.0", "", { "peerDependencies": { "bufferutil": "^4.0.1", "utf-8-validate": ">=5.0.2" }, "optionalPeers": ["bufferutil", "utf-8-validate"] }, "sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw=="],
+    "ws": ["ws@8.20.0", "", { "peerDependencies": { "bufferutil": "^4.0.1", "utf-8-validate": ">=5.0.2" }, "optionalPeers": ["bufferutil", "utf-8-validate"] }, "sha512-sAt8BhgNbzCtgGbt2OxmpuryO63ZoDk/sqaB/znQm94T4fCEsy/yV+7CdC1kJhOU9lboAEU7R3kquuycDoibVA=="],
 
     "xml": ["xml@1.0.1", "", {}, "sha512-huCv9IH9Tcf95zuYCsQraZtWnJvBtLVE0QHMOs8bWyZAFZNDcYjsPq1nEx8jKA9y+Beo9v+7OBPRisQTjinQMw=="],
 
@@ -3240,9 +3375,9 @@
 
     "yallist": ["yallist@5.0.0", "", {}, "sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw=="],
 
-    "yaml": ["yaml@2.8.2", "", { "bin": { "yaml": "bin.mjs" } }, "sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A=="],
+    "yaml": ["yaml@2.8.3", "", { "bin": { "yaml": "bin.mjs" } }, "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg=="],
 
-    "yargs": ["yargs@17.7.2", "", { "dependencies": { "cliui": "^8.0.1", "escalade": "^3.1.1", "get-caller-file": "^2.0.5", "require-directory": "^2.1.1", "string-width": "^4.2.3", "y18n": "^5.0.5", "yargs-parser": "^21.1.1" } }, "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w=="],
+    "yargs": ["yargs@18.0.0", "", { "dependencies": { "cliui": "^9.0.1", "escalade": "^3.1.1", "get-caller-file": "^2.0.5", "string-width": "^7.2.0", "y18n": "^5.0.5", "yargs-parser": "^22.0.0" } }, "sha512-4UEqdc2RYGHZc7Doyqkrqiln3p9X2DZVxaGbwhn2pi7MrRagKaOcIKe8L3OxYcbhXLgLFUS3zAYuQjKBQgmuNg=="],
 
     "yargs-parser": ["yargs-parser@21.1.1", "", {}, "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw=="],
 
@@ -3262,21 +3397,21 @@
 
     "zod-from-json-schema": ["zod-from-json-schema@0.5.2", "", { "dependencies": { "zod": "^4.0.17" } }, "sha512-/dNaicfdhJTOuUd4RImbLUE2g5yrSzzDjI/S6C2vO2ecAGZzn9UcRVgtyLSnENSmAOBRiSpUdzDS6fDWX3Z35g=="],
 
-    "zod-to-json-schema": ["zod-to-json-schema@3.25.1", "", { "peerDependencies": { "zod": "^3.25 || ^4" } }, "sha512-pM/SU9d3YAggzi6MtR4h7ruuQlqKtad8e9S0fmxcMi+ueAK5Korys/aWcV9LIIHTVbj01NdzxcnXSN+O74ZIVA=="],
+    "zod-to-json-schema": ["zod-to-json-schema@3.25.2", "", { "peerDependencies": { "zod": "^3.25.28 || ^4" } }, "sha512-O/PgfnpT1xKSDeQYSCfRI5Gy3hPf91mKVDuYLUHZJMiDFptvP41MSnWofm8dnCm0256ZNfZIM7DSzuSMAFnjHA=="],
 
     "zod-to-ts": ["zod-to-ts@1.2.0", "", { "peerDependencies": { "typescript": "^4.9.4 || ^5.0.2", "zod": "^3" } }, "sha512-x30XE43V+InwGpvTySRNz9kB7qFU8DlyEy7BsSTCHPH1R0QasMmHWZDCzYm6bVXtj/9NNJAZF3jW8rzFvH5OFA=="],
 
-    "zustand": ["zustand@5.0.11", "", { "peerDependencies": { "@types/react": ">=18.0.0", "immer": ">=9.0.6", "react": ">=18.0.0", "use-sync-external-store": ">=1.2.0" }, "optionalPeers": ["@types/react", "immer", "react", "use-sync-external-store"] }, "sha512-fdZY+dk7zn/vbWNCYmzZULHRrss0jx5pPFiOuMZ/5HJN6Yv3u+1Wswy/4MpZEkEGhtNH+pwxZB8OKgUBPzYAGg=="],
+    "zustand": ["zustand@5.0.12", "", { "peerDependencies": { "@types/react": ">=18.0.0", "immer": ">=9.0.6", "react": ">=18.0.0", "use-sync-external-store": ">=1.2.0" }, "optionalPeers": ["@types/react", "immer", "react", "use-sync-external-store"] }, "sha512-i77ae3aZq4dhMlRhJVCYgMLKuSiZAaUPAct2AksxQ+gOtimhGMdXljRT21P5BNpeT4kXlLIckvkPM029OljD7g=="],
 
     "zwitch": ["zwitch@2.0.4", "", {}, "sha512-bXE4cR/kVZhKZX/RjPEflHaKVhUVl85noU3v6b8apfQEc1x4A+zBxjZ4lN8LqGd6WZ3dl98pY4o717VFmoPp+A=="],
 
-    "@ai-sdk/google/@ai-sdk/provider-utils": ["@ai-sdk/provider-utils@4.0.23", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@standard-schema/spec": "^1.1.0", "eventsource-parser": "^3.0.6" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-z8GlDaCmRSDlqkMF2f4/RFgWxdarvIbyuk+m6WXT1LYgsnGiXRJGTD2Z1+SDl3LqtFuRtGX1aghYvQLoHL/9pg=="],
+    "@anthropic-ai/claude-agent-sdk/@anthropic-ai/sdk": ["@anthropic-ai/sdk@0.81.0", "", { "dependencies": { "json-schema-to-ts": "^3.1.1" }, "peerDependencies": { "zod": "^3.25.0 || ^4.0.0" }, "optionalPeers": ["zod"], "bin": { "anthropic-ai-sdk": "bin/cli" } }, "sha512-D4K5PvEV6wPiRtVlVsJHIUhHAmOZ6IT/I9rKlTf84gR7GyyAurPJK7z9BOf/AZqC5d1DhYQGJNKRmV+q8dGhgw=="],
 
-    "@ai-sdk/openai/@ai-sdk/provider-utils": ["@ai-sdk/provider-utils@4.0.22", "", { "dependencies": { "@ai-sdk/provider": "3.0.8", "@standard-schema/spec": "^1.1.0", "eventsource-parser": "^3.0.6" }, "peerDependencies": { "zod": "^3.25.76 || ^4.1.8" } }, "sha512-B2OTFcRw/Pdka9ZTjpXv6T6qZ6RruRuLokyb8HwW+aoW9ndJ3YasA3/mVswyJw7VMBF8ofXgqvcrCt9KYvFifg=="],
+    "@anthropic-ai/claude-agent-sdk/@modelcontextprotocol/sdk": ["@modelcontextprotocol/sdk@1.29.0", "", { "dependencies": { "@hono/node-server": "^1.19.9", "ajv": "^8.17.1", "ajv-formats": "^3.0.1", "content-type": "^1.0.5", "cors": "^2.8.5", "cross-spawn": "^7.0.5", "eventsource": "^3.0.2", "eventsource-parser": "^3.0.0", "express": "^5.2.1", "express-rate-limit": "^8.2.1", "hono": "^4.11.4", "jose": "^6.1.3", "json-schema-typed": "^8.0.2", "pkce-challenge": "^5.0.0", "raw-body": "^3.0.0", "zod": "^3.25 || ^4.0", "zod-to-json-schema": "^3.25.1" }, "peerDependencies": { "@cfworker/json-schema": "^4.1.1" }, "optionalPeers": ["@cfworker/json-schema"] }, "sha512-zo37mZA9hJWpULgkRpowewez1y6ML5GsXJPY8FI0tBBCd77HEvza4jDqRKOXgHNn867PVGCyTdzqpz0izu5ZjQ=="],
 
     "@astrojs/react/@vitejs/plugin-react": ["@vitejs/plugin-react@4.7.0", "", { "dependencies": { "@babel/core": "^7.28.0", "@babel/plugin-transform-react-jsx-self": "^7.27.1", "@babel/plugin-transform-react-jsx-source": "^7.27.1", "@rolldown/pluginutils": "1.0.0-beta.27", "@types/babel__core": "^7.20.5", "react-refresh": "^0.17.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" } }, "sha512-gUu9hwfWvvEDBBmgtAowQCojwZmJ5mcLn3aufeCsitijs3+f2NsrPtlAWIR6OPiqljl96GVCUbLe0HyqIpVaoA=="],
 
-    "@astrojs/react/vite": ["vite@6.4.1", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.4.4", "picomatch": "^4.0.2", "postcss": "^8.5.3", "rollup": "^4.34.9", "tinyglobby": "^0.2.13" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^18.0.0 || ^20.0.0 || >=22.0.0", "jiti": ">=1.21.0", "less": "*", "lightningcss": "^1.21.0", "sass": "*", "sass-embedded": "*", "stylus": "*", "sugarss": "*", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-+Oxm7q9hDoLMyJOYfUYBuHQo+dkAloi33apOPP56pzj+vsdJDzr+j1NISE5pyaAuKL4A3UD34qd0lx5+kfKp2g=="],
+    "@astrojs/react/vite": ["vite@6.4.2", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.4.4", "picomatch": "^4.0.2", "postcss": "^8.5.3", "rollup": "^4.34.9", "tinyglobby": "^0.2.13" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^18.0.0 || ^20.0.0 || >=22.0.0", "jiti": ">=1.21.0", "less": "*", "lightningcss": "^1.21.0", "sass": "*", "sass-embedded": "*", "stylus": "*", "sugarss": "*", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-2N/55r4JDJ4gdrCvGgINMy+HH3iRpNIz8K6SFwVsA+JbQScLiC+clmAxBgwiSPgcG9U15QmvqCGWzMbqda5zGQ=="],
 
     "@authenio/xml-encryption/xpath": ["xpath@0.0.32", "", {}, "sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw=="],
 
@@ -3292,17 +3427,27 @@
 
     "@babel/helper-compilation-targets/semver": ["semver@6.3.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA=="],
 
+    "@better-auth/api-key/@better-auth/utils": ["@better-auth/utils@0.3.1", "", {}, "sha512-+CGp4UmZSUrHHnpHhLPYu6cV+wSUSvVbZbNykxhUDocpVNTo9uFFxw/NqJlh1iC4wQ9HKKWGCKuZ5wUgS0v6Kg=="],
+
     "@better-auth/core/better-call": ["better-call@1.1.4", "", { "dependencies": { "@better-auth/utils": "^0.3.0", "@better-fetch/fetch": "^1.1.4", "rou3": "^0.7.10", "set-cookie-parser": "^2.7.1" }, "peerDependencies": { "zod": "^4.0.0" }, "optionalPeers": ["zod"] }, "sha512-NJouLY6IVKv0nDuFoc6FcbKDFzEnmgMNofC9F60Mwx1Ecm7X6/Ecyoe5b+JSVZ42F/0n46/M89gbYP1ZCVv8xQ=="],
 
+    "@better-auth/passkey/@better-auth/utils": ["@better-auth/utils@0.3.1", "", {}, "sha512-+CGp4UmZSUrHHnpHhLPYu6cV+wSUSvVbZbNykxhUDocpVNTo9uFFxw/NqJlh1iC4wQ9HKKWGCKuZ5wUgS0v6Kg=="],
+
     "@better-auth/passkey/@better-fetch/fetch": ["@better-fetch/fetch@1.1.21", "", {}, "sha512-/ImESw0sskqlVR94jB+5+Pxjf+xBwDZF/N5+y2/q4EqD7IARUTSpPfIo8uf39SYpCxyOCtbyYpUrZ3F/k0zT4A=="],
 
+    "@cloudflare/vite-plugin/ws": ["ws@8.18.0", "", { "peerDependencies": { "bufferutil": "^4.0.1", "utf-8-validate": ">=5.0.2" }, "optionalPeers": ["bufferutil", "utf-8-validate"] }, "sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw=="],
+
     "@cspotcode/source-map-support/@jridgewell/trace-mapping": ["@jridgewell/trace-mapping@0.3.9", "", { "dependencies": { "@jridgewell/resolve-uri": "^3.0.3", "@jridgewell/sourcemap-codec": "^1.4.10" } }, "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ=="],
 
     "@daveyplate/better-auth-ui/@better-fetch/fetch": ["@better-fetch/fetch@1.1.21", "", {}, "sha512-/ImESw0sskqlVR94jB+5+Pxjf+xBwDZF/N5+y2/q4EqD7IARUTSpPfIo8uf39SYpCxyOCtbyYpUrZ3F/k0zT4A=="],
 
-    "@decocms/runtime/@types/bun": ["@types/bun@1.3.12", "", { "dependencies": { "bun-types": "1.3.12" } }, "sha512-DBv81elK+/VSwXHDlnH3Qduw+KxkTIWi7TXkAeh24zpi5l0B2kUg9Ga3tb4nJaPcOFswflgi/yAvMVBPrxMB+A=="],
+    "@decocms/better-auth/better-call": ["better-call@1.1.5", "", { "dependencies": { "@better-auth/utils": "^0.3.0", "@better-fetch/fetch": "^1.1.4", "rou3": "^0.7.10", "set-cookie-parser": "^2.7.1" }, "peerDependencies": { "zod": "^4.0.0" }, "optionalPeers": ["zod"] }, "sha512-nQJ3S87v6wApbDwbZ++FrQiSiVxWvZdjaO+2v6lZJAG2WWggkB2CziUDjPciz3eAt9TqfRursIQMZIcpkBnvlw=="],
+
+    "@freestyle-sh/with-deno/@freestyle-sh/with-type-js": ["@freestyle-sh/with-type-js@0.2.9", "", { "dependencies": { "@freestyle-sh/with-type-js-deps": "^0.2.9", "@freestyle-sh/with-type-run-code": "^0.2.9", "freestyle-sandboxes": "^0.1.28" } }, "sha512-W6rit2s71ekvD+0H+1rIzgovWHAa186mREJWyn4e+y4etW4+SrZ0Q+CF6a+EnkIWwnkPSL164SIbnJHUj3jp8w=="],
 
-    "@grpc/proto-loader/protobufjs": ["protobufjs@7.5.4", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-CvexbZtbov6jW2eXAvLukXjXUW1TzFaivC46BpWc/3BpcCysb5Vffu+B3XHMm8lVEuy2Mm4XGex8hBSg1yapPg=="],
+    "@grpc/proto-loader/protobufjs": ["protobufjs@7.5.5", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-3wY1AxV+VBNW8Yypfd1yQY9pXnqTAN+KwQxL8iYm3/BjKYMNg4i0owhEe26PWDOMaIrzeeF98Lqd5NGz4omiIg=="],
+
+    "@grpc/proto-loader/yargs": ["yargs@17.7.2", "", { "dependencies": { "cliui": "^8.0.1", "escalade": "^3.1.1", "get-caller-file": "^2.0.5", "require-directory": "^2.1.1", "string-width": "^4.2.3", "y18n": "^5.0.5", "yargs-parser": "^21.1.1" } }, "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w=="],
 
     "@inkjs/ui/chalk": ["chalk@5.6.2", "", {}, "sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA=="],
 
@@ -3310,6 +3455,8 @@
 
     "@instantdb/react/eventsource": ["eventsource@4.1.0", "", { "dependencies": { "eventsource-parser": "^3.0.1" } }, "sha512-2GuF51iuHX6A9xdTccMTsNb7VO0lHZihApxhvQzJB5A03DvHDd2FQepodbMaztPBmBcE/ox7o2gqaxGhYB9LhQ=="],
 
+    "@modelcontextprotocol/ext-apps/@modelcontextprotocol/sdk": ["@modelcontextprotocol/sdk@1.29.0", "", { "dependencies": { "@hono/node-server": "^1.19.9", "ajv": "^8.17.1", "ajv-formats": "^3.0.1", "content-type": "^1.0.5", "cors": "^2.8.5", "cross-spawn": "^7.0.5", "eventsource": "^3.0.2", "eventsource-parser": "^3.0.0", "express": "^5.2.1", "express-rate-limit": "^8.2.1", "hono": "^4.11.4", "jose": "^6.1.3", "json-schema-typed": "^8.0.2", "pkce-challenge": "^5.0.0", "raw-body": "^3.0.0", "zod": "^3.25 || ^4.0", "zod-to-json-schema": "^3.25.1" }, "peerDependencies": { "@cfworker/json-schema": "^4.1.1" }, "optionalPeers": ["@cfworker/json-schema"] }, "sha512-zo37mZA9hJWpULgkRpowewez1y6ML5GsXJPY8FI0tBBCd77HEvza4jDqRKOXgHNn867PVGCyTdzqpz0izu5ZjQ=="],
+
     "@oclif/core/ansi-escapes": ["ansi-escapes@4.3.2", "", { "dependencies": { "type-fest": "^0.21.3" } }, "sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ=="],
 
     "@oclif/core/cli-spinners": ["cli-spinners@2.9.2", "", {}, "sha512-ywqV+5MmyL4E7ybXgKys4DugZbX0FC6LnwrhjuykIjnK9k8OQacQ7axGKnjDXWNhns0xot3bZI5h55H8yo9cJg=="],
@@ -3440,7 +3587,7 @@
 
     "@opentelemetry/sdk-logs/@opentelemetry/core": ["@opentelemetry/core@2.5.0", "", { "dependencies": { "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.0.0 <1.10.0" } }, "sha512-ka4H8OM6+DlUhSAZpONu0cPBtPPTQKxbxVzC4CzVx5+K4JnroJVBtDzLAMx4/3CDTJXRvVFhpFjtl4SaiTNoyQ=="],
 
-    "@opentelemetry/sdk-metrics/@opentelemetry/resources": ["@opentelemetry/resources@2.6.0", "", { "dependencies": { "@opentelemetry/core": "2.6.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-D4y/+OGe3JSuYUCBxtH5T9DSAWNcvCb/nQWIga8HNtXTVPQn59j0nTBAgaAXxUVBDl40mG3Tc76b46wPlZaiJQ=="],
+    "@opentelemetry/sdk-metrics/@opentelemetry/resources": ["@opentelemetry/resources@2.7.0", "", { "dependencies": { "@opentelemetry/core": "2.7.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-K+oi0hNMv94EpZbnW3eyu2X6SGVpD3O5DhG2NIp65Hc7lhAj9brRXTAVzh3wB82+q3ThakEf7Zd7RsFUqcTc7A=="],
 
     "@opentelemetry/sdk-node/@opentelemetry/api-logs": ["@opentelemetry/api-logs@0.207.0", "", { "dependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-lAb0jQRVyleQQGiuuvCOTDVspc14nx6XJjP4FspJ1sNARo3Regq4ZZbrc3rN4b1TYSuUCvgH+UXUPug4SLOqEQ=="],
 
@@ -3460,7 +3607,7 @@
 
     "@opentelemetry/sdk-node/@opentelemetry/sdk-trace-base": ["@opentelemetry/sdk-trace-base@2.2.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/resources": "2.2.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-xWQgL0Bmctsalg6PaXExmzdedSp3gyKV8mQBwK/j9VGdCDu2fmXIb2gAehBKbkXCpJ4HPkgv3QfoJWRT4dHWbw=="],
 
-    "@opentelemetry/sdk-trace-base/@opentelemetry/resources": ["@opentelemetry/resources@2.6.0", "", { "dependencies": { "@opentelemetry/core": "2.6.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-D4y/+OGe3JSuYUCBxtH5T9DSAWNcvCb/nQWIga8HNtXTVPQn59j0nTBAgaAXxUVBDl40mG3Tc76b46wPlZaiJQ=="],
+    "@opentelemetry/sdk-trace-base/@opentelemetry/resources": ["@opentelemetry/resources@2.7.0", "", { "dependencies": { "@opentelemetry/core": "2.7.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-K+oi0hNMv94EpZbnW3eyu2X6SGVpD3O5DhG2NIp65Hc7lhAj9brRXTAVzh3wB82+q3ThakEf7Zd7RsFUqcTc7A=="],
 
     "@opentelemetry/sdk-trace-node/@opentelemetry/core": ["@opentelemetry/core@2.2.0", "", { "dependencies": { "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.0.0 <1.10.0" } }, "sha512-FuabnnUm8LflnieVxs6eP7Z383hgQU4W1e3KJS6aOG3RxWxcHyBxH8fDMHNgu/gFx/M2jvTOW/4/PHhLz6bjWw=="],
 
@@ -3546,13 +3693,13 @@
 
     "@rollup/pluginutils/estree-walker": ["estree-walker@2.0.2", "", {}, "sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w=="],
 
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.9.0", "", { "dependencies": { "@emnapi/wasi-threads": "1.2.0", "tslib": "^2.4.0" }, "bundled": true }, "sha512-0DQ98G9ZQZOxfUcQn1waV2yS8aWdZ6kJMbYCJB3oUBecjWYO1fqJ+a1DRfPF3O5JEkwqwP1A9QEN/9mYm2Yd0w=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.10.0", "", { "dependencies": { "@emnapi/wasi-threads": "1.2.1", "tslib": "^2.4.0" }, "bundled": true }, "sha512-yq6OkJ4p82CAfPl0u9mQebQHKPJkY7WrIuk205cTYnYe+k2Z8YBh11FrbRG/H6ihirqcacOgl2BIO8oyMQLeXw=="],
 
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/runtime": ["@emnapi/runtime@1.9.0", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-QN75eB0IH2ywSpRpNddCRfQIhmJYBCJ1x5Lb3IscKAL8bMnVAKnRg8dCoXbHzVLLH7P38N2Z3mtulB7W0J0FKw=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/runtime": ["@emnapi/runtime@1.10.0", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-ewvYlk86xUoGI0zQRNq/mC+16R1QeDlKQy21Ki3oSYXNgLb45GV1P6A0M+/s6nyCuNDqe5VpaY84BzXGwVbwFA=="],
 
-    "@tailwindcss/oxide-wasm32-wasi/@emnapi/wasi-threads": ["@emnapi/wasi-threads@1.2.0", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-N10dEJNSsUx41Z6pZsXU8FjPjpBEplgH24sfkmITrBED1/U2Esum9F3lfLrMjKHHjmi557zQn7kR9R+XWXu5Rg=="],
+    "@tailwindcss/oxide-wasm32-wasi/@emnapi/wasi-threads": ["@emnapi/wasi-threads@1.2.1", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-uTII7OYF+/Mes/MrcIOYp5yOtSMLBWSIoLPpcgwipoiKbli6k322tcoFsxoIIxPDqW01SQGAgko4EzZi2BNv2w=="],
 
-    "@tailwindcss/oxide-wasm32-wasi/@napi-rs/wasm-runtime": ["@napi-rs/wasm-runtime@1.1.1", "", { "dependencies": { "@emnapi/core": "^1.7.1", "@emnapi/runtime": "^1.7.1", "@tybys/wasm-util": "^0.10.1" }, "bundled": true }, "sha512-p64ah1M1ld8xjWv3qbvFwHiFVWrq1yFvV4f7w+mzaqiR4IlSgkqhcRdHwsGgomwzBH51sRY4NEowLxnaBjcW/A=="],
+    "@tailwindcss/oxide-wasm32-wasi/@napi-rs/wasm-runtime": ["@napi-rs/wasm-runtime@1.1.4", "", { "dependencies": { "@tybys/wasm-util": "^0.10.1" }, "peerDependencies": { "@emnapi/core": "^1.7.1", "@emnapi/runtime": "^1.7.1" }, "bundled": true }, "sha512-3NQNNgA1YSlJb/kMH1ildASP9HW7/7kYnRI2szWJaofaS1hWmbGI4H+d3+22aGzXXN9IJ+n+GiFVcGipJP18ow=="],
 
     "@tailwindcss/oxide-wasm32-wasi/@tybys/wasm-util": ["@tybys/wasm-util@0.10.1", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-9tTaPJLSiejZKx+Bmog4uSubteqTvFrVrURwkmHixBo0G4seD0zUxp98E1DzUBJxLQ3NPwXrGKDiVjwx/DpPsg=="],
 
@@ -3560,11 +3707,15 @@
 
     "@vercel/nft/estree-walker": ["estree-walker@2.0.2", "", {}, "sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w=="],
 
+    "ai/@opentelemetry/api": ["@opentelemetry/api@1.9.0", "", {}, "sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg=="],
+
     "ansi-align/string-width": ["string-width@4.2.3", "", { "dependencies": { "emoji-regex": "^8.0.0", "is-fullwidth-code-point": "^3.0.0", "strip-ansi": "^6.0.1" } }, "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g=="],
 
-    "anymatch/picomatch": ["picomatch@2.3.1", "", {}, "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA=="],
+    "anymatch/picomatch": ["picomatch@2.3.2", "", {}, "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA=="],
+
+    "astro/esbuild": ["esbuild@0.27.7", "", { "optionalDependencies": { "@esbuild/aix-ppc64": "0.27.7", "@esbuild/android-arm": "0.27.7", "@esbuild/android-arm64": "0.27.7", "@esbuild/android-x64": "0.27.7", "@esbuild/darwin-arm64": "0.27.7", "@esbuild/darwin-x64": "0.27.7", "@esbuild/freebsd-arm64": "0.27.7", "@esbuild/freebsd-x64": "0.27.7", "@esbuild/linux-arm": "0.27.7", "@esbuild/linux-arm64": "0.27.7", "@esbuild/linux-ia32": "0.27.7", "@esbuild/linux-loong64": "0.27.7", "@esbuild/linux-mips64el": "0.27.7", "@esbuild/linux-ppc64": "0.27.7", "@esbuild/linux-riscv64": "0.27.7", "@esbuild/linux-s390x": "0.27.7", "@esbuild/linux-x64": "0.27.7", "@esbuild/netbsd-arm64": "0.27.7", "@esbuild/netbsd-x64": "0.27.7", "@esbuild/openbsd-arm64": "0.27.7", "@esbuild/openbsd-x64": "0.27.7", "@esbuild/openharmony-arm64": "0.27.7", "@esbuild/sunos-x64": "0.27.7", "@esbuild/win32-arm64": "0.27.7", "@esbuild/win32-ia32": "0.27.7", "@esbuild/win32-x64": "0.27.7" }, "bin": { "esbuild": "bin/esbuild" } }, "sha512-IxpibTjyVnmrIQo5aqNpCgoACA/dTKLTlhMHihVHhdkxKyPO1uBBthumT0rdHmcsk9uMonIWS0m4FljWzILh3w=="],
 
-    "astro/vite": ["vite@6.4.1", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.4.4", "picomatch": "^4.0.2", "postcss": "^8.5.3", "rollup": "^4.34.9", "tinyglobby": "^0.2.13" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^18.0.0 || ^20.0.0 || >=22.0.0", "jiti": ">=1.21.0", "less": "*", "lightningcss": "^1.21.0", "sass": "*", "sass-embedded": "*", "stylus": "*", "sugarss": "*", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-+Oxm7q9hDoLMyJOYfUYBuHQo+dkAloi33apOPP56pzj+vsdJDzr+j1NISE5pyaAuKL4A3UD34qd0lx5+kfKp2g=="],
+    "astro/vite": ["vite@6.4.2", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.4.4", "picomatch": "^4.0.2", "postcss": "^8.5.3", "rollup": "^4.34.9", "tinyglobby": "^0.2.13" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^18.0.0 || ^20.0.0 || >=22.0.0", "jiti": ">=1.21.0", "less": "*", "lightningcss": "^1.21.0", "sass": "*", "sass-embedded": "*", "stylus": "*", "sugarss": "*", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-2N/55r4JDJ4gdrCvGgINMy+HH3iRpNIz8K6SFwVsA+JbQScLiC+clmAxBgwiSPgcG9U15QmvqCGWzMbqda5zGQ=="],
 
     "astro/zod": ["zod@3.25.76", "", {}, "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ=="],
 
@@ -3574,6 +3725,10 @@
 
     "better-auth/better-call": ["better-call@1.1.4", "", { "dependencies": { "@better-auth/utils": "^0.3.0", "@better-fetch/fetch": "^1.1.4", "rou3": "^0.7.10", "set-cookie-parser": "^2.7.1" }, "peerDependencies": { "zod": "^4.0.0" }, "optionalPeers": ["zod"] }, "sha512-NJouLY6IVKv0nDuFoc6FcbKDFzEnmgMNofC9F60Mwx1Ecm7X6/Ecyoe5b+JSVZ42F/0n46/M89gbYP1ZCVv8xQ=="],
 
+    "better-call/@better-auth/utils": ["@better-auth/utils@0.3.1", "", {}, "sha512-+CGp4UmZSUrHHnpHhLPYu6cV+wSUSvVbZbNykxhUDocpVNTo9uFFxw/NqJlh1iC4wQ9HKKWGCKuZ5wUgS0v6Kg=="],
+
+    "better-call/@better-fetch/fetch": ["@better-fetch/fetch@1.1.21", "", {}, "sha512-/ImESw0sskqlVR94jB+5+Pxjf+xBwDZF/N5+y2/q4EqD7IARUTSpPfIo8uf39SYpCxyOCtbyYpUrZ3F/k0zT4A=="],
+
     "boxen/chalk": ["chalk@5.6.2", "", {}, "sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA=="],
 
     "boxen/string-width": ["string-width@7.2.0", "", { "dependencies": { "emoji-regex": "^10.3.0", "get-east-asian-width": "^1.0.0", "strip-ansi": "^7.1.0" } }, "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ=="],
@@ -3586,27 +3741,23 @@
 
     "chalk/supports-color": ["supports-color@7.2.0", "", { "dependencies": { "has-flag": "^4.0.0" } }, "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw=="],
 
-    "cliui/string-width": ["string-width@4.2.3", "", { "dependencies": { "emoji-regex": "^8.0.0", "is-fullwidth-code-point": "^3.0.0", "strip-ansi": "^6.0.1" } }, "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g=="],
-
-    "cliui/strip-ansi": ["strip-ansi@6.0.1", "", { "dependencies": { "ansi-regex": "^5.0.1" } }, "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="],
-
-    "cliui/wrap-ansi": ["wrap-ansi@7.0.0", "", { "dependencies": { "ansi-styles": "^4.0.0", "string-width": "^4.1.0", "strip-ansi": "^6.0.0" } }, "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q=="],
+    "cliui/string-width": ["string-width@7.2.0", "", { "dependencies": { "emoji-regex": "^10.3.0", "get-east-asian-width": "^1.0.0", "strip-ansi": "^7.1.0" } }, "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ=="],
 
     "cmdk/@radix-ui/react-primitive": ["@radix-ui/react-primitive@2.1.4", "", { "dependencies": { "@radix-ui/react-slot": "1.2.4" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-9hQc4+GNVtJAIEPEqlYqW5RiYdrr8ea5XQ0ZOnD6fgru+83kqT15mq2OCcbe8KnjRZl5vF3ks69AKz3kh1jrhg=="],
 
+    "concurrently/yargs": ["yargs@17.7.2", "", { "dependencies": { "cliui": "^8.0.1", "escalade": "^3.1.1", "get-caller-file": "^2.0.5", "require-directory": "^2.1.1", "string-width": "^4.2.3", "y18n": "^5.0.5", "yargs-parser": "^21.1.1" } }, "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w=="],
+
     "csso/css-tree": ["css-tree@2.2.1", "", { "dependencies": { "mdn-data": "2.0.28", "source-map-js": "^1.0.1" } }, "sha512-OA0mILzGc1kCOCSJerOeqDxDQ4HOh+G8NbOJFOTgOCzpw7fCBubk0fEyxp8AgOL/jvLgYA/uV0cMbe43ElF1JA=="],
 
     "debug/ms": ["ms@2.1.3", "", {}, "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="],
 
-    "decocms/@openrouter/ai-sdk-provider": ["@openrouter/ai-sdk-provider@2.3.1", "", { "peerDependencies": { "ai": "^6.0.0", "zod": "^3.25.0 || ^4.0.0" } }, "sha512-RkOUMSetrbS1i8kW1wIkfuq0RpXtiJOiFCx/AfEjGNZA8xOjdAosqPiImo2805Q6Px/9k1LUxu8NUmlSnrWrqg=="],
-
-    "decocms/@types/bun": ["@types/bun@1.3.12", "", { "dependencies": { "bun-types": "1.3.12" } }, "sha512-DBv81elK+/VSwXHDlnH3Qduw+KxkTIWi7TXkAeh24zpi5l0B2kUg9Ga3tb4nJaPcOFswflgi/yAvMVBPrxMB+A=="],
+    "decocms/@openrouter/ai-sdk-provider": ["@openrouter/ai-sdk-provider@2.8.1", "", { "peerDependencies": { "ai": "^6.0.0", "zod": "^3.25.0 || ^4.0.0" } }, "sha512-Y6j3yivgoEUf/kutD/k5GX/mzZfioRFoSx0gbQ+mIOzMaH/vJv1rCkztiuvlLw5xRYQil7oxHUZvmSfXqOx1NQ=="],
 
     "decocms/date-fns": ["date-fns@4.1.0", "", {}, "sha512-Ukq0owbQXxa/U3EGtsdVBkR1w7KOQ5gIBqdH2hkvknzZPYvBxb/aa6E8L7tmjFtkwZBu3UXBbjIgPo/Ez4xaNg=="],
 
     "decocms/lucide-react": ["lucide-react@0.468.0", "", { "peerDependencies": { "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0-rc" } }, "sha512-6koYRhnM2N0GGZIdXzSeiNwguv1gt/FAjZOiPl76roBi3xKEXa4WmfpxgQwTTL4KipXjefrnf3oV4IsYhi4JFA=="],
 
-    "decocms/recharts": ["recharts@3.8.0", "", { "dependencies": { "@reduxjs/toolkit": "^1.9.0 || 2.x.x", "clsx": "^2.1.1", "decimal.js-light": "^2.5.1", "es-toolkit": "^1.39.3", "eventemitter3": "^5.0.1", "immer": "^10.1.1", "react-redux": "8.x.x || 9.x.x", "reselect": "5.1.1", "tiny-invariant": "^1.3.3", "use-sync-external-store": "^1.2.2", "victory-vendor": "^37.0.2" }, "peerDependencies": { "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom": "^16.0.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-is": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-Z/m38DX3L73ExO4Tpc9/iZWHmHnlzWG4njQbxsF5aSjwqmHNDDIm0rdEBArkwsBvR8U6EirlEHiQNYWCVh9sGQ=="],
+    "decocms/recharts": ["recharts@3.8.1", "", { "dependencies": { "@reduxjs/toolkit": "^1.9.0 || 2.x.x", "clsx": "^2.1.1", "decimal.js-light": "^2.5.1", "es-toolkit": "^1.39.3", "eventemitter3": "^5.0.1", "immer": "^10.1.1", "react-redux": "8.x.x || 9.x.x", "reselect": "5.1.1", "tiny-invariant": "^1.3.3", "use-sync-external-store": "^1.2.2", "victory-vendor": "^37.0.2" }, "peerDependencies": { "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom": "^16.0.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-is": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-mwzmO1s9sFL0TduUpwndxCUNoXsBw3u3E/0+A+cLcrSfQitSG62L32N69GhqUrrT5qKcAE3pCGVINC6pqkBBQg=="],
 
     "decode-named-character-reference/character-entities": ["character-entities@2.0.2", "", {}, "sha512-shx7oQ0Awen/BRIdkjkvz54PnEEI/EjwXDSIZp86/KKdbafHh1Df/RYGBhn4hbe2+uKC9FnT5UCEdyPz3ai9hQ=="],
 
@@ -3616,13 +3767,13 @@
 
     "filelist/minimatch": ["minimatch@5.1.9", "", { "dependencies": { "brace-expansion": "^2.0.1" } }, "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw=="],
 
-    "freestyle-sandboxes/yargs": ["yargs@18.0.0", "", { "dependencies": { "cliui": "^9.0.1", "escalade": "^3.1.1", "get-caller-file": "^2.0.5", "string-width": "^7.2.0", "y18n": "^5.0.5", "yargs-parser": "^22.0.0" } }, "sha512-4UEqdc2RYGHZc7Doyqkrqiln3p9X2DZVxaGbwhn2pi7MrRagKaOcIKe8L3OxYcbhXLgLFUS3zAYuQjKBQgmuNg=="],
+    "form-data/mime-types": ["mime-types@2.1.35", "", { "dependencies": { "mime-db": "1.52.0" } }, "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw=="],
 
     "git-diff/chalk": ["chalk@2.4.2", "", { "dependencies": { "ansi-styles": "^3.2.1", "escape-string-regexp": "^1.0.5", "supports-color": "^5.3.0" } }, "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ=="],
 
     "git-diff/diff": ["diff@3.5.1", "", {}, "sha512-Z3u54A8qGyqFOSr2pk0ijYs8mOE9Qz8kTvtKeBI+upoG9j04Sq+oI7W8zAJiQybDcESET8/uIdHzs0p3k4fZlw=="],
 
-    "h3/cookie-es": ["cookie-es@1.2.2", "", {}, "sha512-+W7VmiVINB+ywl1HGXJXmrqkOhpKrIiVZV6tQuV54ZyQC7MMuBt81Vc336GMLoHBq5hV/F9eXgt5Mnx0Rha5Fg=="],
+    "h3/cookie-es": ["cookie-es@1.2.3", "", {}, "sha512-lXVyvUvrNXblMqzIRrxHb57UUVmqsSWlxqt3XIjCkUP0wDAf6uicO6KMbEgYrMNtEvWgWHwe42CKxPu9MYAnWw=="],
 
     "hast-util-from-parse5/hastscript": ["hastscript@9.0.1", "", { "dependencies": { "@types/hast": "^3.0.0", "comma-separated-tokens": "^2.0.0", "hast-util-parse-selector": "^4.0.0", "property-information": "^7.0.0", "space-separated-tokens": "^2.0.0" } }, "sha512-g7df9rMFX/SPi34tyGCyUBREQoKkapwdY/T04Qn9TDWfHhAYt4/I0gMVirzK5wEzeUqIjEB+LXC/ypb7Aqno5w=="],
 
@@ -3638,12 +3789,8 @@
 
     "ink/chalk": ["chalk@5.6.2", "", {}, "sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA=="],
 
-    "ink/ws": ["ws@8.19.0", "", { "peerDependencies": { "bufferutil": "^4.0.1", "utf-8-validate": ">=5.0.2" }, "optionalPeers": ["bufferutil", "utf-8-validate"] }, "sha512-blAT2mjOEIi0ZzruJfIhb3nps74PRWTCz1IjglWEEpQl5XS/UNama6u2/rjFkDDouqr4L67ry+1aGIALViWjDg=="],
-
     "kysely-codegen/dotenv": ["dotenv@16.6.1", "", {}, "sha512-uBq4egWHTcTt33a72vpSG0z3HnPuIl6NqYcTrKEg2azoEyl2hpW0zqlxysq2pK9HlDIHyHyakeYaYnSAwd8bow=="],
 
-    "kysely-codegen/kysely": ["kysely@0.27.6", "", {}, "sha512-FIyV/64EkKhJmjgC0g2hygpBv5RNWVPyNCqSAD7eTCv6eFWNIi4PN1UvdSJGicN/o35bnevgis4Y0UDC0qi8jQ=="],
-
     "kysely-pglite/chokidar": ["chokidar@3.6.0", "", { "dependencies": { "anymatch": "~3.1.2", "braces": "~3.0.2", "glob-parent": "~5.1.2", "is-binary-path": "~2.1.0", "is-glob": "~4.0.1", "normalize-path": "~3.0.0", "readdirp": "~3.6.0" }, "optionalDependencies": { "fsevents": "~2.3.2" } }, "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw=="],
 
     "kysely-pglite/jiti": ["jiti@2.0.0-beta.3", "", { "bin": { "jiti": "lib/jiti-cli.mjs" } }, "sha512-pmfRbVRs/7khFrSAYnSiJ8C0D5GvzkE4Ey2pAvUcJsw1ly/p+7ut27jbJrjY79BpAJQJ4gXYFtK6d1Aub+9baQ=="],
@@ -3652,9 +3799,13 @@
 
     "mdast-util-mdx-jsx/parse-entities": ["parse-entities@4.0.2", "", { "dependencies": { "@types/unist": "^2.0.0", "character-entities-legacy": "^3.0.0", "character-reference-invalid": "^2.0.0", "decode-named-character-reference": "^1.0.0", "is-alphanumerical": "^2.0.0", "is-decimal": "^2.0.0", "is-hexadecimal": "^2.0.0" } }, "sha512-GG2AQYWoLgL877gQIKeRPGO1xF9+eG1ujIb5soS5gPvLQ1y2o8FL90w2QWNdf9I361Mpp7726c+lj3U0qK1uGw=="],
 
-    "mesh-plugin-workflows/@types/bun": ["@types/bun@1.3.12", "", { "dependencies": { "bun-types": "1.3.12" } }, "sha512-DBv81elK+/VSwXHDlnH3Qduw+KxkTIWi7TXkAeh24zpi5l0B2kUg9Ga3tb4nJaPcOFswflgi/yAvMVBPrxMB+A=="],
+    "micromatch/picomatch": ["picomatch@2.3.2", "", {}, "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA=="],
 
-    "micromatch/picomatch": ["picomatch@2.3.1", "", {}, "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA=="],
+    "miniflare/undici": ["undici@7.24.8", "", {}, "sha512-6KQ/+QxK49Z/p3HO6E5ZCZWNnCasyZLa5ExaVYyvPxUwKtbCPMKELJOqh7EqOle0t9cH/7d2TaaTRRa6Nhs4YQ=="],
+
+    "miniflare/ws": ["ws@8.18.0", "", { "peerDependencies": { "bufferutil": "^4.0.1", "utf-8-validate": ">=5.0.2" }, "optionalPeers": ["bufferutil", "utf-8-validate"] }, "sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw=="],
+
+    "monaco-editor/dompurify": ["dompurify@3.2.7", "", { "optionalDependencies": { "@types/trusted-types": "^2.0.7" } }, "sha512-WhL/YuveyGXJaerVlMYGWhvQswa7myDG17P7Vu65EWC05o8vfeNbvNf4d/BOvH99+ZW+LlQsc1GDKMa1vNK6dw=="],
 
     "monaco-editor/marked": ["marked@14.0.0", "", { "bin": { "marked": "bin/marked.js" } }, "sha512-uIj4+faQ+MgHgwUW1l2PsPglZLOLOT1uErt06dAPtx2kjteLAkbsd/0FiYg/MGS+i7ZKLb7w2WClxHkzOOuryQ=="],
 
@@ -3668,13 +3819,19 @@
 
     "postcss/nanoid": ["nanoid@3.3.11", "", { "bin": { "nanoid": "bin/nanoid.cjs" } }, "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w=="],
 
+    "posthog-js/@opentelemetry/api-logs": ["@opentelemetry/api-logs@0.208.0", "", { "dependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-CjruKY9V6NMssL/T1kAFgzosF1v9o6oeN+aX5JB/C/xPNtmgIJqcXHG7fA82Ou1zCpWGl4lROQUKwUNE1pMCyg=="],
+
+    "posthog-js/@opentelemetry/exporter-logs-otlp-http": ["@opentelemetry/exporter-logs-otlp-http@0.208.0", "", { "dependencies": { "@opentelemetry/api-logs": "0.208.0", "@opentelemetry/core": "2.2.0", "@opentelemetry/otlp-exporter-base": "0.208.0", "@opentelemetry/otlp-transformer": "0.208.0", "@opentelemetry/sdk-logs": "0.208.0" }, "peerDependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-jOv40Bs9jy9bZVLo/i8FwUiuCvbjWDI+ZW13wimJm4LjnlwJxGgB+N/VWOZUTpM+ah/awXeQqKdNlpLf2EjvYg=="],
+
+    "posthog-js/@opentelemetry/resources": ["@opentelemetry/resources@2.7.0", "", { "dependencies": { "@opentelemetry/core": "2.7.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-K+oi0hNMv94EpZbnW3eyu2X6SGVpD3O5DhG2NIp65Hc7lhAj9brRXTAVzh3wB82+q3ThakEf7Zd7RsFUqcTc7A=="],
+
+    "posthog-js/@opentelemetry/sdk-logs": ["@opentelemetry/sdk-logs@0.208.0", "", { "dependencies": { "@opentelemetry/api-logs": "0.208.0", "@opentelemetry/core": "2.2.0", "@opentelemetry/resources": "2.2.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.4.0 <1.10.0" } }, "sha512-QlAyL1jRpOeaqx7/leG1vJMp84g0xKP6gJmfELBpnI4O/9xPX+Hu5m1POk9Kl+veNkyth5t19hRlN6tNY1sjbA=="],
+
     "prop-types/react-is": ["react-is@16.13.1", "", {}, "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ=="],
 
     "refractor/prismjs": ["prismjs@1.27.0", "", {}, "sha512-t13BGPUlFDR7wRB5kQDG4jjl7XeuH6jbJGt11JHPL96qwsEHNX2+68tFXqc1/k+/jALsbSWJKUOT/hcYAZ5LkA=="],
 
-    "router/path-to-regexp": ["path-to-regexp@8.3.0", "", {}, "sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA=="],
-
-    "samlify/camelcase": ["camelcase@9.0.0", "", {}, "sha512-TO9xmyXTZ9HUHI8M1OnvExxYB0eYVS/1e5s7IDMTAoIcwUd+aNcFODs6Xk83mobk0velyHFQgA1yIrvYc6wclw=="],
+    "router/path-to-regexp": ["path-to-regexp@8.4.2", "", {}, "sha512-qRcuIdP69NPm4qbACK+aDogI5CBDMi1jKe0ry5rSQJz8JVLsC7jV8XpiJjGRLLol3N+R5ihGYcrPLTno6pAdBA=="],
 
     "send/ms": ["ms@2.1.3", "", {}, "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="],
 
@@ -3686,17 +3843,25 @@
 
     "svgo/commander": ["commander@11.1.0", "", {}, "sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ=="],
 
+    "tsup/esbuild": ["esbuild@0.27.7", "", { "optionalDependencies": { "@esbuild/aix-ppc64": "0.27.7", "@esbuild/android-arm": "0.27.7", "@esbuild/android-arm64": "0.27.7", "@esbuild/android-x64": "0.27.7", "@esbuild/darwin-arm64": "0.27.7", "@esbuild/darwin-x64": "0.27.7", "@esbuild/freebsd-arm64": "0.27.7", "@esbuild/freebsd-x64": "0.27.7", "@esbuild/linux-arm": "0.27.7", "@esbuild/linux-arm64": "0.27.7", "@esbuild/linux-ia32": "0.27.7", "@esbuild/linux-loong64": "0.27.7", "@esbuild/linux-mips64el": "0.27.7", "@esbuild/linux-ppc64": "0.27.7", "@esbuild/linux-riscv64": "0.27.7", "@esbuild/linux-s390x": "0.27.7", "@esbuild/linux-x64": "0.27.7", "@esbuild/netbsd-arm64": "0.27.7", "@esbuild/netbsd-x64": "0.27.7", "@esbuild/openbsd-arm64": "0.27.7", "@esbuild/openbsd-x64": "0.27.7", "@esbuild/openharmony-arm64": "0.27.7", "@esbuild/sunos-x64": "0.27.7", "@esbuild/win32-arm64": "0.27.7", "@esbuild/win32-ia32": "0.27.7", "@esbuild/win32-x64": "0.27.7" }, "bin": { "esbuild": "bin/esbuild" } }, "sha512-IxpibTjyVnmrIQo5aqNpCgoACA/dTKLTlhMHihVHhdkxKyPO1uBBthumT0rdHmcsk9uMonIWS0m4FljWzILh3w=="],
+
     "tsup/tinyexec": ["tinyexec@0.3.2", "", {}, "sha512-KQQR9yN7R5+OSwaK0XQoj22pwHoTlgYqmUscPYoknOoWCWfj/5/ABTMRi69FrKU5ffPVh5QcFikpWJI/P1ocHA=="],
 
+    "tsx/esbuild": ["esbuild@0.27.7", "", { "optionalDependencies": { "@esbuild/aix-ppc64": "0.27.7", "@esbuild/android-arm": "0.27.7", "@esbuild/android-arm64": "0.27.7", "@esbuild/android-x64": "0.27.7", "@esbuild/darwin-arm64": "0.27.7", "@esbuild/darwin-x64": "0.27.7", "@esbuild/freebsd-arm64": "0.27.7", "@esbuild/freebsd-x64": "0.27.7", "@esbuild/linux-arm": "0.27.7", "@esbuild/linux-arm64": "0.27.7", "@esbuild/linux-ia32": "0.27.7", "@esbuild/linux-loong64": "0.27.7", "@esbuild/linux-mips64el": "0.27.7", "@esbuild/linux-ppc64": "0.27.7", "@esbuild/linux-riscv64": "0.27.7", "@esbuild/linux-s390x": "0.27.7", "@esbuild/linux-x64": "0.27.7", "@esbuild/netbsd-arm64": "0.27.7", "@esbuild/netbsd-x64": "0.27.7", "@esbuild/openbsd-arm64": "0.27.7", "@esbuild/openbsd-x64": "0.27.7", "@esbuild/openharmony-arm64": "0.27.7", "@esbuild/sunos-x64": "0.27.7", "@esbuild/win32-arm64": "0.27.7", "@esbuild/win32-ia32": "0.27.7", "@esbuild/win32-x64": "0.27.7" }, "bin": { "esbuild": "bin/esbuild" } }, "sha512-IxpibTjyVnmrIQo5aqNpCgoACA/dTKLTlhMHihVHhdkxKyPO1uBBthumT0rdHmcsk9uMonIWS0m4FljWzILh3w=="],
+
     "tsyringe/tslib": ["tslib@1.14.1", "", {}, "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="],
 
     "unstorage/chokidar": ["chokidar@5.0.0", "", { "dependencies": { "readdirp": "^5.0.0" } }, "sha512-TQMmc3w+5AxjpL8iIiwebF73dRDF4fBIieAqGn9RGCWaEVwQ6Fb2cGe31Yns0RRIzii5goJ1Y7xbMwo1TxMplw=="],
 
+    "vite/esbuild": ["esbuild@0.27.7", "", { "optionalDependencies": { "@esbuild/aix-ppc64": "0.27.7", "@esbuild/android-arm": "0.27.7", "@esbuild/android-arm64": "0.27.7", "@esbuild/android-x64": "0.27.7", "@esbuild/darwin-arm64": "0.27.7", "@esbuild/darwin-x64": "0.27.7", "@esbuild/freebsd-arm64": "0.27.7", "@esbuild/freebsd-x64": "0.27.7", "@esbuild/linux-arm": "0.27.7", "@esbuild/linux-arm64": "0.27.7", "@esbuild/linux-ia32": "0.27.7", "@esbuild/linux-loong64": "0.27.7", "@esbuild/linux-mips64el": "0.27.7", "@esbuild/linux-ppc64": "0.27.7", "@esbuild/linux-riscv64": "0.27.7", "@esbuild/linux-s390x": "0.27.7", "@esbuild/linux-x64": "0.27.7", "@esbuild/netbsd-arm64": "0.27.7", "@esbuild/netbsd-x64": "0.27.7", "@esbuild/openbsd-arm64": "0.27.7", "@esbuild/openbsd-x64": "0.27.7", "@esbuild/openharmony-arm64": "0.27.7", "@esbuild/sunos-x64": "0.27.7", "@esbuild/win32-arm64": "0.27.7", "@esbuild/win32-ia32": "0.27.7", "@esbuild/win32-x64": "0.27.7" }, "bin": { "esbuild": "bin/esbuild" } }, "sha512-IxpibTjyVnmrIQo5aqNpCgoACA/dTKLTlhMHihVHhdkxKyPO1uBBthumT0rdHmcsk9uMonIWS0m4FljWzILh3w=="],
+
     "wrap-ansi/string-width": ["string-width@7.2.0", "", { "dependencies": { "emoji-regex": "^10.3.0", "get-east-asian-width": "^1.0.0", "strip-ansi": "^7.1.0" } }, "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ=="],
 
     "xml-crypto/xpath": ["xpath@0.0.33", "", {}, "sha512-NNXnzrkDrAzalLhIUc01jO2mOzXGXh1JwPgkihcLLzw98c0WgYDmmjSh1Kl3wzaxSVWMuA+fe0WTWOBDWCBmNA=="],
 
-    "yargs/string-width": ["string-width@4.2.3", "", { "dependencies": { "emoji-regex": "^8.0.0", "is-fullwidth-code-point": "^3.0.0", "strip-ansi": "^6.0.1" } }, "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g=="],
+    "yargs/string-width": ["string-width@7.2.0", "", { "dependencies": { "emoji-regex": "^10.3.0", "get-east-asian-width": "^1.0.0", "strip-ansi": "^7.1.0" } }, "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ=="],
+
+    "yargs/yargs-parser": ["yargs-parser@22.0.0", "", {}, "sha512-rwu/ClNdSMpkSrUb+d6BRsSkLUq1fmfsY6TOpYzTwvwkg1/NRG85KBy3kq++A8LKQwX6lsu+aWad+2khvuXrqw=="],
 
     "zod-to-ts/zod": ["zod@3.25.76", "", {}, "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ=="],
 
@@ -3714,7 +3879,13 @@
 
     "@babel/helper-compilation-targets/lru-cache/yallist": ["yallist@3.1.1", "", {}, "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g=="],
 
-    "@decocms/runtime/@types/bun/bun-types": ["bun-types@1.3.12", "", { "dependencies": { "@types/node": "*" } }, "sha512-HqOLj5PoFajAQciOMRiIZGNoKxDJSr6qigAttOX40vJuSp6DN/CxWp9s3C1Xwm4oH7ybueITwiaOcWXoYVoRkA=="],
+    "@better-auth/core/better-call/set-cookie-parser": ["set-cookie-parser@2.7.2", "", {}, "sha512-oeM1lpU/UvhTxw+g3cIfxXHyJRc/uidd3yK1P242gzHds0udQBYzs3y8j4gCCW+ZJ7ad0yctld8RYO+bdurlvw=="],
+
+    "@decocms/better-auth/better-call/set-cookie-parser": ["set-cookie-parser@2.7.2", "", {}, "sha512-oeM1lpU/UvhTxw+g3cIfxXHyJRc/uidd3yK1P242gzHds0udQBYzs3y8j4gCCW+ZJ7ad0yctld8RYO+bdurlvw=="],
+
+    "@grpc/proto-loader/yargs/cliui": ["cliui@8.0.1", "", { "dependencies": { "string-width": "^4.2.0", "strip-ansi": "^6.0.1", "wrap-ansi": "^7.0.0" } }, "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ=="],
+
+    "@grpc/proto-loader/yargs/string-width": ["string-width@4.2.3", "", { "dependencies": { "emoji-regex": "^8.0.0", "is-fullwidth-code-point": "^3.0.0", "strip-ansi": "^6.0.1" } }, "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g=="],
 
     "@oclif/core/ansi-escapes/type-fest": ["type-fest@0.21.3", "", {}, "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w=="],
 
@@ -3738,7 +3909,7 @@
 
     "@opentelemetry/exporter-logs-otlp-grpc/@opentelemetry/otlp-transformer/@opentelemetry/sdk-trace-base": ["@opentelemetry/sdk-trace-base@2.2.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/resources": "2.2.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-xWQgL0Bmctsalg6PaXExmzdedSp3gyKV8mQBwK/j9VGdCDu2fmXIb2gAehBKbkXCpJ4HPkgv3QfoJWRT4dHWbw=="],
 
-    "@opentelemetry/exporter-logs-otlp-grpc/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.4", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-CvexbZtbov6jW2eXAvLukXjXUW1TzFaivC46BpWc/3BpcCysb5Vffu+B3XHMm8lVEuy2Mm4XGex8hBSg1yapPg=="],
+    "@opentelemetry/exporter-logs-otlp-grpc/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.5", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-3wY1AxV+VBNW8Yypfd1yQY9pXnqTAN+KwQxL8iYm3/BjKYMNg4i0owhEe26PWDOMaIrzeeF98Lqd5NGz4omiIg=="],
 
     "@opentelemetry/exporter-logs-otlp-grpc/@opentelemetry/sdk-logs/@opentelemetry/api-logs": ["@opentelemetry/api-logs@0.207.0", "", { "dependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-lAb0jQRVyleQQGiuuvCOTDVspc14nx6XJjP4FspJ1sNARo3Regq4ZZbrc3rN4b1TYSuUCvgH+UXUPug4SLOqEQ=="],
 
@@ -3750,7 +3921,7 @@
 
     "@opentelemetry/exporter-logs-otlp-http/@opentelemetry/otlp-transformer/@opentelemetry/sdk-trace-base": ["@opentelemetry/sdk-trace-base@2.2.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/resources": "2.2.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-xWQgL0Bmctsalg6PaXExmzdedSp3gyKV8mQBwK/j9VGdCDu2fmXIb2gAehBKbkXCpJ4HPkgv3QfoJWRT4dHWbw=="],
 
-    "@opentelemetry/exporter-logs-otlp-http/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.4", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-CvexbZtbov6jW2eXAvLukXjXUW1TzFaivC46BpWc/3BpcCysb5Vffu+B3XHMm8lVEuy2Mm4XGex8hBSg1yapPg=="],
+    "@opentelemetry/exporter-logs-otlp-http/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.5", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-3wY1AxV+VBNW8Yypfd1yQY9pXnqTAN+KwQxL8iYm3/BjKYMNg4i0owhEe26PWDOMaIrzeeF98Lqd5NGz4omiIg=="],
 
     "@opentelemetry/exporter-logs-otlp-http/@opentelemetry/sdk-logs/@opentelemetry/resources": ["@opentelemetry/resources@2.2.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-1pNQf/JazQTMA0BiO5NINUzH0cbLbbl7mntLa4aJNmCCXSj0q03T5ZXXL0zw4G55TjdL9Tz32cznGClf+8zr5A=="],
 
@@ -3760,7 +3931,7 @@
 
     "@opentelemetry/exporter-metrics-otlp-grpc/@opentelemetry/otlp-transformer/@opentelemetry/sdk-trace-base": ["@opentelemetry/sdk-trace-base@2.2.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/resources": "2.2.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-xWQgL0Bmctsalg6PaXExmzdedSp3gyKV8mQBwK/j9VGdCDu2fmXIb2gAehBKbkXCpJ4HPkgv3QfoJWRT4dHWbw=="],
 
-    "@opentelemetry/exporter-metrics-otlp-grpc/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.4", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-CvexbZtbov6jW2eXAvLukXjXUW1TzFaivC46BpWc/3BpcCysb5Vffu+B3XHMm8lVEuy2Mm4XGex8hBSg1yapPg=="],
+    "@opentelemetry/exporter-metrics-otlp-grpc/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.5", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-3wY1AxV+VBNW8Yypfd1yQY9pXnqTAN+KwQxL8iYm3/BjKYMNg4i0owhEe26PWDOMaIrzeeF98Lqd5NGz4omiIg=="],
 
     "@opentelemetry/exporter-metrics-otlp-http/@opentelemetry/otlp-transformer/@opentelemetry/api-logs": ["@opentelemetry/api-logs@0.207.0", "", { "dependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-lAb0jQRVyleQQGiuuvCOTDVspc14nx6XJjP4FspJ1sNARo3Regq4ZZbrc3rN4b1TYSuUCvgH+UXUPug4SLOqEQ=="],
 
@@ -3768,7 +3939,7 @@
 
     "@opentelemetry/exporter-metrics-otlp-http/@opentelemetry/otlp-transformer/@opentelemetry/sdk-trace-base": ["@opentelemetry/sdk-trace-base@2.2.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/resources": "2.2.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-xWQgL0Bmctsalg6PaXExmzdedSp3gyKV8mQBwK/j9VGdCDu2fmXIb2gAehBKbkXCpJ4HPkgv3QfoJWRT4dHWbw=="],
 
-    "@opentelemetry/exporter-metrics-otlp-http/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.4", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-CvexbZtbov6jW2eXAvLukXjXUW1TzFaivC46BpWc/3BpcCysb5Vffu+B3XHMm8lVEuy2Mm4XGex8hBSg1yapPg=="],
+    "@opentelemetry/exporter-metrics-otlp-http/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.5", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-3wY1AxV+VBNW8Yypfd1yQY9pXnqTAN+KwQxL8iYm3/BjKYMNg4i0owhEe26PWDOMaIrzeeF98Lqd5NGz4omiIg=="],
 
     "@opentelemetry/exporter-metrics-otlp-proto/@opentelemetry/otlp-transformer/@opentelemetry/api-logs": ["@opentelemetry/api-logs@0.207.0", "", { "dependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-lAb0jQRVyleQQGiuuvCOTDVspc14nx6XJjP4FspJ1sNARo3Regq4ZZbrc3rN4b1TYSuUCvgH+UXUPug4SLOqEQ=="],
 
@@ -3776,7 +3947,7 @@
 
     "@opentelemetry/exporter-metrics-otlp-proto/@opentelemetry/otlp-transformer/@opentelemetry/sdk-trace-base": ["@opentelemetry/sdk-trace-base@2.2.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/resources": "2.2.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-xWQgL0Bmctsalg6PaXExmzdedSp3gyKV8mQBwK/j9VGdCDu2fmXIb2gAehBKbkXCpJ4HPkgv3QfoJWRT4dHWbw=="],
 
-    "@opentelemetry/exporter-metrics-otlp-proto/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.4", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-CvexbZtbov6jW2eXAvLukXjXUW1TzFaivC46BpWc/3BpcCysb5Vffu+B3XHMm8lVEuy2Mm4XGex8hBSg1yapPg=="],
+    "@opentelemetry/exporter-metrics-otlp-proto/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.5", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-3wY1AxV+VBNW8Yypfd1yQY9pXnqTAN+KwQxL8iYm3/BjKYMNg4i0owhEe26PWDOMaIrzeeF98Lqd5NGz4omiIg=="],
 
     "@opentelemetry/exporter-trace-otlp-grpc/@opentelemetry/otlp-transformer/@opentelemetry/api-logs": ["@opentelemetry/api-logs@0.207.0", "", { "dependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-lAb0jQRVyleQQGiuuvCOTDVspc14nx6XJjP4FspJ1sNARo3Regq4ZZbrc3rN4b1TYSuUCvgH+UXUPug4SLOqEQ=="],
 
@@ -3784,7 +3955,7 @@
 
     "@opentelemetry/exporter-trace-otlp-grpc/@opentelemetry/otlp-transformer/@opentelemetry/sdk-metrics": ["@opentelemetry/sdk-metrics@2.2.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/resources": "2.2.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.9.0 <1.10.0" } }, "sha512-G5KYP6+VJMZzpGipQw7Giif48h6SGQ2PFKEYCybeXJsOCB4fp8azqMAAzE5lnnHK3ZVwYQrgmFbsUJO/zOnwGw=="],
 
-    "@opentelemetry/exporter-trace-otlp-grpc/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.4", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-CvexbZtbov6jW2eXAvLukXjXUW1TzFaivC46BpWc/3BpcCysb5Vffu+B3XHMm8lVEuy2Mm4XGex8hBSg1yapPg=="],
+    "@opentelemetry/exporter-trace-otlp-grpc/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.5", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-3wY1AxV+VBNW8Yypfd1yQY9pXnqTAN+KwQxL8iYm3/BjKYMNg4i0owhEe26PWDOMaIrzeeF98Lqd5NGz4omiIg=="],
 
     "@opentelemetry/exporter-trace-otlp-http/@opentelemetry/otlp-transformer/@opentelemetry/api-logs": ["@opentelemetry/api-logs@0.207.0", "", { "dependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-lAb0jQRVyleQQGiuuvCOTDVspc14nx6XJjP4FspJ1sNARo3Regq4ZZbrc3rN4b1TYSuUCvgH+UXUPug4SLOqEQ=="],
 
@@ -3792,7 +3963,7 @@
 
     "@opentelemetry/exporter-trace-otlp-http/@opentelemetry/otlp-transformer/@opentelemetry/sdk-metrics": ["@opentelemetry/sdk-metrics@2.2.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/resources": "2.2.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.9.0 <1.10.0" } }, "sha512-G5KYP6+VJMZzpGipQw7Giif48h6SGQ2PFKEYCybeXJsOCB4fp8azqMAAzE5lnnHK3ZVwYQrgmFbsUJO/zOnwGw=="],
 
-    "@opentelemetry/exporter-trace-otlp-http/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.4", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-CvexbZtbov6jW2eXAvLukXjXUW1TzFaivC46BpWc/3BpcCysb5Vffu+B3XHMm8lVEuy2Mm4XGex8hBSg1yapPg=="],
+    "@opentelemetry/exporter-trace-otlp-http/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.5", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-3wY1AxV+VBNW8Yypfd1yQY9pXnqTAN+KwQxL8iYm3/BjKYMNg4i0owhEe26PWDOMaIrzeeF98Lqd5NGz4omiIg=="],
 
     "@opentelemetry/exporter-trace-otlp-proto/@opentelemetry/otlp-transformer/@opentelemetry/api-logs": ["@opentelemetry/api-logs@0.207.0", "", { "dependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-lAb0jQRVyleQQGiuuvCOTDVspc14nx6XJjP4FspJ1sNARo3Regq4ZZbrc3rN4b1TYSuUCvgH+UXUPug4SLOqEQ=="],
 
@@ -3800,7 +3971,7 @@
 
     "@opentelemetry/exporter-trace-otlp-proto/@opentelemetry/otlp-transformer/@opentelemetry/sdk-metrics": ["@opentelemetry/sdk-metrics@2.2.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/resources": "2.2.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.9.0 <1.10.0" } }, "sha512-G5KYP6+VJMZzpGipQw7Giif48h6SGQ2PFKEYCybeXJsOCB4fp8azqMAAzE5lnnHK3ZVwYQrgmFbsUJO/zOnwGw=="],
 
-    "@opentelemetry/exporter-trace-otlp-proto/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.4", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-CvexbZtbov6jW2eXAvLukXjXUW1TzFaivC46BpWc/3BpcCysb5Vffu+B3XHMm8lVEuy2Mm4XGex8hBSg1yapPg=="],
+    "@opentelemetry/exporter-trace-otlp-proto/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.5", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-3wY1AxV+VBNW8Yypfd1yQY9pXnqTAN+KwQxL8iYm3/BjKYMNg4i0owhEe26PWDOMaIrzeeF98Lqd5NGz4omiIg=="],
 
     "@opentelemetry/otlp-grpc-exporter-base/@opentelemetry/otlp-transformer/@opentelemetry/api-logs": ["@opentelemetry/api-logs@0.207.0", "", { "dependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-lAb0jQRVyleQQGiuuvCOTDVspc14nx6XJjP4FspJ1sNARo3Regq4ZZbrc3rN4b1TYSuUCvgH+UXUPug4SLOqEQ=="],
 
@@ -3812,7 +3983,7 @@
 
     "@opentelemetry/otlp-grpc-exporter-base/@opentelemetry/otlp-transformer/@opentelemetry/sdk-trace-base": ["@opentelemetry/sdk-trace-base@2.2.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/resources": "2.2.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-xWQgL0Bmctsalg6PaXExmzdedSp3gyKV8mQBwK/j9VGdCDu2fmXIb2gAehBKbkXCpJ4HPkgv3QfoJWRT4dHWbw=="],
 
-    "@opentelemetry/otlp-grpc-exporter-base/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.4", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-CvexbZtbov6jW2eXAvLukXjXUW1TzFaivC46BpWc/3BpcCysb5Vffu+B3XHMm8lVEuy2Mm4XGex8hBSg1yapPg=="],
+    "@opentelemetry/otlp-grpc-exporter-base/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.5", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-3wY1AxV+VBNW8Yypfd1yQY9pXnqTAN+KwQxL8iYm3/BjKYMNg4i0owhEe26PWDOMaIrzeeF98Lqd5NGz4omiIg=="],
 
     "@opentelemetry/sdk-node/@opentelemetry/exporter-logs-otlp-proto/@opentelemetry/otlp-exporter-base": ["@opentelemetry/otlp-exporter-base@0.207.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/otlp-transformer": "0.207.0" }, "peerDependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-4RQluMVVGMrHok/3SVeSJ6EnRNkA2MINcX88sh+d/7DjGUrewW/WT88IsMEci0wUM+5ykTpPPNbEOoW+jwHnbw=="],
 
@@ -3826,31 +3997,75 @@
 
     "ansi-align/string-width/strip-ansi": ["strip-ansi@6.0.1", "", { "dependencies": { "ansi-regex": "^5.0.1" } }, "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="],
 
-    "astro/vite/esbuild": ["esbuild@0.25.12", "", { "optionalDependencies": { "@esbuild/aix-ppc64": "0.25.12", "@esbuild/android-arm": "0.25.12", "@esbuild/android-arm64": "0.25.12", "@esbuild/android-x64": "0.25.12", "@esbuild/darwin-arm64": "0.25.12", "@esbuild/darwin-x64": "0.25.12", "@esbuild/freebsd-arm64": "0.25.12", "@esbuild/freebsd-x64": "0.25.12", "@esbuild/linux-arm": "0.25.12", "@esbuild/linux-arm64": "0.25.12", "@esbuild/linux-ia32": "0.25.12", "@esbuild/linux-loong64": "0.25.12", "@esbuild/linux-mips64el": "0.25.12", "@esbuild/linux-ppc64": "0.25.12", "@esbuild/linux-riscv64": "0.25.12", "@esbuild/linux-s390x": "0.25.12", "@esbuild/linux-x64": "0.25.12", "@esbuild/netbsd-arm64": "0.25.12", "@esbuild/netbsd-x64": "0.25.12", "@esbuild/openbsd-arm64": "0.25.12", "@esbuild/openbsd-x64": "0.25.12", "@esbuild/openharmony-arm64": "0.25.12", "@esbuild/sunos-x64": "0.25.12", "@esbuild/win32-arm64": "0.25.12", "@esbuild/win32-ia32": "0.25.12", "@esbuild/win32-x64": "0.25.12" }, "bin": { "esbuild": "bin/esbuild" } }, "sha512-bbPBYYrtZbkt6Os6FiTLCTFxvq4tt3JKall1vRwshA3fdVztsLAatFaZobhkBC8/BrPetoa0oksYoKXoG4ryJg=="],
+    "astro/esbuild/@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.27.7", "", { "os": "aix", "cpu": "ppc64" }, "sha512-EKX3Qwmhz1eMdEJokhALr0YiD0lhQNwDqkPYyPhiSwKrh7/4KRjQc04sZ8db+5DVVnZ1LmbNDI1uAMPEUBnQPg=="],
 
-    "cliui/string-width/emoji-regex": ["emoji-regex@8.0.0", "", {}, "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="],
+    "astro/esbuild/@esbuild/android-arm": ["@esbuild/android-arm@0.27.7", "", { "os": "android", "cpu": "arm" }, "sha512-jbPXvB4Yj2yBV7HUfE2KHe4GJX51QplCN1pGbYjvsyCZbQmies29EoJbkEc+vYuU5o45AfQn37vZlyXy4YJ8RQ=="],
 
-    "cliui/string-width/is-fullwidth-code-point": ["is-fullwidth-code-point@3.0.0", "", {}, "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg=="],
+    "astro/esbuild/@esbuild/android-arm64": ["@esbuild/android-arm64@0.27.7", "", { "os": "android", "cpu": "arm64" }, "sha512-62dPZHpIXzvChfvfLJow3q5dDtiNMkwiRzPylSCfriLvZeq0a1bWChrGx/BbUbPwOrsWKMn8idSllklzBy+dgQ=="],
 
-    "cliui/strip-ansi/ansi-regex": ["ansi-regex@5.0.1", "", {}, "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="],
+    "astro/esbuild/@esbuild/android-x64": ["@esbuild/android-x64@0.27.7", "", { "os": "android", "cpu": "x64" }, "sha512-x5VpMODneVDb70PYV2VQOmIUUiBtY3D3mPBG8NxVk5CogneYhkR7MmM3yR/uMdITLrC1ml/NV1rj4bMJuy9MCg=="],
 
-    "cliui/wrap-ansi/ansi-styles": ["ansi-styles@4.3.0", "", { "dependencies": { "color-convert": "^2.0.1" } }, "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="],
+    "astro/esbuild/@esbuild/darwin-arm64": ["@esbuild/darwin-arm64@0.27.7", "", { "os": "darwin", "cpu": "arm64" }, "sha512-5lckdqeuBPlKUwvoCXIgI2D9/ABmPq3Rdp7IfL70393YgaASt7tbju3Ac+ePVi3KDH6N2RqePfHnXkaDtY9fkw=="],
 
-    "csso/css-tree/mdn-data": ["mdn-data@2.0.28", "", {}, "sha512-aylIc7Z9y4yzHYAJNuESG3hfhC+0Ibp/MAMiaOZgNv4pmEdFyfZhhhny4MNiAfWdBQ1RQ2mfDWmM1x8SvGyp8g=="],
+    "astro/esbuild/@esbuild/darwin-x64": ["@esbuild/darwin-x64@0.27.7", "", { "os": "darwin", "cpu": "x64" }, "sha512-rYnXrKcXuT7Z+WL5K980jVFdvVKhCHhUwid+dDYQpH+qu+TefcomiMAJpIiC2EM3Rjtq0sO3StMV/+3w3MyyqQ=="],
 
-    "decocms/@types/bun/bun-types": ["bun-types@1.3.12", "", { "dependencies": { "@types/node": "*" } }, "sha512-HqOLj5PoFajAQciOMRiIZGNoKxDJSr6qigAttOX40vJuSp6DN/CxWp9s3C1Xwm4oH7ybueITwiaOcWXoYVoRkA=="],
+    "astro/esbuild/@esbuild/freebsd-arm64": ["@esbuild/freebsd-arm64@0.27.7", "", { "os": "freebsd", "cpu": "arm64" }, "sha512-B48PqeCsEgOtzME2GbNM2roU29AMTuOIN91dsMO30t+Ydis3z/3Ngoj5hhnsOSSwNzS+6JppqWsuhTp6E82l2w=="],
 
-    "decocms/recharts/eventemitter3": ["eventemitter3@5.0.4", "", {}, "sha512-mlsTRyGaPBjPedk6Bvw+aqbsXDtoAyAzm5MO7JgU+yVRyMQ5O8bD4Kcci7BS85f93veegeCPkL8R4GLClnjLFw=="],
+    "astro/esbuild/@esbuild/freebsd-x64": ["@esbuild/freebsd-x64@0.27.7", "", { "os": "freebsd", "cpu": "x64" }, "sha512-jOBDK5XEjA4m5IJK3bpAQF9/Lelu/Z9ZcdhTRLf4cajlB+8VEhFFRjWgfy3M1O4rO2GQ/b2dLwCUGpiF/eATNQ=="],
 
-    "decocms/recharts/victory-vendor": ["victory-vendor@37.3.6", "", { "dependencies": { "@types/d3-array": "^3.0.3", "@types/d3-ease": "^3.0.0", "@types/d3-interpolate": "^3.0.1", "@types/d3-scale": "^4.0.2", "@types/d3-shape": "^3.1.0", "@types/d3-time": "^3.0.0", "@types/d3-timer": "^3.0.0", "d3-array": "^3.1.6", "d3-ease": "^3.0.1", "d3-interpolate": "^3.0.1", "d3-scale": "^4.0.2", "d3-shape": "^3.1.0", "d3-time": "^3.0.0", "d3-timer": "^3.0.1" } }, "sha512-SbPDPdDBYp+5MJHhBCAyI7wKM3d5ivekigc2Dk2s7pgbZ9wIgIBYGVw4zGHBml/qTFbexrofXW6Gu4noGxrOwQ=="],
+    "astro/esbuild/@esbuild/linux-arm": ["@esbuild/linux-arm@0.27.7", "", { "os": "linux", "cpu": "arm" }, "sha512-RkT/YXYBTSULo3+af8Ib0ykH8u2MBh57o7q/DAs3lTJlyVQkgQvlrPTnjIzzRPQyavxtPtfg0EopvDyIt0j1rA=="],
+
+    "astro/esbuild/@esbuild/linux-arm64": ["@esbuild/linux-arm64@0.27.7", "", { "os": "linux", "cpu": "arm64" }, "sha512-RZPHBoxXuNnPQO9rvjh5jdkRmVizktkT7TCDkDmQ0W2SwHInKCAV95GRuvdSvA7w4VMwfCjUiPwDi0ZO6Nfe9A=="],
 
-    "filelist/minimatch/brace-expansion": ["brace-expansion@2.0.2", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ=="],
+    "astro/esbuild/@esbuild/linux-ia32": ["@esbuild/linux-ia32@0.27.7", "", { "os": "linux", "cpu": "ia32" }, "sha512-GA48aKNkyQDbd3KtkplYWT102C5sn/EZTY4XROkxONgruHPU72l+gW+FfF8tf2cFjeHaRbWpOYa/uRBz/Xq1Pg=="],
 
-    "freestyle-sandboxes/yargs/cliui": ["cliui@9.0.1", "", { "dependencies": { "string-width": "^7.2.0", "strip-ansi": "^7.1.0", "wrap-ansi": "^9.0.0" } }, "sha512-k7ndgKhwoQveBL+/1tqGJYNz097I7WOvwbmmU2AR5+magtbjPWQTS1C5vzGkBC8Ym8UWRzfKUzUUqFLypY4Q+w=="],
+    "astro/esbuild/@esbuild/linux-loong64": ["@esbuild/linux-loong64@0.27.7", "", { "os": "linux", "cpu": "none" }, "sha512-a4POruNM2oWsD4WKvBSEKGIiWQF8fZOAsycHOt6JBpZ+JN2n2JH9WAv56SOyu9X5IqAjqSIPTaJkqN8F7XOQ5Q=="],
 
-    "freestyle-sandboxes/yargs/string-width": ["string-width@7.2.0", "", { "dependencies": { "emoji-regex": "^10.3.0", "get-east-asian-width": "^1.0.0", "strip-ansi": "^7.1.0" } }, "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ=="],
+    "astro/esbuild/@esbuild/linux-mips64el": ["@esbuild/linux-mips64el@0.27.7", "", { "os": "linux", "cpu": "none" }, "sha512-KabT5I6StirGfIz0FMgl1I+R1H73Gp0ofL9A3nG3i/cYFJzKHhouBV5VWK1CSgKvVaG4q1RNpCTR2LuTVB3fIw=="],
 
-    "freestyle-sandboxes/yargs/yargs-parser": ["yargs-parser@22.0.0", "", {}, "sha512-rwu/ClNdSMpkSrUb+d6BRsSkLUq1fmfsY6TOpYzTwvwkg1/NRG85KBy3kq++A8LKQwX6lsu+aWad+2khvuXrqw=="],
+    "astro/esbuild/@esbuild/linux-ppc64": ["@esbuild/linux-ppc64@0.27.7", "", { "os": "linux", "cpu": "ppc64" }, "sha512-gRsL4x6wsGHGRqhtI+ifpN/vpOFTQtnbsupUF5R5YTAg+y/lKelYR1hXbnBdzDjGbMYjVJLJTd2OFmMewAgwlQ=="],
+
+    "astro/esbuild/@esbuild/linux-riscv64": ["@esbuild/linux-riscv64@0.27.7", "", { "os": "linux", "cpu": "none" }, "sha512-hL25LbxO1QOngGzu2U5xeXtxXcW+/GvMN3ejANqXkxZ/opySAZMrc+9LY/WyjAan41unrR3YrmtTsUpwT66InQ=="],
+
+    "astro/esbuild/@esbuild/linux-s390x": ["@esbuild/linux-s390x@0.27.7", "", { "os": "linux", "cpu": "s390x" }, "sha512-2k8go8Ycu1Kb46vEelhu1vqEP+UeRVj2zY1pSuPdgvbd5ykAw82Lrro28vXUrRmzEsUV0NzCf54yARIK8r0fdw=="],
+
+    "astro/esbuild/@esbuild/linux-x64": ["@esbuild/linux-x64@0.27.7", "", { "os": "linux", "cpu": "x64" }, "sha512-hzznmADPt+OmsYzw1EE33ccA+HPdIqiCRq7cQeL1Jlq2gb1+OyWBkMCrYGBJ+sxVzve2ZJEVeePbLM2iEIZSxA=="],
+
+    "astro/esbuild/@esbuild/netbsd-arm64": ["@esbuild/netbsd-arm64@0.27.7", "", { "os": "none", "cpu": "arm64" }, "sha512-b6pqtrQdigZBwZxAn1UpazEisvwaIDvdbMbmrly7cDTMFnw/+3lVxxCTGOrkPVnsYIosJJXAsILG9XcQS+Yu6w=="],
+
+    "astro/esbuild/@esbuild/netbsd-x64": ["@esbuild/netbsd-x64@0.27.7", "", { "os": "none", "cpu": "x64" }, "sha512-OfatkLojr6U+WN5EDYuoQhtM+1xco+/6FSzJJnuWiUw5eVcicbyK3dq5EeV/QHT1uy6GoDhGbFpprUiHUYggrw=="],
+
+    "astro/esbuild/@esbuild/openbsd-arm64": ["@esbuild/openbsd-arm64@0.27.7", "", { "os": "openbsd", "cpu": "arm64" }, "sha512-AFuojMQTxAz75Fo8idVcqoQWEHIXFRbOc1TrVcFSgCZtQfSdc1RXgB3tjOn/krRHENUB4j00bfGjyl2mJrU37A=="],
+
+    "astro/esbuild/@esbuild/openbsd-x64": ["@esbuild/openbsd-x64@0.27.7", "", { "os": "openbsd", "cpu": "x64" }, "sha512-+A1NJmfM8WNDv5CLVQYJ5PshuRm/4cI6WMZRg1by1GwPIQPCTs1GLEUHwiiQGT5zDdyLiRM/l1G0Pv54gvtKIg=="],
+
+    "astro/esbuild/@esbuild/openharmony-arm64": ["@esbuild/openharmony-arm64@0.27.7", "", { "os": "none", "cpu": "arm64" }, "sha512-+KrvYb/C8zA9CU/g0sR6w2RBw7IGc5J2BPnc3dYc5VJxHCSF1yNMxTV5LQ7GuKteQXZtspjFbiuW5/dOj7H4Yw=="],
+
+    "astro/esbuild/@esbuild/sunos-x64": ["@esbuild/sunos-x64@0.27.7", "", { "os": "sunos", "cpu": "x64" }, "sha512-ikktIhFBzQNt/QDyOL580ti9+5mL/YZeUPKU2ivGtGjdTYoqz6jObj6nOMfhASpS4GU4Q/Clh1QtxWAvcYKamA=="],
+
+    "astro/esbuild/@esbuild/win32-arm64": ["@esbuild/win32-arm64@0.27.7", "", { "os": "win32", "cpu": "arm64" }, "sha512-7yRhbHvPqSpRUV7Q20VuDwbjW5kIMwTHpptuUzV+AA46kiPze5Z7qgt6CLCK3pWFrHeNfDd1VKgyP4O+ng17CA=="],
+
+    "astro/esbuild/@esbuild/win32-ia32": ["@esbuild/win32-ia32@0.27.7", "", { "os": "win32", "cpu": "ia32" }, "sha512-SmwKXe6VHIyZYbBLJrhOoCJRB/Z1tckzmgTLfFYOfpMAx63BJEaL9ExI8x7v0oAO3Zh6D/Oi1gVxEYr5oUCFhw=="],
+
+    "astro/esbuild/@esbuild/win32-x64": ["@esbuild/win32-x64@0.27.7", "", { "os": "win32", "cpu": "x64" }, "sha512-56hiAJPhwQ1R4i+21FVF7V8kSD5zZTdHcVuRFMW0hn753vVfQN8xlx4uOPT4xoGH0Z/oVATuR82AiqSTDIpaHg=="],
+
+    "astro/vite/esbuild": ["esbuild@0.25.12", "", { "optionalDependencies": { "@esbuild/aix-ppc64": "0.25.12", "@esbuild/android-arm": "0.25.12", "@esbuild/android-arm64": "0.25.12", "@esbuild/android-x64": "0.25.12", "@esbuild/darwin-arm64": "0.25.12", "@esbuild/darwin-x64": "0.25.12", "@esbuild/freebsd-arm64": "0.25.12", "@esbuild/freebsd-x64": "0.25.12", "@esbuild/linux-arm": "0.25.12", "@esbuild/linux-arm64": "0.25.12", "@esbuild/linux-ia32": "0.25.12", "@esbuild/linux-loong64": "0.25.12", "@esbuild/linux-mips64el": "0.25.12", "@esbuild/linux-ppc64": "0.25.12", "@esbuild/linux-riscv64": "0.25.12", "@esbuild/linux-s390x": "0.25.12", "@esbuild/linux-x64": "0.25.12", "@esbuild/netbsd-arm64": "0.25.12", "@esbuild/netbsd-x64": "0.25.12", "@esbuild/openbsd-arm64": "0.25.12", "@esbuild/openbsd-x64": "0.25.12", "@esbuild/openharmony-arm64": "0.25.12", "@esbuild/sunos-x64": "0.25.12", "@esbuild/win32-arm64": "0.25.12", "@esbuild/win32-ia32": "0.25.12", "@esbuild/win32-x64": "0.25.12" }, "bin": { "esbuild": "bin/esbuild" } }, "sha512-bbPBYYrtZbkt6Os6FiTLCTFxvq4tt3JKall1vRwshA3fdVztsLAatFaZobhkBC8/BrPetoa0oksYoKXoG4ryJg=="],
+
+    "better-auth/better-call/set-cookie-parser": ["set-cookie-parser@2.7.2", "", {}, "sha512-oeM1lpU/UvhTxw+g3cIfxXHyJRc/uidd3yK1P242gzHds0udQBYzs3y8j4gCCW+ZJ7ad0yctld8RYO+bdurlvw=="],
+
+    "concurrently/yargs/cliui": ["cliui@8.0.1", "", { "dependencies": { "string-width": "^4.2.0", "strip-ansi": "^6.0.1", "wrap-ansi": "^7.0.0" } }, "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ=="],
+
+    "concurrently/yargs/string-width": ["string-width@4.2.3", "", { "dependencies": { "emoji-regex": "^8.0.0", "is-fullwidth-code-point": "^3.0.0", "strip-ansi": "^6.0.1" } }, "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g=="],
+
+    "csso/css-tree/mdn-data": ["mdn-data@2.0.28", "", {}, "sha512-aylIc7Z9y4yzHYAJNuESG3hfhC+0Ibp/MAMiaOZgNv4pmEdFyfZhhhny4MNiAfWdBQ1RQ2mfDWmM1x8SvGyp8g=="],
+
+    "decocms/recharts/eventemitter3": ["eventemitter3@5.0.4", "", {}, "sha512-mlsTRyGaPBjPedk6Bvw+aqbsXDtoAyAzm5MO7JgU+yVRyMQ5O8bD4Kcci7BS85f93veegeCPkL8R4GLClnjLFw=="],
+
+    "decocms/recharts/victory-vendor": ["victory-vendor@37.3.6", "", { "dependencies": { "@types/d3-array": "^3.0.3", "@types/d3-ease": "^3.0.0", "@types/d3-interpolate": "^3.0.1", "@types/d3-scale": "^4.0.2", "@types/d3-shape": "^3.1.0", "@types/d3-time": "^3.0.0", "@types/d3-timer": "^3.0.0", "d3-array": "^3.1.6", "d3-ease": "^3.0.1", "d3-interpolate": "^3.0.1", "d3-scale": "^4.0.2", "d3-shape": "^3.1.0", "d3-time": "^3.0.0", "d3-timer": "^3.0.1" } }, "sha512-SbPDPdDBYp+5MJHhBCAyI7wKM3d5ivekigc2Dk2s7pgbZ9wIgIBYGVw4zGHBml/qTFbexrofXW6Gu4noGxrOwQ=="],
+
+    "filelist/minimatch/brace-expansion": ["brace-expansion@2.1.0", "", { "dependencies": { "balanced-match": "^1.0.0" } }, "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w=="],
+
+    "form-data/mime-types/mime-db": ["mime-db@1.52.0", "", {}, "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg=="],
 
     "git-diff/chalk/ansi-styles": ["ansi-styles@3.2.1", "", { "dependencies": { "color-convert": "^1.9.0" } }, "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA=="],
 
@@ -3874,17 +4089,175 @@
 
     "mdast-util-mdx-jsx/parse-entities/is-hexadecimal": ["is-hexadecimal@2.0.1", "", {}, "sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg=="],
 
-    "mesh-plugin-workflows/@types/bun/bun-types": ["bun-types@1.3.12", "", { "dependencies": { "@types/node": "*" } }, "sha512-HqOLj5PoFajAQciOMRiIZGNoKxDJSr6qigAttOX40vJuSp6DN/CxWp9s3C1Xwm4oH7ybueITwiaOcWXoYVoRkA=="],
+    "posthog-js/@opentelemetry/exporter-logs-otlp-http/@opentelemetry/core": ["@opentelemetry/core@2.2.0", "", { "dependencies": { "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.0.0 <1.10.0" } }, "sha512-FuabnnUm8LflnieVxs6eP7Z383hgQU4W1e3KJS6aOG3RxWxcHyBxH8fDMHNgu/gFx/M2jvTOW/4/PHhLz6bjWw=="],
+
+    "posthog-js/@opentelemetry/exporter-logs-otlp-http/@opentelemetry/otlp-exporter-base": ["@opentelemetry/otlp-exporter-base@0.208.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/otlp-transformer": "0.208.0" }, "peerDependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-gMd39gIfVb2OgxldxUtOwGJYSH8P1kVFFlJLuut32L6KgUC4gl1dMhn+YC2mGn0bDOiQYSk/uHOdSjuKp58vvA=="],
+
+    "posthog-js/@opentelemetry/exporter-logs-otlp-http/@opentelemetry/otlp-transformer": ["@opentelemetry/otlp-transformer@0.208.0", "", { "dependencies": { "@opentelemetry/api-logs": "0.208.0", "@opentelemetry/core": "2.2.0", "@opentelemetry/resources": "2.2.0", "@opentelemetry/sdk-logs": "0.208.0", "@opentelemetry/sdk-metrics": "2.2.0", "@opentelemetry/sdk-trace-base": "2.2.0", "protobufjs": "^7.3.0" }, "peerDependencies": { "@opentelemetry/api": "^1.3.0" } }, "sha512-DCFPY8C6lAQHUNkzcNT9R+qYExvsk6C5Bto2pbNxgicpcSWbe2WHShLxkOxIdNcBiYPdVHv/e7vH7K6TI+C+fQ=="],
+
+    "posthog-js/@opentelemetry/sdk-logs/@opentelemetry/core": ["@opentelemetry/core@2.2.0", "", { "dependencies": { "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.0.0 <1.10.0" } }, "sha512-FuabnnUm8LflnieVxs6eP7Z383hgQU4W1e3KJS6aOG3RxWxcHyBxH8fDMHNgu/gFx/M2jvTOW/4/PHhLz6bjWw=="],
+
+    "posthog-js/@opentelemetry/sdk-logs/@opentelemetry/resources": ["@opentelemetry/resources@2.2.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-1pNQf/JazQTMA0BiO5NINUzH0cbLbbl7mntLa4aJNmCCXSj0q03T5ZXXL0zw4G55TjdL9Tz32cznGClf+8zr5A=="],
 
     "shelljs/glob/minimatch": ["minimatch@3.1.5", "", { "dependencies": { "brace-expansion": "^1.1.7" } }, "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w=="],
 
+    "tsup/esbuild/@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.27.7", "", { "os": "aix", "cpu": "ppc64" }, "sha512-EKX3Qwmhz1eMdEJokhALr0YiD0lhQNwDqkPYyPhiSwKrh7/4KRjQc04sZ8db+5DVVnZ1LmbNDI1uAMPEUBnQPg=="],
+
+    "tsup/esbuild/@esbuild/android-arm": ["@esbuild/android-arm@0.27.7", "", { "os": "android", "cpu": "arm" }, "sha512-jbPXvB4Yj2yBV7HUfE2KHe4GJX51QplCN1pGbYjvsyCZbQmies29EoJbkEc+vYuU5o45AfQn37vZlyXy4YJ8RQ=="],
+
+    "tsup/esbuild/@esbuild/android-arm64": ["@esbuild/android-arm64@0.27.7", "", { "os": "android", "cpu": "arm64" }, "sha512-62dPZHpIXzvChfvfLJow3q5dDtiNMkwiRzPylSCfriLvZeq0a1bWChrGx/BbUbPwOrsWKMn8idSllklzBy+dgQ=="],
+
+    "tsup/esbuild/@esbuild/android-x64": ["@esbuild/android-x64@0.27.7", "", { "os": "android", "cpu": "x64" }, "sha512-x5VpMODneVDb70PYV2VQOmIUUiBtY3D3mPBG8NxVk5CogneYhkR7MmM3yR/uMdITLrC1ml/NV1rj4bMJuy9MCg=="],
+
+    "tsup/esbuild/@esbuild/darwin-arm64": ["@esbuild/darwin-arm64@0.27.7", "", { "os": "darwin", "cpu": "arm64" }, "sha512-5lckdqeuBPlKUwvoCXIgI2D9/ABmPq3Rdp7IfL70393YgaASt7tbju3Ac+ePVi3KDH6N2RqePfHnXkaDtY9fkw=="],
+
+    "tsup/esbuild/@esbuild/darwin-x64": ["@esbuild/darwin-x64@0.27.7", "", { "os": "darwin", "cpu": "x64" }, "sha512-rYnXrKcXuT7Z+WL5K980jVFdvVKhCHhUwid+dDYQpH+qu+TefcomiMAJpIiC2EM3Rjtq0sO3StMV/+3w3MyyqQ=="],
+
+    "tsup/esbuild/@esbuild/freebsd-arm64": ["@esbuild/freebsd-arm64@0.27.7", "", { "os": "freebsd", "cpu": "arm64" }, "sha512-B48PqeCsEgOtzME2GbNM2roU29AMTuOIN91dsMO30t+Ydis3z/3Ngoj5hhnsOSSwNzS+6JppqWsuhTp6E82l2w=="],
+
+    "tsup/esbuild/@esbuild/freebsd-x64": ["@esbuild/freebsd-x64@0.27.7", "", { "os": "freebsd", "cpu": "x64" }, "sha512-jOBDK5XEjA4m5IJK3bpAQF9/Lelu/Z9ZcdhTRLf4cajlB+8VEhFFRjWgfy3M1O4rO2GQ/b2dLwCUGpiF/eATNQ=="],
+
+    "tsup/esbuild/@esbuild/linux-arm": ["@esbuild/linux-arm@0.27.7", "", { "os": "linux", "cpu": "arm" }, "sha512-RkT/YXYBTSULo3+af8Ib0ykH8u2MBh57o7q/DAs3lTJlyVQkgQvlrPTnjIzzRPQyavxtPtfg0EopvDyIt0j1rA=="],
+
+    "tsup/esbuild/@esbuild/linux-arm64": ["@esbuild/linux-arm64@0.27.7", "", { "os": "linux", "cpu": "arm64" }, "sha512-RZPHBoxXuNnPQO9rvjh5jdkRmVizktkT7TCDkDmQ0W2SwHInKCAV95GRuvdSvA7w4VMwfCjUiPwDi0ZO6Nfe9A=="],
+
+    "tsup/esbuild/@esbuild/linux-ia32": ["@esbuild/linux-ia32@0.27.7", "", { "os": "linux", "cpu": "ia32" }, "sha512-GA48aKNkyQDbd3KtkplYWT102C5sn/EZTY4XROkxONgruHPU72l+gW+FfF8tf2cFjeHaRbWpOYa/uRBz/Xq1Pg=="],
+
+    "tsup/esbuild/@esbuild/linux-loong64": ["@esbuild/linux-loong64@0.27.7", "", { "os": "linux", "cpu": "none" }, "sha512-a4POruNM2oWsD4WKvBSEKGIiWQF8fZOAsycHOt6JBpZ+JN2n2JH9WAv56SOyu9X5IqAjqSIPTaJkqN8F7XOQ5Q=="],
+
+    "tsup/esbuild/@esbuild/linux-mips64el": ["@esbuild/linux-mips64el@0.27.7", "", { "os": "linux", "cpu": "none" }, "sha512-KabT5I6StirGfIz0FMgl1I+R1H73Gp0ofL9A3nG3i/cYFJzKHhouBV5VWK1CSgKvVaG4q1RNpCTR2LuTVB3fIw=="],
+
+    "tsup/esbuild/@esbuild/linux-ppc64": ["@esbuild/linux-ppc64@0.27.7", "", { "os": "linux", "cpu": "ppc64" }, "sha512-gRsL4x6wsGHGRqhtI+ifpN/vpOFTQtnbsupUF5R5YTAg+y/lKelYR1hXbnBdzDjGbMYjVJLJTd2OFmMewAgwlQ=="],
+
+    "tsup/esbuild/@esbuild/linux-riscv64": ["@esbuild/linux-riscv64@0.27.7", "", { "os": "linux", "cpu": "none" }, "sha512-hL25LbxO1QOngGzu2U5xeXtxXcW+/GvMN3ejANqXkxZ/opySAZMrc+9LY/WyjAan41unrR3YrmtTsUpwT66InQ=="],
+
+    "tsup/esbuild/@esbuild/linux-s390x": ["@esbuild/linux-s390x@0.27.7", "", { "os": "linux", "cpu": "s390x" }, "sha512-2k8go8Ycu1Kb46vEelhu1vqEP+UeRVj2zY1pSuPdgvbd5ykAw82Lrro28vXUrRmzEsUV0NzCf54yARIK8r0fdw=="],
+
+    "tsup/esbuild/@esbuild/linux-x64": ["@esbuild/linux-x64@0.27.7", "", { "os": "linux", "cpu": "x64" }, "sha512-hzznmADPt+OmsYzw1EE33ccA+HPdIqiCRq7cQeL1Jlq2gb1+OyWBkMCrYGBJ+sxVzve2ZJEVeePbLM2iEIZSxA=="],
+
+    "tsup/esbuild/@esbuild/netbsd-arm64": ["@esbuild/netbsd-arm64@0.27.7", "", { "os": "none", "cpu": "arm64" }, "sha512-b6pqtrQdigZBwZxAn1UpazEisvwaIDvdbMbmrly7cDTMFnw/+3lVxxCTGOrkPVnsYIosJJXAsILG9XcQS+Yu6w=="],
+
+    "tsup/esbuild/@esbuild/netbsd-x64": ["@esbuild/netbsd-x64@0.27.7", "", { "os": "none", "cpu": "x64" }, "sha512-OfatkLojr6U+WN5EDYuoQhtM+1xco+/6FSzJJnuWiUw5eVcicbyK3dq5EeV/QHT1uy6GoDhGbFpprUiHUYggrw=="],
+
+    "tsup/esbuild/@esbuild/openbsd-arm64": ["@esbuild/openbsd-arm64@0.27.7", "", { "os": "openbsd", "cpu": "arm64" }, "sha512-AFuojMQTxAz75Fo8idVcqoQWEHIXFRbOc1TrVcFSgCZtQfSdc1RXgB3tjOn/krRHENUB4j00bfGjyl2mJrU37A=="],
+
+    "tsup/esbuild/@esbuild/openbsd-x64": ["@esbuild/openbsd-x64@0.27.7", "", { "os": "openbsd", "cpu": "x64" }, "sha512-+A1NJmfM8WNDv5CLVQYJ5PshuRm/4cI6WMZRg1by1GwPIQPCTs1GLEUHwiiQGT5zDdyLiRM/l1G0Pv54gvtKIg=="],
+
+    "tsup/esbuild/@esbuild/openharmony-arm64": ["@esbuild/openharmony-arm64@0.27.7", "", { "os": "none", "cpu": "arm64" }, "sha512-+KrvYb/C8zA9CU/g0sR6w2RBw7IGc5J2BPnc3dYc5VJxHCSF1yNMxTV5LQ7GuKteQXZtspjFbiuW5/dOj7H4Yw=="],
+
+    "tsup/esbuild/@esbuild/sunos-x64": ["@esbuild/sunos-x64@0.27.7", "", { "os": "sunos", "cpu": "x64" }, "sha512-ikktIhFBzQNt/QDyOL580ti9+5mL/YZeUPKU2ivGtGjdTYoqz6jObj6nOMfhASpS4GU4Q/Clh1QtxWAvcYKamA=="],
+
+    "tsup/esbuild/@esbuild/win32-arm64": ["@esbuild/win32-arm64@0.27.7", "", { "os": "win32", "cpu": "arm64" }, "sha512-7yRhbHvPqSpRUV7Q20VuDwbjW5kIMwTHpptuUzV+AA46kiPze5Z7qgt6CLCK3pWFrHeNfDd1VKgyP4O+ng17CA=="],
+
+    "tsup/esbuild/@esbuild/win32-ia32": ["@esbuild/win32-ia32@0.27.7", "", { "os": "win32", "cpu": "ia32" }, "sha512-SmwKXe6VHIyZYbBLJrhOoCJRB/Z1tckzmgTLfFYOfpMAx63BJEaL9ExI8x7v0oAO3Zh6D/Oi1gVxEYr5oUCFhw=="],
+
+    "tsup/esbuild/@esbuild/win32-x64": ["@esbuild/win32-x64@0.27.7", "", { "os": "win32", "cpu": "x64" }, "sha512-56hiAJPhwQ1R4i+21FVF7V8kSD5zZTdHcVuRFMW0hn753vVfQN8xlx4uOPT4xoGH0Z/oVATuR82AiqSTDIpaHg=="],
+
+    "tsx/esbuild/@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.27.7", "", { "os": "aix", "cpu": "ppc64" }, "sha512-EKX3Qwmhz1eMdEJokhALr0YiD0lhQNwDqkPYyPhiSwKrh7/4KRjQc04sZ8db+5DVVnZ1LmbNDI1uAMPEUBnQPg=="],
+
+    "tsx/esbuild/@esbuild/android-arm": ["@esbuild/android-arm@0.27.7", "", { "os": "android", "cpu": "arm" }, "sha512-jbPXvB4Yj2yBV7HUfE2KHe4GJX51QplCN1pGbYjvsyCZbQmies29EoJbkEc+vYuU5o45AfQn37vZlyXy4YJ8RQ=="],
+
+    "tsx/esbuild/@esbuild/android-arm64": ["@esbuild/android-arm64@0.27.7", "", { "os": "android", "cpu": "arm64" }, "sha512-62dPZHpIXzvChfvfLJow3q5dDtiNMkwiRzPylSCfriLvZeq0a1bWChrGx/BbUbPwOrsWKMn8idSllklzBy+dgQ=="],
+
+    "tsx/esbuild/@esbuild/android-x64": ["@esbuild/android-x64@0.27.7", "", { "os": "android", "cpu": "x64" }, "sha512-x5VpMODneVDb70PYV2VQOmIUUiBtY3D3mPBG8NxVk5CogneYhkR7MmM3yR/uMdITLrC1ml/NV1rj4bMJuy9MCg=="],
+
+    "tsx/esbuild/@esbuild/darwin-arm64": ["@esbuild/darwin-arm64@0.27.7", "", { "os": "darwin", "cpu": "arm64" }, "sha512-5lckdqeuBPlKUwvoCXIgI2D9/ABmPq3Rdp7IfL70393YgaASt7tbju3Ac+ePVi3KDH6N2RqePfHnXkaDtY9fkw=="],
+
+    "tsx/esbuild/@esbuild/darwin-x64": ["@esbuild/darwin-x64@0.27.7", "", { "os": "darwin", "cpu": "x64" }, "sha512-rYnXrKcXuT7Z+WL5K980jVFdvVKhCHhUwid+dDYQpH+qu+TefcomiMAJpIiC2EM3Rjtq0sO3StMV/+3w3MyyqQ=="],
+
+    "tsx/esbuild/@esbuild/freebsd-arm64": ["@esbuild/freebsd-arm64@0.27.7", "", { "os": "freebsd", "cpu": "arm64" }, "sha512-B48PqeCsEgOtzME2GbNM2roU29AMTuOIN91dsMO30t+Ydis3z/3Ngoj5hhnsOSSwNzS+6JppqWsuhTp6E82l2w=="],
+
+    "tsx/esbuild/@esbuild/freebsd-x64": ["@esbuild/freebsd-x64@0.27.7", "", { "os": "freebsd", "cpu": "x64" }, "sha512-jOBDK5XEjA4m5IJK3bpAQF9/Lelu/Z9ZcdhTRLf4cajlB+8VEhFFRjWgfy3M1O4rO2GQ/b2dLwCUGpiF/eATNQ=="],
+
+    "tsx/esbuild/@esbuild/linux-arm": ["@esbuild/linux-arm@0.27.7", "", { "os": "linux", "cpu": "arm" }, "sha512-RkT/YXYBTSULo3+af8Ib0ykH8u2MBh57o7q/DAs3lTJlyVQkgQvlrPTnjIzzRPQyavxtPtfg0EopvDyIt0j1rA=="],
+
+    "tsx/esbuild/@esbuild/linux-arm64": ["@esbuild/linux-arm64@0.27.7", "", { "os": "linux", "cpu": "arm64" }, "sha512-RZPHBoxXuNnPQO9rvjh5jdkRmVizktkT7TCDkDmQ0W2SwHInKCAV95GRuvdSvA7w4VMwfCjUiPwDi0ZO6Nfe9A=="],
+
+    "tsx/esbuild/@esbuild/linux-ia32": ["@esbuild/linux-ia32@0.27.7", "", { "os": "linux", "cpu": "ia32" }, "sha512-GA48aKNkyQDbd3KtkplYWT102C5sn/EZTY4XROkxONgruHPU72l+gW+FfF8tf2cFjeHaRbWpOYa/uRBz/Xq1Pg=="],
+
+    "tsx/esbuild/@esbuild/linux-loong64": ["@esbuild/linux-loong64@0.27.7", "", { "os": "linux", "cpu": "none" }, "sha512-a4POruNM2oWsD4WKvBSEKGIiWQF8fZOAsycHOt6JBpZ+JN2n2JH9WAv56SOyu9X5IqAjqSIPTaJkqN8F7XOQ5Q=="],
+
+    "tsx/esbuild/@esbuild/linux-mips64el": ["@esbuild/linux-mips64el@0.27.7", "", { "os": "linux", "cpu": "none" }, "sha512-KabT5I6StirGfIz0FMgl1I+R1H73Gp0ofL9A3nG3i/cYFJzKHhouBV5VWK1CSgKvVaG4q1RNpCTR2LuTVB3fIw=="],
+
+    "tsx/esbuild/@esbuild/linux-ppc64": ["@esbuild/linux-ppc64@0.27.7", "", { "os": "linux", "cpu": "ppc64" }, "sha512-gRsL4x6wsGHGRqhtI+ifpN/vpOFTQtnbsupUF5R5YTAg+y/lKelYR1hXbnBdzDjGbMYjVJLJTd2OFmMewAgwlQ=="],
+
+    "tsx/esbuild/@esbuild/linux-riscv64": ["@esbuild/linux-riscv64@0.27.7", "", { "os": "linux", "cpu": "none" }, "sha512-hL25LbxO1QOngGzu2U5xeXtxXcW+/GvMN3ejANqXkxZ/opySAZMrc+9LY/WyjAan41unrR3YrmtTsUpwT66InQ=="],
+
+    "tsx/esbuild/@esbuild/linux-s390x": ["@esbuild/linux-s390x@0.27.7", "", { "os": "linux", "cpu": "s390x" }, "sha512-2k8go8Ycu1Kb46vEelhu1vqEP+UeRVj2zY1pSuPdgvbd5ykAw82Lrro28vXUrRmzEsUV0NzCf54yARIK8r0fdw=="],
+
+    "tsx/esbuild/@esbuild/linux-x64": ["@esbuild/linux-x64@0.27.7", "", { "os": "linux", "cpu": "x64" }, "sha512-hzznmADPt+OmsYzw1EE33ccA+HPdIqiCRq7cQeL1Jlq2gb1+OyWBkMCrYGBJ+sxVzve2ZJEVeePbLM2iEIZSxA=="],
+
+    "tsx/esbuild/@esbuild/netbsd-arm64": ["@esbuild/netbsd-arm64@0.27.7", "", { "os": "none", "cpu": "arm64" }, "sha512-b6pqtrQdigZBwZxAn1UpazEisvwaIDvdbMbmrly7cDTMFnw/+3lVxxCTGOrkPVnsYIosJJXAsILG9XcQS+Yu6w=="],
+
+    "tsx/esbuild/@esbuild/netbsd-x64": ["@esbuild/netbsd-x64@0.27.7", "", { "os": "none", "cpu": "x64" }, "sha512-OfatkLojr6U+WN5EDYuoQhtM+1xco+/6FSzJJnuWiUw5eVcicbyK3dq5EeV/QHT1uy6GoDhGbFpprUiHUYggrw=="],
+
+    "tsx/esbuild/@esbuild/openbsd-arm64": ["@esbuild/openbsd-arm64@0.27.7", "", { "os": "openbsd", "cpu": "arm64" }, "sha512-AFuojMQTxAz75Fo8idVcqoQWEHIXFRbOc1TrVcFSgCZtQfSdc1RXgB3tjOn/krRHENUB4j00bfGjyl2mJrU37A=="],
+
+    "tsx/esbuild/@esbuild/openbsd-x64": ["@esbuild/openbsd-x64@0.27.7", "", { "os": "openbsd", "cpu": "x64" }, "sha512-+A1NJmfM8WNDv5CLVQYJ5PshuRm/4cI6WMZRg1by1GwPIQPCTs1GLEUHwiiQGT5zDdyLiRM/l1G0Pv54gvtKIg=="],
+
+    "tsx/esbuild/@esbuild/openharmony-arm64": ["@esbuild/openharmony-arm64@0.27.7", "", { "os": "none", "cpu": "arm64" }, "sha512-+KrvYb/C8zA9CU/g0sR6w2RBw7IGc5J2BPnc3dYc5VJxHCSF1yNMxTV5LQ7GuKteQXZtspjFbiuW5/dOj7H4Yw=="],
+
+    "tsx/esbuild/@esbuild/sunos-x64": ["@esbuild/sunos-x64@0.27.7", "", { "os": "sunos", "cpu": "x64" }, "sha512-ikktIhFBzQNt/QDyOL580ti9+5mL/YZeUPKU2ivGtGjdTYoqz6jObj6nOMfhASpS4GU4Q/Clh1QtxWAvcYKamA=="],
+
+    "tsx/esbuild/@esbuild/win32-arm64": ["@esbuild/win32-arm64@0.27.7", "", { "os": "win32", "cpu": "arm64" }, "sha512-7yRhbHvPqSpRUV7Q20VuDwbjW5kIMwTHpptuUzV+AA46kiPze5Z7qgt6CLCK3pWFrHeNfDd1VKgyP4O+ng17CA=="],
+
+    "tsx/esbuild/@esbuild/win32-ia32": ["@esbuild/win32-ia32@0.27.7", "", { "os": "win32", "cpu": "ia32" }, "sha512-SmwKXe6VHIyZYbBLJrhOoCJRB/Z1tckzmgTLfFYOfpMAx63BJEaL9ExI8x7v0oAO3Zh6D/Oi1gVxEYr5oUCFhw=="],
+
+    "tsx/esbuild/@esbuild/win32-x64": ["@esbuild/win32-x64@0.27.7", "", { "os": "win32", "cpu": "x64" }, "sha512-56hiAJPhwQ1R4i+21FVF7V8kSD5zZTdHcVuRFMW0hn753vVfQN8xlx4uOPT4xoGH0Z/oVATuR82AiqSTDIpaHg=="],
+
     "unstorage/chokidar/readdirp": ["readdirp@5.0.0", "", {}, "sha512-9u/XQ1pvrQtYyMpZe7DXKv2p5CNvyVwzUB6uhLAnQwHMSgKMBR62lc7AHljaeteeHXn11XTAaLLUVZYVZyuRBQ=="],
 
-    "yargs/string-width/emoji-regex": ["emoji-regex@8.0.0", "", {}, "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="],
+    "vite/esbuild/@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.27.7", "", { "os": "aix", "cpu": "ppc64" }, "sha512-EKX3Qwmhz1eMdEJokhALr0YiD0lhQNwDqkPYyPhiSwKrh7/4KRjQc04sZ8db+5DVVnZ1LmbNDI1uAMPEUBnQPg=="],
+
+    "vite/esbuild/@esbuild/android-arm": ["@esbuild/android-arm@0.27.7", "", { "os": "android", "cpu": "arm" }, "sha512-jbPXvB4Yj2yBV7HUfE2KHe4GJX51QplCN1pGbYjvsyCZbQmies29EoJbkEc+vYuU5o45AfQn37vZlyXy4YJ8RQ=="],
+
+    "vite/esbuild/@esbuild/android-arm64": ["@esbuild/android-arm64@0.27.7", "", { "os": "android", "cpu": "arm64" }, "sha512-62dPZHpIXzvChfvfLJow3q5dDtiNMkwiRzPylSCfriLvZeq0a1bWChrGx/BbUbPwOrsWKMn8idSllklzBy+dgQ=="],
+
+    "vite/esbuild/@esbuild/android-x64": ["@esbuild/android-x64@0.27.7", "", { "os": "android", "cpu": "x64" }, "sha512-x5VpMODneVDb70PYV2VQOmIUUiBtY3D3mPBG8NxVk5CogneYhkR7MmM3yR/uMdITLrC1ml/NV1rj4bMJuy9MCg=="],
+
+    "vite/esbuild/@esbuild/darwin-arm64": ["@esbuild/darwin-arm64@0.27.7", "", { "os": "darwin", "cpu": "arm64" }, "sha512-5lckdqeuBPlKUwvoCXIgI2D9/ABmPq3Rdp7IfL70393YgaASt7tbju3Ac+ePVi3KDH6N2RqePfHnXkaDtY9fkw=="],
+
+    "vite/esbuild/@esbuild/darwin-x64": ["@esbuild/darwin-x64@0.27.7", "", { "os": "darwin", "cpu": "x64" }, "sha512-rYnXrKcXuT7Z+WL5K980jVFdvVKhCHhUwid+dDYQpH+qu+TefcomiMAJpIiC2EM3Rjtq0sO3StMV/+3w3MyyqQ=="],
+
+    "vite/esbuild/@esbuild/freebsd-arm64": ["@esbuild/freebsd-arm64@0.27.7", "", { "os": "freebsd", "cpu": "arm64" }, "sha512-B48PqeCsEgOtzME2GbNM2roU29AMTuOIN91dsMO30t+Ydis3z/3Ngoj5hhnsOSSwNzS+6JppqWsuhTp6E82l2w=="],
+
+    "vite/esbuild/@esbuild/freebsd-x64": ["@esbuild/freebsd-x64@0.27.7", "", { "os": "freebsd", "cpu": "x64" }, "sha512-jOBDK5XEjA4m5IJK3bpAQF9/Lelu/Z9ZcdhTRLf4cajlB+8VEhFFRjWgfy3M1O4rO2GQ/b2dLwCUGpiF/eATNQ=="],
+
+    "vite/esbuild/@esbuild/linux-arm": ["@esbuild/linux-arm@0.27.7", "", { "os": "linux", "cpu": "arm" }, "sha512-RkT/YXYBTSULo3+af8Ib0ykH8u2MBh57o7q/DAs3lTJlyVQkgQvlrPTnjIzzRPQyavxtPtfg0EopvDyIt0j1rA=="],
+
+    "vite/esbuild/@esbuild/linux-arm64": ["@esbuild/linux-arm64@0.27.7", "", { "os": "linux", "cpu": "arm64" }, "sha512-RZPHBoxXuNnPQO9rvjh5jdkRmVizktkT7TCDkDmQ0W2SwHInKCAV95GRuvdSvA7w4VMwfCjUiPwDi0ZO6Nfe9A=="],
+
+    "vite/esbuild/@esbuild/linux-ia32": ["@esbuild/linux-ia32@0.27.7", "", { "os": "linux", "cpu": "ia32" }, "sha512-GA48aKNkyQDbd3KtkplYWT102C5sn/EZTY4XROkxONgruHPU72l+gW+FfF8tf2cFjeHaRbWpOYa/uRBz/Xq1Pg=="],
+
+    "vite/esbuild/@esbuild/linux-loong64": ["@esbuild/linux-loong64@0.27.7", "", { "os": "linux", "cpu": "none" }, "sha512-a4POruNM2oWsD4WKvBSEKGIiWQF8fZOAsycHOt6JBpZ+JN2n2JH9WAv56SOyu9X5IqAjqSIPTaJkqN8F7XOQ5Q=="],
+
+    "vite/esbuild/@esbuild/linux-mips64el": ["@esbuild/linux-mips64el@0.27.7", "", { "os": "linux", "cpu": "none" }, "sha512-KabT5I6StirGfIz0FMgl1I+R1H73Gp0ofL9A3nG3i/cYFJzKHhouBV5VWK1CSgKvVaG4q1RNpCTR2LuTVB3fIw=="],
 
-    "yargs/string-width/is-fullwidth-code-point": ["is-fullwidth-code-point@3.0.0", "", {}, "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg=="],
+    "vite/esbuild/@esbuild/linux-ppc64": ["@esbuild/linux-ppc64@0.27.7", "", { "os": "linux", "cpu": "ppc64" }, "sha512-gRsL4x6wsGHGRqhtI+ifpN/vpOFTQtnbsupUF5R5YTAg+y/lKelYR1hXbnBdzDjGbMYjVJLJTd2OFmMewAgwlQ=="],
 
-    "yargs/string-width/strip-ansi": ["strip-ansi@6.0.1", "", { "dependencies": { "ansi-regex": "^5.0.1" } }, "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="],
+    "vite/esbuild/@esbuild/linux-riscv64": ["@esbuild/linux-riscv64@0.27.7", "", { "os": "linux", "cpu": "none" }, "sha512-hL25LbxO1QOngGzu2U5xeXtxXcW+/GvMN3ejANqXkxZ/opySAZMrc+9LY/WyjAan41unrR3YrmtTsUpwT66InQ=="],
+
+    "vite/esbuild/@esbuild/linux-s390x": ["@esbuild/linux-s390x@0.27.7", "", { "os": "linux", "cpu": "s390x" }, "sha512-2k8go8Ycu1Kb46vEelhu1vqEP+UeRVj2zY1pSuPdgvbd5ykAw82Lrro28vXUrRmzEsUV0NzCf54yARIK8r0fdw=="],
+
+    "vite/esbuild/@esbuild/linux-x64": ["@esbuild/linux-x64@0.27.7", "", { "os": "linux", "cpu": "x64" }, "sha512-hzznmADPt+OmsYzw1EE33ccA+HPdIqiCRq7cQeL1Jlq2gb1+OyWBkMCrYGBJ+sxVzve2ZJEVeePbLM2iEIZSxA=="],
+
+    "vite/esbuild/@esbuild/netbsd-arm64": ["@esbuild/netbsd-arm64@0.27.7", "", { "os": "none", "cpu": "arm64" }, "sha512-b6pqtrQdigZBwZxAn1UpazEisvwaIDvdbMbmrly7cDTMFnw/+3lVxxCTGOrkPVnsYIosJJXAsILG9XcQS+Yu6w=="],
+
+    "vite/esbuild/@esbuild/netbsd-x64": ["@esbuild/netbsd-x64@0.27.7", "", { "os": "none", "cpu": "x64" }, "sha512-OfatkLojr6U+WN5EDYuoQhtM+1xco+/6FSzJJnuWiUw5eVcicbyK3dq5EeV/QHT1uy6GoDhGbFpprUiHUYggrw=="],
+
+    "vite/esbuild/@esbuild/openbsd-arm64": ["@esbuild/openbsd-arm64@0.27.7", "", { "os": "openbsd", "cpu": "arm64" }, "sha512-AFuojMQTxAz75Fo8idVcqoQWEHIXFRbOc1TrVcFSgCZtQfSdc1RXgB3tjOn/krRHENUB4j00bfGjyl2mJrU37A=="],
+
+    "vite/esbuild/@esbuild/openbsd-x64": ["@esbuild/openbsd-x64@0.27.7", "", { "os": "openbsd", "cpu": "x64" }, "sha512-+A1NJmfM8WNDv5CLVQYJ5PshuRm/4cI6WMZRg1by1GwPIQPCTs1GLEUHwiiQGT5zDdyLiRM/l1G0Pv54gvtKIg=="],
+
+    "vite/esbuild/@esbuild/openharmony-arm64": ["@esbuild/openharmony-arm64@0.27.7", "", { "os": "none", "cpu": "arm64" }, "sha512-+KrvYb/C8zA9CU/g0sR6w2RBw7IGc5J2BPnc3dYc5VJxHCSF1yNMxTV5LQ7GuKteQXZtspjFbiuW5/dOj7H4Yw=="],
+
+    "vite/esbuild/@esbuild/sunos-x64": ["@esbuild/sunos-x64@0.27.7", "", { "os": "sunos", "cpu": "x64" }, "sha512-ikktIhFBzQNt/QDyOL580ti9+5mL/YZeUPKU2ivGtGjdTYoqz6jObj6nOMfhASpS4GU4Q/Clh1QtxWAvcYKamA=="],
+
+    "vite/esbuild/@esbuild/win32-arm64": ["@esbuild/win32-arm64@0.27.7", "", { "os": "win32", "cpu": "arm64" }, "sha512-7yRhbHvPqSpRUV7Q20VuDwbjW5kIMwTHpptuUzV+AA46kiPze5Z7qgt6CLCK3pWFrHeNfDd1VKgyP4O+ng17CA=="],
+
+    "vite/esbuild/@esbuild/win32-ia32": ["@esbuild/win32-ia32@0.27.7", "", { "os": "win32", "cpu": "ia32" }, "sha512-SmwKXe6VHIyZYbBLJrhOoCJRB/Z1tckzmgTLfFYOfpMAx63BJEaL9ExI8x7v0oAO3Zh6D/Oi1gVxEYr5oUCFhw=="],
+
+    "vite/esbuild/@esbuild/win32-x64": ["@esbuild/win32-x64@0.27.7", "", { "os": "win32", "cpu": "x64" }, "sha512-56hiAJPhwQ1R4i+21FVF7V8kSD5zZTdHcVuRFMW0hn753vVfQN8xlx4uOPT4xoGH0Z/oVATuR82AiqSTDIpaHg=="],
 
     "@astrojs/react/vite/esbuild/@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.25.12", "", { "os": "aix", "cpu": "ppc64" }, "sha512-Hhmwd6CInZ3dwpuGTF8fJG6yoWmsToE+vYgD4nytZVxcu1ulHpUQRAB1UJ8+N1Am3Mz4+xOByoQoSZf4D+CpkA=="],
 
@@ -3944,11 +4317,21 @@
 
     "@aws-crypto/util/@smithy/util-utf8/@smithy/util-buffer-from/@smithy/is-array-buffer": ["@smithy/is-array-buffer@2.2.0", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA=="],
 
+    "@grpc/proto-loader/yargs/cliui/strip-ansi": ["strip-ansi@6.0.1", "", { "dependencies": { "ansi-regex": "^5.0.1" } }, "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="],
+
+    "@grpc/proto-loader/yargs/cliui/wrap-ansi": ["wrap-ansi@7.0.0", "", { "dependencies": { "ansi-styles": "^4.0.0", "string-width": "^4.1.0", "strip-ansi": "^6.0.0" } }, "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q=="],
+
+    "@grpc/proto-loader/yargs/string-width/emoji-regex": ["emoji-regex@8.0.0", "", {}, "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="],
+
+    "@grpc/proto-loader/yargs/string-width/is-fullwidth-code-point": ["is-fullwidth-code-point@3.0.0", "", {}, "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg=="],
+
+    "@grpc/proto-loader/yargs/string-width/strip-ansi": ["strip-ansi@6.0.1", "", { "dependencies": { "ansi-regex": "^5.0.1" } }, "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="],
+
     "@oclif/core/string-width/strip-ansi/ansi-regex": ["ansi-regex@5.0.1", "", {}, "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="],
 
     "@oclif/core/wrap-ansi/strip-ansi/ansi-regex": ["ansi-regex@5.0.1", "", {}, "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="],
 
-    "@opentelemetry/sdk-node/@opentelemetry/exporter-logs-otlp-proto/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.4", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-CvexbZtbov6jW2eXAvLukXjXUW1TzFaivC46BpWc/3BpcCysb5Vffu+B3XHMm8lVEuy2Mm4XGex8hBSg1yapPg=="],
+    "@opentelemetry/sdk-node/@opentelemetry/exporter-logs-otlp-proto/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.5", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-3wY1AxV+VBNW8Yypfd1yQY9pXnqTAN+KwQxL8iYm3/BjKYMNg4i0owhEe26PWDOMaIrzeeF98Lqd5NGz4omiIg=="],
 
     "ansi-align/string-width/strip-ansi/ansi-regex": ["ansi-regex@5.0.1", "", {}, "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="],
 
@@ -4004,19 +4387,47 @@
 
     "astro/vite/esbuild/@esbuild/win32-x64": ["@esbuild/win32-x64@0.25.12", "", { "os": "win32", "cpu": "x64" }, "sha512-alJC0uCZpTFrSL0CCDjcgleBXPnCrEAhTBILpeAp7M/OFgoqtAetfBzX0xM00MUsVVPpVjlPuMbREqnZCXaTnA=="],
 
+    "concurrently/yargs/cliui/strip-ansi": ["strip-ansi@6.0.1", "", { "dependencies": { "ansi-regex": "^5.0.1" } }, "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="],
+
+    "concurrently/yargs/cliui/wrap-ansi": ["wrap-ansi@7.0.0", "", { "dependencies": { "ansi-styles": "^4.0.0", "string-width": "^4.1.0", "strip-ansi": "^6.0.0" } }, "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q=="],
+
+    "concurrently/yargs/string-width/emoji-regex": ["emoji-regex@8.0.0", "", {}, "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="],
+
+    "concurrently/yargs/string-width/is-fullwidth-code-point": ["is-fullwidth-code-point@3.0.0", "", {}, "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg=="],
+
+    "concurrently/yargs/string-width/strip-ansi": ["strip-ansi@6.0.1", "", { "dependencies": { "ansi-regex": "^5.0.1" } }, "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="],
+
     "filelist/minimatch/brace-expansion/balanced-match": ["balanced-match@1.0.2", "", {}, "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="],
 
     "git-diff/chalk/ansi-styles/color-convert": ["color-convert@1.9.3", "", { "dependencies": { "color-name": "1.1.3" } }, "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg=="],
 
     "git-diff/chalk/supports-color/has-flag": ["has-flag@3.0.0", "", {}, "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw=="],
 
-    "kysely-pglite/chokidar/readdirp/picomatch": ["picomatch@2.3.1", "", {}, "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA=="],
+    "kysely-pglite/chokidar/readdirp/picomatch": ["picomatch@2.3.2", "", {}, "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA=="],
 
     "mdast-util-mdx-jsx/parse-entities/is-alphanumerical/is-alphabetical": ["is-alphabetical@2.0.1", "", {}, "sha512-FWyyY60MeTNyeSRpkM2Iry0G9hpr7/9kD40mD/cGQEuilcZYS4okz8SN2Q6rLCJ8gbCt6fN+rC+6tMGS99LaxQ=="],
 
-    "shelljs/glob/minimatch/brace-expansion": ["brace-expansion@1.1.12", "", { "dependencies": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" } }, "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg=="],
+    "posthog-js/@opentelemetry/exporter-logs-otlp-http/@opentelemetry/otlp-transformer/@opentelemetry/resources": ["@opentelemetry/resources@2.2.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-1pNQf/JazQTMA0BiO5NINUzH0cbLbbl7mntLa4aJNmCCXSj0q03T5ZXXL0zw4G55TjdL9Tz32cznGClf+8zr5A=="],
+
+    "posthog-js/@opentelemetry/exporter-logs-otlp-http/@opentelemetry/otlp-transformer/@opentelemetry/sdk-metrics": ["@opentelemetry/sdk-metrics@2.2.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/resources": "2.2.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.9.0 <1.10.0" } }, "sha512-G5KYP6+VJMZzpGipQw7Giif48h6SGQ2PFKEYCybeXJsOCB4fp8azqMAAzE5lnnHK3ZVwYQrgmFbsUJO/zOnwGw=="],
+
+    "posthog-js/@opentelemetry/exporter-logs-otlp-http/@opentelemetry/otlp-transformer/@opentelemetry/sdk-trace-base": ["@opentelemetry/sdk-trace-base@2.2.0", "", { "dependencies": { "@opentelemetry/core": "2.2.0", "@opentelemetry/resources": "2.2.0", "@opentelemetry/semantic-conventions": "^1.29.0" }, "peerDependencies": { "@opentelemetry/api": ">=1.3.0 <1.10.0" } }, "sha512-xWQgL0Bmctsalg6PaXExmzdedSp3gyKV8mQBwK/j9VGdCDu2fmXIb2gAehBKbkXCpJ4HPkgv3QfoJWRT4dHWbw=="],
+
+    "posthog-js/@opentelemetry/exporter-logs-otlp-http/@opentelemetry/otlp-transformer/protobufjs": ["protobufjs@7.5.5", "", { "dependencies": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", "@protobufjs/codegen": "^2.0.4", "@protobufjs/eventemitter": "^1.1.0", "@protobufjs/fetch": "^1.1.0", "@protobufjs/float": "^1.0.2", "@protobufjs/inquire": "^1.1.0", "@protobufjs/path": "^1.1.2", "@protobufjs/pool": "^1.1.0", "@protobufjs/utf8": "^1.1.0", "@types/node": ">=13.7.0", "long": "^5.0.0" } }, "sha512-3wY1AxV+VBNW8Yypfd1yQY9pXnqTAN+KwQxL8iYm3/BjKYMNg4i0owhEe26PWDOMaIrzeeF98Lqd5NGz4omiIg=="],
+
+    "shelljs/glob/minimatch/brace-expansion": ["brace-expansion@1.1.14", "", { "dependencies": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" } }, "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g=="],
+
+    "@grpc/proto-loader/yargs/cliui/strip-ansi/ansi-regex": ["ansi-regex@5.0.1", "", {}, "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="],
+
+    "@grpc/proto-loader/yargs/cliui/wrap-ansi/ansi-styles": ["ansi-styles@4.3.0", "", { "dependencies": { "color-convert": "^2.0.1" } }, "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="],
+
+    "@grpc/proto-loader/yargs/string-width/strip-ansi/ansi-regex": ["ansi-regex@5.0.1", "", {}, "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="],
+
+    "concurrently/yargs/cliui/strip-ansi/ansi-regex": ["ansi-regex@5.0.1", "", {}, "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="],
+
+    "concurrently/yargs/cliui/wrap-ansi/ansi-styles": ["ansi-styles@4.3.0", "", { "dependencies": { "color-convert": "^2.0.1" } }, "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="],
 
-    "yargs/string-width/strip-ansi/ansi-regex": ["ansi-regex@5.0.1", "", {}, "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="],
+    "concurrently/yargs/string-width/strip-ansi/ansi-regex": ["ansi-regex@5.0.1", "", {}, "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="],
 
     "git-diff/chalk/ansi-styles/color-convert/color-name": ["color-name@1.1.3", "", {}, "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw=="],
 
diff --git a/deploy/helm/sandbox-env/.helmignore b/deploy/helm/sandbox-env/.helmignore
new file mode 100644
index 0000000000..ac5f866cec
--- /dev/null
+++ b/deploy/helm/sandbox-env/.helmignore
@@ -0,0 +1,18 @@
+# Helm conventional ignores
+.DS_Store
+.git/
+.gitignore
+.bzr/
+.hg/
+.svn/
+*.tmproj
+.vscode/
+.idea/
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+
+# Examples folder is for documentation in-tree only
+examples/
diff --git a/deploy/helm/sandbox-env/Chart.yaml b/deploy/helm/sandbox-env/Chart.yaml
new file mode 100644
index 0000000000..5724d27a33
--- /dev/null
+++ b/deploy/helm/sandbox-env/Chart.yaml
@@ -0,0 +1,15 @@
+apiVersion: v2
+name: sandbox-env
+description: |
+  Studio-side resources that consume the agent-sandbox operator: the
+  shared SandboxTemplate, mesh runner RBAC, sandbox-pod NetworkPolicy,
+  optional SandboxWarmPool, and optional preview Gateway / HTTPRoute /
+  Certificate. Install one release per environment (dev / staging /
+  prod / ...). Resource names are suffixed with `envName` so multiple
+  releases coexist in the shared `agent-sandbox-system` namespace.
+  Requires the sandbox-operator chart to already be installed.
+type: application
+version: 0.6.1
+# appVersion tracks the studio-sandbox image version (image.tag default).
+appVersion: "0.3.0"
+kubeVersion: ">=1.30.0-0"
diff --git a/deploy/helm/sandbox-env/README.md b/deploy/helm/sandbox-env/README.md
new file mode 100644
index 0000000000..a0305d571d
--- /dev/null
+++ b/deploy/helm/sandbox-env/README.md
@@ -0,0 +1,191 @@
+# sandbox-env Helm chart
+
+Studio-side resources that consume the agent-sandbox operator. Install one
+release per environment (dev / staging / prod / ...) — every resource name
+is suffixed with `envName` so multiple releases coexist in the shared
+`agent-sandbox-system` namespace without collisions.
+
+Renders:
+
+- `SandboxTemplate` `studio-sandbox-<envName>`
+- `Role` + `RoleBinding` `studio-sandbox-runner-<envName>` (for the mesh
+  ServiceAccount of THIS env's studio install)
+- `NetworkPolicy` `studio-sandbox-<envName>` (per-env podSelector)
+- `SandboxWarmPool` `studio-sandbox-<envName>` (optional)
+- `Gateway` + `Certificate` `agent-sandbox-preview-<envName>` (optional;
+  per-claim HTTPRoutes are minted by the mesh runner, not by this chart)
+
+Requires the [`sandbox-operator`](../sandbox-operator/) chart to already be
+installed (it ships the CRDs + controller).
+
+## Prerequisites
+
+- `sandbox-operator` chart installed in `agent-sandbox-system`.
+- Kubernetes 1.30+ (for `spec.hostUsers: false` user namespace remap).
+- The studio release for THIS environment must point its mesh runner at
+  the env-suffixed SandboxTemplate by setting
+  `STUDIO_SANDBOX_TEMPLATE_NAME=studio-sandbox-<envName>` in the studio
+  chart's `configMap.meshConfig`. Without that override the runner falls
+  back to `studio-sandbox` (no suffix) and claim creation fails with
+  `sandboxtemplate not found`.
+- The studio release must also set `STUDIO_ENV=<envName>` (same envName)
+  so mesh stamps `studio.decocms.com/env=<envName>` on every SandboxClaim,
+  pod, and HTTPRoute it creates. The housekeeper's default selectors
+  scope sweeps to that env label — without it the housekeeper matches
+  zero claims and reaps nothing. Single-env installs that don't enable
+  the housekeeper can leave `STUDIO_ENV` unset (the label is then
+  omitted and behavior is unchanged).
+
+## Preview gateway auth model
+
+If you flip `previewGateway.enabled=true`, read this first.
+
+The Host header is the *only* authorization on `*.preview.<domain>` (no
+listener-level auth, matching how Vercel preview URLs work). That means
+sandbox handles travel in plaintext through every CDN / LB / proxy in the
+request path and will appear in their access logs. Treat handles as
+URL-grade secrets — do not share in tickets, screenshots, etc.
+
+For tighter isolation, terminate auth at the Gateway with an
+`AuthorizationPolicy` (Istio) or extauth (Envoy) in front of this listener.
+This chart does not do that for you.
+
+**Multi-env note:** two envs can both enable `previewGateway` only if they
+use different `previewGateway.domain` values. The resource names are
+envName-suffixed but the listener hostname (`*.<domain>`) must be unique
+per Gateway — two Gateways binding the same wildcard hostname conflict at
+the controller level.
+
+## Install
+
+Published as an OCI artifact at
+`oci://ghcr.io/decocms/studio/charts/sandbox-env` by
+`.github/workflows/release-sandbox-charts.yaml`.
+
+```bash
+helm install sandbox-env-staging \
+  oci://ghcr.io/decocms/studio/charts/sandbox-env \
+  --version 0.5.0 \
+  --namespace agent-sandbox-system \
+  --set envName=staging \
+  --set mesh.namespace=deco-studio-staging \
+  --set mesh.serviceAccountName=deco-studio-staging \
+  --set mesh.serviceName=deco-studio-staging \
+  --set mesh.servicePort=80
+```
+
+Then point the studio (chart-deco-studio) release for the same env at
+this runner:
+
+```yaml
+# in your studio values.yaml (for the staging install)
+configMap:
+  meshConfig:
+    STUDIO_SANDBOX_RUNNER: "agent-sandbox"
+    STUDIO_ENV: "staging"
+    STUDIO_SANDBOX_TEMPLATE_NAME: "studio-sandbox-staging"
+    STUDIO_SANDBOX_PREVIEW_URL_PATTERN: "https://{handle}.preview.staging.example.com"
+    # Per-claim HTTPRoute attaches to this Gateway. Both required whenever
+    # previewGateway.enabled=true — without them mesh falls back to its
+    # in-process preview proxy, which the chart no longer wires up.
+    # NAMESPACE must match `previewGateway.namespace` from the chart values
+    # (no default — different gateway controllers live in different
+    # namespaces, and a wrong default would silently fail to attach).
+    STUDIO_SANDBOX_PREVIEW_GATEWAY_NAME: "agent-sandbox-preview-staging"
+    STUDIO_SANDBOX_PREVIEW_GATEWAY_NAMESPACE: "istio-system"
+```
+
+### ArgoCD Application (one per env)
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: sandbox-env-staging
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: ghcr.io/decocms/studio/charts
+    chart: sandbox-env
+    targetRevision: 0.5.0
+    helm:
+      values: |
+        envName: staging
+        mesh:
+          namespace: deco-studio-staging
+          serviceAccountName: deco-studio-staging
+          serviceName: deco-studio-staging
+          servicePort: 80
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: agent-sandbox-system
+  syncPolicy:
+    syncOptions:
+      - ServerSideApply=true
+```
+
+Repeat the `Application` per env, varying `metadata.name` and `envName`.
+
+### Upgrading an existing release to enable the housekeeper
+
+`helm upgrade --reuse-values` does NOT pull in defaults for newly-added
+values keys, so an upgrade that flips `housekeeper.enabled=true` on a
+release installed before the housekeeper landed will fail with
+`nil pointer evaluating interface {}.repository`. Use
+`--reset-then-reuse-values` (Helm 3.14+) instead, or re-pass the full
+values file:
+
+```bash
+helm upgrade sandbox-env-staging \
+  oci://ghcr.io/decocms/studio/charts/sandbox-env \
+  --version 0.5.0 \
+  --namespace agent-sandbox-system \
+  --reset-then-reuse-values \
+  --set housekeeper.enabled=true
+```
+
+ArgoCD users are unaffected — `Application.spec.source.helm.values` is a
+re-render from scratch, not a merge.
+
+## Layout
+
+```
+sandbox-env/
+├── Chart.yaml
+├── values.yaml                          # tunables + envName + mesh.* cross-refs
+├── examples/
+│   └── values-kind.yaml                 # local dev overrides
+└── templates/
+    ├── _helpers.tpl
+    ├── validations.yaml                 # envName + Gateway API + cert-manager preflight
+    ├── sandbox-template.yaml            # SandboxTemplate (per-env)
+    ├── sandbox-warm-pool.yaml           # SandboxWarmPool (optional)
+    ├── sandbox-network-policy.yaml      # NetworkPolicy on sandbox pods (per-env)
+    ├── sandbox-rbac.yaml                # Role + cross-ns RoleBinding to mesh SA
+    ├── sandbox-preview-cert.yaml        # cert-manager Certificate (optional)
+    └── sandbox-preview-gateway.yaml     # Gateway only — per-claim HTTPRoutes are minted by mesh
+```
+
+## Values
+
+See `values.yaml` for the full set. The most-tuned ones:
+
+| Key | Default | Notes |
+| --- | --- | --- |
+| `envName` | _(required)_ | DNS-label suffix on every resource name |
+| `image.repository` | `ghcr.io/decocms/studio/studio-sandbox` | studio-sandbox image |
+| `image.tag` | chart `appVersion` | bump in lockstep with packages/sandbox/package.json |
+| `resources.*` | 0.5/2 CPU, 1/4Gi RAM | per sandbox pod |
+| `nodeSelector` / `tolerations` / `affinity` | `{}` | for sandbox isolation NodePool |
+| `topologySpreadConstraints` | `[]` | spread sandbox pods across AZs; see `values.yaml` for the recommended config |
+| `hostUsers` | `false` | userns remap; flip to `true` if kernel/containerd doesn't support userns |
+| `readOnlyRootFilesystem` | `true` | RO rootfs + emptyDirs on /app, /tmp, /home |
+| `networkPolicy.enabled` | `true` | locks down ingress/egress |
+| `warmPool.enabled` / `warmPool.size` | `false` / `0` | only after measuring cold-start pain |
+| `previewGateway.enabled` | `false` | wildcard `*.preview.<domain>` Gateway + cert |
+| `mesh.namespace` | `deco-studio` | studio release namespace (this env's) |
+| `mesh.serviceAccountName` | `deco-studio` | mesh ServiceAccount that gets the RoleBinding |
+| `mesh.serviceName` | `deco-studio` | _deprecated, unused since per-claim HTTPRoutes_ |
+| `mesh.servicePort` | `80` | _deprecated, unused since per-claim HTTPRoutes_ |
+| `mesh.podSelectorLabels` | `chart-deco-studio` / `deco-studio` | for the NetworkPolicy ingress rule |
diff --git a/deploy/helm/sandbox-env/examples/values-kind-warmpool.yaml b/deploy/helm/sandbox-env/examples/values-kind-warmpool.yaml
new file mode 100644
index 0000000000..d27cc2ab36
--- /dev/null
+++ b/deploy/helm/sandbox-env/examples/values-kind-warmpool.yaml
@@ -0,0 +1,20 @@
+# Local kind dev overlay: warm pool ON, housekeeper OFF.
+#
+# Layer on top of values-kind.yaml — the housekeeper's aggressive idle
+# reap (we ran with idleTtlSeconds=60 + schedule="*/1 * * * *") fights
+# with active dev sessions: claim gets reaped during a coffee break,
+# warm pool replenishes a fresh pod, the next VM_START provisions
+# against a different pod, and mesh's in-memory K8sRecord points at
+# the deleted one until restart. Disabling the housekeeper takes
+# eviction out of the loop so warm-pool adoption is the only moving
+# part during normal dev.
+#
+# Re-enable explicitly when testing reap behavior:
+#   helm upgrade --reuse-values --set housekeeper.enabled=true sandbox-env-kind ./deploy/helm/sandbox-env
+
+warmPool:
+  enabled: true
+  size: 1
+
+housekeeper:
+  enabled: false
diff --git a/deploy/helm/sandbox-env/examples/values-kind.yaml b/deploy/helm/sandbox-env/examples/values-kind.yaml
new file mode 100644
index 0000000000..5e92642553
--- /dev/null
+++ b/deploy/helm/sandbox-env/examples/values-kind.yaml
@@ -0,0 +1,65 @@
+# Local kind cluster overrides for the sandbox-env chart. Pair with the
+# sandbox-operator chart (which installs the operator + CRDs).
+
+# ── env identity ───────────────────────────────────────────────────────
+# kind clusters typically only have one studio install, so a fixed env
+# name is fine.
+envName: "kind"
+
+# ── sandbox image (built locally + `kind load`ed) ──────────────────────
+image:
+  repository: studio-sandbox
+  tag: local
+  pullPolicy: Never
+
+# ── modest sandbox limits for laptop kind ──────────────────────────────
+# Bump back up when stress-testing.
+resources:
+  requests:
+    cpu: "100m"
+    memory: "512Mi"
+  limits:
+    cpu: "1"
+    memory: "3Gi"
+
+# ── networkPolicy ──────────────────────────────────────────────────────
+# kindnet enforces NetworkPolicy as of kind v0.27 (kindnetd v1.x). Leave
+# the chart's policy on so studio → sandbox traffic on port 9000 is
+# explicitly allow-listed; otherwise the operator-managed default (only
+# `app: sandbox-router` ingress, locked off via networkPolicyManagement:
+# Unmanaged in the SandboxTemplate) would re-block everything. Older
+# kindnet builds (pre-0.27) ignore the policy and the rule is inert —
+# safe either way.
+networkPolicy:
+  enabled: true
+
+# ── pod hardening (relaxed for kind) ───────────────────────────────────
+# Plain host-users mode. userns remap requires K8s 1.30+ on a kernel that
+# supports it; kind nodes can vary. Keep simple for local dev.
+hostUsers: true
+readOnlyRootFilesystem: false
+
+# ── no preview Gateway in kind ─────────────────────────────────────────
+# Mesh's HTTP edge handles preview routing in-process via
+# apps/mesh/src/sandbox/preview-proxy.ts: it reads the Host header,
+# extracts the sandbox handle, and reverse-proxies to the in-cluster
+# daemon Service.
+previewGateway:
+  enabled: false
+
+# ── warm pool off in kind ──────────────────────────────────────────────
+warmPool:
+  enabled: false
+
+# ── mesh cross-references (point at the kind studio install) ───────────
+# studio kind install conventionally lands in `deco-studio` namespace
+# with release name `deco-studio`. Override here if you `helm install`
+# studio under a different name/namespace.
+mesh:
+  namespace: "deco-studio"
+  serviceAccountName: "deco-studio"
+  serviceName: "deco-studio"
+  servicePort: 80
+  podSelectorLabels:
+    app.kubernetes.io/name: "chart-deco-studio"
+    app.kubernetes.io/instance: "deco-studio"
diff --git a/deploy/helm/sandbox-env/files/housekeeper-sweep.sh b/deploy/helm/sandbox-env/files/housekeeper-sweep.sh
new file mode 100644
index 0000000000..fc4d3b603d
--- /dev/null
+++ b/deploy/helm/sandbox-env/files/housekeeper-sweep.sh
@@ -0,0 +1,262 @@
+#!/bin/sh
+# sandbox-housekeeper sweep — one CronJob run.
+#
+# Env (set by the CronJob spec):
+#   NS, TTL_MS, PROBE_TIMEOUT_SEC,
+#   CLAIM_SELECTOR, POD_SELECTOR, RUN_ID.
+
+set -eu
+
+: "${NS:?must be set}"
+: "${TTL_MS:?must be set}"
+: "${PROBE_TIMEOUT_SEC:?must be set}"
+: "${CLAIM_SELECTOR:?must be set}"
+: "${POD_SELECTOR:?must be set}"
+: "${RUN_ID:?must be set}"
+
+DAEMON_PORT=9000
+IDLE_PATH="/_decopilot_vm/idle"
+
+now_iso()   { date -u +%Y-%m-%dT%H:%M:%SZ; }
+now_micro() { date -u +%Y-%m-%dT%H:%M:%S.000000Z; }
+
+log() {
+  printf '[%s] [housekeeper] run=%s %s\n' "$(now_iso)" "$RUN_ID" "$*"
+}
+
+# Best-effort — a misconfigured Event API shouldn't block the reap.
+emit_event() {
+  claim="$1"; reason="$2"; action="$3"; msg="$4"
+  ts=$(now_micro)
+  # YAML single-quoted scalar: double any embedded single quotes.
+  safe_msg=$(printf '%s' "$msg" | sed "s/'/''/g")
+  kubectl create -f - <<YAML >/dev/null 2>&1 || true
+apiVersion: events.k8s.io/v1
+kind: Event
+metadata:
+  generateName: ${claim}-housekeeper-
+  namespace: ${NS}
+eventTime: ${ts}
+type: Normal
+reason: ${reason}
+action: ${action}
+note: '${safe_msg}'
+reportingController: sandbox-housekeeper
+reportingInstance: ${RUN_ID}
+regarding:
+  apiVersion: extensions.agents.x-k8s.io/v1alpha1
+  kind: SandboxClaim
+  name: ${claim}
+  namespace: ${NS}
+YAML
+}
+
+# Probe /_decopilot_vm/idle. Echoes one of:
+#   <digits>          idleMs (success)
+#   __unreachable__   connect/timeout
+#   __not_found__     HTTP 404
+#   __server_error__  HTTP 5xx
+#   __bad_shape__     HTTP 200 but no parseable idleMs
+#   __unclaimed__     HTTP 200 but claimed=false (warm-pool pod awaiting first workload)
+probe_daemon() {
+  ip="$1"
+  body=$(mktemp)
+  if ! code=$(curl -s -o "$body" \
+                --max-time "$PROBE_TIMEOUT_SEC" \
+                --retry 1 --retry-all-errors --retry-delay 1 \
+                -w '%{http_code}' \
+                "http://${ip}:${DAEMON_PORT}${IDLE_PATH}" 2>/dev/null); then
+    rm -f "$body"
+    echo "__unreachable__"
+    return
+  fi
+  case "$code" in
+    2*)
+      # Warm-pool pods boot with claimed=false and must not be reaped before
+      # mesh delivers a workload via POST /_decopilot_vm/config. Older daemons
+      # omit the field; treat absent as claimed=true to preserve existing
+      # behaviour on cold-start deployments.
+      claimed=$(sed -n 's/.*"claimed"[[:space:]]*:[[:space:]]*\(true\|false\).*/\1/p' "$body")
+      if [ "$claimed" = "false" ]; then
+        rm -f "$body"
+        echo "__unclaimed__"
+        return
+      fi
+      idle=$(sed -n 's/.*"idleMs"[[:space:]]*:[[:space:]]*\([0-9][0-9]*\).*/\1/p' "$body")
+      rm -f "$body"
+      case "$idle" in
+        ''|*[!0-9]*) echo "__bad_shape__" ;;
+        *)           echo "$idle" ;;
+      esac
+      ;;
+    404) rm -f "$body"; echo "__not_found__" ;;
+    5*)  rm -f "$body"; echo "__server_error__" ;;
+    *)   rm -f "$body"; echo "__bad_shape__" ;;
+  esac
+}
+
+# Shared prelude for both reap paths.
+mark_for_reap() {
+  claim="$1"; reason="$2"; detail="$3"; action="$4"
+  kubectl annotate sandboxclaim "$claim" -n "$NS" --overwrite \
+    "studio.decocms.com/reap-reason=${reason}" \
+    "studio.decocms.com/reap-detail=${detail}" \
+    "studio.decocms.com/reap-at=$(now_iso)" \
+    "studio.decocms.com/reap-run=${RUN_ID}" >/dev/null 2>&1 || true
+  emit_event "$claim" "SandboxReaped" "$action" "housekeeper: $reason ($detail)"
+  # Delete HTTPRoute first so traffic stops resolving to the pod before
+  # SIGTERM lands — avoids 502s during the drain window.
+  kubectl delete httproute -n "$NS" \
+    -l "studio.decocms.com/sandbox-handle=${claim}" \
+    --ignore-not-found >/dev/null 2>&1 || true
+}
+
+# Graceful path: operator drains the pod via shutdownTime. Used for Idle
+# where the operator is still functional.
+request_shutdown() {
+  claim="$1"; reason="$2"; detail="$3"
+  log "shutdown claim=$claim reason=$reason detail=\"$detail\""
+  mark_for_reap "$claim" "$reason" "$detail" "Shutdown"
+  ts=$(now_iso)
+  kubectl patch sandboxclaim "$claim" -n "$NS" --type=merge \
+    -p "{\"spec\":{\"lifecycle\":{\"shutdownPolicy\":\"Delete\",\"shutdownTime\":\"${ts}\"}}}" \
+    >/dev/null 2>&1 || true
+}
+
+# ReconcilerError path: operator has given up, so shutdownTime is unhonored.
+force_delete_claim() {
+  claim="$1"; reason="$2"; detail="$3"
+  log "delete claim=$claim reason=$reason detail=\"$detail\""
+  mark_for_reap "$claim" "$reason" "$detail" "Delete"
+  kubectl delete sandboxclaim "$claim" -n "$NS" \
+    --ignore-not-found >/dev/null 2>&1 || true
+}
+
+# === main ===
+log "starting (ttl=${TTL_MS}ms probe_timeout=${PROBE_TIMEOUT_SEC}s)"
+
+CLAIMS_FILE=$(mktemp)
+PODS_FILE=$(mktemp)
+ROUTES_FILE=$(mktemp)
+trap 'rm -f "$CLAIMS_FILE" "$PODS_FILE" "$ROUTES_FILE"' EXIT
+
+# Pipe-delimited so `read` can split without jq.
+kubectl get sandboxclaims -n "$NS" -l "$CLAIM_SELECTOR" \
+  -o jsonpath='{range .items[*]}{.metadata.name}|{.status.conditions[?(@.type=="Ready")].status}|{.status.conditions[?(@.type=="Ready")].reason}{"\n"}{end}' \
+  > "$CLAIMS_FILE" 2>/dev/null || true
+
+# Selector-mismatch detector: silent `claims=0` hides a missing STUDIO_ENV
+# on mesh. Warn loudly and gate orphan GC off so we don't nuke routes whose
+# claims are present but unlabeled.
+selector_mismatch=0
+if ! [ -s "$CLAIMS_FILE" ]; then
+  unscoped=$(kubectl get sandboxclaims -n "$NS" \
+    -l "app.kubernetes.io/managed-by=studio,app.kubernetes.io/name=studio-sandbox" \
+    -o name 2>/dev/null | wc -l | tr -d ' ' || echo 0)
+  if [ "${unscoped:-0}" -gt 0 ]; then
+    log "WARN selector matched zero claims but ${unscoped} studio-managed claim(s) exist in ${NS} — verify STUDIO_ENV is set on the mesh deployment and matches the chart's envName (current selector: ${CLAIM_SELECTOR})"
+    selector_mismatch=1
+  fi
+fi
+
+kubectl get pods -n "$NS" -l "$POD_SELECTOR" \
+  -o jsonpath='{range .items[*]}{.metadata.labels.studio\.decocms\.com/sandbox-handle}|{.status.podIP}{"\n"}{end}' \
+  > "$PODS_FILE" 2>/dev/null || true
+
+total=0
+reaped=0
+skipped=0
+
+# Redirect (not pipe) so the loop stays in the parent shell — pipe-into-
+# while subshells the body and counter mutations would be lost.
+while IFS='|' read -r CLAIM READY REASON; do
+  [ -z "$CLAIM" ] && continue
+  total=$((total + 1))
+
+  if [ "$READY" = "False" ] && [ "$REASON" = "ReconcilerError" ]; then
+    force_delete_claim "$CLAIM" "ReconcilerError" "operator failed to reconcile"
+    reaped=$((reaped + 1))
+    continue
+  fi
+
+  if [ "$READY" != "True" ]; then
+    log "skip claim=$CLAIM reason=not-ready ready=${READY:-<none>} status_reason=${REASON:-<none>}"
+    skipped=$((skipped + 1))
+    continue
+  fi
+
+  POD_IP=$(awk -F'|' -v h="$CLAIM" '$1==h && $2!="" { print $2; exit }' "$PODS_FILE")
+  if [ -z "$POD_IP" ]; then
+    log "skip claim=$CLAIM reason=no-pod-ip"
+    skipped=$((skipped + 1))
+    continue
+  fi
+
+  RESULT=$(probe_daemon "$POD_IP")
+  case "$RESULT" in
+    __unclaimed__)
+      log "skip claim=$CLAIM reason=unclaimed (warm-pool pod awaiting first workload)"
+      skipped=$((skipped + 1))
+      ;;
+    __unreachable__|__not_found__|__server_error__|__bad_shape__)
+      log "skip claim=$CLAIM reason=probe-failed detail=$RESULT"
+      skipped=$((skipped + 1))
+      ;;
+    *)
+      IDLE_MS="$RESULT"
+      if [ "$IDLE_MS" -lt "$TTL_MS" ]; then
+        log "keep claim=$CLAIM idle_ms=$IDLE_MS remaining_ms=$((TTL_MS - IDLE_MS))"
+        continue
+      fi
+      # Re-probe right before reap to narrow (not eliminate) the
+      # activity-during-decide race. An in-flight request arriving after
+      # this second probe still gets connection-reset.
+      RESULT2=$(probe_daemon "$POD_IP")
+      case "$RESULT2" in
+        __*)
+          log "abort-reap claim=$CLAIM reason=re-probe-failed first_idle_ms=$IDLE_MS detail=$RESULT2"
+          skipped=$((skipped + 1))
+          ;;
+        *)
+          if [ "$RESULT2" -lt "$TTL_MS" ]; then
+            log "abort-reap claim=$CLAIM reason=activity-during-decide first_idle_ms=$IDLE_MS reprobe_idle_ms=$RESULT2"
+            skipped=$((skipped + 1))
+          else
+            request_shutdown "$CLAIM" "Idle" "idle_ms=$IDLE_MS reprobe_idle_ms=$RESULT2 ttl_ms=$TTL_MS"
+            reaped=$((reaped + 1))
+          fi
+          ;;
+      esac
+      ;;
+  esac
+done < "$CLAIMS_FILE"
+
+# === orphan HTTPRoute GC ===
+# Catches routes whose runner stop() failed to delete. Skipped on selector
+# mismatch to avoid nuking routes whose claims are present but unlabeled.
+orphan_routes=0
+if [ "$selector_mismatch" -eq 0 ]; then
+  kubectl get httproutes -n "$NS" -l "$CLAIM_SELECTOR" \
+    -o jsonpath='{range .items[*]}{.metadata.name}|{.metadata.labels.studio\.decocms\.com/sandbox-handle}{"\n"}{end}' \
+    > "$ROUTES_FILE" 2>/dev/null || true
+
+  while IFS='|' read -r ROUTE_NAME ROUTE_HANDLE; do
+    [ -z "$ROUTE_NAME" ] && continue
+    [ -z "$ROUTE_HANDLE" ] && continue
+    # Live-claim membership test against col 1 of CLAIMS_FILE.
+    # `exit` from a main-block jumps to END, whose own `exit` overrides the
+    # status — so `{ exit 0 } END { exit 1 }` always returns 1 and every
+    # route gets nuked. Track via a flag and let END be authoritative.
+    if awk -F'|' -v h="$ROUTE_HANDLE" \
+         '$1==h { found=1; exit } END { exit !found }' \
+         "$CLAIMS_FILE"; then
+      continue
+    fi
+    log "orphan-route-gc route=$ROUTE_NAME handle=$ROUTE_HANDLE"
+    kubectl delete httproute "$ROUTE_NAME" -n "$NS" \
+      --ignore-not-found >/dev/null 2>&1 || true
+    orphan_routes=$((orphan_routes + 1))
+  done < "$ROUTES_FILE"
+fi
+
+log "heartbeat ok claims=$total reaped=$reaped skipped=$skipped orphan_routes=$orphan_routes"
diff --git a/deploy/helm/sandbox-env/templates/_helpers.tpl b/deploy/helm/sandbox-env/templates/_helpers.tpl
new file mode 100644
index 0000000000..563c12c300
--- /dev/null
+++ b/deploy/helm/sandbox-env/templates/_helpers.tpl
@@ -0,0 +1,190 @@
+{{/*
+Chart name (overridable via nameOverride).
+*/}}
+{{- define "sandbox-env.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Chart-name-and-version label.
+*/}}
+{{- define "sandbox-env.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+envName, validated. Required so multiple releases (dev / staging / prod)
+can coexist in the shared `agent-sandbox-system` namespace without name
+collisions; every other helper here suffixes with this value. Constrained
+to RFC 1035 DNS labels (a-z0-9-, must start with a letter) so that the
+suffixed resource names remain valid in every K8s context — Service /
+Role / NetworkPolicy / Gateway names all share that constraint.
+*/}}
+{{- define "sandbox-env.envName" -}}
+{{- $env := required "envName is required (e.g. envName=staging). Used as suffix on every resource name so multiple releases share agent-sandbox-system without collisions." .Values.envName -}}
+{{- if not (regexMatch "^[a-z]([a-z0-9-]{0,30}[a-z0-9])?$" $env) -}}
+{{- fail (printf "envName=%q must be a DNS label: lowercase alphanumeric or '-', start with a letter, end alphanumeric, 1-32 chars" $env) -}}
+{{- end -}}
+{{- $env -}}
+{{- end }}
+
+{{/*
+Sandbox-pod template + warm-pool name. Both share the same name because
+the SandboxWarmPool references the SandboxTemplate by name, and dashboards
+keying off `app.kubernetes.io/name` get a single coherent label.
+*/}}
+{{- define "sandbox-env.sandboxName" -}}
+{{- printf "studio-sandbox-%s" (include "sandbox-env.envName" .) -}}
+{{- end }}
+
+{{/*
+Mesh runner Role / RoleBinding name. Stays under 63 chars even with a
+32-char envName.
+*/}}
+{{- define "sandbox-env.runnerRoleName" -}}
+{{- printf "studio-sandbox-runner-%s" (include "sandbox-env.envName" .) -}}
+{{- end }}
+
+{{/*
+Preview Gateway / HTTPRoute / Certificate name.
+*/}}
+{{- define "sandbox-env.previewName" -}}
+{{- printf "agent-sandbox-preview-%s" (include "sandbox-env.envName" .) -}}
+{{- end }}
+
+{{/*
+Default cert-manager Secret name for the preview wildcard cert. Mirrors
+the Gateway/HTTPRoute name so the cert ↔ listener pairing is obvious.
+*/}}
+{{- define "sandbox-env.previewTlsSecretName" -}}
+{{- default (printf "agent-sandbox-preview-%s-tls" (include "sandbox-env.envName" .)) .Values.previewGateway.tlsSecretName -}}
+{{- end }}
+
+{{/*
+Selector labels for sandbox pods. The runner stamps the same name label
+onto every pod it creates via SandboxClaim.additionalPodMetadata, so the
+NetworkPolicy podSelector can target it. Per-env, so two envs' netpols
+don't accidentally apply to each other's pods.
+*/}}
+{{- define "sandbox-env.sandboxSelectorLabels" -}}
+app.kubernetes.io/name: {{ include "sandbox-env.sandboxName" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Common labels for sandbox-* resources. component=sandbox lets dashboards
+split runtime sandbox pods from operator pods and traffic-edge resources.
+*/}}
+{{- define "sandbox-env.sandboxLabels" -}}
+helm.sh/chart: {{ include "sandbox-env.chart" . }}
+{{ include "sandbox-env.sandboxSelectorLabels" . }}
+app.kubernetes.io/component: sandbox
+studio.decocms.com/env: {{ include "sandbox-env.envName" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Common labels for the sandbox-preview Gateway/HTTPRoute/Certificate. Same
+shape as sandboxLabels but with name=studio-sandbox-preview-<env> and
+component=sandbox-preview so dashboards can split traffic-edge resources
+from runtime sandbox pods.
+*/}}
+{{- define "sandbox-env.sandboxPreviewLabels" -}}
+helm.sh/chart: {{ include "sandbox-env.chart" . }}
+app.kubernetes.io/name: {{ include "sandbox-env.previewName" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/component: sandbox-preview
+studio.decocms.com/env: {{ include "sandbox-env.envName" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Common labels for non-sandbox resources owned by this chart (RBAC, etc.).
+*/}}
+{{- define "sandbox-env.labels" -}}
+helm.sh/chart: {{ include "sandbox-env.chart" . }}
+app.kubernetes.io/name: {{ include "sandbox-env.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+studio.decocms.com/env: {{ include "sandbox-env.envName" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Validate that Gateway API + cert-manager CRDs are present when the sandbox
+preview gateway is enabled. Without this check, `helm install` would push
+Gateway/HTTPRoute/Certificate to an API server that doesn't know those
+kinds — the failure mode is an opaque "no matches for kind" rejection,
+sometimes after partial-apply. Failing at template time keeps the release
+atomic and gives a pointer to the right install command.
+*/}}
+{{- define "sandbox-env.validatePreviewGateway" -}}
+{{- if .Values.previewGateway.enabled }}
+{{- if not (.Capabilities.APIVersions.Has "gateway.networking.k8s.io/v1") }}
+{{- fail "sandbox-env: previewGateway.enabled=true requires the Gateway API CRDs (gateway.networking.k8s.io/v1). Install: kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/standard-install.yaml — and a Gateway controller (Istio, Envoy Gateway, Cilium, ...) implementing the chosen gatewayClassName." -}}
+{{- end }}
+{{- if not (.Capabilities.APIVersions.Has "cert-manager.io/v1") }}
+{{- fail "sandbox-env: previewGateway.enabled=true requires cert-manager (cert-manager.io/v1). Install: helm install cert-manager jetstack/cert-manager -n cert-manager --create-namespace --set crds.enabled=true" -}}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "sandbox-env.housekeeperName" -}}
+{{- printf "sandbox-housekeeper-%s" (include "sandbox-env.envName" .) -}}
+{{- end }}
+
+{{/*
+Default housekeeper selectors. Mirror the labels mesh stamps in runner.ts
+(`studio.decocms.com/env=<envName>` requires STUDIO_ENV); during phased
+rollout, .Values.housekeeper.{claimSelector,podSelector} can be overridden
+to drop the env scope. README has copy-paste values.
+*/}}
+{{- define "sandbox-env.housekeeperClaimSelector" -}}
+{{- printf "app.kubernetes.io/managed-by=studio,app.kubernetes.io/name=studio-sandbox,studio.decocms.com/env=%s" (include "sandbox-env.envName" .) -}}
+{{- end }}
+
+{{- define "sandbox-env.housekeeperPodSelector" -}}
+{{- printf "studio.decocms.com/role=claimed,studio.decocms.com/env=%s" (include "sandbox-env.envName" .) -}}
+{{- end }}
+
+{{/*
+Sentinel-token Secret name. Holds the bearer baked into pool-pod env via
+`valueFrom.secretKeyRef`; mesh reads the same secret out-of-band (env var
+sourced from this Secret in the studio chart) so both sides agree on the
+sentinel without it landing in any chart values.yaml.
+*/}}
+{{- define "sandbox-env.sentinelSecretName" -}}
+{{- printf "studio-sandbox-sentinel-%s" (include "sandbox-env.envName" .) -}}
+{{- end }}
+
+{{/*
+Sentinel token. Priority order:
+  1. .Values.sentinel.token — explicit value supplied by CI/operator so
+     both charts (sandbox-env + studio) can be deployed with the same token
+     without an extraction step.
+  2. Existing Secret — preserves the token across `helm upgrade` so
+     rotating is an explicit opt-in (delete the Secret + re-upgrade).
+  3. randAlphaNum 64 — generated on first install when neither of the
+     above is present.
+*/}}
+{{- define "sandbox-env.sentinelToken" -}}
+{{- if and .Values.sentinel .Values.sentinel.token (ne .Values.sentinel.token "") -}}
+{{- .Values.sentinel.token -}}
+{{- else -}}
+{{- $name := include "sandbox-env.sentinelSecretName" . -}}
+{{- $existing := lookup "v1" "Secret" .Release.Namespace $name -}}
+{{- if and $existing $existing.data $existing.data.daemonToken -}}
+{{- $existing.data.daemonToken | b64dec -}}
+{{- else -}}
+{{- randAlphaNum 64 -}}
+{{- end -}}
+{{- end -}}
+{{- end }}
diff --git a/deploy/helm/sandbox-env/templates/sandbox-housekeeper.yaml b/deploy/helm/sandbox-env/templates/sandbox-housekeeper.yaml
new file mode 100644
index 0000000000..d48bf9a77c
--- /dev/null
+++ b/deploy/helm/sandbox-env/templates/sandbox-housekeeper.yaml
@@ -0,0 +1,147 @@
+{{- if .Values.housekeeper.enabled }}
+{{- /*
+Idle-reap housekeeper for studio sandbox claims. See values.yaml for the
+behavior contract; sweep logic lives in files/housekeeper-sweep.sh.
+*/ -}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "sandbox-env.housekeeperName" . }}-script
+  namespace: agent-sandbox-system
+  labels:
+    {{- include "sandbox-env.labels" . | nindent 4 }}
+data:
+  sweep.sh: |
+{{ .Files.Get "files/housekeeper-sweep.sh" | indent 4 }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "sandbox-env.housekeeperName" . }}
+  namespace: agent-sandbox-system
+  labels:
+    {{- include "sandbox-env.labels" . | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "sandbox-env.housekeeperName" . }}
+  namespace: agent-sandbox-system
+  labels:
+    {{- include "sandbox-env.labels" . | nindent 4 }}
+rules:
+  # patch = annotate + spec.lifecycle.shutdownTime (graceful Idle reap);
+  # delete = ReconcilerError fall-through where shutdownTime is unhonored.
+  - apiGroups: ["extensions.agents.x-k8s.io"]
+    resources: ["sandboxclaims"]
+    verbs: ["get", "list", "patch", "delete"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["list"]
+  # Reap events outlive the claim object — used for post-mortem.
+  # events.k8s.io/v1 is the current API; legacy `[""] events` is deprecated.
+  # `kubectl get events` aggregates from both, so consumers are unaffected.
+  - apiGroups: ["events.k8s.io"]
+    resources: ["events"]
+    verbs: ["create"]
+  # list = orphan HTTPRoute GC pass + per-claim reap deletes.
+  - apiGroups: ["gateway.networking.k8s.io"]
+    resources: ["httproutes"]
+    verbs: ["list", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "sandbox-env.housekeeperName" . }}
+  namespace: agent-sandbox-system
+  labels:
+    {{- include "sandbox-env.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "sandbox-env.housekeeperName" . }}
+    namespace: agent-sandbox-system
+roleRef:
+  kind: Role
+  name: {{ include "sandbox-env.housekeeperName" . }}
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ include "sandbox-env.housekeeperName" . }}
+  namespace: agent-sandbox-system
+  labels:
+    {{- include "sandbox-env.labels" . | nindent 4 }}
+  annotations:
+    # Rolls the CronJob spec when sweep.sh changes so the next run picks
+    # up new logic without an explicit redeploy.
+    checksum/script: {{ .Files.Get "files/housekeeper-sweep.sh" | sha256sum }}
+spec:
+  schedule: {{ .Values.housekeeper.schedule | quote }}
+  concurrencyPolicy: Forbid
+  startingDeadlineSeconds: {{ .Values.housekeeper.startingDeadlineSeconds }}
+  successfulJobsHistoryLimit: 1
+  failedJobsHistoryLimit: 3
+  jobTemplate:
+    spec:
+      activeDeadlineSeconds: {{ .Values.housekeeper.activeDeadlineSeconds }}
+      ttlSecondsAfterFinished: {{ .Values.housekeeper.ttlSecondsAfterFinished }}
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/name: {{ include "sandbox-env.housekeeperName" . }}
+        spec:
+          serviceAccountName: {{ include "sandbox-env.housekeeperName" . }}
+          restartPolicy: Never
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 1001
+            runAsGroup: 1001
+            fsGroup: 1001
+            seccompProfile:
+              type: RuntimeDefault
+          containers:
+            - name: housekeeper
+              image: {{ .Values.housekeeper.image.repository }}:{{ .Values.housekeeper.image.tag }}
+              imagePullPolicy: {{ .Values.housekeeper.image.pullPolicy }}
+              securityContext:
+                allowPrivilegeEscalation: false
+                readOnlyRootFilesystem: true
+                capabilities:
+                  drop: ["ALL"]
+              resources:
+                {{- toYaml .Values.housekeeper.resources | nindent 16 }}
+              env:
+                - name: RUN_ID
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.name
+                - name: NS
+                  value: agent-sandbox-system
+                - name: TTL_MS
+                  value: {{ mul .Values.housekeeper.idleTtlSeconds 1000 | quote }}
+                - name: PROBE_TIMEOUT_SEC
+                  value: {{ .Values.housekeeper.probeTimeoutSeconds | quote }}
+                - name: CLAIM_SELECTOR
+                  value: {{ default (include "sandbox-env.housekeeperClaimSelector" .) .Values.housekeeper.claimSelector | quote }}
+                - name: POD_SELECTOR
+                  value: {{ default (include "sandbox-env.housekeeperPodSelector" .) .Values.housekeeper.podSelector | quote }}
+              command: ["/bin/sh", "/scripts/sweep.sh"]
+              volumeMounts:
+                - name: script
+                  mountPath: /scripts
+                  readOnly: true
+                - name: tmp
+                  mountPath: /tmp
+          volumes:
+            - name: script
+              configMap:
+                name: {{ include "sandbox-env.housekeeperName" . }}-script
+                defaultMode: 0555
+                items:
+                  - key: sweep.sh
+                    path: sweep.sh
+            - name: tmp
+              emptyDir: {}
+{{- end }}
diff --git a/deploy/helm/sandbox-env/templates/sandbox-network-policy.yaml b/deploy/helm/sandbox-env/templates/sandbox-network-policy.yaml
new file mode 100644
index 0000000000..a2eeb3f76b
--- /dev/null
+++ b/deploy/helm/sandbox-env/templates/sandbox-network-policy.yaml
@@ -0,0 +1,157 @@
+{{- if .Values.networkPolicy.enabled }}
+# NetworkPolicy for mesh sandbox pods in THIS environment.
+#
+# Scope: selects pods in agent-sandbox-system labeled
+# app.kubernetes.io/name=studio-sandbox-<envName>. Applies both ingress and
+# egress rules, so egress is deny-by-default (policyType Egress with only
+# allowed rules). The label match is per-env so a release in env A doesn't
+# accidentally allow ingress from env B's mesh into env A's pods.
+#
+# Threat model: workload is arbitrary user code. Egress must not reach IMDS
+# (169.254.169.254 / fd00:ec2::254), in-cluster RFC1918 services, or
+# link-local addresses. Combine with EKS IMDSv2 hop-limit=1 at the node
+# level — this policy alone is not sufficient on clouds where IMDS is
+# reachable via hop.
+#
+# OTel side note: the sandbox image does not currently emit OTLP traffic.
+# If a future daemon revision pushes telemetry out-of-pod, add an explicit
+# egress rule for the in-cluster collector (or use
+# `networkPolicy.extraEgress`); the default-deny stance here will
+# otherwise silently drop it.
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "sandbox-env.sandboxName" . }}
+  namespace: agent-sandbox-system
+  labels:
+    {{- include "sandbox-env.sandboxLabels" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "sandbox-env.sandboxName" . }}
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    # Daemon port (9000) — mesh server pods call this for control-plane
+    # operations (tool exec, log streaming) when path-2 in-cluster routing
+    # is used. The control plane also reaches the daemon over the API
+    # server's port-forward channel, which doesn't transit a Pod IP and
+    # therefore doesn't need a NetworkPolicy rule; this entry covers the
+    # direct-Service path.
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: {{ .Values.mesh.namespace }}
+          podSelector:
+            matchLabels:
+              {{- toYaml .Values.mesh.podSelectorLabels | nindent 14 }}
+      ports:
+        - protocol: TCP
+          port: 9000
+    {{- if .Values.previewGateway.enabled }}
+    # Per-claim HTTPRoutes in `agent-sandbox-system` route `*.<domain>`
+    # traffic from the wildcard Gateway directly to each sandbox's headless
+    # Service:9000. The actual sender is the gateway controller's data plane
+    # Pod, which lives in `previewGateway.namespace` (Istio default:
+    # `istio-system`). Without this rule the route attaches but the Envoy
+    # proxy can't reach the sandbox pod and the browser sees a connect
+    # timeout. Mesh is no longer in this path.
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: {{ .Values.previewGateway.namespace }}
+      ports:
+        - protocol: TCP
+          port: 9000
+    {{- end }}
+    {{- if .Values.housekeeper.enabled }}
+    # Housekeeper probes /_decopilot_vm/idle. Same namespace as pods, so
+    # podSelector alone is enough (no namespaceSelector).
+    - from:
+        - podSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ include "sandbox-env.housekeeperName" . }}
+      ports:
+        - protocol: TCP
+          port: 9000
+    {{- end }}
+    {{- with .Values.networkPolicy.previewGatewayNamespace }}
+    # DEPRECATED — direct ingress on dev port 3000 from a configured
+    # gateway namespace. Only needed for setups that route preview traffic
+    # *around* mesh (no daemon CSP/HMR rewrites). The standard Istio
+    # Gateway API path lands on port 9000 via mesh and doesn't need this.
+    # Slated for removal in a future chart version.
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: {{ . }}
+      ports:
+        - protocol: TCP
+          port: 3000
+    {{- end }}
+  egress:
+    # CoreDNS — UDP + TCP 53.
+    - to:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: kube-system
+          podSelector:
+            matchLabels:
+              k8s-app: kube-dns
+      ports:
+        - protocol: UDP
+          port: 53
+        - protocol: TCP
+          port: 53
+    # Public internet on 443 (HTTPS only) with IMDS, RFC1918, and link-local
+    # blocked. Covers bun install, git clone over HTTPS, external APIs
+    # without opening the sandbox to in-cluster services.
+    #
+    # Plaintext port 80 is *not* allowed by default — bun, npm, and git over
+    # HTTPS don't need it, and allowing it widens the MITM-on-egress surface.
+    # Installs that need a package mirror over HTTP can grant it via
+    # `networkPolicy.extraEgress` (see values.yaml).
+    #
+    # 100.64.0.0/10 is shared address space (RFC 6598). Some carriers and
+    # K8s networking flavors put pod IPs there (Kops/Kubenet on AWS; some
+    # GKE configurations); EKS with the AWS VPC CNI uses VPC ranges
+    # (10.0.0.0/8) and is already covered above. Keeping the 100.64.0.0/10
+    # exclusion is harmless on EKS and necessary on the others.
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0
+            except:
+              - 169.254.0.0/16   # link-local + IPv4 IMDSv2
+              - 10.0.0.0/8       # RFC1918
+              - 172.16.0.0/12    # RFC1918
+              - 192.168.0.0/16   # RFC1918
+              - 100.64.0.0/10    # shared address space (RFC 6598)
+      ports:
+        - protocol: TCP
+          port: 443
+    # IPv6 egress on dual-stack clusters (EKS dual-stack, GKE, etc.).
+    # Without this rule, an IPv6-enabled pod can reach in-cluster
+    # ULA-addressed Services and the IPv6 IMDS endpoint
+    # (fd00:ec2::254 on AWS) bypassing the IPv4 exclusions above.
+    # Single-stack IPv4 clusters ignore the rule, so it is safe to leave
+    # in by default.
+    - to:
+        - ipBlock:
+            cidr: ::/0
+            except:
+              - fe80::/10        # link-local
+              - fc00::/7         # ULA (in-cluster IPv6 Service ranges, ULA Pod CIDRs)
+              - fd00:ec2::/96    # AWS IPv6 IMDS prefix
+      ports:
+        - protocol: TCP
+          port: 443
+    {{- with .Values.networkPolicy.extraEgress }}
+    # Operator-supplied egress rules. Use to grant the sandbox controlled
+    # access to in-cluster services it shouldn't reach by default — for
+    # example, an in-cluster OTel collector at
+    # `<release>-opentelemetry-collector.<release-ns>.svc:4318` if a future
+    # daemon revision emits OTLP. Each entry is a NetworkPolicyEgressRule.
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+{{- end }}
diff --git a/deploy/helm/sandbox-env/templates/sandbox-preview-cert.yaml b/deploy/helm/sandbox-env/templates/sandbox-preview-cert.yaml
new file mode 100644
index 0000000000..635af22afc
--- /dev/null
+++ b/deploy/helm/sandbox-env/templates/sandbox-preview-cert.yaml
@@ -0,0 +1,30 @@
+{{- if .Values.previewGateway.enabled }}
+{{- $domain := required "previewGateway.domain is required when previewGateway.enabled=true" .Values.previewGateway.domain }}
+{{- $issuer := required "previewGateway.clusterIssuer is required when previewGateway.enabled=true" .Values.previewGateway.clusterIssuer }}
+{{- $gwNamespace := .Values.previewGateway.namespace }}
+{{- $tlsSecretName := include "sandbox-env.previewTlsSecretName" . }}
+# Wildcard cert for the sandbox preview Gateway. cert-manager places the
+# Secret in the gateway namespace so the Gateway listener can mount it
+# without a cross-namespace reference.
+#
+# DNS-01 is the only solver that can validate a wildcard SAN, so the
+# referenced ClusterIssuer must be DNS-01 (e.g. Cloudflare, Route53). The
+# chart does not template the ClusterIssuer itself — the API tokens
+# required to provision DNS records are per-cluster infra, not chart
+# config. See README.md for a Cloudflare DNS-01 ClusterIssuer template.
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "sandbox-env.previewName" . }}
+  namespace: {{ $gwNamespace }}
+  labels:
+    {{- include "sandbox-env.sandboxPreviewLabels" . | nindent 4 }}
+spec:
+  secretName: {{ $tlsSecretName }}
+  issuerRef:
+    kind: ClusterIssuer
+    name: {{ $issuer | quote }}
+  commonName: {{ printf "*.%s" $domain | quote }}
+  dnsNames:
+    - {{ printf "*.%s" $domain | quote }}
+{{- end }}
diff --git a/deploy/helm/sandbox-env/templates/sandbox-preview-gateway.yaml b/deploy/helm/sandbox-env/templates/sandbox-preview-gateway.yaml
new file mode 100644
index 0000000000..c9137c01b4
--- /dev/null
+++ b/deploy/helm/sandbox-env/templates/sandbox-preview-gateway.yaml
@@ -0,0 +1,76 @@
+{{- if .Values.previewGateway.enabled }}
+{{- $domain := required "previewGateway.domain is required when previewGateway.enabled=true" .Values.previewGateway.domain }}
+{{- $issuer := required "previewGateway.clusterIssuer is required when previewGateway.enabled=true" .Values.previewGateway.clusterIssuer }}
+{{- $gwNamespace := .Values.previewGateway.namespace }}
+{{- $tlsSecretName := include "sandbox-env.previewTlsSecretName" . }}
+{{- $hostname := printf "*.%s" $domain }}
+{{- $previewName := include "sandbox-env.previewName" . }}
+# Wildcard preview-URL ingress. The Gateway terminates TLS for
+# `*.<domain>`; per-claim HTTPRoutes are minted by the mesh runner against
+# this Gateway and route directly to each sandbox's headless Service at
+# port 9000 (daemon owns the public surface — routing straight at the dev
+# port 3000 would bypass CSP/HMR rewrites and break iframe embedding + SSE).
+#
+# This chart creates ONLY the Gateway + Certificate. It deliberately does
+# NOT render a wildcard HTTPRoute backed by mesh — keeping mesh in the
+# request path was the previous design, and it's been replaced by per-claim
+# routing. Mesh now creates one HTTPRoute per SandboxClaim in
+# `agent-sandbox-system` (same namespace as the operator's Service, no
+# ReferenceGrant needed) and tears it down on claim delete. RBAC for that
+# lives in templates/sandbox-rbac.yaml.
+#
+# Browser → Gateway → HTTPRoute(handle) → Service(handle):9000 → pod.
+# Mesh is no longer the data-path proxy.
+#
+# AUTH MODEL — read before exposing this. The Host header carries the
+# sandbox handle, which is the *only* authorization on the preview path
+# (no listener-level auth, matching how Vercel preview URLs work). That
+# means handles travel in plaintext through every CDN / LB / proxy in the
+# request path and will appear in their access logs. Treat them as
+# URL-grade secrets — do not share in tickets, screenshots, etc. For
+# tighter isolation, terminate auth at the Gateway with an
+# AuthorizationPolicy (Istio) / extauth (Envoy) in front of this
+# listener; the chart does not do that for you.
+#
+# MULTI-ENV NOTE — two envs can both enable previewGateway only if they
+# use different `previewGateway.domain` values. Two Gateways binding the
+# *same* wildcard hostname will conflict at the controller level; the
+# resource names are envName-suffixed but the listener hostname must be
+# unique per Gateway.
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: {{ $previewName }}
+  namespace: {{ $gwNamespace }}
+  labels:
+    {{- include "sandbox-env.sandboxPreviewLabels" . | nindent 4 }}
+  annotations:
+    # cert-manager picks up the cert from the listener's TLS secret ref;
+    # this annotation tells it which ClusterIssuer to use when minting
+    # the wildcard. Required because Gateway listeners don't have a
+    # built-in `issuerRef` field.
+    cert-manager.io/cluster-issuer: {{ $issuer | quote }}
+spec:
+  gatewayClassName: {{ .Values.previewGateway.gatewayClassName | quote }}
+  listeners:
+    - name: https
+      protocol: HTTPS
+      port: 443
+      hostname: {{ $hostname | quote }}
+      tls:
+        mode: Terminate
+        certificateRefs:
+          - kind: Secret
+            name: {{ $tlsSecretName }}
+            namespace: {{ $gwNamespace }}
+      allowedRoutes:
+        namespaces:
+          # Per-claim HTTPRoutes live in `agent-sandbox-system` (same
+          # namespace as the operator-created Service they back) so mesh
+          # can write them with the same Role used for SandboxClaim
+          # CRUD. Without this selector the routes would silently drop.
+          from: Selector
+          selector:
+            matchLabels:
+              kubernetes.io/metadata.name: agent-sandbox-system
+{{- end }}
diff --git a/deploy/helm/sandbox-env/templates/sandbox-rbac.yaml b/deploy/helm/sandbox-env/templates/sandbox-rbac.yaml
new file mode 100644
index 0000000000..5596f0fc1c
--- /dev/null
+++ b/deploy/helm/sandbox-env/templates/sandbox-rbac.yaml
@@ -0,0 +1,115 @@
+# RBAC for the mesh ServiceAccount to drive the agent-sandbox operator from
+# inside the cluster. The runner (packages/sandbox/server/runner/agent-sandbox/) needs:
+#   - sandboxclaims CRUD/patch (per-tenant claim lifecycle, idle TTL refresh)
+#   - sandboxes get/list/watch (waitForSandboxReady streams `?watch=true`)
+#   - pods/portforward create (kubectl-style tunnel to the daemon container)
+# Pods get is included for portforward error paths; the runner itself doesn't
+# read pod specs directly.
+#
+# Why pods/portforward is here even with the preview Gateway:
+#   The runner has *two* traffic paths and the Gateway only covers one.
+#     1. Browser → preview URL: Gateway terminates `*.preview.<domain>`
+#        and forwards to the mesh Service, which then reverse-proxies to
+#        the sandbox Service (`<handle>.<ns>.svc.cluster.local:9000`).
+#        No portforward involved.
+#     2. Mesh runner → sandbox daemon (control plane): the runner calls
+#        the daemon's HTTP API directly (probeDaemonHealth, daemonBash,
+#        waitForDaemonReady) on every code-execution. This path uses
+#        portforward unconditionally — see runner.ts:openForwarder. It
+#        works the same whether mesh runs in-cluster or on a developer's
+#        laptop, and routes through the apiserver so we don't have to
+#        open daemon ingress on 9000 to mesh's pod selector.
+#   In production we *could* switch path 2 to in-cluster Service DNS and
+#   drop portforward from this Role; the daemon already enforces its own
+#   bearer-token check. That's tracked as a future hardening pass and is
+#   not blocked by this chart.
+#
+# Privilege-escalation note: pods/portforward in this Role can target the
+# operator pod itself (which also lives in agent-sandbox-system). The
+# operator's exposed ports today (8080 metrics, 8081 healthz) are
+# read-only, so the worst case is read of metrics text. If a future
+# operator revision adds a write port, scope this rule to sandbox pods
+# only (resourceNames or relabel via mutating webhook).
+#
+# Scope: Role in agent-sandbox-system (the operator's namespace). The mesh
+# ServiceAccount lives in `mesh.namespace` (per values) and the RoleBinding
+# crosses namespaces by referencing it explicitly. Keeps blast radius of a
+# mesh compromise limited to the sandbox namespace.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "sandbox-env.runnerRoleName" . }}
+  namespace: agent-sandbox-system
+  labels:
+    {{- include "sandbox-env.labels" . | nindent 4 }}
+rules:
+  - apiGroups: ["extensions.agents.x-k8s.io"]
+    resources: ["sandboxclaims"]
+    verbs: ["get", "list", "watch", "create", "delete", "patch"]
+  - apiGroups: ["agents.x-k8s.io"]
+    resources: ["sandboxes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["pods/portforward"]
+    # `get` is required for the WebSocket-based port-forward path used by
+    # @kubernetes/client-node v1.x (and Bun's native WS, and any newer
+    # client-go-equivalent). The legacy SPDY path only needed `create`, but
+    # all modern clients use the WS upgrade — which the API server enforces
+    # as a `GET` against the subresource. Without `get`, the upgrade returns
+    # 403 and the runner sees `[object ErrorEvent]`.
+    verbs: ["get", "create"]
+  # Per-claim HTTPRoute lifecycle. The runner mints one HTTPRoute per
+  # SandboxClaim (same name, same namespace) so the wildcard Gateway in
+  # `istio-system` (or wherever `previewGateway.namespace` points) can
+  # route `<handle>.<domain>` traffic directly to the operator-created
+  # headless Service — bypassing mesh as a proxy. `delete` mirrors the
+  # claim teardown path. `get` is used for the create-if-missing branch
+  # in `adopt()` so legacy claims (provisioned before this rolled out)
+  # get their HTTPRoute backfilled.
+  - apiGroups: ["gateway.networking.k8s.io"]
+    resources: ["httproutes"]
+    verbs: ["get", "create", "delete"]
+  # Per-claim Service port ownership. agent-sandbox v0.4.x creates the
+  # Service for each Sandbox with `spec.ports: []` (the operator's
+  # contract is that callers reach pods via direct pod-IP DNS). Istio's
+  # k8s service registry only registers an upstream cluster when the
+  # Service declares at least one port, so the runner Server-Side Applies
+  # `port: 9000` onto the Service right after the SandboxClaim becomes
+  # Ready and before creating the HTTPRoute. SSA is used over a plain
+  # PATCH so that mesh becomes the recorded field manager for
+  # `spec.ports[name=daemon]` — if a future operator revision tries to
+  # reset ports[] under its own field manager, the API server surfaces a
+  # managed-fields conflict instead of silently breaking routing in prod.
+  # Without this, the HTTPRoute is "Accepted" but Envoy has no cluster to
+  # route to and returns an empty 500 — which the browser misreports as a
+  # CORS error.
+  #
+  # `patch` is the verb K8s requires for SSA writes (apply-patch is just
+  # a content type — the verb on the subresource is still PATCH). `get`
+  # is here for parity with the HTTPRoute rule (debug visibility); the
+  # runner doesn't read Services on the hot path.
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs: ["get", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "sandbox-env.runnerRoleName" . }}
+  namespace: agent-sandbox-system
+  labels:
+    {{- include "sandbox-env.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ required "mesh.serviceAccountName is required" .Values.mesh.serviceAccountName }}
+    namespace: {{ required "mesh.namespace is required" .Values.mesh.namespace }}
+roleRef:
+  kind: Role
+  name: {{ include "sandbox-env.runnerRoleName" . }}
+  apiGroup: rbac.authorization.k8s.io
diff --git a/deploy/helm/sandbox-env/templates/sandbox-sentinel-secret.yaml b/deploy/helm/sandbox-env/templates/sandbox-sentinel-secret.yaml
new file mode 100644
index 0000000000..075b320638
--- /dev/null
+++ b/deploy/helm/sandbox-env/templates/sandbox-sentinel-secret.yaml
@@ -0,0 +1,28 @@
+# Sentinel bearer token shared by every pool-pod in this env. Mounted into
+# the daemon container as DAEMON_TOKEN via the SandboxTemplate's env, so
+# pool pods boot with a known auth and accept their first POST /config from
+# mesh. Mesh authenticates that first call with the same token (sourced
+# from the same Secret on its end) and immediately rotates to a per-claim
+# token via `auth.rotateToken`. After rotation, the sentinel is no longer
+# accepted by that pod.
+#
+# Trust window — pod boot → first rotation: NetworkPolicy is the secrecy
+# boundary (only mesh can reach :9000 in `agent-sandbox-system`). The
+# window is short (mesh races to rotate as soon as `waitForDaemonReady`
+# returns) and same-shape as today's per-claim env injection.
+#
+# Lifecycle: generated once at install (`randAlphaNum 64`), preserved
+# across `helm upgrade` via the helper's `lookup`. Rotate by deleting the
+# Secret and re-upgrading — pool pods will bounce, mesh's existing claims
+# keep using their already-rotated per-claim tokens until they're
+# re-provisioned.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "sandbox-env.sentinelSecretName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "sandbox-env.sandboxLabels" . | nindent 4 }}
+type: Opaque
+stringData:
+  daemonToken: {{ include "sandbox-env.sentinelToken" . | quote }}
diff --git a/deploy/helm/sandbox-env/templates/sandbox-template.yaml b/deploy/helm/sandbox-env/templates/sandbox-template.yaml
new file mode 100644
index 0000000000..e8c1b6a22d
--- /dev/null
+++ b/deploy/helm/sandbox-env/templates/sandbox-template.yaml
@@ -0,0 +1,144 @@
+# Shared SandboxTemplate consumed by every SandboxClaim the mesh runner
+# creates for THIS environment. Resource ceilings come from values.resources.
+#
+# Hardcoded to the operator's own namespace (agent-sandbox-system) — the CRDs
+# ship with that as the install target, and the operator's RBAC watches it by
+# default. The template *name* is suffixed with envName so multiple
+# environments' SandboxTemplates coexist; mesh in this env must reference
+# the suffixed name via STUDIO_SANDBOX_TEMPLATE_NAME.
+apiVersion: extensions.agents.x-k8s.io/v1alpha1
+kind: SandboxTemplate
+metadata:
+  name: {{ include "sandbox-env.sandboxName" . }}
+  namespace: agent-sandbox-system
+  labels:
+    {{- include "sandbox-env.sandboxLabels" . | nindent 4 }}
+spec:
+  # The operator's controller rejects per-claim env outright when
+  # `claim.spec.warmpool != "none"`, so warm-pool consumption requires
+  # all claim env to come from the template. We bake a *sentinel* bearer
+  # token (rendered into a Secret by sandbox-sentinel-secret.yaml) and
+  # rotate to a per-claim token post-bind via mesh's first
+  # POST /_decopilot_vm/config call. envVarsInjectionPolicy stays Allowed
+  # so single-env deploys that haven't yet adopted the sentinel can still
+  # provision cold (warmpool=none) with claim env.
+  envVarsInjectionPolicy: Allowed
+  # The CRD defaults to Managed, which makes the operator install its own
+  # NetworkPolicy that only allows ingress from pods labeled
+  # `app: sandbox-router`. That's intended for Istio-style sidecar routing
+  # and silently blocks the mesh → daemon path the preview-proxy depends on.
+  # We surface the netpol via templates/sandbox-network-policy.yaml instead
+  # (gated by `networkPolicy.enabled`), so flag the operator's policy off.
+  networkPolicyManagement: Unmanaged
+  podTemplate:
+    metadata:
+      labels:
+        # Per-env name so each env's NetworkPolicy podSelector matches only
+        # its own pods. Mesh runner stamps the same value via
+        # SandboxClaim.additionalPodMetadata (driven by
+        # STUDIO_SANDBOX_TEMPLATE_NAME pointing at the env-suffixed
+        # template) — keep these in lockstep.
+        app.kubernetes.io/name: {{ include "sandbox-env.sandboxName" . }}
+        # Do NOT set `studio.decocms.com/role` here. The operator (v0.4.2+)
+        # rejects claims whose additionalPodMetadata defines a label key
+        # already present in the template — even when the values differ —
+        # with "metadata override conflict". The runner sets role=claimed
+        # via additionalPodMetadata, so the template must leave that key
+        # undefined. Warm-pool pods end up without the role label;
+        # dashboards filter by absence-of-handle instead.
+    spec:
+      automountServiceAccountToken: false
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if not .Values.hostUsers }}
+      # User namespace remap: UID 1000 inside the pod maps to a high
+      # subordinate UID on the node, so a container escape lands as a
+      # nobody-user, not as a real node UID. Requires K8s 1.30+ and a
+      # containerd/kernel that support userns (EKS default AMIs are fine).
+      hostUsers: false
+      {{- end }}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: sandbox
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          workingDir: /app
+          env:
+            - name: WORKDIR
+              value: "/app"
+            - name: DAEMON_PORT
+              value: "9000"
+            - name: DAEMON_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "sandbox-env.sentinelSecretName" . }}
+                  key: daemonToken
+            {{- if .Values.readOnlyRootFilesystem }}
+            # With RO rootfs + emptyDir on /app, the mount root is owned
+            # root:1000 (fsGroup). Git 2.35+'s "dubious ownership" check
+            # would refuse to operate. Disable the check inside the
+            # sandbox — single-tenant pod, no untrusted same-pod user.
+            - name: GIT_CONFIG_COUNT
+              value: "1"
+            - name: GIT_CONFIG_KEY_0
+              value: "safe.directory"
+            - name: GIT_CONFIG_VALUE_0
+              value: "*"
+            {{- end }}
+          ports:
+            - name: daemon
+              containerPort: 9000
+              protocol: TCP
+            - name: dev
+              containerPort: 3000
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            readOnlyRootFilesystem: {{ .Values.readOnlyRootFilesystem }}
+          volumeMounts:
+            {{- if .Values.readOnlyRootFilesystem }}
+            - name: workdir
+              mountPath: /app
+            - name: tmp
+              mountPath: /tmp
+            {{- end }}
+            - name: home
+              mountPath: /home/sandbox
+      volumes:
+        {{- if .Values.readOnlyRootFilesystem }}
+        # Sized to match the per-container ephemeral-storage limit shape;
+        # individual mounts get a slice. Adjust if a workload needs more.
+        - name: workdir
+          emptyDir:
+            sizeLimit: 5Gi
+        - name: tmp
+          emptyDir:
+            sizeLimit: 1Gi
+        {{- end }}
+        - name: home
+          emptyDir:
+            sizeLimit: 2Gi
diff --git a/deploy/helm/sandbox-env/templates/sandbox-warm-pool.yaml b/deploy/helm/sandbox-env/templates/sandbox-warm-pool.yaml
new file mode 100644
index 0000000000..9d2b4fa86e
--- /dev/null
+++ b/deploy/helm/sandbox-env/templates/sandbox-warm-pool.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.warmPool.enabled }}
+# Pre-warms N sandbox pods against the shared SandboxTemplate so new claims
+# bind instantly rather than waiting on image pull + kubelet start. Disabled
+# by default — enable only after measuring cold-start pain; every pool
+# replica costs the full sandbox resource request.
+#
+# Schema (v1alpha1): see sandbox-operator/crds/agent-sandbox-crds.yaml.
+apiVersion: extensions.agents.x-k8s.io/v1alpha1
+kind: SandboxWarmPool
+metadata:
+  name: {{ include "sandbox-env.sandboxName" . }}
+  namespace: agent-sandbox-system
+  labels:
+    {{- include "sandbox-env.sandboxLabels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.warmPool.size }}
+  sandboxTemplateRef:
+    name: {{ include "sandbox-env.sandboxName" . }}
+{{- end }}
diff --git a/deploy/helm/sandbox-env/templates/validations.yaml b/deploy/helm/sandbox-env/templates/validations.yaml
new file mode 100644
index 0000000000..7b4c272773
--- /dev/null
+++ b/deploy/helm/sandbox-env/templates/validations.yaml
@@ -0,0 +1,16 @@
+{{- /*
+Chart-level validations. Renders no resources.
+
+Note: this chart pins all sandbox-side resources to `agent-sandbox-system`
+explicitly (rather than `.Release.Namespace`) because the operator's RBAC
+watches that namespace by default — splitting them across two namespaces
+breaks reconciliation. So unlike sandbox-operator, this chart does NOT
+fail if installed under a different release namespace; the resources
+still land in agent-sandbox-system regardless. The release namespace
+only really matters for Helm's own bookkeeping.
+*/ -}}
+{{- include "sandbox-env.validatePreviewGateway" . -}}
+{{- /* Force envName validation to run at template time even when no
+resource references it directly (pure-validation render). Discard the
+return value into a local so it doesn't leak into the rendered YAML. */ -}}
+{{- $_ := include "sandbox-env.envName" . -}}
diff --git a/deploy/helm/sandbox-env/values.yaml b/deploy/helm/sandbox-env/values.yaml
new file mode 100644
index 0000000000..eddb03f16c
--- /dev/null
+++ b/deploy/helm/sandbox-env/values.yaml
@@ -0,0 +1,286 @@
+# Default values for the sandbox-env chart.
+#
+# This chart is independent of chart-deco-studio and of the sandbox-operator
+# chart. It installs the Studio-side resources that consume the operator's
+# CRDs (SandboxTemplate, RBAC, NetworkPolicy, optional WarmPool, optional
+# preview Gateway/Certificate). Install one release per environment that
+# needs to use the operator — every resource name is suffixed with
+# `envName` so multiple releases coexist in `agent-sandbox-system`.
+#
+# Cross-chart wiring lives under `mesh.*`: tell this chart where the studio
+# release for THIS environment runs so the RBAC RoleBinding, NetworkPolicy
+# ingress selector, and preview HTTPRoute backendRef can reach it. There is
+# no runtime coupling back the other way — studio consumes nothing from
+# this chart at install time; it simply talks to the operator's CRDs and
+# the daemon Service the operator creates per SandboxClaim.
+#
+# Mesh side: the studio install for THIS environment must point its runner
+# at the env-suffixed SandboxTemplate by setting
+#   STUDIO_SANDBOX_TEMPLATE_NAME=studio-sandbox-<envName>
+# in the studio chart's `configMap.meshConfig`. Without that override mesh
+# falls back to "studio-sandbox" (no suffix) and claim creation will fail
+# with "sandboxtemplate not found".
+
+# ── env identity ───────────────────────────────────────────────────────
+# Required. Used as suffix on every resource name this chart creates so
+# multiple releases (dev / staging / prod / ...) coexist in the shared
+# `agent-sandbox-system` namespace without collisions. Examples:
+#   envName=staging  →  SandboxTemplate/studio-sandbox-staging,
+#                       Role/studio-sandbox-runner-staging,
+#                       NetworkPolicy/studio-sandbox-staging,
+#                       Gateway/agent-sandbox-preview-staging, ...
+# Use a short DNS label (a-z0-9-, 1-32 chars). Conventionally matches the
+# studio (chart-deco-studio) release name for the same environment.
+envName: ""
+
+# ── sandbox pod image (used by SandboxTemplate) ────────────────────────
+image:
+  repository: ghcr.io/decocms/studio/studio-sandbox
+  # Pinned to a specific version so chart upgrades pull a matching image
+  # instead of silently moving with `:latest`. Bump in lockstep with
+  # packages/sandbox/package.json — release-studio-sandbox.yaml tags
+  # images using that version. NEVER set this to "latest" in prod.
+  tag: "0.2.1"
+  # Override to Never on local kind clusters that load via `kind load`.
+  pullPolicy: IfNotPresent
+
+# ── sandbox pod resources (per SandboxClaim) ───────────────────────────
+# Prod ceilings. Adjust per measured workload.
+resources:
+  requests:
+    cpu: 500m
+    memory: 1Gi
+  limits:
+    cpu: "2"
+    memory: 4Gi
+    ephemeral-storage: 10Gi
+
+# ── sandbox NetworkPolicy ──────────────────────────────────────────────
+networkPolicy:
+  enabled: true
+  # DEPRECATED: kept only for installs whose external gateway terminates
+  # *directly* on the sandbox's port 3000 (dev server). The default
+  # preview path goes through mesh and lands on port 9000 (daemon)
+  # instead, so all standard installs leave this empty. See
+  # `previewGateway` below for the supported Istio Gateway API path.
+  # Will be removed in a future chart version — open an issue if you
+  # still need it.
+  previewGatewayNamespace: ""
+  # Operator-supplied egress rules (NetworkPolicyEgressRule[]) merged
+  # into the sandbox NetworkPolicy. The base policy denies in-cluster
+  # egress; use this to grant *specific* exceptions (e.g. an in-cluster
+  # OTel collector if the daemon ever emits OTLP). Empty = no extra
+  # egress.
+  #
+  # extraEgress:
+  #   - to:
+  #       - namespaceSelector:
+  #           matchLabels:
+  #             kubernetes.io/metadata.name: monitoring
+  #         podSelector:
+  #           matchLabels:
+  #             app.kubernetes.io/name: opentelemetry-collector
+  #     ports:
+  #       - protocol: TCP
+  #         port: 4318
+  extraEgress: []
+
+# ── sandbox-pod scheduling ─────────────────────────────────────────────
+# Pin sandbox pods to a dedicated NodePool so a container escape lands on
+# a node that has no mesh / postgres / NATS / OTel pods on it. Pair with a
+# Karpenter NodePool that taints + labels matching nodes; see README.md
+# for the snippet. Empty defaults run sandbox pods on whatever the
+# scheduler picks.
+nodeSelector: {}
+# nodeSelector:
+#   workload: sandbox
+tolerations: []
+# tolerations:
+#   - key: workload
+#     operator: Equal
+#     value: sandbox
+#     effect: NoSchedule
+# Affinity rules merged into the sandbox PodSpec. Use podAffinity to
+# co-locate sandbox pods on the same node (cheaper warm-pool packing,
+# shared image cache); use nodeAffinity for soft node preferences that
+# nodeSelector can't express. Empty default = scheduler picks.
+affinity: {}
+
+# Topology spread constraints merged into the sandbox PodSpec. Useful
+# for spreading sandbox pods across availability zones so a single-AZ
+# spot reclaim doesn't take the whole pool out at once. Empty default
+# = no spread (scheduler / Karpenter cost-bias may concentrate pods in
+# one AZ).
+#
+# When using this, the labelSelector must match the per-env pod label
+# stamped by this chart (see templates/sandbox-template.yaml):
+#   app.kubernetes.io/name: studio-sandbox-<envName>
+#
+# Recommended for production:
+#
+# topologySpreadConstraints:
+#   - maxSkew: 1
+#     topologyKey: topology.kubernetes.io/zone
+#     # ScheduleAnyway, not DoNotSchedule — we don't want a sandbox
+#     # claim to fail because Karpenter hasn't yet provisioned a node
+#     # in the second AZ. The constraint is a soft preference; over
+#     # time pods drift toward an even spread as new nodes come up.
+#     whenUnsatisfiable: ScheduleAnyway
+#     labelSelector:
+#       matchLabels:
+#         app.kubernetes.io/name: studio-sandbox-<envName>
+topologySpreadConstraints: []
+
+# ── sandbox-pod hardening ──────────────────────────────────────────────
+# User namespace remap (`spec.hostUsers: false`): UID 1000 inside the pod
+# maps to a high, unprivileged subordinate UID on the node, so a
+# container escape doesn't land as a real node UID. Requires K8s 1.30+
+# with a containerd/kernel that support userns (EKS default AMIs from
+# late 2024 onward are fine; kind nodes vary).
+#
+# Defaults to the secure path because this chart runs untrusted user
+# code. Override to true (back to host users) ONLY on clusters whose
+# kernel/containerd doesn't support userns — symptoms of unsupported
+# runtime are pod scheduling failures with messages like "user
+# namespaces are not enabled".
+hostUsers: false
+
+# Read-only root filesystem. When true, /app + /tmp + /home/sandbox are
+# remounted as emptyDirs and `safe.directory '*'` is set so git works
+# against the chowned mount.
+#
+# Defaults to true (secure path). Override to false ONLY if a workload
+# writes outside the three covered emptyDirs and you've measured the
+# resulting failure mode. Validate end-to-end (clone + bun/npm install +
+# dev server start) on staging before merging an override.
+readOnlyRootFilesystem: true
+
+# ── sentinel token ─────────────────────────────────────────────────────
+sentinel:
+  # Optional: supply an explicit token so CI can pass the same value to
+  # both this chart and the studio chart without an extraction step.
+  # Leave empty to auto-generate (preserved across upgrades via lookup).
+  token: ""
+
+# ── warm pool ──────────────────────────────────────────────────────────
+warmPool:
+  # Enable only after measuring cold-start pain; every warm pod costs
+  # the full resources.requests above.
+  enabled: false
+  size: 0
+
+# ── preview URL gateway (optional) ─────────────────────────────────────
+# Wildcard preview-URL ingress. Renders an Istio Gateway (HTTPS, terminates
+# `*.<domain>`) + a cert-manager Certificate. Per-claim HTTPRoutes are NOT
+# rendered here — the mesh runner mints one HTTPRoute per SandboxClaim in
+# `agent-sandbox-system` and tears it down on claim delete, so each preview
+# URL routes directly to its sandbox Service:9000. Mesh is no longer in
+# the data path; it only writes the routing config.
+#
+# Wiring on the studio side (chart-deco-studio configMap.meshConfig):
+#   STUDIO_SANDBOX_PREVIEW_URL_PATTERN: "https://{handle}.<domain>"
+#   STUDIO_SANDBOX_PREVIEW_GATEWAY_NAME: "agent-sandbox-preview-<envName>"
+#   STUDIO_SANDBOX_PREVIEW_GATEWAY_NAMESPACE: "<previewGateway.namespace>"
+# Without those, mesh falls back to in-process proxying via its own Service
+# (the previous design). That fallback also requires a separate cluster-wide
+# HTTPRoute that this chart no longer creates.
+#
+# Manual prerequisites (not templated):
+#   1. DNS: Cloudflare (or other) wildcard `*.<domain>` → cluster
+#      external LB hostname.
+#   2. cert-manager ClusterIssuer for the wildcard cert. DNS-01 is
+#      required (HTTP-01 doesn't work for wildcards). Set `clusterIssuer`
+#      to that issuer's name.
+previewGateway:
+  enabled: false
+  # gatewayClassName for the Gateway. EKS clusters running Istio
+  # ambient/sidecar default to "istio". Confirm with
+  # `kubectl get gatewayclasses` before flipping enabled=true.
+  gatewayClassName: "istio"
+  # Namespace where the Gateway + HTTPRoute land. Mesh's existing gateway
+  # typically lives in `istio-system`; some setups use a dedicated
+  # `gateway` ns. The cert Secret is created in the same ns.
+  namespace: "istio-system"
+  # Wildcard domain for previews — e.g. "preview.decocms.com" yields
+  # `*.preview.decocms.com`. Required when enabled=true.
+  domain: ""
+  # cert-manager ClusterIssuer that issues the wildcard cert. Required
+  # when enabled=true. The chart does NOT template the ClusterIssuer
+  # itself — that is per-cluster infrastructure (a Cloudflare DNS-01
+  # issuer, for example, needs your API token in a Secret).
+  clusterIssuer: ""
+  # PEM-format secret name created by cert-manager. Defaults to
+  # `agent-sandbox-preview-<envName>-tls`. Override only if the cert
+  # lives under a name dictated by external tooling.
+  tlsSecretName: ""
+
+# ── mesh cross-references ──────────────────────────────────────────────
+# Tells this chart where the chart-deco-studio release for THIS
+# environment runs so the RBAC RoleBinding, NetworkPolicy ingress
+# selector, and preview-Gateway HTTPRoute backendRef all point at it.
+# These values must match the namespace + release-name + service-port of
+# the studio install for the same env.
+mesh:
+  # Namespace where the studio release runs. The mesh ServiceAccount and
+  # mesh Service are looked up here.
+  namespace: "deco-studio"
+  # Name of the mesh ServiceAccount that gets the RoleBinding allowing
+  # SandboxClaim CRUD + portforward against agent-sandbox-system.
+  # Conventionally the studio release name (chart.fullname).
+  serviceAccountName: "deco-studio"
+  # DEPRECATED: previously the cluster-wide preview HTTPRoute backendRef'd
+  # the mesh Service so mesh could reverse-proxy preview traffic in
+  # process. The chart no longer renders that HTTPRoute (per-claim routes
+  # are minted by mesh and bypass mesh as a proxy), so these are unused.
+  # Kept to avoid breaking values overrides on existing installs; will be
+  # removed in a future chart version.
+  serviceName: "deco-studio"
+  servicePort: 80
+  # Pod selector labels that identify mesh pods for the NetworkPolicy
+  # ingress rule. Should match the studio chart's selectorLabels.
+  podSelectorLabels:
+    app.kubernetes.io/name: "chart-deco-studio"
+    app.kubernetes.io/instance: "deco-studio"
+
+# ── idle-reap housekeeper ──────────────────────────────────────────────
+# CronJob that direct-deletes ReconcilerError claims and gracefully shuts
+# down idle Ready claims. Emits a Kubernetes Event per reap.
+housekeeper:
+  enabled: false
+
+  schedule: "*/5 * * * *"
+
+  # Should match (or be shorter than) DEFAULT_IDLE_TTL_MS in runner.ts.
+  idleTtlSeconds: 900
+
+  probeTimeoutSeconds: 2
+
+  # 600s ≈ 400 sandboxes/sweep at ~1.5s/claim worst case.
+  activeDeadlineSeconds: 600
+
+  # Grace window for slots missed during controller-manager downtime.
+  startingDeadlineSeconds: 240
+
+  ttlSecondsAfterFinished: 300
+
+  # Empty = use env-scoped defaults from the housekeeper{Claim,Pod}Selector
+  # helpers. Override during phased rollout (before mesh propagates
+  # STUDIO_ENV) — the env-scoped default matches zero claims without the
+  # label. README has the unscoped copy-paste.
+  claimSelector: ""
+  podSelector: ""
+
+  # alpine/k8s bundles kubectl + curl in one image (the sweep needs both).
+  # Tag pinned — `latest` would silently change at the next scheduled run.
+  image:
+    repository: alpine/k8s
+    tag: "1.32.0"
+    pullPolicy: IfNotPresent
+
+  resources:
+    requests:
+      cpu: 50m
+      memory: 64Mi
+    limits:
+      cpu: 200m
+      memory: 128Mi
diff --git a/deploy/helm/sandbox-operator/.helmignore b/deploy/helm/sandbox-operator/.helmignore
new file mode 100644
index 0000000000..62a747d10a
--- /dev/null
+++ b/deploy/helm/sandbox-operator/.helmignore
@@ -0,0 +1,21 @@
+# Helm conventional ignores
+.DS_Store
+.git/
+.gitignore
+.bzr/
+.hg/
+.svn/
+*.tmproj
+.vscode/
+.idea/
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+
+# Re-vendor script — not part of the published chart
+vendor.sh
+
+# Examples folder is for documentation in-tree only
+examples/
diff --git a/deploy/helm/sandbox-operator/Chart.yaml b/deploy/helm/sandbox-operator/Chart.yaml
new file mode 100644
index 0000000000..de2741f207
--- /dev/null
+++ b/deploy/helm/sandbox-operator/Chart.yaml
@@ -0,0 +1,14 @@
+apiVersion: v2
+name: sandbox-operator
+description: |
+  Pure upstream kubernetes-sigs/agent-sandbox operator + CRDs (vendored —
+  upstream does not publish a Helm chart as of v0.4.2). Installs the
+  Namespace, ServiceAccount, Deployment, Service, and ClusterRoles /
+  ClusterRoleBindings the operator needs. No Studio-specific resources
+  live in this chart — see deploy/helm/sandbox-env for those.
+type: application
+# Chart version is independent of upstream agent-sandbox. Bump on any change.
+version: 0.1.0
+# Tracks the upstream agent-sandbox release pinned by vendor.sh.
+appVersion: "0.4.2"
+kubeVersion: ">=1.30.0-0"
diff --git a/deploy/helm/sandbox-operator/README.md b/deploy/helm/sandbox-operator/README.md
new file mode 100644
index 0000000000..0f44feae9f
--- /dev/null
+++ b/deploy/helm/sandbox-operator/README.md
@@ -0,0 +1,119 @@
+# sandbox-operator Helm chart
+
+Pure packaging of the upstream
+[`kubernetes-sigs/agent-sandbox`](https://github.com/kubernetes-sigs/agent-sandbox)
+operator + CRDs (vendored — upstream does not publish a Helm chart as of
+v0.4.2). Installs:
+
+- `Namespace` `agent-sandbox-system` (with PodSecurity admission labels)
+- `ServiceAccount`, `Service`, `Deployment` for the controller
+- `ClusterRole` + `ClusterRoleBinding` for the base + extensions reconcilers
+- All `CustomResourceDefinition`s the operator owns
+
+This chart **deliberately exposes no tunables**. Studio-side resources
+(`SandboxTemplate`, RBAC for the mesh runner, `NetworkPolicy`,
+`SandboxWarmPool`, preview `Gateway`/`HTTPRoute`/`Certificate`) live in the
+companion [`sandbox-env`](../sandbox-env/) chart and are installed once per
+environment alongside this one.
+
+Pinned upstream version: **v0.4.2** (see `Chart.yaml` `appVersion`).
+
+## Prerequisites
+
+- **Kubernetes 1.30+** (enforced by `Chart.yaml` `kubeVersion`).
+- The chart **must be installed into the `agent-sandbox-system` namespace**.
+  The vendored upstream operator manifest hardcodes that namespace; `helm
+  template` will fail otherwise. See the validation in `_helpers.tpl`.
+
+## Install
+
+Published as an OCI artifact at
+`oci://ghcr.io/decocms/studio/charts/sandbox-operator` by
+`.github/workflows/release-sandbox-charts.yaml`.
+
+```bash
+helm install sandbox-operator \
+  oci://ghcr.io/decocms/studio/charts/sandbox-operator \
+  --version 0.1.0 \
+  --namespace agent-sandbox-system --create-namespace
+```
+
+Then install one `sandbox-env` release per environment that needs to use
+this operator. See [`../sandbox-env/README.md`](../sandbox-env/README.md).
+
+### ArgoCD Application
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: sandbox-operator
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: ghcr.io/decocms/studio/charts
+    chart: sandbox-operator
+    targetRevision: 0.1.0
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: agent-sandbox-system
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+```
+
+## Layout
+
+```
+sandbox-operator/
+├── Chart.yaml
+├── values.yaml                     # intentionally empty
+├── vendor.sh                       # re-fetches upstream YAML
+├── crds/
+│   └── agent-sandbox-crds.yaml     # vendored CRDs
+└── templates/
+    ├── _helpers.tpl
+    ├── validations.yaml            # namespace preflight
+    └── agent-sandbox-manifest.yaml # vendored upstream operator
+```
+
+`vendor.sh` splits upstream multi-doc YAML on `kind: CustomResourceDefinition`
+boundaries and routes each doc into `crds/` or `templates/`.
+
+## CRD upgrade caveat
+
+Helm install-applies files under `crds/` on first install but **never
+upgrades them** (intentional Helm design choice). After bumping `appVersion`
+via `./vendor.sh`, run:
+
+```bash
+kubectl apply -f deploy/helm/sandbox-operator/crds/agent-sandbox-crds.yaml
+# then helm upgrade as normal
+```
+
+Uninstall + reinstall also works but drops existing `SandboxClaim`s.
+
+## Bumping upstream version
+
+```bash
+./vendor.sh v0.4.3               # re-fetches + re-splits, requires sha256 in KNOWN_CHECKSUMS
+# edit Chart.yaml: appVersion -> "0.4.3"
+# bump version: 0.1.0 -> 0.2.0
+```
+
+Push to `main` — `release-sandbox-charts.yaml` packages and pushes the new
+OCI tag to `ghcr.io`. Argo CD picks it up by the `targetRevision` in the
+`Application` manifest.
+
+Check upstream release notes for CRD schema changes — if `sandboxtemplates`
+or `sandboxwarmpools` shape changes, the matching templates in `sandbox-env`
+may need corresponding edits.
+
+## Why not an upstream Helm chart?
+
+Upstream hasn't published one as of v0.4.2. Filing a request with prior art
+pointing at this chart is worthwhile — if upstream ships an official chart,
+the vendored copy goes away and this chart switches to a `dependencies:`
+entry pointing at upstream's repo.
diff --git a/deploy/helm/sandbox-operator/crds/agent-sandbox-crds.yaml b/deploy/helm/sandbox-operator/crds/agent-sandbox-crds.yaml
new file mode 100644
index 0000000000..07daf0a113
--- /dev/null
+++ b/deploy/helm/sandbox-operator/crds/agent-sandbox-crds.yaml
@@ -0,0 +1,8286 @@
+# Vendored from kubernetes-sigs/agent-sandbox v0.4.2 via vendor.sh.
+# Do not edit by hand — re-run vendor.sh to refresh.
+# Contains: CustomResourceDefinition docs only.
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.19.0
+  name: sandboxes.agents.x-k8s.io
+spec:
+  group: agents.x-k8s.io
+  names:
+    kind: Sandbox
+    listKind: SandboxList
+    plural: sandboxes
+    shortNames:
+    - sandbox
+    singular: sandbox
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              podTemplate:
+                properties:
+                  metadata:
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        type: object
+                    type: object
+                  spec:
+                    properties:
+                      activeDeadlineSeconds:
+                        format: int64
+                        type: integer
+                      affinity:
+                        properties:
+                          nodeAffinity:
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    preference:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        matchFields:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    weight:
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - preference
+                                  - weight
+                                  type: object
+                                type: array
+                                x-kubernetes-list-type: atomic
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                properties:
+                                  nodeSelectorTerms:
+                                    items:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        matchFields:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                required:
+                                - nodeSelectorTerms
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          podAffinity:
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    podAffinityTerm:
+                                      properties:
+                                        labelSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-type: atomic
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        matchLabelKeys:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        mismatchLabelKeys:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        namespaceSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-type: atomic
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        namespaces:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        topologyKey:
+                                          type: string
+                                      required:
+                                      - topologyKey
+                                      type: object
+                                    weight:
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - podAffinityTerm
+                                  - weight
+                                  type: object
+                                type: array
+                                x-kubernetes-list-type: atomic
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    labelSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    matchLabelKeys:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    mismatchLabelKeys:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    namespaceSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    namespaces:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    topologyKey:
+                                      type: string
+                                  required:
+                                  - topologyKey
+                                  type: object
+                                type: array
+                                x-kubernetes-list-type: atomic
+                            type: object
+                          podAntiAffinity:
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    podAffinityTerm:
+                                      properties:
+                                        labelSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-type: atomic
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        matchLabelKeys:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        mismatchLabelKeys:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        namespaceSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-type: atomic
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        namespaces:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        topologyKey:
+                                          type: string
+                                      required:
+                                      - topologyKey
+                                      type: object
+                                    weight:
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - podAffinityTerm
+                                  - weight
+                                  type: object
+                                type: array
+                                x-kubernetes-list-type: atomic
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    labelSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    matchLabelKeys:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    mismatchLabelKeys:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    namespaceSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    namespaces:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    topologyKey:
+                                      type: string
+                                  required:
+                                  - topologyKey
+                                  type: object
+                                type: array
+                                x-kubernetes-list-type: atomic
+                            type: object
+                        type: object
+                      automountServiceAccountToken:
+                        type: boolean
+                      containers:
+                        items:
+                          properties:
+                            args:
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            command:
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            env:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                  valueFrom:
+                                    properties:
+                                      configMapKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            default: ""
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      fileKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          optional:
+                                            default: false
+                                            type: boolean
+                                          path:
+                                            type: string
+                                          volumeName:
+                                            type: string
+                                        required:
+                                        - key
+                                        - path
+                                        - volumeName
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      secretKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            default: ""
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            envFrom:
+                              items:
+                                properties:
+                                  configMapRef:
+                                    properties:
+                                      name:
+                                        default: ""
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  prefix:
+                                    type: string
+                                  secretRef:
+                                    properties:
+                                      name:
+                                        default: ""
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            image:
+                              type: string
+                            imagePullPolicy:
+                              type: string
+                            lifecycle:
+                              properties:
+                                postStart:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                preStop:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                stopSignal:
+                                  type: string
+                              type: object
+                            livenessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            name:
+                              type: string
+                            ports:
+                              items:
+                                properties:
+                                  containerPort:
+                                    format: int32
+                                    type: integer
+                                  hostIP:
+                                    type: string
+                                  hostPort:
+                                    format: int32
+                                    type: integer
+                                  name:
+                                    type: string
+                                  protocol:
+                                    default: TCP
+                                    type: string
+                                required:
+                                - containerPort
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                              x-kubernetes-list-type: map
+                            readinessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            resizePolicy:
+                              items:
+                                properties:
+                                  resourceName:
+                                    type: string
+                                  restartPolicy:
+                                    type: string
+                                required:
+                                - resourceName
+                                - restartPolicy
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            resources:
+                              properties:
+                                claims:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      request:
+                                        type: string
+                                    required:
+                                    - name
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-map-keys:
+                                  - name
+                                  x-kubernetes-list-type: map
+                                limits:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                                requests:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                              type: object
+                            restartPolicy:
+                              type: string
+                            restartPolicyRules:
+                              items:
+                                properties:
+                                  action:
+                                    type: string
+                                  exitCodes:
+                                    properties:
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          format: int32
+                                          type: integer
+                                        type: array
+                                        x-kubernetes-list-type: set
+                                    required:
+                                    - operator
+                                    type: object
+                                required:
+                                - action
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            securityContext:
+                              properties:
+                                allowPrivilegeEscalation:
+                                  type: boolean
+                                appArmorProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                capabilities:
+                                  properties:
+                                    add:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    drop:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                privileged:
+                                  type: boolean
+                                procMount:
+                                  type: string
+                                readOnlyRootFilesystem:
+                                  type: boolean
+                                runAsGroup:
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  type: boolean
+                                runAsUser:
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  properties:
+                                    level:
+                                      type: string
+                                    role:
+                                      type: string
+                                    type:
+                                      type: string
+                                    user:
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                windowsOptions:
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      type: string
+                                    hostProcess:
+                                      type: boolean
+                                    runAsUserName:
+                                      type: string
+                                  type: object
+                              type: object
+                            startupProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            stdin:
+                              type: boolean
+                            stdinOnce:
+                              type: boolean
+                            terminationMessagePath:
+                              type: string
+                            terminationMessagePolicy:
+                              type: string
+                            tty:
+                              type: boolean
+                            volumeDevices:
+                              items:
+                                properties:
+                                  devicePath:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - devicePath
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - devicePath
+                              x-kubernetes-list-type: map
+                            volumeMounts:
+                              items:
+                                properties:
+                                  mountPath:
+                                    type: string
+                                  mountPropagation:
+                                    type: string
+                                  name:
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  recursiveReadOnly:
+                                    type: string
+                                  subPath:
+                                    type: string
+                                  subPathExpr:
+                                    type: string
+                                required:
+                                - mountPath
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - mountPath
+                              x-kubernetes-list-type: map
+                            workingDir:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      dnsConfig:
+                        properties:
+                          nameservers:
+                            items:
+                              type: string
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          options:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                value:
+                                  type: string
+                              type: object
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          searches:
+                            items:
+                              type: string
+                            type: array
+                            x-kubernetes-list-type: atomic
+                        type: object
+                      dnsPolicy:
+                        type: string
+                      enableServiceLinks:
+                        type: boolean
+                      ephemeralContainers:
+                        items:
+                          properties:
+                            args:
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            command:
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            env:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                  valueFrom:
+                                    properties:
+                                      configMapKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            default: ""
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      fileKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          optional:
+                                            default: false
+                                            type: boolean
+                                          path:
+                                            type: string
+                                          volumeName:
+                                            type: string
+                                        required:
+                                        - key
+                                        - path
+                                        - volumeName
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      secretKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            default: ""
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            envFrom:
+                              items:
+                                properties:
+                                  configMapRef:
+                                    properties:
+                                      name:
+                                        default: ""
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  prefix:
+                                    type: string
+                                  secretRef:
+                                    properties:
+                                      name:
+                                        default: ""
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            image:
+                              type: string
+                            imagePullPolicy:
+                              type: string
+                            lifecycle:
+                              properties:
+                                postStart:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                preStop:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                stopSignal:
+                                  type: string
+                              type: object
+                            livenessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            name:
+                              type: string
+                            ports:
+                              items:
+                                properties:
+                                  containerPort:
+                                    format: int32
+                                    type: integer
+                                  hostIP:
+                                    type: string
+                                  hostPort:
+                                    format: int32
+                                    type: integer
+                                  name:
+                                    type: string
+                                  protocol:
+                                    default: TCP
+                                    type: string
+                                required:
+                                - containerPort
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                              x-kubernetes-list-type: map
+                            readinessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            resizePolicy:
+                              items:
+                                properties:
+                                  resourceName:
+                                    type: string
+                                  restartPolicy:
+                                    type: string
+                                required:
+                                - resourceName
+                                - restartPolicy
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            resources:
+                              properties:
+                                claims:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      request:
+                                        type: string
+                                    required:
+                                    - name
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-map-keys:
+                                  - name
+                                  x-kubernetes-list-type: map
+                                limits:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                                requests:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                              type: object
+                            restartPolicy:
+                              type: string
+                            restartPolicyRules:
+                              items:
+                                properties:
+                                  action:
+                                    type: string
+                                  exitCodes:
+                                    properties:
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          format: int32
+                                          type: integer
+                                        type: array
+                                        x-kubernetes-list-type: set
+                                    required:
+                                    - operator
+                                    type: object
+                                required:
+                                - action
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            securityContext:
+                              properties:
+                                allowPrivilegeEscalation:
+                                  type: boolean
+                                appArmorProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                capabilities:
+                                  properties:
+                                    add:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    drop:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                privileged:
+                                  type: boolean
+                                procMount:
+                                  type: string
+                                readOnlyRootFilesystem:
+                                  type: boolean
+                                runAsGroup:
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  type: boolean
+                                runAsUser:
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  properties:
+                                    level:
+                                      type: string
+                                    role:
+                                      type: string
+                                    type:
+                                      type: string
+                                    user:
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                windowsOptions:
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      type: string
+                                    hostProcess:
+                                      type: boolean
+                                    runAsUserName:
+                                      type: string
+                                  type: object
+                              type: object
+                            startupProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            stdin:
+                              type: boolean
+                            stdinOnce:
+                              type: boolean
+                            targetContainerName:
+                              type: string
+                            terminationMessagePath:
+                              type: string
+                            terminationMessagePolicy:
+                              type: string
+                            tty:
+                              type: boolean
+                            volumeDevices:
+                              items:
+                                properties:
+                                  devicePath:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - devicePath
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - devicePath
+                              x-kubernetes-list-type: map
+                            volumeMounts:
+                              items:
+                                properties:
+                                  mountPath:
+                                    type: string
+                                  mountPropagation:
+                                    type: string
+                                  name:
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  recursiveReadOnly:
+                                    type: string
+                                  subPath:
+                                    type: string
+                                  subPathExpr:
+                                    type: string
+                                required:
+                                - mountPath
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - mountPath
+                              x-kubernetes-list-type: map
+                            workingDir:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      hostAliases:
+                        items:
+                          properties:
+                            hostnames:
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            ip:
+                              type: string
+                          required:
+                          - ip
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - ip
+                        x-kubernetes-list-type: map
+                      hostIPC:
+                        type: boolean
+                      hostNetwork:
+                        type: boolean
+                      hostPID:
+                        type: boolean
+                      hostUsers:
+                        type: boolean
+                      hostname:
+                        type: string
+                      hostnameOverride:
+                        type: string
+                      imagePullSecrets:
+                        items:
+                          properties:
+                            name:
+                              default: ""
+                              type: string
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      initContainers:
+                        items:
+                          properties:
+                            args:
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            command:
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            env:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                  valueFrom:
+                                    properties:
+                                      configMapKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            default: ""
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      fileKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          optional:
+                                            default: false
+                                            type: boolean
+                                          path:
+                                            type: string
+                                          volumeName:
+                                            type: string
+                                        required:
+                                        - key
+                                        - path
+                                        - volumeName
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      secretKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            default: ""
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            envFrom:
+                              items:
+                                properties:
+                                  configMapRef:
+                                    properties:
+                                      name:
+                                        default: ""
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  prefix:
+                                    type: string
+                                  secretRef:
+                                    properties:
+                                      name:
+                                        default: ""
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            image:
+                              type: string
+                            imagePullPolicy:
+                              type: string
+                            lifecycle:
+                              properties:
+                                postStart:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                preStop:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                stopSignal:
+                                  type: string
+                              type: object
+                            livenessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            name:
+                              type: string
+                            ports:
+                              items:
+                                properties:
+                                  containerPort:
+                                    format: int32
+                                    type: integer
+                                  hostIP:
+                                    type: string
+                                  hostPort:
+                                    format: int32
+                                    type: integer
+                                  name:
+                                    type: string
+                                  protocol:
+                                    default: TCP
+                                    type: string
+                                required:
+                                - containerPort
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                              x-kubernetes-list-type: map
+                            readinessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            resizePolicy:
+                              items:
+                                properties:
+                                  resourceName:
+                                    type: string
+                                  restartPolicy:
+                                    type: string
+                                required:
+                                - resourceName
+                                - restartPolicy
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            resources:
+                              properties:
+                                claims:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      request:
+                                        type: string
+                                    required:
+                                    - name
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-map-keys:
+                                  - name
+                                  x-kubernetes-list-type: map
+                                limits:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                                requests:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                              type: object
+                            restartPolicy:
+                              type: string
+                            restartPolicyRules:
+                              items:
+                                properties:
+                                  action:
+                                    type: string
+                                  exitCodes:
+                                    properties:
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          format: int32
+                                          type: integer
+                                        type: array
+                                        x-kubernetes-list-type: set
+                                    required:
+                                    - operator
+                                    type: object
+                                required:
+                                - action
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            securityContext:
+                              properties:
+                                allowPrivilegeEscalation:
+                                  type: boolean
+                                appArmorProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                capabilities:
+                                  properties:
+                                    add:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    drop:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                privileged:
+                                  type: boolean
+                                procMount:
+                                  type: string
+                                readOnlyRootFilesystem:
+                                  type: boolean
+                                runAsGroup:
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  type: boolean
+                                runAsUser:
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  properties:
+                                    level:
+                                      type: string
+                                    role:
+                                      type: string
+                                    type:
+                                      type: string
+                                    user:
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                windowsOptions:
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      type: string
+                                    hostProcess:
+                                      type: boolean
+                                    runAsUserName:
+                                      type: string
+                                  type: object
+                              type: object
+                            startupProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            stdin:
+                              type: boolean
+                            stdinOnce:
+                              type: boolean
+                            terminationMessagePath:
+                              type: string
+                            terminationMessagePolicy:
+                              type: string
+                            tty:
+                              type: boolean
+                            volumeDevices:
+                              items:
+                                properties:
+                                  devicePath:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - devicePath
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - devicePath
+                              x-kubernetes-list-type: map
+                            volumeMounts:
+                              items:
+                                properties:
+                                  mountPath:
+                                    type: string
+                                  mountPropagation:
+                                    type: string
+                                  name:
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  recursiveReadOnly:
+                                    type: string
+                                  subPath:
+                                    type: string
+                                  subPathExpr:
+                                    type: string
+                                required:
+                                - mountPath
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - mountPath
+                              x-kubernetes-list-type: map
+                            workingDir:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      nodeName:
+                        type: string
+                      nodeSelector:
+                        additionalProperties:
+                          type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      os:
+                        properties:
+                          name:
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      overhead:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                      preemptionPolicy:
+                        type: string
+                      priority:
+                        format: int32
+                        type: integer
+                      priorityClassName:
+                        type: string
+                      readinessGates:
+                        items:
+                          properties:
+                            conditionType:
+                              type: string
+                          required:
+                          - conditionType
+                          type: object
+                        type: array
+                        x-kubernetes-list-type: atomic
+                      resourceClaims:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                            resourceClaimName:
+                              type: string
+                            resourceClaimTemplateName:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      resources:
+                        properties:
+                          claims:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                request:
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                            type: array
+                            x-kubernetes-list-map-keys:
+                            - name
+                            x-kubernetes-list-type: map
+                          limits:
+                            additionalProperties:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            type: object
+                          requests:
+                            additionalProperties:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            type: object
+                        type: object
+                      restartPolicy:
+                        type: string
+                      runtimeClassName:
+                        type: string
+                      schedulerName:
+                        type: string
+                      schedulingGates:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      securityContext:
+                        properties:
+                          appArmorProfile:
+                            properties:
+                              localhostProfile:
+                                type: string
+                              type:
+                                type: string
+                            required:
+                            - type
+                            type: object
+                          fsGroup:
+                            format: int64
+                            type: integer
+                          fsGroupChangePolicy:
+                            type: string
+                          runAsGroup:
+                            format: int64
+                            type: integer
+                          runAsNonRoot:
+                            type: boolean
+                          runAsUser:
+                            format: int64
+                            type: integer
+                          seLinuxChangePolicy:
+                            type: string
+                          seLinuxOptions:
+                            properties:
+                              level:
+                                type: string
+                              role:
+                                type: string
+                              type:
+                                type: string
+                              user:
+                                type: string
+                            type: object
+                          seccompProfile:
+                            properties:
+                              localhostProfile:
+                                type: string
+                              type:
+                                type: string
+                            required:
+                            - type
+                            type: object
+                          supplementalGroups:
+                            items:
+                              format: int64
+                              type: integer
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          supplementalGroupsPolicy:
+                            type: string
+                          sysctls:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                value:
+                                  type: string
+                              required:
+                              - name
+                              - value
+                              type: object
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          windowsOptions:
+                            properties:
+                              gmsaCredentialSpec:
+                                type: string
+                              gmsaCredentialSpecName:
+                                type: string
+                              hostProcess:
+                                type: boolean
+                              runAsUserName:
+                                type: string
+                            type: object
+                        type: object
+                      serviceAccount:
+                        type: string
+                      serviceAccountName:
+                        type: string
+                      setHostnameAsFQDN:
+                        type: boolean
+                      shareProcessNamespace:
+                        type: boolean
+                      subdomain:
+                        type: string
+                      terminationGracePeriodSeconds:
+                        format: int64
+                        type: integer
+                      tolerations:
+                        items:
+                          properties:
+                            effect:
+                              type: string
+                            key:
+                              type: string
+                            operator:
+                              type: string
+                            tolerationSeconds:
+                              format: int64
+                              type: integer
+                            value:
+                              type: string
+                          type: object
+                        type: array
+                        x-kubernetes-list-type: atomic
+                      topologySpreadConstraints:
+                        items:
+                          properties:
+                            labelSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            matchLabelKeys:
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            maxSkew:
+                              format: int32
+                              type: integer
+                            minDomains:
+                              format: int32
+                              type: integer
+                            nodeAffinityPolicy:
+                              type: string
+                            nodeTaintsPolicy:
+                              type: string
+                            topologyKey:
+                              type: string
+                            whenUnsatisfiable:
+                              type: string
+                          required:
+                          - maxSkew
+                          - topologyKey
+                          - whenUnsatisfiable
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - topologyKey
+                        - whenUnsatisfiable
+                        x-kubernetes-list-type: map
+                      volumes:
+                        items:
+                          properties:
+                            awsElasticBlockStore:
+                              properties:
+                                fsType:
+                                  type: string
+                                partition:
+                                  format: int32
+                                  type: integer
+                                readOnly:
+                                  type: boolean
+                                volumeID:
+                                  type: string
+                              required:
+                              - volumeID
+                              type: object
+                            azureDisk:
+                              properties:
+                                cachingMode:
+                                  type: string
+                                diskName:
+                                  type: string
+                                diskURI:
+                                  type: string
+                                fsType:
+                                  default: ext4
+                                  type: string
+                                kind:
+                                  type: string
+                                readOnly:
+                                  default: false
+                                  type: boolean
+                              required:
+                              - diskName
+                              - diskURI
+                              type: object
+                            azureFile:
+                              properties:
+                                readOnly:
+                                  type: boolean
+                                secretName:
+                                  type: string
+                                shareName:
+                                  type: string
+                              required:
+                              - secretName
+                              - shareName
+                              type: object
+                            cephfs:
+                              properties:
+                                monitors:
+                                  items:
+                                    type: string
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                path:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretFile:
+                                  type: string
+                                secretRef:
+                                  properties:
+                                    name:
+                                      default: ""
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                user:
+                                  type: string
+                              required:
+                              - monitors
+                              type: object
+                            cinder:
+                              properties:
+                                fsType:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      default: ""
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                volumeID:
+                                  type: string
+                              required:
+                              - volumeID
+                              type: object
+                            configMap:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                items:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      mode:
+                                        format: int32
+                                        type: integer
+                                      path:
+                                        type: string
+                                    required:
+                                    - key
+                                    - path
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                name:
+                                  default: ""
+                                  type: string
+                                optional:
+                                  type: boolean
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            csi:
+                              properties:
+                                driver:
+                                  type: string
+                                fsType:
+                                  type: string
+                                nodePublishSecretRef:
+                                  properties:
+                                    name:
+                                      default: ""
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                readOnly:
+                                  type: boolean
+                                volumeAttributes:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              required:
+                              - driver
+                              type: object
+                            downwardAPI:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                items:
+                                  items:
+                                    properties:
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      mode:
+                                        format: int32
+                                        type: integer
+                                      path:
+                                        type: string
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    required:
+                                    - path
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                              type: object
+                            emptyDir:
+                              properties:
+                                medium:
+                                  type: string
+                                sizeLimit:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            ephemeral:
+                              properties:
+                                volumeClaimTemplate:
+                                  properties:
+                                    metadata:
+                                      type: object
+                                    spec:
+                                      properties:
+                                        accessModes:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        dataSource:
+                                          properties:
+                                            apiGroup:
+                                              type: string
+                                            kind:
+                                              type: string
+                                            name:
+                                              type: string
+                                          required:
+                                          - kind
+                                          - name
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        dataSourceRef:
+                                          properties:
+                                            apiGroup:
+                                              type: string
+                                            kind:
+                                              type: string
+                                            name:
+                                              type: string
+                                            namespace:
+                                              type: string
+                                          required:
+                                          - kind
+                                          - name
+                                          type: object
+                                        resources:
+                                          properties:
+                                            limits:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              type: object
+                                            requests:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              type: object
+                                          type: object
+                                        selector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-type: atomic
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        storageClassName:
+                                          type: string
+                                        volumeAttributesClassName:
+                                          type: string
+                                        volumeMode:
+                                          type: string
+                                        volumeName:
+                                          type: string
+                                      type: object
+                                  required:
+                                  - spec
+                                  type: object
+                              type: object
+                            fc:
+                              properties:
+                                fsType:
+                                  type: string
+                                lun:
+                                  format: int32
+                                  type: integer
+                                readOnly:
+                                  type: boolean
+                                targetWWNs:
+                                  items:
+                                    type: string
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                wwids:
+                                  items:
+                                    type: string
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                              type: object
+                            flexVolume:
+                              properties:
+                                driver:
+                                  type: string
+                                fsType:
+                                  type: string
+                                options:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      default: ""
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              required:
+                              - driver
+                              type: object
+                            flocker:
+                              properties:
+                                datasetName:
+                                  type: string
+                                datasetUUID:
+                                  type: string
+                              type: object
+                            gcePersistentDisk:
+                              properties:
+                                fsType:
+                                  type: string
+                                partition:
+                                  format: int32
+                                  type: integer
+                                pdName:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - pdName
+                              type: object
+                            gitRepo:
+                              properties:
+                                directory:
+                                  type: string
+                                repository:
+                                  type: string
+                                revision:
+                                  type: string
+                              required:
+                              - repository
+                              type: object
+                            glusterfs:
+                              properties:
+                                endpoints:
+                                  type: string
+                                path:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - endpoints
+                              - path
+                              type: object
+                            hostPath:
+                              properties:
+                                path:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                              - path
+                              type: object
+                            image:
+                              properties:
+                                pullPolicy:
+                                  type: string
+                                reference:
+                                  type: string
+                              type: object
+                            iscsi:
+                              properties:
+                                chapAuthDiscovery:
+                                  type: boolean
+                                chapAuthSession:
+                                  type: boolean
+                                fsType:
+                                  type: string
+                                initiatorName:
+                                  type: string
+                                iqn:
+                                  type: string
+                                iscsiInterface:
+                                  default: default
+                                  type: string
+                                lun:
+                                  format: int32
+                                  type: integer
+                                portals:
+                                  items:
+                                    type: string
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      default: ""
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                targetPortal:
+                                  type: string
+                              required:
+                              - iqn
+                              - lun
+                              - targetPortal
+                              type: object
+                            name:
+                              type: string
+                            nfs:
+                              properties:
+                                path:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                server:
+                                  type: string
+                              required:
+                              - path
+                              - server
+                              type: object
+                            persistentVolumeClaim:
+                              properties:
+                                claimName:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - claimName
+                              type: object
+                            photonPersistentDisk:
+                              properties:
+                                fsType:
+                                  type: string
+                                pdID:
+                                  type: string
+                              required:
+                              - pdID
+                              type: object
+                            portworxVolume:
+                              properties:
+                                fsType:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                volumeID:
+                                  type: string
+                              required:
+                              - volumeID
+                              type: object
+                            projected:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                sources:
+                                  items:
+                                    properties:
+                                      clusterTrustBundle:
+                                        properties:
+                                          labelSelector:
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      type: string
+                                                    operator:
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                      x-kubernetes-list-type: atomic
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                          path:
+                                            type: string
+                                          signerName:
+                                            type: string
+                                        required:
+                                        - path
+                                        type: object
+                                      configMap:
+                                        properties:
+                                          items:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                mode:
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  type: string
+                                              required:
+                                              - key
+                                              - path
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          name:
+                                            default: ""
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      downwardAPI:
+                                        properties:
+                                          items:
+                                            items:
+                                              properties:
+                                                fieldRef:
+                                                  properties:
+                                                    apiVersion:
+                                                      type: string
+                                                    fieldPath:
+                                                      type: string
+                                                  required:
+                                                  - fieldPath
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                mode:
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  type: string
+                                                resourceFieldRef:
+                                                  properties:
+                                                    containerName:
+                                                      type: string
+                                                    divisor:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    resource:
+                                                      type: string
+                                                  required:
+                                                  - resource
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                              required:
+                                              - path
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                        type: object
+                                      podCertificate:
+                                        properties:
+                                          certificateChainPath:
+                                            type: string
+                                          credentialBundlePath:
+                                            type: string
+                                          keyPath:
+                                            type: string
+                                          keyType:
+                                            type: string
+                                          maxExpirationSeconds:
+                                            format: int32
+                                            type: integer
+                                          signerName:
+                                            type: string
+                                          userAnnotations:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        required:
+                                        - keyType
+                                        - signerName
+                                        type: object
+                                      secret:
+                                        properties:
+                                          items:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                mode:
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  type: string
+                                              required:
+                                              - key
+                                              - path
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          name:
+                                            default: ""
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      serviceAccountToken:
+                                        properties:
+                                          audience:
+                                            type: string
+                                          expirationSeconds:
+                                            format: int64
+                                            type: integer
+                                          path:
+                                            type: string
+                                        required:
+                                        - path
+                                        type: object
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                              type: object
+                            quobyte:
+                              properties:
+                                group:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                registry:
+                                  type: string
+                                tenant:
+                                  type: string
+                                user:
+                                  type: string
+                                volume:
+                                  type: string
+                              required:
+                              - registry
+                              - volume
+                              type: object
+                            rbd:
+                              properties:
+                                fsType:
+                                  type: string
+                                image:
+                                  type: string
+                                keyring:
+                                  default: /etc/ceph/keyring
+                                  type: string
+                                monitors:
+                                  items:
+                                    type: string
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                pool:
+                                  default: rbd
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      default: ""
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                user:
+                                  default: admin
+                                  type: string
+                              required:
+                              - image
+                              - monitors
+                              type: object
+                            scaleIO:
+                              properties:
+                                fsType:
+                                  default: xfs
+                                  type: string
+                                gateway:
+                                  type: string
+                                protectionDomain:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      default: ""
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                sslEnabled:
+                                  type: boolean
+                                storageMode:
+                                  default: ThinProvisioned
+                                  type: string
+                                storagePool:
+                                  type: string
+                                system:
+                                  type: string
+                                volumeName:
+                                  type: string
+                              required:
+                              - gateway
+                              - secretRef
+                              - system
+                              type: object
+                            secret:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                items:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      mode:
+                                        format: int32
+                                        type: integer
+                                      path:
+                                        type: string
+                                    required:
+                                    - key
+                                    - path
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                optional:
+                                  type: boolean
+                                secretName:
+                                  type: string
+                              type: object
+                            storageos:
+                              properties:
+                                fsType:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      default: ""
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                volumeName:
+                                  type: string
+                                volumeNamespace:
+                                  type: string
+                              type: object
+                            vsphereVolume:
+                              properties:
+                                fsType:
+                                  type: string
+                                storagePolicyID:
+                                  type: string
+                                storagePolicyName:
+                                  type: string
+                                volumePath:
+                                  type: string
+                              required:
+                              - volumePath
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      workloadRef:
+                        properties:
+                          name:
+                            type: string
+                          podGroup:
+                            type: string
+                          podGroupReplicaKey:
+                            type: string
+                        required:
+                        - name
+                        - podGroup
+                        type: object
+                    required:
+                    - containers
+                    type: object
+                required:
+                - spec
+                type: object
+              replicas:
+                default: 1
+                format: int32
+                maximum: 1
+                minimum: 0
+                type: integer
+              shutdownPolicy:
+                default: Retain
+                enum:
+                - Delete
+                - Retain
+                type: string
+              shutdownTime:
+                format: date-time
+                type: string
+              volumeClaimTemplates:
+                items:
+                  properties:
+                    metadata:
+                      properties:
+                        annotations:
+                          additionalProperties:
+                            type: string
+                          type: object
+                        labels:
+                          additionalProperties:
+                            type: string
+                          type: object
+                        name:
+                          type: string
+                      type: object
+                    spec:
+                      properties:
+                        accessModes:
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        dataSource:
+                          properties:
+                            apiGroup:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                          required:
+                          - kind
+                          - name
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        dataSourceRef:
+                          properties:
+                            apiGroup:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                          required:
+                          - kind
+                          - name
+                          type: object
+                        resources:
+                          properties:
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                          type: object
+                        selector:
+                          properties:
+                            matchExpressions:
+                              items:
+                                properties:
+                                  key:
+                                    type: string
+                                  operator:
+                                    type: string
+                                  values:
+                                    items:
+                                      type: string
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                required:
+                                - key
+                                - operator
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              type: object
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        storageClassName:
+                          type: string
+                        volumeAttributesClassName:
+                          type: string
+                        volumeMode:
+                          type: string
+                        volumeName:
+                          type: string
+                      type: object
+                  required:
+                  - spec
+                  type: object
+                type: array
+            required:
+            - podTemplate
+            type: object
+          status:
+            properties:
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      format: date-time
+                      type: string
+                    message:
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              podIPs:
+                items:
+                  type: string
+                type: array
+              replicas:
+                format: int32
+                minimum: 0
+                type: integer
+              selector:
+                type: string
+              service:
+                type: string
+              serviceFQDN:
+                type: string
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      scale:
+        labelSelectorPath: .status.selector
+        specReplicasPath: .spec.replicas
+        statusReplicasPath: .status.replicas
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.19.0
+  name: sandboxclaims.extensions.agents.x-k8s.io
+spec:
+  group: extensions.agents.x-k8s.io
+  names:
+    kind: SandboxClaim
+    listKind: SandboxClaimList
+    plural: sandboxclaims
+    shortNames:
+    - sandboxclaim
+    singular: sandboxclaim
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              additionalPodMetadata:
+                properties:
+                  annotations:
+                    additionalProperties:
+                      type: string
+                    type: object
+                  labels:
+                    additionalProperties:
+                      type: string
+                    type: object
+                type: object
+              env:
+                items:
+                  properties:
+                    containerName:
+                      type: string
+                    name:
+                      type: string
+                    value:
+                      type: string
+                  required:
+                  - name
+                  - value
+                  type: object
+                type: array
+                x-kubernetes-list-type: atomic
+              lifecycle:
+                properties:
+                  shutdownPolicy:
+                    default: Retain
+                    enum:
+                    - Delete
+                    - DeleteForeground
+                    - Retain
+                    type: string
+                  shutdownTime:
+                    format: date-time
+                    type: string
+                type: object
+              sandboxTemplateRef:
+                properties:
+                  name:
+                    type: string
+                required:
+                - name
+                type: object
+              warmpool:
+                default: default
+                type: string
+            required:
+            - sandboxTemplateRef
+            type: object
+          status:
+            properties:
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      format: date-time
+                      type: string
+                    message:
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              sandbox:
+                properties:
+                  name:
+                    type: string
+                  podIPs:
+                    items:
+                      type: string
+                    type: array
+                type: object
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.19.0
+  name: sandboxtemplates.extensions.agents.x-k8s.io
+spec:
+  group: extensions.agents.x-k8s.io
+  names:
+    kind: SandboxTemplate
+    listKind: SandboxTemplateList
+    plural: sandboxtemplates
+    shortNames:
+    - sandboxtemplate
+    singular: sandboxtemplate
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              envVarsInjectionPolicy:
+                default: Disallowed
+                enum:
+                - Allowed
+                - Overrides
+                - Disallowed
+                type: string
+              networkPolicy:
+                properties:
+                  egress:
+                    items:
+                      properties:
+                        ports:
+                          items:
+                            properties:
+                              endPort:
+                                format: int32
+                                type: integer
+                              port:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                x-kubernetes-int-or-string: true
+                              protocol:
+                                type: string
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        to:
+                          items:
+                            properties:
+                              ipBlock:
+                                properties:
+                                  cidr:
+                                    type: string
+                                  except:
+                                    items:
+                                      type: string
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                required:
+                                - cidr
+                                type: object
+                              namespaceSelector:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      required:
+                                      - key
+                                      - operator
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  matchLabels:
+                                    additionalProperties:
+                                      type: string
+                                    type: object
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              podSelector:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      required:
+                                      - key
+                                      - operator
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  matchLabels:
+                                    additionalProperties:
+                                      type: string
+                                    type: object
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                      type: object
+                    type: array
+                  ingress:
+                    items:
+                      properties:
+                        from:
+                          items:
+                            properties:
+                              ipBlock:
+                                properties:
+                                  cidr:
+                                    type: string
+                                  except:
+                                    items:
+                                      type: string
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                required:
+                                - cidr
+                                type: object
+                              namespaceSelector:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      required:
+                                      - key
+                                      - operator
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  matchLabels:
+                                    additionalProperties:
+                                      type: string
+                                    type: object
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              podSelector:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      required:
+                                      - key
+                                      - operator
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  matchLabels:
+                                    additionalProperties:
+                                      type: string
+                                    type: object
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        ports:
+                          items:
+                            properties:
+                              endPort:
+                                format: int32
+                                type: integer
+                              port:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                x-kubernetes-int-or-string: true
+                              protocol:
+                                type: string
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                      type: object
+                    type: array
+                type: object
+              networkPolicyManagement:
+                default: Managed
+                enum:
+                - Managed
+                - Unmanaged
+                type: string
+              podTemplate:
+                properties:
+                  metadata:
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        type: object
+                    type: object
+                  spec:
+                    properties:
+                      activeDeadlineSeconds:
+                        format: int64
+                        type: integer
+                      affinity:
+                        properties:
+                          nodeAffinity:
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    preference:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        matchFields:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    weight:
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - preference
+                                  - weight
+                                  type: object
+                                type: array
+                                x-kubernetes-list-type: atomic
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                properties:
+                                  nodeSelectorTerms:
+                                    items:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        matchFields:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                required:
+                                - nodeSelectorTerms
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          podAffinity:
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    podAffinityTerm:
+                                      properties:
+                                        labelSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-type: atomic
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        matchLabelKeys:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        mismatchLabelKeys:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        namespaceSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-type: atomic
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        namespaces:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        topologyKey:
+                                          type: string
+                                      required:
+                                      - topologyKey
+                                      type: object
+                                    weight:
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - podAffinityTerm
+                                  - weight
+                                  type: object
+                                type: array
+                                x-kubernetes-list-type: atomic
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    labelSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    matchLabelKeys:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    mismatchLabelKeys:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    namespaceSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    namespaces:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    topologyKey:
+                                      type: string
+                                  required:
+                                  - topologyKey
+                                  type: object
+                                type: array
+                                x-kubernetes-list-type: atomic
+                            type: object
+                          podAntiAffinity:
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    podAffinityTerm:
+                                      properties:
+                                        labelSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-type: atomic
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        matchLabelKeys:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        mismatchLabelKeys:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        namespaceSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-type: atomic
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        namespaces:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        topologyKey:
+                                          type: string
+                                      required:
+                                      - topologyKey
+                                      type: object
+                                    weight:
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - podAffinityTerm
+                                  - weight
+                                  type: object
+                                type: array
+                                x-kubernetes-list-type: atomic
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    labelSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    matchLabelKeys:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    mismatchLabelKeys:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    namespaceSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    namespaces:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    topologyKey:
+                                      type: string
+                                  required:
+                                  - topologyKey
+                                  type: object
+                                type: array
+                                x-kubernetes-list-type: atomic
+                            type: object
+                        type: object
+                      automountServiceAccountToken:
+                        type: boolean
+                      containers:
+                        items:
+                          properties:
+                            args:
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            command:
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            env:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                  valueFrom:
+                                    properties:
+                                      configMapKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            default: ""
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      fileKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          optional:
+                                            default: false
+                                            type: boolean
+                                          path:
+                                            type: string
+                                          volumeName:
+                                            type: string
+                                        required:
+                                        - key
+                                        - path
+                                        - volumeName
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      secretKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            default: ""
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            envFrom:
+                              items:
+                                properties:
+                                  configMapRef:
+                                    properties:
+                                      name:
+                                        default: ""
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  prefix:
+                                    type: string
+                                  secretRef:
+                                    properties:
+                                      name:
+                                        default: ""
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            image:
+                              type: string
+                            imagePullPolicy:
+                              type: string
+                            lifecycle:
+                              properties:
+                                postStart:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                preStop:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                stopSignal:
+                                  type: string
+                              type: object
+                            livenessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            name:
+                              type: string
+                            ports:
+                              items:
+                                properties:
+                                  containerPort:
+                                    format: int32
+                                    type: integer
+                                  hostIP:
+                                    type: string
+                                  hostPort:
+                                    format: int32
+                                    type: integer
+                                  name:
+                                    type: string
+                                  protocol:
+                                    default: TCP
+                                    type: string
+                                required:
+                                - containerPort
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                              x-kubernetes-list-type: map
+                            readinessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            resizePolicy:
+                              items:
+                                properties:
+                                  resourceName:
+                                    type: string
+                                  restartPolicy:
+                                    type: string
+                                required:
+                                - resourceName
+                                - restartPolicy
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            resources:
+                              properties:
+                                claims:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      request:
+                                        type: string
+                                    required:
+                                    - name
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-map-keys:
+                                  - name
+                                  x-kubernetes-list-type: map
+                                limits:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                                requests:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                              type: object
+                            restartPolicy:
+                              type: string
+                            restartPolicyRules:
+                              items:
+                                properties:
+                                  action:
+                                    type: string
+                                  exitCodes:
+                                    properties:
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          format: int32
+                                          type: integer
+                                        type: array
+                                        x-kubernetes-list-type: set
+                                    required:
+                                    - operator
+                                    type: object
+                                required:
+                                - action
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            securityContext:
+                              properties:
+                                allowPrivilegeEscalation:
+                                  type: boolean
+                                appArmorProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                capabilities:
+                                  properties:
+                                    add:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    drop:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                privileged:
+                                  type: boolean
+                                procMount:
+                                  type: string
+                                readOnlyRootFilesystem:
+                                  type: boolean
+                                runAsGroup:
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  type: boolean
+                                runAsUser:
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  properties:
+                                    level:
+                                      type: string
+                                    role:
+                                      type: string
+                                    type:
+                                      type: string
+                                    user:
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                windowsOptions:
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      type: string
+                                    hostProcess:
+                                      type: boolean
+                                    runAsUserName:
+                                      type: string
+                                  type: object
+                              type: object
+                            startupProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            stdin:
+                              type: boolean
+                            stdinOnce:
+                              type: boolean
+                            terminationMessagePath:
+                              type: string
+                            terminationMessagePolicy:
+                              type: string
+                            tty:
+                              type: boolean
+                            volumeDevices:
+                              items:
+                                properties:
+                                  devicePath:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - devicePath
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - devicePath
+                              x-kubernetes-list-type: map
+                            volumeMounts:
+                              items:
+                                properties:
+                                  mountPath:
+                                    type: string
+                                  mountPropagation:
+                                    type: string
+                                  name:
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  recursiveReadOnly:
+                                    type: string
+                                  subPath:
+                                    type: string
+                                  subPathExpr:
+                                    type: string
+                                required:
+                                - mountPath
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - mountPath
+                              x-kubernetes-list-type: map
+                            workingDir:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      dnsConfig:
+                        properties:
+                          nameservers:
+                            items:
+                              type: string
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          options:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                value:
+                                  type: string
+                              type: object
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          searches:
+                            items:
+                              type: string
+                            type: array
+                            x-kubernetes-list-type: atomic
+                        type: object
+                      dnsPolicy:
+                        type: string
+                      enableServiceLinks:
+                        type: boolean
+                      ephemeralContainers:
+                        items:
+                          properties:
+                            args:
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            command:
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            env:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                  valueFrom:
+                                    properties:
+                                      configMapKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            default: ""
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      fileKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          optional:
+                                            default: false
+                                            type: boolean
+                                          path:
+                                            type: string
+                                          volumeName:
+                                            type: string
+                                        required:
+                                        - key
+                                        - path
+                                        - volumeName
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      secretKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            default: ""
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            envFrom:
+                              items:
+                                properties:
+                                  configMapRef:
+                                    properties:
+                                      name:
+                                        default: ""
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  prefix:
+                                    type: string
+                                  secretRef:
+                                    properties:
+                                      name:
+                                        default: ""
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            image:
+                              type: string
+                            imagePullPolicy:
+                              type: string
+                            lifecycle:
+                              properties:
+                                postStart:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                preStop:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                stopSignal:
+                                  type: string
+                              type: object
+                            livenessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            name:
+                              type: string
+                            ports:
+                              items:
+                                properties:
+                                  containerPort:
+                                    format: int32
+                                    type: integer
+                                  hostIP:
+                                    type: string
+                                  hostPort:
+                                    format: int32
+                                    type: integer
+                                  name:
+                                    type: string
+                                  protocol:
+                                    default: TCP
+                                    type: string
+                                required:
+                                - containerPort
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                              x-kubernetes-list-type: map
+                            readinessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            resizePolicy:
+                              items:
+                                properties:
+                                  resourceName:
+                                    type: string
+                                  restartPolicy:
+                                    type: string
+                                required:
+                                - resourceName
+                                - restartPolicy
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            resources:
+                              properties:
+                                claims:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      request:
+                                        type: string
+                                    required:
+                                    - name
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-map-keys:
+                                  - name
+                                  x-kubernetes-list-type: map
+                                limits:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                                requests:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                              type: object
+                            restartPolicy:
+                              type: string
+                            restartPolicyRules:
+                              items:
+                                properties:
+                                  action:
+                                    type: string
+                                  exitCodes:
+                                    properties:
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          format: int32
+                                          type: integer
+                                        type: array
+                                        x-kubernetes-list-type: set
+                                    required:
+                                    - operator
+                                    type: object
+                                required:
+                                - action
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            securityContext:
+                              properties:
+                                allowPrivilegeEscalation:
+                                  type: boolean
+                                appArmorProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                capabilities:
+                                  properties:
+                                    add:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    drop:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                privileged:
+                                  type: boolean
+                                procMount:
+                                  type: string
+                                readOnlyRootFilesystem:
+                                  type: boolean
+                                runAsGroup:
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  type: boolean
+                                runAsUser:
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  properties:
+                                    level:
+                                      type: string
+                                    role:
+                                      type: string
+                                    type:
+                                      type: string
+                                    user:
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                windowsOptions:
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      type: string
+                                    hostProcess:
+                                      type: boolean
+                                    runAsUserName:
+                                      type: string
+                                  type: object
+                              type: object
+                            startupProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            stdin:
+                              type: boolean
+                            stdinOnce:
+                              type: boolean
+                            targetContainerName:
+                              type: string
+                            terminationMessagePath:
+                              type: string
+                            terminationMessagePolicy:
+                              type: string
+                            tty:
+                              type: boolean
+                            volumeDevices:
+                              items:
+                                properties:
+                                  devicePath:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - devicePath
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - devicePath
+                              x-kubernetes-list-type: map
+                            volumeMounts:
+                              items:
+                                properties:
+                                  mountPath:
+                                    type: string
+                                  mountPropagation:
+                                    type: string
+                                  name:
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  recursiveReadOnly:
+                                    type: string
+                                  subPath:
+                                    type: string
+                                  subPathExpr:
+                                    type: string
+                                required:
+                                - mountPath
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - mountPath
+                              x-kubernetes-list-type: map
+                            workingDir:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      hostAliases:
+                        items:
+                          properties:
+                            hostnames:
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            ip:
+                              type: string
+                          required:
+                          - ip
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - ip
+                        x-kubernetes-list-type: map
+                      hostIPC:
+                        type: boolean
+                      hostNetwork:
+                        type: boolean
+                      hostPID:
+                        type: boolean
+                      hostUsers:
+                        type: boolean
+                      hostname:
+                        type: string
+                      hostnameOverride:
+                        type: string
+                      imagePullSecrets:
+                        items:
+                          properties:
+                            name:
+                              default: ""
+                              type: string
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      initContainers:
+                        items:
+                          properties:
+                            args:
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            command:
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            env:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                  valueFrom:
+                                    properties:
+                                      configMapKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            default: ""
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      fileKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          optional:
+                                            default: false
+                                            type: boolean
+                                          path:
+                                            type: string
+                                          volumeName:
+                                            type: string
+                                        required:
+                                        - key
+                                        - path
+                                        - volumeName
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      secretKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            default: ""
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            envFrom:
+                              items:
+                                properties:
+                                  configMapRef:
+                                    properties:
+                                      name:
+                                        default: ""
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  prefix:
+                                    type: string
+                                  secretRef:
+                                    properties:
+                                      name:
+                                        default: ""
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            image:
+                              type: string
+                            imagePullPolicy:
+                              type: string
+                            lifecycle:
+                              properties:
+                                postStart:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                preStop:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                stopSignal:
+                                  type: string
+                              type: object
+                            livenessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            name:
+                              type: string
+                            ports:
+                              items:
+                                properties:
+                                  containerPort:
+                                    format: int32
+                                    type: integer
+                                  hostIP:
+                                    type: string
+                                  hostPort:
+                                    format: int32
+                                    type: integer
+                                  name:
+                                    type: string
+                                  protocol:
+                                    default: TCP
+                                    type: string
+                                required:
+                                - containerPort
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                              x-kubernetes-list-type: map
+                            readinessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            resizePolicy:
+                              items:
+                                properties:
+                                  resourceName:
+                                    type: string
+                                  restartPolicy:
+                                    type: string
+                                required:
+                                - resourceName
+                                - restartPolicy
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            resources:
+                              properties:
+                                claims:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      request:
+                                        type: string
+                                    required:
+                                    - name
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-map-keys:
+                                  - name
+                                  x-kubernetes-list-type: map
+                                limits:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                                requests:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                              type: object
+                            restartPolicy:
+                              type: string
+                            restartPolicyRules:
+                              items:
+                                properties:
+                                  action:
+                                    type: string
+                                  exitCodes:
+                                    properties:
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          format: int32
+                                          type: integer
+                                        type: array
+                                        x-kubernetes-list-type: set
+                                    required:
+                                    - operator
+                                    type: object
+                                required:
+                                - action
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            securityContext:
+                              properties:
+                                allowPrivilegeEscalation:
+                                  type: boolean
+                                appArmorProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                capabilities:
+                                  properties:
+                                    add:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    drop:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                privileged:
+                                  type: boolean
+                                procMount:
+                                  type: string
+                                readOnlyRootFilesystem:
+                                  type: boolean
+                                runAsGroup:
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  type: boolean
+                                runAsUser:
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  properties:
+                                    level:
+                                      type: string
+                                    role:
+                                      type: string
+                                    type:
+                                      type: string
+                                    user:
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                windowsOptions:
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      type: string
+                                    hostProcess:
+                                      type: boolean
+                                    runAsUserName:
+                                      type: string
+                                  type: object
+                              type: object
+                            startupProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      default: ""
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            stdin:
+                              type: boolean
+                            stdinOnce:
+                              type: boolean
+                            terminationMessagePath:
+                              type: string
+                            terminationMessagePolicy:
+                              type: string
+                            tty:
+                              type: boolean
+                            volumeDevices:
+                              items:
+                                properties:
+                                  devicePath:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - devicePath
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - devicePath
+                              x-kubernetes-list-type: map
+                            volumeMounts:
+                              items:
+                                properties:
+                                  mountPath:
+                                    type: string
+                                  mountPropagation:
+                                    type: string
+                                  name:
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  recursiveReadOnly:
+                                    type: string
+                                  subPath:
+                                    type: string
+                                  subPathExpr:
+                                    type: string
+                                required:
+                                - mountPath
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - mountPath
+                              x-kubernetes-list-type: map
+                            workingDir:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      nodeName:
+                        type: string
+                      nodeSelector:
+                        additionalProperties:
+                          type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      os:
+                        properties:
+                          name:
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      overhead:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                      preemptionPolicy:
+                        type: string
+                      priority:
+                        format: int32
+                        type: integer
+                      priorityClassName:
+                        type: string
+                      readinessGates:
+                        items:
+                          properties:
+                            conditionType:
+                              type: string
+                          required:
+                          - conditionType
+                          type: object
+                        type: array
+                        x-kubernetes-list-type: atomic
+                      resourceClaims:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                            resourceClaimName:
+                              type: string
+                            resourceClaimTemplateName:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      resources:
+                        properties:
+                          claims:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                request:
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                            type: array
+                            x-kubernetes-list-map-keys:
+                            - name
+                            x-kubernetes-list-type: map
+                          limits:
+                            additionalProperties:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            type: object
+                          requests:
+                            additionalProperties:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            type: object
+                        type: object
+                      restartPolicy:
+                        type: string
+                      runtimeClassName:
+                        type: string
+                      schedulerName:
+                        type: string
+                      schedulingGates:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      securityContext:
+                        properties:
+                          appArmorProfile:
+                            properties:
+                              localhostProfile:
+                                type: string
+                              type:
+                                type: string
+                            required:
+                            - type
+                            type: object
+                          fsGroup:
+                            format: int64
+                            type: integer
+                          fsGroupChangePolicy:
+                            type: string
+                          runAsGroup:
+                            format: int64
+                            type: integer
+                          runAsNonRoot:
+                            type: boolean
+                          runAsUser:
+                            format: int64
+                            type: integer
+                          seLinuxChangePolicy:
+                            type: string
+                          seLinuxOptions:
+                            properties:
+                              level:
+                                type: string
+                              role:
+                                type: string
+                              type:
+                                type: string
+                              user:
+                                type: string
+                            type: object
+                          seccompProfile:
+                            properties:
+                              localhostProfile:
+                                type: string
+                              type:
+                                type: string
+                            required:
+                            - type
+                            type: object
+                          supplementalGroups:
+                            items:
+                              format: int64
+                              type: integer
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          supplementalGroupsPolicy:
+                            type: string
+                          sysctls:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                value:
+                                  type: string
+                              required:
+                              - name
+                              - value
+                              type: object
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          windowsOptions:
+                            properties:
+                              gmsaCredentialSpec:
+                                type: string
+                              gmsaCredentialSpecName:
+                                type: string
+                              hostProcess:
+                                type: boolean
+                              runAsUserName:
+                                type: string
+                            type: object
+                        type: object
+                      serviceAccount:
+                        type: string
+                      serviceAccountName:
+                        type: string
+                      setHostnameAsFQDN:
+                        type: boolean
+                      shareProcessNamespace:
+                        type: boolean
+                      subdomain:
+                        type: string
+                      terminationGracePeriodSeconds:
+                        format: int64
+                        type: integer
+                      tolerations:
+                        items:
+                          properties:
+                            effect:
+                              type: string
+                            key:
+                              type: string
+                            operator:
+                              type: string
+                            tolerationSeconds:
+                              format: int64
+                              type: integer
+                            value:
+                              type: string
+                          type: object
+                        type: array
+                        x-kubernetes-list-type: atomic
+                      topologySpreadConstraints:
+                        items:
+                          properties:
+                            labelSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            matchLabelKeys:
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            maxSkew:
+                              format: int32
+                              type: integer
+                            minDomains:
+                              format: int32
+                              type: integer
+                            nodeAffinityPolicy:
+                              type: string
+                            nodeTaintsPolicy:
+                              type: string
+                            topologyKey:
+                              type: string
+                            whenUnsatisfiable:
+                              type: string
+                          required:
+                          - maxSkew
+                          - topologyKey
+                          - whenUnsatisfiable
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - topologyKey
+                        - whenUnsatisfiable
+                        x-kubernetes-list-type: map
+                      volumes:
+                        items:
+                          properties:
+                            awsElasticBlockStore:
+                              properties:
+                                fsType:
+                                  type: string
+                                partition:
+                                  format: int32
+                                  type: integer
+                                readOnly:
+                                  type: boolean
+                                volumeID:
+                                  type: string
+                              required:
+                              - volumeID
+                              type: object
+                            azureDisk:
+                              properties:
+                                cachingMode:
+                                  type: string
+                                diskName:
+                                  type: string
+                                diskURI:
+                                  type: string
+                                fsType:
+                                  default: ext4
+                                  type: string
+                                kind:
+                                  type: string
+                                readOnly:
+                                  default: false
+                                  type: boolean
+                              required:
+                              - diskName
+                              - diskURI
+                              type: object
+                            azureFile:
+                              properties:
+                                readOnly:
+                                  type: boolean
+                                secretName:
+                                  type: string
+                                shareName:
+                                  type: string
+                              required:
+                              - secretName
+                              - shareName
+                              type: object
+                            cephfs:
+                              properties:
+                                monitors:
+                                  items:
+                                    type: string
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                path:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretFile:
+                                  type: string
+                                secretRef:
+                                  properties:
+                                    name:
+                                      default: ""
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                user:
+                                  type: string
+                              required:
+                              - monitors
+                              type: object
+                            cinder:
+                              properties:
+                                fsType:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      default: ""
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                volumeID:
+                                  type: string
+                              required:
+                              - volumeID
+                              type: object
+                            configMap:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                items:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      mode:
+                                        format: int32
+                                        type: integer
+                                      path:
+                                        type: string
+                                    required:
+                                    - key
+                                    - path
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                name:
+                                  default: ""
+                                  type: string
+                                optional:
+                                  type: boolean
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            csi:
+                              properties:
+                                driver:
+                                  type: string
+                                fsType:
+                                  type: string
+                                nodePublishSecretRef:
+                                  properties:
+                                    name:
+                                      default: ""
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                readOnly:
+                                  type: boolean
+                                volumeAttributes:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              required:
+                              - driver
+                              type: object
+                            downwardAPI:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                items:
+                                  items:
+                                    properties:
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      mode:
+                                        format: int32
+                                        type: integer
+                                      path:
+                                        type: string
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    required:
+                                    - path
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                              type: object
+                            emptyDir:
+                              properties:
+                                medium:
+                                  type: string
+                                sizeLimit:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            ephemeral:
+                              properties:
+                                volumeClaimTemplate:
+                                  properties:
+                                    metadata:
+                                      type: object
+                                    spec:
+                                      properties:
+                                        accessModes:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        dataSource:
+                                          properties:
+                                            apiGroup:
+                                              type: string
+                                            kind:
+                                              type: string
+                                            name:
+                                              type: string
+                                          required:
+                                          - kind
+                                          - name
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        dataSourceRef:
+                                          properties:
+                                            apiGroup:
+                                              type: string
+                                            kind:
+                                              type: string
+                                            name:
+                                              type: string
+                                            namespace:
+                                              type: string
+                                          required:
+                                          - kind
+                                          - name
+                                          type: object
+                                        resources:
+                                          properties:
+                                            limits:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              type: object
+                                            requests:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              type: object
+                                          type: object
+                                        selector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                              x-kubernetes-list-type: atomic
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        storageClassName:
+                                          type: string
+                                        volumeAttributesClassName:
+                                          type: string
+                                        volumeMode:
+                                          type: string
+                                        volumeName:
+                                          type: string
+                                      type: object
+                                  required:
+                                  - spec
+                                  type: object
+                              type: object
+                            fc:
+                              properties:
+                                fsType:
+                                  type: string
+                                lun:
+                                  format: int32
+                                  type: integer
+                                readOnly:
+                                  type: boolean
+                                targetWWNs:
+                                  items:
+                                    type: string
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                wwids:
+                                  items:
+                                    type: string
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                              type: object
+                            flexVolume:
+                              properties:
+                                driver:
+                                  type: string
+                                fsType:
+                                  type: string
+                                options:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      default: ""
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              required:
+                              - driver
+                              type: object
+                            flocker:
+                              properties:
+                                datasetName:
+                                  type: string
+                                datasetUUID:
+                                  type: string
+                              type: object
+                            gcePersistentDisk:
+                              properties:
+                                fsType:
+                                  type: string
+                                partition:
+                                  format: int32
+                                  type: integer
+                                pdName:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - pdName
+                              type: object
+                            gitRepo:
+                              properties:
+                                directory:
+                                  type: string
+                                repository:
+                                  type: string
+                                revision:
+                                  type: string
+                              required:
+                              - repository
+                              type: object
+                            glusterfs:
+                              properties:
+                                endpoints:
+                                  type: string
+                                path:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - endpoints
+                              - path
+                              type: object
+                            hostPath:
+                              properties:
+                                path:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                              - path
+                              type: object
+                            image:
+                              properties:
+                                pullPolicy:
+                                  type: string
+                                reference:
+                                  type: string
+                              type: object
+                            iscsi:
+                              properties:
+                                chapAuthDiscovery:
+                                  type: boolean
+                                chapAuthSession:
+                                  type: boolean
+                                fsType:
+                                  type: string
+                                initiatorName:
+                                  type: string
+                                iqn:
+                                  type: string
+                                iscsiInterface:
+                                  default: default
+                                  type: string
+                                lun:
+                                  format: int32
+                                  type: integer
+                                portals:
+                                  items:
+                                    type: string
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      default: ""
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                targetPortal:
+                                  type: string
+                              required:
+                              - iqn
+                              - lun
+                              - targetPortal
+                              type: object
+                            name:
+                              type: string
+                            nfs:
+                              properties:
+                                path:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                server:
+                                  type: string
+                              required:
+                              - path
+                              - server
+                              type: object
+                            persistentVolumeClaim:
+                              properties:
+                                claimName:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - claimName
+                              type: object
+                            photonPersistentDisk:
+                              properties:
+                                fsType:
+                                  type: string
+                                pdID:
+                                  type: string
+                              required:
+                              - pdID
+                              type: object
+                            portworxVolume:
+                              properties:
+                                fsType:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                volumeID:
+                                  type: string
+                              required:
+                              - volumeID
+                              type: object
+                            projected:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                sources:
+                                  items:
+                                    properties:
+                                      clusterTrustBundle:
+                                        properties:
+                                          labelSelector:
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      type: string
+                                                    operator:
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                      x-kubernetes-list-type: atomic
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                          path:
+                                            type: string
+                                          signerName:
+                                            type: string
+                                        required:
+                                        - path
+                                        type: object
+                                      configMap:
+                                        properties:
+                                          items:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                mode:
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  type: string
+                                              required:
+                                              - key
+                                              - path
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          name:
+                                            default: ""
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      downwardAPI:
+                                        properties:
+                                          items:
+                                            items:
+                                              properties:
+                                                fieldRef:
+                                                  properties:
+                                                    apiVersion:
+                                                      type: string
+                                                    fieldPath:
+                                                      type: string
+                                                  required:
+                                                  - fieldPath
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                mode:
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  type: string
+                                                resourceFieldRef:
+                                                  properties:
+                                                    containerName:
+                                                      type: string
+                                                    divisor:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    resource:
+                                                      type: string
+                                                  required:
+                                                  - resource
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                              required:
+                                              - path
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                        type: object
+                                      podCertificate:
+                                        properties:
+                                          certificateChainPath:
+                                            type: string
+                                          credentialBundlePath:
+                                            type: string
+                                          keyPath:
+                                            type: string
+                                          keyType:
+                                            type: string
+                                          maxExpirationSeconds:
+                                            format: int32
+                                            type: integer
+                                          signerName:
+                                            type: string
+                                          userAnnotations:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        required:
+                                        - keyType
+                                        - signerName
+                                        type: object
+                                      secret:
+                                        properties:
+                                          items:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                mode:
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  type: string
+                                              required:
+                                              - key
+                                              - path
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          name:
+                                            default: ""
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      serviceAccountToken:
+                                        properties:
+                                          audience:
+                                            type: string
+                                          expirationSeconds:
+                                            format: int64
+                                            type: integer
+                                          path:
+                                            type: string
+                                        required:
+                                        - path
+                                        type: object
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                              type: object
+                            quobyte:
+                              properties:
+                                group:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                registry:
+                                  type: string
+                                tenant:
+                                  type: string
+                                user:
+                                  type: string
+                                volume:
+                                  type: string
+                              required:
+                              - registry
+                              - volume
+                              type: object
+                            rbd:
+                              properties:
+                                fsType:
+                                  type: string
+                                image:
+                                  type: string
+                                keyring:
+                                  default: /etc/ceph/keyring
+                                  type: string
+                                monitors:
+                                  items:
+                                    type: string
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                pool:
+                                  default: rbd
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      default: ""
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                user:
+                                  default: admin
+                                  type: string
+                              required:
+                              - image
+                              - monitors
+                              type: object
+                            scaleIO:
+                              properties:
+                                fsType:
+                                  default: xfs
+                                  type: string
+                                gateway:
+                                  type: string
+                                protectionDomain:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      default: ""
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                sslEnabled:
+                                  type: boolean
+                                storageMode:
+                                  default: ThinProvisioned
+                                  type: string
+                                storagePool:
+                                  type: string
+                                system:
+                                  type: string
+                                volumeName:
+                                  type: string
+                              required:
+                              - gateway
+                              - secretRef
+                              - system
+                              type: object
+                            secret:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                items:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      mode:
+                                        format: int32
+                                        type: integer
+                                      path:
+                                        type: string
+                                    required:
+                                    - key
+                                    - path
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                optional:
+                                  type: boolean
+                                secretName:
+                                  type: string
+                              type: object
+                            storageos:
+                              properties:
+                                fsType:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      default: ""
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                volumeName:
+                                  type: string
+                                volumeNamespace:
+                                  type: string
+                              type: object
+                            vsphereVolume:
+                              properties:
+                                fsType:
+                                  type: string
+                                storagePolicyID:
+                                  type: string
+                                storagePolicyName:
+                                  type: string
+                                volumePath:
+                                  type: string
+                              required:
+                              - volumePath
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      workloadRef:
+                        properties:
+                          name:
+                            type: string
+                          podGroup:
+                            type: string
+                          podGroupReplicaKey:
+                            type: string
+                        required:
+                        - name
+                        - podGroup
+                        type: object
+                    required:
+                    - containers
+                    type: object
+                required:
+                - spec
+                type: object
+            required:
+            - podTemplate
+            type: object
+          status:
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.19.0
+  name: sandboxwarmpools.extensions.agents.x-k8s.io
+spec:
+  group: extensions.agents.x-k8s.io
+  names:
+    kind: SandboxWarmPool
+    listKind: SandboxWarmPoolList
+    plural: sandboxwarmpools
+    shortNames:
+    - swp
+    singular: sandboxwarmpool
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.readyReplicas
+      name: Ready
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              replicas:
+                format: int32
+                minimum: 0
+                type: integer
+              sandboxTemplateRef:
+                properties:
+                  name:
+                    type: string
+                required:
+                - name
+                type: object
+              updateStrategy:
+                properties:
+                  type:
+                    default: OnReplenish
+                    enum:
+                    - Recreate
+                    - OnReplenish
+                    type: string
+                type: object
+            required:
+            - replicas
+            - sandboxTemplateRef
+            type: object
+          status:
+            properties:
+              readyReplicas:
+                format: int32
+                type: integer
+              replicas:
+                format: int32
+                type: integer
+              selector:
+                type: string
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      scale:
+        labelSelectorPath: .status.selector
+        specReplicasPath: .spec.replicas
+        statusReplicasPath: .status.replicas
+      status: {}
diff --git a/deploy/helm/sandbox-operator/templates/_helpers.tpl b/deploy/helm/sandbox-operator/templates/_helpers.tpl
new file mode 100644
index 0000000000..59c5cd1983
--- /dev/null
+++ b/deploy/helm/sandbox-operator/templates/_helpers.tpl
@@ -0,0 +1,42 @@
+{{/*
+Chart name (overridable via nameOverride).
+*/}}
+{{- define "sandbox-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Chart-name-and-version label.
+*/}}
+{{- define "sandbox-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels for resources owned by this chart.
+*/}}
+{{- define "sandbox-operator.labels" -}}
+helm.sh/chart: {{ include "sandbox-operator.chart" . }}
+app.kubernetes.io/name: {{ include "sandbox-operator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Validate that the chart is being installed into agent-sandbox-system. The
+vendored upstream operator manifest (templates/agent-sandbox-manifest.yaml)
+ships its own Namespace object and hardcodes that name across its
+ServiceAccount, Service, Deployment, and ClusterRoleBinding. The companion
+sandbox-env chart also pins agent-sandbox-system because the operator's RBAC
+watches it by default. Installing under any other namespace splits resources
+across two namespaces and breaks reconciliation in non-obvious ways — fail
+at template time instead.
+*/}}
+{{- define "sandbox-operator.validateNamespace" -}}
+{{- if ne .Release.Namespace "agent-sandbox-system" -}}
+{{- fail (printf "sandbox-operator: this chart must be installed into the 'agent-sandbox-system' namespace (got %q). The vendored upstream operator manifest hardcodes that namespace; installing elsewhere splits resources across namespaces. Re-run with --namespace agent-sandbox-system --create-namespace." .Release.Namespace) -}}
+{{- end -}}
+{{- end }}
diff --git a/deploy/helm/sandbox-operator/templates/agent-sandbox-manifest.yaml b/deploy/helm/sandbox-operator/templates/agent-sandbox-manifest.yaml
new file mode 100644
index 0000000000..b1cd28cbfb
--- /dev/null
+++ b/deploy/helm/sandbox-operator/templates/agent-sandbox-manifest.yaml
@@ -0,0 +1,262 @@
+# Vendored from kubernetes-sigs/agent-sandbox v0.4.2 via vendor.sh.
+# Do not edit by hand — re-run vendor.sh to refresh.
+# Contains: controller Deployments, RBAC, Namespace, Service, ServiceAccount.
+#
+# LOCAL EDIT — preserve when re-running vendor.sh:
+#   PodSecurity admission labels added to the Namespace below. `baseline`
+#   is enforced (operator controller pod runs without an explicit
+#   securityContext; `restricted` would block it until that's patched).
+#   `restricted` is set as warn/audit so violations from sandbox pods or
+#   the controller surface in audit logs without rejecting admission.
+#   When the operator's pod spec hardens to `restricted`, flip enforce.
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: agent-sandbox-system
+  labels:
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/enforce-version: latest
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/warn-version: latest
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/audit-version: latest
+
+---
+
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: agent-sandbox-controller
+  namespace: agent-sandbox-system
+  labels:
+    app: agent-sandbox-controller
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: agent-sandbox-controller
+subjects:
+- kind: ServiceAccount
+  name: agent-sandbox-controller
+  namespace: agent-sandbox-system
+roleRef:
+  kind: ClusterRole
+  name: agent-sandbox-controller
+  apiGroup: rbac.authorization.k8s.io
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: agent-sandbox-controller
+  namespace: agent-sandbox-system
+  labels:
+    app: agent-sandbox-controller
+spec:
+  selector:
+    app: agent-sandbox-controller
+  ports:
+  - name: metrics
+    port: 8080
+    targetPort: metrics
+    protocol: TCP
+
+---
+
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: agent-sandbox-controller
+  namespace: agent-sandbox-system
+  labels:
+    app: agent-sandbox-controller
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: agent-sandbox-controller
+  template:
+    metadata:
+      labels:
+        app: agent-sandbox-controller
+    spec:
+      serviceAccountName: agent-sandbox-controller
+      containers:
+      - name: agent-sandbox-controller
+        image: registry.k8s.io/agent-sandbox/agent-sandbox-controller:v0.4.2
+        args:
+        - --leader-elect=true
+        - --extensions
+        ports:
+        - name: metrics
+          containerPort: 8080
+          protocol: TCP
+        - name: healthz
+          containerPort: 8081
+          protocol: TCP
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: agent-sandbox-controller
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  - pods
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - agents.x-k8s.io
+  resources:
+  - sandboxes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - agents.x-k8s.io
+  resources:
+  - sandboxes/finalizers
+  - sandboxes/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: agent-sandbox-controller-extensions
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
+- apiGroups:
+  - agents.x-k8s.io
+  resources:
+  - sandboxes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - extensions.agents.x-k8s.io
+  resources:
+  - sandboxclaims
+  - sandboxtemplates
+  - sandboxwarmpools
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - extensions.agents.x-k8s.io
+  resources:
+  - sandboxclaims/finalizers
+  - sandboxclaims/status
+  - sandboxtemplates/finalizers
+  - sandboxtemplates/status
+  - sandboxwarmpools/finalizers
+  - sandboxwarmpools/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - networkpolicies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: agent-sandbox-controller-extensions
+subjects:
+- kind: ServiceAccount
+  name: agent-sandbox-controller
+  namespace: agent-sandbox-system
+roleRef:
+  kind: ClusterRole
+  name: agent-sandbox-controller-extensions
+  apiGroup: rbac.authorization.k8s.io
diff --git a/deploy/helm/sandbox-operator/templates/validations.yaml b/deploy/helm/sandbox-operator/templates/validations.yaml
new file mode 100644
index 0000000000..b70184a31a
--- /dev/null
+++ b/deploy/helm/sandbox-operator/templates/validations.yaml
@@ -0,0 +1,4 @@
+{{- /*
+Chart-level validations. Renders no resources.
+*/ -}}
+{{- include "sandbox-operator.validateNamespace" . -}}
diff --git a/deploy/helm/sandbox-operator/values.yaml b/deploy/helm/sandbox-operator/values.yaml
new file mode 100644
index 0000000000..9ec4fd1006
--- /dev/null
+++ b/deploy/helm/sandbox-operator/values.yaml
@@ -0,0 +1,12 @@
+# Default values for the sandbox-operator chart.
+#
+# This chart deliberately exposes NO tunables. It is a thin packaging of
+# the vendored upstream kubernetes-sigs/agent-sandbox operator + CRDs.
+# All Studio-specific configuration (sandbox image, resource ceilings,
+# NetworkPolicy egress, preview Gateway, warm pool, ...) lives in the
+# companion sandbox-env chart, which is installed once per environment
+# alongside this one.
+#
+# If you need to override the controller image, replicas, or args, edit
+# templates/agent-sandbox-manifest.yaml — but prefer re-running
+# vendor.sh against a newer upstream release first.
diff --git a/deploy/helm/sandbox-operator/vendor.sh b/deploy/helm/sandbox-operator/vendor.sh
new file mode 100755
index 0000000000..ff3bede500
--- /dev/null
+++ b/deploy/helm/sandbox-operator/vendor.sh
@@ -0,0 +1,301 @@
+#!/usr/bin/env bash
+# Re-vendor kubernetes-sigs/agent-sandbox release assets into this subchart.
+#
+# Upstream ships raw multi-doc YAML (manifest.yaml + extensions.yaml), not a
+# Helm chart. We split by kind: CustomResourceDefinition docs land in crds/,
+# everything else in templates/ so Helm treats CRDs with its install-only
+# lifecycle (see README.md for the upgrade caveat).
+#
+# Integrity: every supported upstream version is paired with a sha256 in
+# KNOWN_CHECKSUMS below. The script refuses to write outputs unless every
+# downloaded asset matches its pinned digest — this is the only line of
+# defense against a swapped GitHub release asset (compromised maintainer
+# account, credential theft, etc.). To bump:
+#   1. Run: ./vendor.sh vX.Y.Z   — it will fail with "no pinned checksum"
+#   2. Compute sha256: shasum -a 256 manifest.yaml extensions.yaml
+#   3. Verify the values out-of-band (release notes, signatures if any).
+#   4. Add the entry to KNOWN_CHECKSUMS, commit, re-run.
+#
+# Usage: ./vendor.sh [vX.Y.Z]   (default v0.4.2 — must match appVersion)
+set -euo pipefail
+
+UPSTREAM_VERSION="${1:-v0.4.2}"
+REPO="kubernetes-sigs/agent-sandbox"
+
+# Pinned sha256 digests for `${VERSION}:${ASSET}`. Keep entries sorted by
+# version. Verify externally before adding a new row — anything past this
+# table is implicitly trusted.
+declare -A KNOWN_CHECKSUMS=(
+  ["v0.4.2:manifest.yaml"]="93cb43a90b9093c84a7529a7dbeca409fcd944746df00b52e8a2781c237c6e18"
+  ["v0.4.2:extensions.yaml"]="6ddcd6ce2d78714a5815d4c4304df858a075e0ed8fee971966b31af548c011bb"
+)
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+CRDS_FILE="${SCRIPT_DIR}/crds/agent-sandbox-crds.yaml"
+TMPL_FILE="${SCRIPT_DIR}/templates/agent-sandbox-manifest.yaml"
+
+WORK="$(mktemp -d)"
+trap 'rm -rf "${WORK}"' EXIT
+
+log() { printf "\033[1;34m[vendor]\033[0m %s\n" "$*"; }
+err() { printf "\033[1;31m[vendor]\033[0m %s\n" "$*" >&2; }
+
+# Refuse to overwrite locally-modified outputs without warning. The vendor
+# script regenerates files in-place; an in-progress local edit would be
+# silently obliterated.
+if ! git -C "${SCRIPT_DIR}" diff --quiet -- crds templates 2>/dev/null \
+   || ! git -C "${SCRIPT_DIR}" diff --cached --quiet -- crds templates 2>/dev/null; then
+  err "uncommitted changes under crds/ or templates/ — commit or stash before re-vendoring"
+  exit 1
+fi
+
+verify_checksum() {
+  local file="$1" expected="$2" actual
+  actual="$(shasum -a 256 "${file}" | awk '{print $1}')"
+  if [ "${actual}" != "${expected}" ]; then
+    err "checksum mismatch for $(basename "${file}")"
+    err "  expected: ${expected}"
+    err "  actual:   ${actual}"
+    err "  the upstream release asset has changed since this checksum was pinned;"
+    err "  verify the new digest out-of-band before updating KNOWN_CHECKSUMS"
+    exit 1
+  fi
+}
+
+require_checksum() {
+  local key="$1"
+  if [ -z "${KNOWN_CHECKSUMS[$key]:-}" ]; then
+    err "no pinned checksum for ${key}"
+    err "  to bump: download the asset manually, compute shasum -a 256, verify"
+    err "  against upstream release notes, then add a row to KNOWN_CHECKSUMS"
+    exit 1
+  fi
+  printf "%s" "${KNOWN_CHECKSUMS[$key]}"
+}
+
+log "fetching ${REPO}@${UPSTREAM_VERSION}"
+MANIFEST_SHA="$(require_checksum "${UPSTREAM_VERSION}:manifest.yaml")"
+EXTENSIONS_SHA="$(require_checksum "${UPSTREAM_VERSION}:extensions.yaml")"
+
+curl -fsSLo "${WORK}/manifest.yaml" \
+  "https://github.com/${REPO}/releases/download/${UPSTREAM_VERSION}/manifest.yaml"
+curl -fsSLo "${WORK}/extensions.yaml" \
+  "https://github.com/${REPO}/releases/download/${UPSTREAM_VERSION}/extensions.yaml"
+
+verify_checksum "${WORK}/manifest.yaml"   "${MANIFEST_SHA}"
+verify_checksum "${WORK}/extensions.yaml" "${EXTENSIONS_SHA}"
+log "checksums verified"
+
+# Merge the two upstream files' controller Deployments into one.
+#
+# Upstream ships manifest.yaml + extensions.yaml as two install paths:
+# manifest.yaml alone for base mode (Sandbox reconciler only), or both
+# files applied in order, where extensions.yaml's Deployment overwrites
+# manifest.yaml's same-named Deployment to add `--extensions` and pull in
+# the SandboxClaim / SandboxTemplate / SandboxWarmPool reconcilers.
+# Concatenating them into one chart breaks that override: helm/kubectl
+# applies one of the duplicates and the other silently disappears, so
+# only one controller mode actually runs. The leader-election lock is
+# hardcoded in the binary (no flag to override the lock name), so running
+# them as two distinct Deployments doesn't work either — only one would
+# ever be the leader. Running a single binary with `--extensions=true`
+# enables ALL reconcilers in one process, which is what we want.
+#
+# Two transformations, both fail-loud if the input shape changes:
+#   1. Drop the `kind: Deployment` doc from extensions.yaml — keep its
+#      ClusterRole / ClusterRoleBinding (those are the extensions RBAC).
+#   2. Insert `- --extensions` after `- --leader-elect=true` in manifest.yaml's
+#      Deployment args.
+#
+# Done after checksum verification on purpose: the checksum proves what
+# upstream shipped; this transformation is an intentional downstream patch.
+log "dropping duplicate Deployment from extensions.yaml"
+awk '
+  function flush(   i, is_dep) {
+    if (n == 0) return
+    is_dep = 0
+    for (i = 1; i <= n; i++) {
+      if (buf[i] ~ /^kind:[[:space:]]*Deployment[[:space:]]*$/) { is_dep = 1; break }
+    }
+    if (!is_dep) {
+      for (i = 1; i <= n; i++) print buf[i]
+      print "---"
+    }
+    n = 0
+  }
+  /^---[[:space:]]*$/ { flush(); next }
+  { buf[++n] = $0 }
+  END { flush() }
+' "${WORK}/extensions.yaml" > "${WORK}/extensions.patched.yaml"
+sed -i.bak -e '$d' "${WORK}/extensions.patched.yaml" && rm "${WORK}/extensions.patched.yaml.bak"
+mv "${WORK}/extensions.patched.yaml" "${WORK}/extensions.yaml"
+if grep -q '^kind:[[:space:]]*Deployment' "${WORK}/extensions.yaml"; then
+  err "post-patch: a Deployment doc still exists in extensions.yaml"
+  err "  inspect ${WORK}/extensions.yaml and update the awk patch in this script"
+  exit 1
+fi
+
+log "adding --extensions to manifest.yaml Deployment args"
+awk '
+  function flush(   i, is_dep, indent) {
+    if (n == 0) return
+    is_dep = 0
+    for (i = 1; i <= n; i++) {
+      if (buf[i] ~ /^kind:[[:space:]]*Deployment[[:space:]]*$/) { is_dep = 1; break }
+    }
+    for (i = 1; i <= n; i++) {
+      print buf[i]
+      if (is_dep && buf[i] ~ /^[[:space:]]*-[[:space:]]*"?--leader-elect=true"?[[:space:]]*$/) {
+        match(buf[i], /^[[:space:]]*/)
+        indent = substr(buf[i], RSTART, RLENGTH)
+        print indent "- --extensions"
+      }
+    }
+    print "---"
+    n = 0
+  }
+  /^---[[:space:]]*$/ { flush(); next }
+  { buf[++n] = $0 }
+  END { flush() }
+' "${WORK}/manifest.yaml" > "${WORK}/manifest.patched.yaml"
+sed -i.bak -e '$d' "${WORK}/manifest.patched.yaml" && rm "${WORK}/manifest.patched.yaml.bak"
+mv "${WORK}/manifest.patched.yaml" "${WORK}/manifest.yaml"
+if ! grep -q '^[[:space:]]*-[[:space:]]*--extensions[[:space:]]*$' "${WORK}/manifest.yaml"; then
+  err "post-patch: --extensions arg was not added to manifest.yaml Deployment"
+  err "  inspect ${WORK}/manifest.yaml and update the awk patch in this script"
+  exit 1
+fi
+
+# Inject PodSecurity admission labels into the agent-sandbox-system Namespace.
+#
+# Upstream ships a bare Namespace; we enforce `baseline` and warn/audit on
+# `restricted` so violations from sandbox pods or the controller surface in
+# audit logs without rejecting admission. When the operator's pod spec
+# hardens to restricted, flip enforce. See README + the LOCAL EDIT comment
+# in HEADER_TMPL below.
+log "injecting PodSecurity admission labels into agent-sandbox-system Namespace"
+awk '
+  function flush(   i, is_target, has_kind, name_line, indent) {
+    if (n == 0) return
+    is_target = 0
+    has_kind = 0
+    name_line = 0
+    for (i = 1; i <= n; i++) {
+      if (buf[i] ~ /^kind:[[:space:]]*Namespace[[:space:]]*$/) has_kind = 1
+      if (has_kind && buf[i] ~ /^[[:space:]]+name:[[:space:]]*agent-sandbox-system[[:space:]]*$/) {
+        is_target = 1
+        name_line = i
+        break
+      }
+    }
+    if (!is_target) {
+      for (i = 1; i <= n; i++) print buf[i]
+      print "---"
+      n = 0
+      return
+    }
+    for (i = 1; i <= n; i++) {
+      print buf[i]
+      if (i == name_line) {
+        match(buf[i], /^[[:space:]]*/)
+        indent = substr(buf[i], RSTART, RLENGTH)
+        print indent "labels:"
+        print indent "  pod-security.kubernetes.io/enforce: baseline"
+        print indent "  pod-security.kubernetes.io/enforce-version: latest"
+        print indent "  pod-security.kubernetes.io/warn: restricted"
+        print indent "  pod-security.kubernetes.io/warn-version: latest"
+        print indent "  pod-security.kubernetes.io/audit: restricted"
+        print indent "  pod-security.kubernetes.io/audit-version: latest"
+      }
+    }
+    print "---"
+    n = 0
+  }
+  /^---[[:space:]]*$/ { flush(); next }
+  { buf[++n] = $0 }
+  END { flush() }
+' "${WORK}/manifest.yaml" > "${WORK}/manifest.patched.yaml"
+sed -i.bak -e '$d' "${WORK}/manifest.patched.yaml" && rm "${WORK}/manifest.patched.yaml.bak"
+mv "${WORK}/manifest.patched.yaml" "${WORK}/manifest.yaml"
+if ! grep -q '^[[:space:]]*pod-security.kubernetes.io/enforce:[[:space:]]*baseline[[:space:]]*$' "${WORK}/manifest.yaml"; then
+  err "post-patch: PodSecurity labels were not injected into the Namespace doc"
+  err "  upstream may have moved the Namespace into extensions.yaml or changed its name;"
+  err "  inspect ${WORK}/manifest.yaml and update the awk patch in this script"
+  exit 1
+fi
+# If upstream ever adds its own labels: block, our awk would produce a
+# duplicate `labels:` key and helm lint would fail. That's the canary —
+# fix the awk to merge into the existing labels block when it happens.
+
+# Split each multi-doc YAML by `---` boundaries, classify each doc by kind.
+# awk is portable (no yq dependency) and good enough for manifests that only
+# need a kind: line scanned.
+split_docs() {
+  local src="$1" crds_out="$2" other_out="$3"
+  awk -v crds="${crds_out}" -v other="${other_out}" '
+    function flush(   isCrd, i, out) {
+      if (n == 0) return
+      isCrd = 0
+      for (i = 1; i <= n; i++) {
+        if (buf[i] ~ /^kind:[[:space:]]*CustomResourceDefinition[[:space:]]*$/) {
+          isCrd = 1
+          break
+        }
+      }
+      out = isCrd ? crds : other
+      for (i = 1; i <= n; i++) print buf[i] >> out
+      print "---" >> out
+      n = 0
+    }
+    /^---[[:space:]]*$/ { flush(); next }
+    { buf[++n] = $0 }
+    END { flush() }
+  ' "${src}"
+}
+
+log "splitting CRDs from non-CRDs"
+: > "${WORK}/crds.yaml"
+: > "${WORK}/other.yaml"
+split_docs "${WORK}/manifest.yaml"   "${WORK}/crds.yaml" "${WORK}/other.yaml"
+split_docs "${WORK}/extensions.yaml" "${WORK}/crds.yaml" "${WORK}/other.yaml"
+
+# Strip trailing empty doc separator so `helm template` doesn't warn.
+sed -i.bak -e '$d' "${WORK}/crds.yaml"  && rm "${WORK}/crds.yaml.bak"
+sed -i.bak -e '$d' "${WORK}/other.yaml" && rm "${WORK}/other.yaml.bak"
+
+mkdir -p "$(dirname "${CRDS_FILE}")" "$(dirname "${TMPL_FILE}")"
+
+HEADER_CRDS="# Vendored from ${REPO} ${UPSTREAM_VERSION} via vendor.sh.
+# Do not edit by hand — re-run vendor.sh to refresh.
+# Contains: CustomResourceDefinition docs only.
+"
+
+HEADER_TMPL="# Vendored from ${REPO} ${UPSTREAM_VERSION} via vendor.sh.
+# Do not edit by hand — re-run vendor.sh to refresh.
+# Contains: controller Deployments, RBAC, Namespace, Service, ServiceAccount.
+#
+# LOCAL EDIT — preserve when re-running vendor.sh:
+#   PodSecurity admission labels added to the Namespace below. \`baseline\`
+#   is enforced (operator controller pod runs without an explicit
+#   securityContext; \`restricted\` would block it until that's patched).
+#   \`restricted\` is set as warn/audit so violations from sandbox pods or
+#   the controller surface in audit logs without rejecting admission.
+#   When the operator's pod spec hardens to \`restricted\`, flip enforce.
+"
+
+printf "%s" "${HEADER_CRDS}" > "${CRDS_FILE}"
+cat "${WORK}/crds.yaml" >> "${CRDS_FILE}"
+
+printf "%s" "${HEADER_TMPL}" > "${TMPL_FILE}"
+cat "${WORK}/other.yaml" >> "${TMPL_FILE}"
+
+log "wrote $(wc -l <"${CRDS_FILE}") lines -> ${CRDS_FILE}"
+log "wrote $(wc -l <"${TMPL_FILE}") lines -> ${TMPL_FILE}"
+log "done. Remember to:"
+log "  - update appVersion in Chart.yaml if the version changed"
+log "  - bump KNOWN_CHECKSUMS in this script when bumping ${UPSTREAM_VERSION}"
+log "  - bump version in Chart.yaml so .github/workflows/release-sandbox-charts.yaml"
+log "    publishes a new OCI artifact"
+log "  - DO NOT track sandbox-operator-*.tgz in git (it's gitignored — the"
+log "    unpacked tree is the source of truth; the published ghcr.io OCI"
+log "    artifact is the consumer-facing build)"
diff --git a/deploy/helm/Chart.lock b/deploy/helm/studio/Chart.lock
similarity index 100%
rename from deploy/helm/Chart.lock
rename to deploy/helm/studio/Chart.lock
diff --git a/deploy/helm/Chart.yaml b/deploy/helm/studio/Chart.yaml
similarity index 100%
rename from deploy/helm/Chart.yaml
rename to deploy/helm/studio/Chart.yaml
diff --git a/deploy/helm/README.md b/deploy/helm/studio/README.md
similarity index 100%
rename from deploy/helm/README.md
rename to deploy/helm/studio/README.md
diff --git a/deploy/helm/charts/nats-2.12.5.tgz b/deploy/helm/studio/charts/nats-2.12.5.tgz
similarity index 100%
rename from deploy/helm/charts/nats-2.12.5.tgz
rename to deploy/helm/studio/charts/nats-2.12.5.tgz
diff --git a/deploy/helm/charts/opentelemetry-collector-0.147.2.tgz b/deploy/helm/studio/charts/opentelemetry-collector-0.147.2.tgz
similarity index 100%
rename from deploy/helm/charts/opentelemetry-collector-0.147.2.tgz
rename to deploy/helm/studio/charts/opentelemetry-collector-0.147.2.tgz
diff --git a/deploy/helm/examples/secrets-example.yaml b/deploy/helm/studio/examples/secrets-example.yaml
similarity index 100%
rename from deploy/helm/examples/secrets-example.yaml
rename to deploy/helm/studio/examples/secrets-example.yaml
diff --git a/deploy/helm/img/deco-studio-infra-arch.jpg b/deploy/helm/studio/img/deco-studio-infra-arch.jpg
similarity index 100%
rename from deploy/helm/img/deco-studio-infra-arch.jpg
rename to deploy/helm/studio/img/deco-studio-infra-arch.jpg
diff --git a/deploy/helm/templates/NOTES.txt b/deploy/helm/studio/templates/NOTES.txt
similarity index 100%
rename from deploy/helm/templates/NOTES.txt
rename to deploy/helm/studio/templates/NOTES.txt
diff --git a/deploy/helm/templates/_helpers.tpl b/deploy/helm/studio/templates/_helpers.tpl
similarity index 100%
rename from deploy/helm/templates/_helpers.tpl
rename to deploy/helm/studio/templates/_helpers.tpl
diff --git a/deploy/helm/templates/configmap-ca-cert.yaml b/deploy/helm/studio/templates/configmap-ca-cert.yaml
similarity index 100%
rename from deploy/helm/templates/configmap-ca-cert.yaml
rename to deploy/helm/studio/templates/configmap-ca-cert.yaml
diff --git a/deploy/helm/templates/configmap-s3-sync.yaml b/deploy/helm/studio/templates/configmap-s3-sync.yaml
similarity index 100%
rename from deploy/helm/templates/configmap-s3-sync.yaml
rename to deploy/helm/studio/templates/configmap-s3-sync.yaml
diff --git a/deploy/helm/templates/configmap.yaml b/deploy/helm/studio/templates/configmap.yaml
similarity index 100%
rename from deploy/helm/templates/configmap.yaml
rename to deploy/helm/studio/templates/configmap.yaml
diff --git a/deploy/helm/templates/deployment.yaml b/deploy/helm/studio/templates/deployment.yaml
similarity index 100%
rename from deploy/helm/templates/deployment.yaml
rename to deploy/helm/studio/templates/deployment.yaml
diff --git a/deploy/helm/templates/hpa.yaml b/deploy/helm/studio/templates/hpa.yaml
similarity index 100%
rename from deploy/helm/templates/hpa.yaml
rename to deploy/helm/studio/templates/hpa.yaml
diff --git a/deploy/helm/templates/pvc.yaml b/deploy/helm/studio/templates/pvc.yaml
similarity index 100%
rename from deploy/helm/templates/pvc.yaml
rename to deploy/helm/studio/templates/pvc.yaml
diff --git a/deploy/helm/templates/secret.yaml b/deploy/helm/studio/templates/secret.yaml
similarity index 88%
rename from deploy/helm/templates/secret.yaml
rename to deploy/helm/studio/templates/secret.yaml
index 114b6cac2a..943cc325fc 100644
--- a/deploy/helm/templates/secret.yaml
+++ b/deploy/helm/studio/templates/secret.yaml
@@ -48,4 +48,10 @@ stringData:
   {{- with .Values.secret.AUTH_SSO_MS_CLIENT_SECRET }}
   AUTH_SSO_MS_CLIENT_SECRET: {{ . | quote }}
   {{- end }}
+  {{- with .Values.secret.AUTH_SSO_GOOGLE_CLIENT_ID }}
+  AUTH_SSO_GOOGLE_CLIENT_ID: {{ . | quote }}
+  {{- end }}
+  {{- with .Values.secret.AUTH_SSO_GOOGLE_CLIENT_SECRET }}
+  AUTH_SSO_GOOGLE_CLIENT_SECRET: {{ . | quote }}
+  {{- end }}
 {{- end }}
diff --git a/deploy/helm/templates/service.yaml b/deploy/helm/studio/templates/service.yaml
similarity index 100%
rename from deploy/helm/templates/service.yaml
rename to deploy/helm/studio/templates/service.yaml
diff --git a/deploy/helm/templates/serviceaccount.yaml b/deploy/helm/studio/templates/serviceaccount.yaml
similarity index 100%
rename from deploy/helm/templates/serviceaccount.yaml
rename to deploy/helm/studio/templates/serviceaccount.yaml
diff --git a/deploy/helm/templates/validations.yaml b/deploy/helm/studio/templates/validations.yaml
similarity index 100%
rename from deploy/helm/templates/validations.yaml
rename to deploy/helm/studio/templates/validations.yaml
diff --git a/deploy/helm/values.yaml b/deploy/helm/studio/values.yaml
similarity index 100%
rename from deploy/helm/values.yaml
rename to deploy/helm/studio/values.yaml
diff --git a/knip.jsonc b/knip.jsonc
index 17a9754604..d0be9e8c4d 100644
--- a/knip.jsonc
+++ b/knip.jsonc
@@ -20,12 +20,25 @@
         "src/api/routes/dev-only.ts"
       ],
       "ignore": ["src/api/index.ts"],
-      // Resolved at bundle-time by scripts/bundle-server-script.ts ALWAYS_INCLUDE
-      "ignoreDependencies": ["@jitl/quickjs-wasmfile-release-sync"]
+      "ignoreDependencies": [
+        // Resolved at bundle-time by scripts/bundle-server-script.ts ALWAYS_INCLUDE
+        "@jitl/quickjs-wasmfile-release-sync",
+        // Imported only by the sandbox daemon, which is text-imported into
+        // server.js and spawned as a separate `bun run` process. Declared as
+        // a direct dep so `bunx decocms@latest` installs it; the host runner
+        // points the daemon at it via NODE_PATH at spawn time.
+        "node-pty"
+      ]
     },
     "packages/mesh-sdk": {
       "ignoreDependencies": ["sonner"]
     },
+    "packages/sandbox": {
+      // daemon/entry.ts is bundled via `bun build` into a standalone binary
+      // that runs inside sandbox VMs. Without marking it as an entry, knip
+      // treats the whole daemon graph as unused.
+      "entry": ["daemon/entry.ts"]
+    },
     "packages/typegen": {}
   },
   "ignoreDependencies": ["@types/*"],
diff --git a/package.json b/package.json
index 79ae1d720e..5b71d97e24 100644
--- a/package.json
+++ b/package.json
@@ -46,7 +46,8 @@
   ],
   "trustedDependencies": [
     "@duckdb/node-api",
-    "@duckdb/node-bindings"
+    "@duckdb/node-bindings",
+    "node-pty"
   ],
   "overrides": {
     "fast-xml-parser": "5.4.2",
diff --git a/packages/mcp-utils/src/aggregate/gateway-client.ts b/packages/mcp-utils/src/aggregate/gateway-client.ts
index 267857ae08..b5e52f6cd8 100644
--- a/packages/mcp-utils/src/aggregate/gateway-client.ts
+++ b/packages/mcp-utils/src/aggregate/gateway-client.ts
@@ -111,7 +111,7 @@ export function displayToolName(
 
 /**
  * Convert a kebab/snake-case prompt name to a human-readable Title Case string.
- * e.g. "writing-prompts" → "Writing Prompts"
+ * e.g. "agents-create" → "Agents Create"
  */
 function titleFromName(name: string): string {
   return name
diff --git a/packages/mesh-plugin-workflows/README.md b/packages/mesh-plugin-workflows/README.md
index b1d56c3125..40c33d5972 100644
--- a/packages/mesh-plugin-workflows/README.md
+++ b/packages/mesh-plugin-workflows/README.md
@@ -1,6 +1,6 @@
 # Workflows Plugin
 
-Server + client plugin for MCP Mesh that provides workflow creation, management, and execution for platform end-users.
+Server + client plugin for Studio that provides workflow creation, management, and execution for platform end-users.
 
 ## Overview
 
@@ -313,7 +313,7 @@ How the type magic works:
 - **Tool output schemas are auto-injected** — when a referenced tool has an `outputSchema`, the builder writes it into the step's `outputSchema` field so fingerprint changes propagate correctly
 - **Code steps** work too: `{ action: { code: "export default function(stepInput) { ... }" } }`
 
-### `Workflow.sync()` — Automatic Sync to Mesh
+### `Workflow.sync()` — Automatic Sync to Studio
 
 Called during `ON_MCP_CONFIGURATION`, this syncs declared `WorkflowDefinition[]` to the mesh as `workflow_collection` entries. The sync is declarative and convergent:
 
diff --git a/packages/mesh-plugin-workflows/server/engine/__tests__/stress.test.ts b/packages/mesh-plugin-workflows/server/engine/__tests__/stress.test.ts
index a7b55b9fbb..19db9ef6c2 100644
--- a/packages/mesh-plugin-workflows/server/engine/__tests__/stress.test.ts
+++ b/packages/mesh-plugin-workflows/server/engine/__tests__/stress.test.ts
@@ -300,7 +300,7 @@ describe("Stress Tests", () => {
       }
 
       expect(allExecutions).toHaveLength(orgCount * workflowsPerOrg);
-    }, 15_000);
+    }, 60_000);
 
     it("organizations don't see each other's executions in list queries", async () => {
       const orgA = "org_iso_a";
@@ -423,7 +423,7 @@ describe("Stress Tests", () => {
       for (const id of executionIds) {
         await assertTerminal(id, orgId, "success");
       }
-    });
+    }, 30_000);
   });
 
   // --------------------------------------------------------------------------
@@ -473,7 +473,7 @@ describe("Stress Tests", () => {
         "process[",
       );
       expect(iterationResults).toHaveLength(100);
-    });
+    }, 60_000);
 
     it("multiple forEach workflows with different concurrency levels", async () => {
       const orgId = "org_multi_foreach";
@@ -906,7 +906,7 @@ describe("Stress Tests", () => {
       // Verify total execution count
       const { totalCount } = await storage.listExecutions(orgId);
       expect(totalCount).toBe(userCount * workflowsPerUser);
-    });
+    }, 30_000);
   });
 
   // --------------------------------------------------------------------------
diff --git a/packages/mesh-sdk/README.md b/packages/mesh-sdk/README.md
index 4428045142..6b0167bad3 100644
--- a/packages/mesh-sdk/README.md
+++ b/packages/mesh-sdk/README.md
@@ -1,6 +1,6 @@
 # @decocms/mesh-sdk
 
-SDK for building external apps that integrate with Mesh MCP servers. Provides React hooks and utilities for managing connections, authenticating with OAuth, and calling MCP tools.
+SDK for building external apps that integrate with Studio MCP servers. Provides React hooks and utilities for managing connections, authenticating with OAuth, and calling MCP tools.
 
 ## Installation
 
@@ -22,7 +22,7 @@ npm install sonner
 
 ### 1. Create an API Key
 
-In Mesh, call the `API_KEY_CREATE` tool to create an API key with the appropriate scopes for the connections you want to access. The API key will be used to authenticate your external app.
+In Studio, call the `API_KEY_CREATE` tool to create an API key with the appropriate scopes for the connections you want to access. The API key will be used to authenticate your external app.
 
 ```typescript
 // Example: Create an API key via MCP
@@ -35,7 +35,7 @@ await client.callTool({
 });
 ```
 
-### 2. Server-Side: Connect to Mesh
+### 2. Server-Side: Connect to Studio
 
 ```typescript
 // server.ts (Node.js / Bun / your backend)
@@ -213,12 +213,12 @@ const result = await specificClient.callTool({
 
 ### `createMCPClient(options)` - Server-Side
 
-Creates and connects an MCP client to a Mesh server. **Use on server only** - don't expose your API key to the client.
+Creates and connects an MCP client to a Studio server. **Use on server only** - don't expose your API key to the client.
 
 ```typescript
 // server-side only
 const client = await createMCPClient({
-  meshUrl: "https://mesh.example.com",  // Required for external apps
+  meshUrl: "https://studio.example.com",  // Required for external apps
   connectionId: "self",                  // "self" for management API, or connection ID
   orgId: "org_xxx",                      // Organization ID
   token: process.env.MESH_API_KEY,       // API key from environment
@@ -227,7 +227,7 @@ const client = await createMCPClient({
 
 ### `useMCPClient(options)` - Client-Side (Same-Origin Only)
 
-React hook version of `createMCPClient`. Uses Suspense. **Only use when running on the same origin as Mesh** (e.g., inside the Mesh app itself).
+React hook version of `createMCPClient`. Uses Suspense. **Only use when running on the same origin as Studio** (e.g., inside Studio app itself).
 
 ```typescript
 // client-side - only for same-origin apps
@@ -249,7 +249,7 @@ Triggers OAuth authentication flow for an MCP connection. **This runs client-sid
 ```typescript
 // client-side - safe to use in browser
 const result = await authenticateMcp({
-  meshUrl: "https://mesh.example.com",  // Required for external apps
+  meshUrl: "https://studio.example.com",  // Required for external apps
   connectionId: "conn_xxx",              // Connection to authenticate
   callbackUrl: "https://your-app.com/oauth/callback",  // Your OAuth callback URL
   timeout: 120000,                       // Timeout in ms (default: 120000)
@@ -274,9 +274,9 @@ Check if a connection is authenticated. Can be used on either server or client.
 
 ```typescript
 const status = await isConnectionAuthenticated({
-  url: "https://mesh.example.com/mcp/conn_xxx",
+  url: "https://studio.example.com/mcp/conn_xxx",
   token: "bearer_token",  // Optional
-  meshUrl: "https://mesh.example.com",  // For API calls
+  meshUrl: "https://studio.example.com",  // For API calls
 });
 
 console.log(status.isAuthenticated);  // boolean
@@ -286,7 +286,7 @@ console.log(status.hasOAuthToken);    // boolean
 
 ### Collection Hooks - Client-Side (Same-Origin Only)
 
-When using with `ProjectContextProvider`, you get access to collection hooks. **Only use when running on the same origin as Mesh** (e.g., inside the Mesh app or plugins).
+When using with `ProjectContextProvider`, you get access to collection hooks. **Only use when running on the same origin as Studio** (e.g., inside Studio app or plugins).
 
 ```typescript
 // client-side - only for same-origin apps (inside Mesh)
diff --git a/packages/mesh-sdk/src/hooks/use-connection.ts b/packages/mesh-sdk/src/hooks/use-connection.ts
index 4d8e4ec399..706499a6a3 100644
--- a/packages/mesh-sdk/src/hooks/use-connection.ts
+++ b/packages/mesh-sdk/src/hooks/use-connection.ts
@@ -81,6 +81,7 @@ export function useConnections(options: UseConnectionsOptions = {}) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   return useCollectionList<ConnectionEntity>(
     org.id,
@@ -101,6 +102,7 @@ export function useConnection(connectionId: string | undefined) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   return useCollectionItem<ConnectionEntity>(
     org.id,
@@ -120,6 +122,7 @@ export function useConnectionActions() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
   return useCollectionActions<ConnectionEntity>(org.id, "CONNECTIONS", client);
 }
diff --git a/packages/mesh-sdk/src/hooks/use-mcp-client.ts b/packages/mesh-sdk/src/hooks/use-mcp-client.ts
index 9e39bdba42..3295018ce5 100644
--- a/packages/mesh-sdk/src/hooks/use-mcp-client.ts
+++ b/packages/mesh-sdk/src/hooks/use-mcp-client.ts
@@ -11,8 +11,10 @@ const DEFAULT_CLIENT_INFO = {
 export interface CreateMcpClientOptions {
   /** Connection ID - use SELF_MCP_ALIAS_ID for the self/management MCP (ALL_TOOLS), or any connectionId for other MCPs */
   connectionId: string | null;
-  /** Organization ID - required, transforms to x-org-id header */
+  /** Organization ID - required for query-key scoping */
   orgId: string;
+  /** Organization slug - required, used to build the /api/:org/mcp URL */
+  orgSlug: string;
   /** Authorization token - optional */
   token?: string | null;
   /** Mesh server URL - optional, defaults to window.location.origin (for external apps, provide your Mesh server URL) */
@@ -28,10 +30,14 @@ export interface UseMcpClientOptionalOptions
 }
 
 /**
- * Build the MCP URL from connectionId and optional meshUrl
- * Uses /mcp/:connectionId for all servers
+ * Build the MCP URL from connectionId and optional meshUrl.
+ * Uses /api/:org/mcp/:connectionId for all servers (org-scoped routing).
  */
-function buildMcpUrl(connectionId: string | null, meshUrl?: string): string {
+function buildMcpUrl(
+  connectionId: string | null,
+  orgSlug: string,
+  meshUrl?: string,
+): string {
   const baseUrl =
     meshUrl ??
     (typeof window !== "undefined" ? window.location.origin : undefined);
@@ -41,7 +47,10 @@ function buildMcpUrl(connectionId: string | null, meshUrl?: string): string {
     );
   }
 
-  const path = connectionId ? `/mcp/${connectionId}` : "/mcp";
+  const orgPath = `/api/${encodeURIComponent(orgSlug)}`;
+  const path = connectionId
+    ? `${orgPath}/mcp/${connectionId}`
+    : `${orgPath}/mcp`;
   return new URL(path, baseUrl).href;
 }
 
@@ -55,10 +64,11 @@ function buildMcpUrl(connectionId: string | null, meshUrl?: string): string {
 export async function createMCPClient({
   connectionId,
   orgId,
+  orgSlug,
   token,
   meshUrl,
 }: CreateMcpClientOptions): Promise<Client> {
-  const url = buildMcpUrl(connectionId, meshUrl);
+  const url = buildMcpUrl(connectionId, orgSlug, meshUrl);
 
   const client = new Client(DEFAULT_CLIENT_INFO, {
     capabilities: {
@@ -79,7 +89,6 @@ export async function createMCPClient({
       headers: {
         "Content-Type": "application/json",
         Accept: "application/json, text/event-stream",
-        "x-org-id": orgId,
         ...(token ? { Authorization: `Bearer ${token}` } : {}),
       },
     },
@@ -112,6 +121,7 @@ export async function createMCPClient({
 export function useMCPClient({
   connectionId,
   orgId,
+  orgSlug,
   token,
   meshUrl,
 }: UseMcpClientOptions): Client {
@@ -124,7 +134,8 @@ export function useMCPClient({
 
   const { data: client } = useSuspenseQuery({
     queryKey,
-    queryFn: () => createMCPClient({ connectionId, orgId, token, meshUrl }),
+    queryFn: () =>
+      createMCPClient({ connectionId, orgId, orgSlug, token, meshUrl }),
     staleTime: Infinity, // Keep client alive while query is active
     gcTime: 0, // Clean up immediately when query is inactive
   });
@@ -146,6 +157,7 @@ export function useMCPClient({
 export function useMCPClientOptional({
   connectionId,
   orgId,
+  orgSlug,
   token,
   meshUrl,
 }: UseMcpClientOptionalOptions): Client | null {
@@ -168,6 +180,7 @@ export function useMCPClientOptional({
       return createMCPClient({
         connectionId: connectionId as string | null,
         orgId,
+        orgSlug,
         token,
         meshUrl,
       });
diff --git a/packages/mesh-sdk/src/hooks/use-virtual-mcp.ts b/packages/mesh-sdk/src/hooks/use-virtual-mcp.ts
index 487634822d..1cd82eb7db 100644
--- a/packages/mesh-sdk/src/hooks/use-virtual-mcp.ts
+++ b/packages/mesh-sdk/src/hooks/use-virtual-mcp.ts
@@ -38,6 +38,7 @@ export function useVirtualMCPs(options: UseVirtualMCPsOptions = {}) {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useCollectionList<VirtualMCPEntity>(
@@ -61,6 +62,7 @@ export function useVirtualMCP(
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   // If null/undefined, return null (use default virtual MCP)
@@ -85,6 +87,7 @@ export function useVirtualMCPActions() {
   const client = useMCPClient({
     connectionId: SELF_MCP_ALIAS_ID,
     orgId: org.id,
+    orgSlug: org.slug,
   });
 
   return useCollectionActions<VirtualMCPEntity>(org.id, "VIRTUAL_MCP", client);
diff --git a/packages/mesh-sdk/src/index.ts b/packages/mesh-sdk/src/index.ts
index 00afdff045..fbe4409cab 100644
--- a/packages/mesh-sdk/src/index.ts
+++ b/packages/mesh-sdk/src/index.ts
@@ -116,6 +116,11 @@ export {
   type VirtualMCPConnection,
   type VirtualMcpUILayout,
   type VirtualMcpUILayoutTab,
+  VmMapSchema,
+  type VmMap,
+  VmMapEntrySchema,
+  type VmMapEntry,
+  type GithubRepo,
   // Decopilot event types
   THREAD_STATUSES,
   THREAD_DISPLAY_STATUSES,
@@ -158,8 +163,15 @@ export { KEYS } from "./lib/query-keys";
 export {
   DEFAULT_MODEL_PREFERENCES,
   FAST_MODEL_PREFERENCES,
+  SMART_MODEL_PREFERENCES,
+  THINKING_MODEL_PREFERENCES,
+  IMAGE_MODEL_PREFERENCES,
+  WEB_RESEARCH_MODEL_PREFERENCES,
   selectDefaultModel,
   getFastModel,
+  pickSimpleModeDefaults,
+  type SimpleModeModelSlot,
+  type SimpleModeDefaults,
 } from "./lib/default-model";
 
 // MCP OAuth utilities
diff --git a/packages/mesh-sdk/src/lib/constants.ts b/packages/mesh-sdk/src/lib/constants.ts
index bdd5395baa..53815c90ea 100644
--- a/packages/mesh-sdk/src/lib/constants.ts
+++ b/packages/mesh-sdk/src/lib/constants.ts
@@ -310,10 +310,16 @@ export const WELL_KNOWN_AGENT_TEMPLATES = [
   {
     id: "site-editor",
     appId: "deco/site-editor",
-    title: "Site Editor",
-    icon: "icon://Globe01?color=violet",
+    title: "deco Site Editor",
+    icon: "/logos/deco%20logo.svg#agentcolor=brand-green",
     type: "registry-agent" as const,
   },
+  {
+    id: "self-healing-storefront",
+    title: "Self-healing Storefront",
+    icon: "icon://Zap?color=amber",
+    type: "builtin-agent" as const,
+  },
   {
     id: "site-diagnostics",
     appId: "deco/site-diagnostics",
diff --git a/packages/mesh-sdk/src/lib/default-model.ts b/packages/mesh-sdk/src/lib/default-model.ts
index a4f682639b..830b00441c 100644
--- a/packages/mesh-sdk/src/lib/default-model.ts
+++ b/packages/mesh-sdk/src/lib/default-model.ts
@@ -1,4 +1,8 @@
-import type { AiProviderModel, ProviderId } from "../types/ai-providers";
+import type {
+  AiProviderModel,
+  AiProviderKey,
+  ProviderId,
+} from "../types/ai-providers";
 
 /**
  * Preferred default models for each well-known provider.
@@ -43,6 +47,7 @@ export const FAST_MODEL_PREFERENCES: Partial<Record<ProviderId, string[]>> = {
   ],
   deco: ["qwen/qwen3.5-flash", "anthropic/claude-haiku"],
   google: ["gemini-2.5-flash", "gemini-3-flash"],
+  "claude-code": ["claude-code:haiku", "claude-code:sonnet"],
 };
 
 /**
@@ -54,6 +59,183 @@ export function getFastModel(providerId: ProviderId): string | null {
   return candidates?.[0] ?? null;
 }
 
+/**
+ * Preferred smart (balanced) models per provider — used as the "Smart" tier
+ * in Simple Model Mode.
+ */
+export const SMART_MODEL_PREFERENCES: Partial<Record<ProviderId, string[]>> = {
+  anthropic: ["claude-sonnet-4-6", "claude-sonnet"],
+  openrouter: [
+    "anthropic/claude-sonnet-4.6",
+    "anthropic/claude-sonnet",
+    "anthropic/claude-opus-4.7",
+    "google/gemini-3-pro",
+  ],
+  deco: [
+    "anthropic/claude-sonnet-4.6",
+    "anthropic/claude-sonnet",
+    "anthropic/claude",
+  ],
+  google: ["gemini-3-pro", "gemini-3-flash"],
+  "claude-code": ["claude-code:sonnet"],
+};
+
+/**
+ * Preferred thinking/reasoning models per provider — used as the "Thinking" tier
+ * in Simple Model Mode.
+ */
+export const THINKING_MODEL_PREFERENCES: Partial<Record<ProviderId, string[]>> =
+  {
+    anthropic: ["claude-opus-4-7", "claude-sonnet-4-6", "claude-sonnet"],
+    openrouter: [
+      "anthropic/claude-opus-4.7",
+      "anthropic/claude-sonnet-4.6:extended",
+      "anthropic/claude-sonnet-4.6",
+      "google/gemini-3-pro",
+    ],
+    deco: [
+      "anthropic/claude-opus",
+      "anthropic/claude-sonnet-4.6",
+      "anthropic/claude-sonnet",
+    ],
+    google: ["gemini-3-pro"],
+    "claude-code": ["claude-code:opus", "claude-code:sonnet"],
+  };
+
+/**
+ * Preferred image generation models per provider.
+ * Falls back to first model with "image" capability.
+ */
+export const IMAGE_MODEL_PREFERENCES: Partial<Record<ProviderId, string[]>> = {
+  openrouter: ["openai/gpt-image-1", "google/gemini-2.0-flash-image"],
+  deco: ["openai/gpt-image-1", "google/gemini-2.0-flash-image"],
+  google: ["gemini-2.0-flash-image"],
+};
+
+/**
+ * Preferred web research models per provider.
+ * Falls back to first model whose id includes "sonar" or "deepresearch".
+ */
+export const WEB_RESEARCH_MODEL_PREFERENCES: Partial<
+  Record<ProviderId, string[]>
+> = {
+  openrouter: [
+    "perplexity/sonar",
+    "perplexity/sonar-pro",
+    "perplexity/deep-research",
+  ],
+  deco: [
+    "perplexity/sonar",
+    "perplexity/sonar-pro",
+    "perplexity/deep-research",
+  ],
+};
+
+export interface SimpleModeModelSlot {
+  keyId: string;
+  modelId: string;
+  title?: string;
+}
+
+export interface SimpleModeDefaults {
+  chat: {
+    fast: SimpleModeModelSlot | null;
+    smart: SimpleModeModelSlot | null;
+    thinking: SimpleModeModelSlot | null;
+  };
+  image: SimpleModeModelSlot | null;
+  webResearch: SimpleModeModelSlot | null;
+}
+
+function resolveSlot(
+  models: AiProviderModel[],
+  keyId: string,
+  preferences: string[],
+  fallback?: (m: AiProviderModel) => boolean,
+): SimpleModeModelSlot | null {
+  for (const candidate of preferences) {
+    const exact = models.find((m) => m.modelId === candidate);
+    if (exact) return { keyId, modelId: exact.modelId, title: exact.title };
+  }
+  for (const candidate of preferences) {
+    const partial = models.find((m) => m.modelId.includes(candidate));
+    if (partial)
+      return { keyId, modelId: partial.modelId, title: partial.title };
+  }
+  if (fallback) {
+    const found = models.find(fallback);
+    if (found) return { keyId, modelId: found.modelId, title: found.title };
+  }
+  return null;
+}
+
+/**
+ * Compute sensible Simple Mode defaults from the currently-connected keys and
+ * their available models. Each slot picks the best candidate per the tier
+ * preference lists, falling back to capability-based detection for image/web.
+ *
+ * @param keys       The org's connected AI provider keys.
+ * @param modelsByKeyId  Map of keyId → available model list.
+ */
+export function pickSimpleModeDefaults(
+  keys: AiProviderKey[],
+  modelsByKeyId: Record<string, AiProviderModel[]>,
+): SimpleModeDefaults {
+  const result: SimpleModeDefaults = {
+    chat: { fast: null, smart: null, thinking: null },
+    image: null,
+    webResearch: null,
+  };
+
+  for (const key of keys) {
+    const models = modelsByKeyId[key.id] ?? [];
+    const providerId = key.providerId as ProviderId;
+
+    if (!result.chat.fast) {
+      result.chat.fast = resolveSlot(
+        models,
+        key.id,
+        FAST_MODEL_PREFERENCES[providerId] ?? [],
+      );
+    }
+    if (!result.chat.smart) {
+      result.chat.smart = resolveSlot(
+        models,
+        key.id,
+        SMART_MODEL_PREFERENCES[providerId] ?? [],
+      );
+    }
+    if (!result.chat.thinking) {
+      result.chat.thinking = resolveSlot(
+        models,
+        key.id,
+        THINKING_MODEL_PREFERENCES[providerId] ?? [],
+      );
+    }
+    if (!result.image) {
+      result.image = resolveSlot(
+        models,
+        key.id,
+        IMAGE_MODEL_PREFERENCES[providerId] ?? [],
+        (m) => m.capabilities?.includes("image") === true,
+      );
+    }
+    if (!result.webResearch) {
+      result.webResearch = resolveSlot(
+        models,
+        key.id,
+        WEB_RESEARCH_MODEL_PREFERENCES[providerId] ?? [],
+        (m) => {
+          const n = m.modelId.toLowerCase().replace(/[^a-z0-9]/g, "");
+          return n.includes("sonar") || n.includes("deepresearch");
+        },
+      );
+    }
+  }
+
+  return result;
+}
+
 /**
  * Select the best default model from a loaded list for a given provider.
  *
diff --git a/packages/mesh-sdk/src/lib/mcp-oauth.ts b/packages/mesh-sdk/src/lib/mcp-oauth.ts
index d41395e18e..7d101c4bd9 100644
--- a/packages/mesh-sdk/src/lib/mcp-oauth.ts
+++ b/packages/mesh-sdk/src/lib/mcp-oauth.ts
@@ -298,6 +298,8 @@ interface FullTokenResult {
  */
 export async function authenticateMcp(params: {
   connectionId: string;
+  /** Organization slug — used to build the org-scoped /api/:org/mcp/... URL. */
+  orgSlug?: string;
   /** Mesh server URL - optional, defaults to window.location.origin (for external apps, provide your Mesh server URL) */
   meshUrl?: string;
   clientName?: string;
@@ -310,7 +312,10 @@ export async function authenticateMcp(params: {
   windowMode?: OAuthWindowMode;
 }): Promise<AuthenticateMcpResult> {
   const baseUrl = params.meshUrl ?? window.location.origin;
-  const serverUrl = new URL(`/mcp/${params.connectionId}`, baseUrl);
+  const path = params.orgSlug
+    ? `/api/${encodeURIComponent(params.orgSlug)}/mcp/${params.connectionId}`
+    : `/mcp/${params.connectionId}`;
+  const serverUrl = new URL(path, baseUrl);
   const provider = new McpOAuthProvider({
     serverUrl: serverUrl.href,
     clientName: params.clientName,
@@ -700,14 +705,32 @@ function getCurrentOrigin(): string | undefined {
 }
 
 /**
- * Extract connection ID from MCP proxy URL
+ * Extract connection ID from MCP proxy URL.
+ * Supports both legacy `/mcp/:id` and org-scoped `/api/:org/mcp/:id` paths.
  */
 function extractConnectionIdFromUrl(url: string): string | null {
   try {
     // Use current origin as base for relative URLs (browser only)
     const base = getCurrentOrigin();
     const urlObj = base ? new URL(url, base) : new URL(url);
-    const match = urlObj.pathname.match(/^\/mcp\/([^/]+)/);
+    const orgScoped = urlObj.pathname.match(/^\/api\/[^/]+\/mcp\/([^/]+)/);
+    if (orgScoped) return orgScoped[1] ?? null;
+    const legacy = urlObj.pathname.match(/^\/mcp\/([^/]+)/);
+    return legacy?.[1] ?? null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Extract org slug from an org-scoped MCP proxy URL (`/api/:org/mcp/...`).
+ * Returns null for legacy `/mcp/...` URLs.
+ */
+function extractOrgSlugFromUrl(url: string): string | null {
+  try {
+    const base = getCurrentOrigin();
+    const urlObj = base ? new URL(url, base) : new URL(url);
+    const match = urlObj.pathname.match(/^\/api\/([^/]+)\/mcp\//);
     return match?.[1] ?? null;
   } catch {
     return null;
@@ -717,14 +740,16 @@ function extractConnectionIdFromUrl(url: string): string | null {
 /**
  * Check if connection has a stored OAuth token
  * @param connectionId - The connection ID to check
+ * @param orgSlug - Organization slug used to build the org-scoped path
  * @param apiBaseUrl - Base URL for the API call (optional, defaults to relative path)
  */
 async function checkOAuthTokenStatus(
   connectionId: string,
+  orgSlug: string,
   apiBaseUrl?: string,
 ): Promise<{ hasToken: boolean }> {
   try {
-    const path = `/api/connections/${connectionId}/oauth-token/status`;
+    const path = `/api/${encodeURIComponent(orgSlug)}/connections/${connectionId}/oauth-token/status`;
     const url = apiBaseUrl ? new URL(path, apiBaseUrl).href : path;
     const currentOrigin = getCurrentOrigin();
     const isSameOrigin =
@@ -744,17 +769,21 @@ async function checkOAuthTokenStatus(
 
 /**
  * Check if an MCP connection is authenticated and whether it supports OAuth
- * @param params.url - The MCP URL to check
+ * @param params.url - The org-scoped MCP URL to check (`/api/:org/mcp/...`)
  * @param params.token - Authorization token (optional)
+ * @param params.orgId - Organization ID (deprecated; org is now resolved from the URL path)
  * @param params.meshUrl - Mesh server URL for API calls (optional, defaults to URL origin)
  */
 export async function isConnectionAuthenticated({
   url,
   token,
+  orgId: _orgId,
   meshUrl,
 }: {
   url: string;
   token: string | null;
+  /** @deprecated Org is resolved from the URL path; this is kept for call-site compatibility. */
+  orgId?: string;
   /** Mesh server URL for API calls - optional, defaults to extracting from url parameter */
   meshUrl?: string;
 }): Promise<McpAuthStatus> {
@@ -786,6 +815,7 @@ export async function isConnectionAuthenticated({
 
     // Extract connection ID for OAuth token status check
     const connectionId = extractConnectionIdFromUrl(url);
+    const orgSlug = extractOrgSlugFromUrl(url);
     // Determine base URL for API calls (meshUrl > URL origin > current origin)
     // Use current origin as base for relative URLs (browser only)
     const base = getCurrentOrigin();
@@ -794,9 +824,10 @@ export async function isConnectionAuthenticated({
 
     if (response.ok) {
       // Check if we have an OAuth token stored for this connection
-      const oauthStatus = connectionId
-        ? await checkOAuthTokenStatus(connectionId, apiBaseUrl)
-        : { hasToken: false };
+      const oauthStatus =
+        connectionId && orgSlug
+          ? await checkOAuthTokenStatus(connectionId, orgSlug, apiBaseUrl)
+          : { hasToken: false };
 
       return {
         isAuthenticated: true,
diff --git a/packages/mesh-sdk/src/types/ai-providers.ts b/packages/mesh-sdk/src/types/ai-providers.ts
index 5162521182..5b0fe55033 100644
--- a/packages/mesh-sdk/src/types/ai-providers.ts
+++ b/packages/mesh-sdk/src/types/ai-providers.ts
@@ -49,6 +49,14 @@ export interface AiProviderModel {
   costs: AiProviderModelCosts | null;
   /** When true the upstream provider has flagged this model as deprecated. */
   deprecated?: boolean;
+  /**
+   * When true, this model can ONLY be used through the provider's
+   * `AsyncResearchProvider` capability (e.g. Gemini Deep Research via the
+   * Interactions API). It is unusable as a Thinking/Coding/Fast/Image model
+   * because `streamText` / `generateContent` will reject it. UIs should
+   * restrict it to the deep-research slot.
+   */
+  asyncResearch?: boolean;
   /** Client-side only — the credential key ID used to fetch this model. */
   keyId?: string;
 }
@@ -57,6 +65,11 @@ export interface AiProviderKey {
   id: string;
   providerId: ProviderId;
   label: string;
+  /**
+   * Frontend preset id (e.g. "litellm", "ollama") for openai-compatible keys
+   * that were created from a branded preset card. Null otherwise.
+   */
+  presetId: string | null;
   createdBy: string;
   createdAt: string;
 }
diff --git a/packages/mesh-sdk/src/types/index.ts b/packages/mesh-sdk/src/types/index.ts
index 509408e8f1..19d2bb82e0 100644
--- a/packages/mesh-sdk/src/types/index.ts
+++ b/packages/mesh-sdk/src/types/index.ts
@@ -28,6 +28,10 @@ export {
   type VirtualMcpUILayout,
   type VirtualMcpUILayoutTab,
   type GithubRepo,
+  VmMapSchema,
+  type VmMap,
+  VmMapEntrySchema,
+  type VmMapEntry,
 } from "./virtual-mcp";
 
 export {
diff --git a/packages/mesh-sdk/src/types/virtual-mcp.ts b/packages/mesh-sdk/src/types/virtual-mcp.ts
index 2405a9b050..293a37512a 100644
--- a/packages/mesh-sdk/src/types/virtual-mcp.ts
+++ b/packages/mesh-sdk/src/types/virtual-mcp.ts
@@ -131,6 +131,54 @@ const GithubRepoSchema = z.object({
 
 export type GithubRepo = z.infer<typeof GithubRepoSchema>;
 
+/**
+ * A single vm entry in vmMap — the vmId plus the preview URL the UI renders.
+ *
+ * `runnerKind` lets the UI construct daemon URLs correctly:
+ *  - docker: daemon is reached via the mesh proxy at `/api/sandbox/<vmId>/_daemon/*`
+ *  - freestyle: daemon lives at `${previewUrl}/_decopilot_vm/*` on the VM domain
+ *  - agent-sandbox: daemon is reached via the mesh proxy (same transport as docker);
+ *    preview URL is the per-claim HTTPRoute host (in-cluster) or a local port-forward (kind dev).
+ *
+ * `previewUrl` is nullable: blank / tool sandboxes (no `workload`, no dev
+ * server) have nothing to render. UI code MUST check before constructing
+ * an iframe URL.
+ */
+export const VmMapEntrySchema = z.object({
+  vmId: z
+    .string()
+    .describe("Runner-specific handle (Freestyle VM id or docker handle)"),
+  previewUrl: z
+    .string()
+    .nullable()
+    .describe(
+      "URL where the VM's iframe-proxied UI is served, or null when the sandbox has no dev server (blank / tool sandboxes).",
+    ),
+  runnerKind: z
+    .enum(["host", "docker", "freestyle", "agent-sandbox"])
+    .optional(),
+  createdAt: z
+    .number()
+    .optional()
+    .describe(
+      "Epoch ms the entry was first written by VM_START. Used by the booting overlay to show a stable elapsed timer that survives browser reloads. Optional for backward compatibility with entries written before this field existed.",
+    ),
+});
+
+export type VmMapEntry = z.infer<typeof VmMapEntrySchema>;
+
+/**
+ * Maps a user to their vm entries per branch.
+ * Lookup: vmMap[userId][branch] -> { vmId, previewUrl }
+ * Multiple threads with the same (userId, branch) share one vm.
+ */
+export const VmMapSchema = z.record(
+  z.string().describe("userId"),
+  z.record(z.string().describe("branch"), VmMapEntrySchema),
+);
+
+export type VmMap = z.infer<typeof VmMapSchema>;
+
 /**
  * Virtual MCP entity schema - single source of truth
  * Compliant with collections binding pattern
@@ -172,6 +220,9 @@ export const VirtualMCPEntitySchema = z.object({
       githubRepo: GithubRepoSchema.nullable()
         .optional()
         .describe("Linked GitHub repository"),
+      vmMap: VmMapSchema.optional().describe(
+        "Per-user, per-branch vm mapping: vmMap[userId][branch] -> { vmId, previewUrl }",
+      ),
     })
     .loose()
     .describe("Metadata"),
@@ -221,6 +272,9 @@ export const VirtualMCPCreateDataSchema = z.object({
       githubRepo: GithubRepoSchema.nullable()
         .optional()
         .describe("Linked GitHub repository"),
+      vmMap: VmMapSchema.optional().describe(
+        "Per-user, per-branch vm mapping: vmMap[userId][branch] -> { vmId, previewUrl }",
+      ),
     })
     .loose()
     .nullable()
@@ -266,6 +320,9 @@ export const VirtualMCPUpdateDataSchema = z.object({
       githubRepo: GithubRepoSchema.nullable()
         .optional()
         .describe("Linked GitHub repository"),
+      vmMap: VmMapSchema.optional().describe(
+        "Per-user, per-branch vm mapping: vmMap[userId][branch] -> { vmId, previewUrl }",
+      ),
     })
     .loose()
     .nullable()
diff --git a/packages/runtime/README.md b/packages/runtime/README.md
index 86619ec868..bae76241df 100644
--- a/packages/runtime/README.md
+++ b/packages/runtime/README.md
@@ -39,7 +39,7 @@ const greetTool = createTool({
 
 // Create the MCP server
 export default withRuntime({
-  tools: [() => greetTool],
+  tools: [greetTool],
 });
 ```
 
@@ -154,21 +154,11 @@ const getUserDataTool = createPrivateTool({
 
 ### Registering Tools
 
-Tools can be registered in multiple ways:
+Pass an array of tool instances created with `createTool()` / `createPrivateTool()`:
 
 ```typescript
 export default withRuntime({
-  // Option 1: Array of tool factories
-  tools: [
-    () => greetTool,
-    () => calculateTool,
-    (env) => createDynamicTool(env),
-  ],
-  
-  // Option 2: Single function returning array
-  tools: async (env) => {
-    return [greetTool, calculateTool];
-  },
+  tools: [greetTool, calculateTool],
 });
 ```
 
@@ -358,10 +348,10 @@ export default withRuntime({
   },
   
   tools: [
-    (env) => createTool({
+    createTool({
       id: "query",
       inputSchema: z.object({ sql: z.string() }),
-      execute: async ({ runtimeContext }) => {
+      execute: async ({ context, runtimeContext }) => {
         // Access resolved bindings from state
         const { database } = runtimeContext.env.MESH_REQUEST_CONTEXT.state;
         return database.QUERY({ sql: context.sql });
@@ -451,7 +441,7 @@ const channelTools = impl(WellKnownBindings.Channel, [
 ]);
 
 export default withRuntime({
-  tools: [() => channelTools].flat(),
+  tools: channelTools,
 });
 ```
 
@@ -648,16 +638,9 @@ const statusResource = createResource({
 
 // Export the MCP server
 export default withRuntime({
-  tools: [
-    () => echoTool,
-    () => getProfileTool,
-  ],
-  prompts: [
-    () => analyzePrompt,
-  ],
-  resources: [
-    () => statusResource,
-  ],
+  tools: [echoTool, getProfileTool],
+  prompts: [analyzePrompt],
+  resources: [statusResource],
   cors: {
     origin: "*",
     credentials: true,
diff --git a/packages/runtime/package.json b/packages/runtime/package.json
index ca898085f1..28629fb7d8 100644
--- a/packages/runtime/package.json
+++ b/packages/runtime/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@decocms/runtime",
-  "version": "1.5.0",
+  "version": "1.6.2",
   "type": "module",
   "scripts": {
     "check": "tsc --noEmit",
diff --git a/packages/runtime/src/index.ts b/packages/runtime/src/index.ts
index d44afcea4d..fb4ea9a0ef 100644
--- a/packages/runtime/src/index.ts
+++ b/packages/runtime/src/index.ts
@@ -8,6 +8,7 @@ import {
 } from "./bindings.ts";
 import { type CORSOptions, handlePreflight, withCORS } from "./cors.ts";
 import { createOAuthHandlers } from "./oauth.ts";
+export { OAuthInvalidGrantError } from "./oauth.ts";
 import { State } from "./state.ts";
 import {
   createMCPServer,
diff --git a/packages/runtime/src/oauth.test.ts b/packages/runtime/src/oauth.test.ts
new file mode 100644
index 0000000000..1f6c69a696
--- /dev/null
+++ b/packages/runtime/src/oauth.test.ts
@@ -0,0 +1,96 @@
+import { describe, it, expect } from "bun:test";
+import { createOAuthHandlers, OAuthInvalidGrantError } from "./oauth.ts";
+import type { OAuthConfig } from "./tools.ts";
+
+const baseConfig = (
+  refreshToken?: OAuthConfig["refreshToken"],
+): OAuthConfig => ({
+  mode: "PKCE",
+  authorizationServer: "https://upstream.example.com",
+  authorizationUrl: () => "https://upstream.example.com/authorize",
+  exchangeCode: async () => ({
+    access_token: "at",
+    token_type: "Bearer",
+  }),
+  refreshToken,
+});
+
+const buildTokenRequest = (body: Record<string, string>) =>
+  new Request("https://mcp.example.com/token", {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams(body).toString(),
+  });
+
+describe("OAuth /token refresh handler", () => {
+  it("returns 400 invalid_grant when refreshToken throws OAuthInvalidGrantError", async () => {
+    const handlers = createOAuthHandlers(
+      baseConfig(async () => {
+        throw new OAuthInvalidGrantError(
+          "invalid_grant",
+          "refresh token revoked",
+        );
+      }),
+    );
+
+    const response = await handlers.handleToken(
+      buildTokenRequest({
+        grant_type: "refresh_token",
+        refresh_token: "rt",
+      }),
+    );
+
+    expect(response.status).toBe(400);
+    const body = (await response.json()) as {
+      error: string;
+      error_description?: string;
+    };
+    expect(body.error).toBe("invalid_grant");
+    expect(body.error_description).toBe("refresh token revoked");
+  });
+
+  it("returns 500 server_error when refreshToken throws a generic error", async () => {
+    const handlers = createOAuthHandlers(
+      baseConfig(async () => {
+        throw new Error("upstream is down");
+      }),
+    );
+
+    const response = await handlers.handleToken(
+      buildTokenRequest({
+        grant_type: "refresh_token",
+        refresh_token: "rt",
+      }),
+    );
+
+    expect(response.status).toBe(500);
+    const body = (await response.json()) as { error: string };
+    expect(body.error).toBe("server_error");
+  });
+
+  it("forwards the new token on success", async () => {
+    const handlers = createOAuthHandlers(
+      baseConfig(async () => ({
+        access_token: "fresh",
+        token_type: "Bearer",
+        refresh_token: "rt2",
+        expires_in: 3600,
+      })),
+    );
+
+    const response = await handlers.handleToken(
+      buildTokenRequest({
+        grant_type: "refresh_token",
+        refresh_token: "rt",
+      }),
+    );
+
+    expect(response.status).toBe(200);
+    const body = (await response.json()) as {
+      access_token: string;
+      refresh_token?: string;
+    };
+    expect(body.access_token).toBe("fresh");
+    expect(body.refresh_token).toBe("rt2");
+  });
+});
diff --git a/packages/runtime/src/oauth.ts b/packages/runtime/src/oauth.ts
index 23686ab2f3..bcd867f9d0 100644
--- a/packages/runtime/src/oauth.ts
+++ b/packages/runtime/src/oauth.ts
@@ -1,5 +1,28 @@
 import type { OAuthClient, OAuthConfig, OAuthParams } from "./tools.ts";
 
+/**
+ * Thrown by `OAuthConfig.refreshToken` (or `exchangeCode`) implementations
+ * when the upstream OAuth provider says the grant itself is permanently
+ * invalid — e.g. GitHub returns `400 invalid_grant` because the user
+ * revoked the app or the refresh_token was rotated out from under us.
+ *
+ * The `/token` handler maps this to an RFC-6749-compliant
+ * `400 {"error":"invalid_grant",...}` response, so callers can tell apart
+ * "the user needs to reconnect" from a transient upstream 5xx (which the
+ * outer catch maps to a 500). Throwing a plain `Error` from `refreshToken`
+ * will be treated as transient and surface as 500.
+ */
+export class OAuthInvalidGrantError extends Error {
+  readonly error: string;
+  readonly errorDescription?: string;
+  constructor(error = "invalid_grant", errorDescription?: string) {
+    super(errorDescription ?? error);
+    this.name = "OAuthInvalidGrantError";
+    this.error = error;
+    this.errorDescription = errorDescription;
+  }
+}
+
 /**
  * Generate a cryptographically secure random token
  */
@@ -338,8 +361,30 @@ export function createOAuthHandlers(oauth: OAuthConfig) {
           );
         }
 
-        // Call the external provider to refresh the token
-        const newTokenResponse = await oauth.refreshToken(refresh_token);
+        // Call the external provider to refresh the token. We catch
+        // `OAuthInvalidGrantError` here (not in the outer catch) so we can
+        // map it to a spec-compliant 400 instead of letting all errors fall
+        // through to a generic 500. Any other thrown error is treated as
+        // transient and surfaces from the outer catch as 500.
+        let newTokenResponse: Awaited<
+          ReturnType<NonNullable<OAuthConfig["refreshToken"]>>
+        >;
+        try {
+          newTokenResponse = await oauth.refreshToken(refresh_token);
+        } catch (err) {
+          if (err instanceof OAuthInvalidGrantError) {
+            return Response.json(
+              {
+                error: err.error,
+                ...(err.errorDescription
+                  ? { error_description: err.errorDescription }
+                  : {}),
+              },
+              { status: 400 },
+            );
+          }
+          throw err;
+        }
 
         const tokenResponse: Record<string, unknown> = {
           access_token: newTokenResponse.access_token,
diff --git a/packages/runtime/src/tools.ts b/packages/runtime/src/tools.ts
index 9d38a981f6..04de187506 100644
--- a/packages/runtime/src/tools.ts
+++ b/packages/runtime/src/tools.ts
@@ -11,10 +11,11 @@ import type {
   CallToolResult,
   GetPromptResult,
   Implementation,
+  ListToolsResult,
   ToolAnnotations,
 } from "@modelcontextprotocol/sdk/types.js";
 import { z } from "zod";
-import type { ZodRawShape, ZodSchema, ZodTypeAny } from "zod";
+import type { ZodSchema, ZodTypeAny } from "zod";
 import { BindingRegistry, injectBindingSchemas } from "./bindings.ts";
 import { Event, type EventHandlers } from "./events.ts";
 import type { DefaultEnv, User } from "./index.ts";
@@ -823,6 +824,12 @@ export const createMCPServer = <
   let cached: Registrations | null = null;
   let inflightResolve: Promise<Registrations> | null = null;
 
+  // The MCP SDK's `tools/list` handler runs `toJsonSchemaCompat()` for every
+  // registered tool on every request. For MCPs with hundreds of tools that
+  // dominates per-request latency (seconds, not ms). Cache the rendered
+  // payload across requests within the isolate.
+  let cachedListToolsResult: ListToolsResult | null = null;
+
   let _warnedFactoryDeprecation = false;
   const warnFactoryDeprecation = () => {
     if (!_warnedFactoryDeprecation) {
@@ -940,15 +947,19 @@ export const createMCPServer = <
           _meta: tool._meta,
           description: tool.description,
           annotations: tool.annotations,
+          // Pass the full ZodObject (not its `.shape`) so the SDK skips
+          // `objectFromShape(...)` (a fresh `z.object(shape)` per tool) inside
+          // `_createRegisteredTool`. The SDK's `getZodSchemaObject` returns
+          // an already-built object as-is.
           inputSchema:
             tool.inputSchema && "shape" in tool.inputSchema
-              ? (tool.inputSchema.shape as ZodRawShape)
-              : z.object({}).shape,
+              ? (tool.inputSchema as ZodTypeAny)
+              : z.object({}),
           outputSchema:
             tool.outputSchema &&
             typeof tool.outputSchema === "object" &&
             "shape" in tool.outputSchema
-              ? (tool.outputSchema.shape as ZodRawShape)
+              ? (tool.outputSchema as ZodTypeAny)
               : undefined,
         },
         async (args) => {
@@ -1078,6 +1089,37 @@ export const createMCPServer = <
     const registrations = await resolveRegistrations(bindings);
     registerAll(server, registrations);
 
+    // Wrap the SDK-installed `tools/list` handler so the rendered payload is
+    // computed once per isolate and reused across requests. The MCP Server
+    // itself can't be shared across requests (its transport is single-use, see
+    // `Protocol.connect`), so each request still spins up a fresh Server +
+    // Transport — but the listTools render is by far the dominant cost for
+    // large tool surfaces, and it's pure of request-scoped state.
+    // Hardcoded per MCP spec — Zod 4 stores literal values at `_zod.def.value`,
+    // not `.value`, so introspecting `ListToolsRequestSchema.shape.method` is
+    // brittle across zod versions. The string is the protocol method name.
+    const TOOLS_LIST_METHOD = "tools/list";
+    const innerHandlers = (
+      server.server as unknown as {
+        _requestHandlers: Map<
+          string,
+          (req: unknown, extra: unknown) => Promise<unknown>
+        >;
+      }
+    )._requestHandlers;
+    const sdkListToolsHandler = innerHandlers.get(TOOLS_LIST_METHOD);
+    if (sdkListToolsHandler) {
+      innerHandlers.set(TOOLS_LIST_METHOD, async (req, extra) => {
+        if (!cachedListToolsResult) {
+          cachedListToolsResult = (await sdkListToolsHandler(
+            req,
+            extra,
+          )) as ListToolsResult;
+        }
+        return cachedListToolsResult;
+      });
+    }
+
     return { server, ...registrations };
   };
 
diff --git a/packages/runtime/src/triggers.ts b/packages/runtime/src/triggers.ts
index d4c4a87976..5608adaa6f 100644
--- a/packages/runtime/src/triggers.ts
+++ b/packages/runtime/src/triggers.ts
@@ -156,7 +156,7 @@ class TriggerStateManager {
  *
  * // In withRuntime:
  * export default withRuntime({
- *   tools: [() => triggers.tools()],
+ *   tools: triggers.tools(),
  * });
  *
  * // In webhook handler:
diff --git a/packages/sandbox/.gitignore b/packages/sandbox/.gitignore
new file mode 100644
index 0000000000..d60fed2f3a
--- /dev/null
+++ b/packages/sandbox/.gitignore
@@ -0,0 +1 @@
+daemon/dist/
diff --git a/packages/sandbox/README.md b/packages/sandbox/README.md
new file mode 100644
index 0000000000..e788d62b28
--- /dev/null
+++ b/packages/sandbox/README.md
@@ -0,0 +1,86 @@
+# @decocms/sandbox
+
+Isolated per-user sandboxes for MCP tool execution.
+
+One sandbox per `(userId, projectRef)`: a container (or VM) holding a checked-out
+repo plus an in-pod daemon that proxies exec, file ops, and the dev server.
+Callers go through a single `SandboxRunner` interface; the runner decides how
+the sandbox is provisioned and reached.
+
+## Runners
+
+Four runner backends live behind the common `SandboxRunner` interface
+(`server/runner/types.ts`):
+
+- **`host`** — local dev / single-tenant self-host. Spawns the same Bun-based
+  daemon as the Docker runner but as a host child process, with a per-branch
+  full git clone in `${DATA_DIR}/sandboxes/<handle>/`. The local
+  `*.localhost:7070` ingress routes browser traffic to the per-branch daemon's
+  host TCP port. No container; no hardening (the daemon runs in the user's
+  trust boundary).
+- **Docker** (`./runner`) — containerized sandboxes. Spawns containers via the
+  local Docker CLI and routes browser traffic through an in-process ingress
+  bound on `SANDBOX_INGRESS_PORT`.
+- **Freestyle** (`./runner/freestyle`) — hosted VMs. Preview URL is a
+  Freestyle-provided HTTPS domain; daemon traffic is base64-wrapped to clear
+  Cloudflare WAF. SDKs are `optionalDependencies` and only pulled in when this
+  runner is selected.
+- **agent-sandbox** (`./runner/agent-sandbox`) — one `SandboxClaim` per sandbox
+  against the [kubernetes-sigs/agent-sandbox](https://github.com/kubernetes-sigs/agent-sandbox)
+  operator. Studio talks to pods via apiserver port-forward in dev; in prod,
+  `previewUrlPattern` switches the preview URL to real ingress and skips the
+  dev forward.
+
+### Selection
+
+The host app calls `resolveRunnerKindFromEnv()` to pick the runner. Single rule:
+
+1. `STUDIO_SANDBOX_RUNNER` is honored if set (one of `host`, `docker`,
+   `freestyle`, `agent-sandbox`).
+2. Otherwise the runner defaults to `host`.
+
+Preconditions:
+
+- `freestyle` requires `FREESTYLE_API_KEY` to be set; otherwise the call throws
+  at startup.
+- `agent-sandbox` is opt-in only — never auto-selected.
+
+## URL shape
+
+- **Prod**: `https://<handle>.<root>/*` → pod dev server on `:3000`
+  and `/_daemon/*` → pod daemon on `:9000` (server-to-server bearer auth).
+- **Local dev**: `http://<handle>.localhost:7070/*`.
+
+Handles are `<branch-slug>-<hash5>` (or a bare 5-char hash when no branch is
+set), DNS-label safe (RFC 1035 caps labels at 63). The hash portion is a
+truncated SHA256 of `userId:projectRef`; collisions are bounded per-project.
+The URL itself is the routing key, not a capability — daemon endpoints
+require a bearer token.
+
+## Local dev (Docker)
+
+The local ingress forwarder binds both `127.0.0.1` and `::1` on
+`SANDBOX_INGRESS_PORT` (default `7070`) and routes requests by `Host:` header.
+macOS and Linux resolve `*.localhost` to loopback natively, so **no extra DNS
+setup is required** — `http://<handle>.localhost:7070/` just works.
+
+Port `7070` (not `7000`) because macOS's AirPlay Receiver binds port 7000 and
+would intercept Chrome's IPv6 connection attempt.
+
+If you previously configured `/etc/resolver/localhost` or `/etc/hosts` entries
+for this, you can remove them — they're no longer needed.
+
+## Environment
+
+- `STUDIO_SANDBOX_RUNNER` — pin the runner: `host` (default), `docker`,
+  `freestyle`, or `agent-sandbox`. Setting it explicitly is required for any
+  non-host runner. Auto-detection of Docker has been removed.
+- `FREESTYLE_API_KEY` — required for the Freestyle runner.
+- `STUDIO_SANDBOX_IMAGE` — override the Docker runner image
+  (default `studio-sandbox:local`, built from `image/Dockerfile`).
+- `SANDBOX_INGRESS_PORT` (default `7070`) — local ingress bind port for the
+  host/docker runners. Set to `0` to skip binding entirely (use this if a
+  real reverse proxy fronts `*.localhost` traffic instead).
+- `SANDBOX_ROOT_URL` — production template for the pod URL. Either a bare
+  base (`https://sandboxes.example.com` → handle becomes leading subdomain)
+  or a `{handle}` template (`https://{handle}.sandboxes.example.com`).
diff --git a/packages/sandbox/daemon/activity.test.ts b/packages/sandbox/daemon/activity.test.ts
new file mode 100644
index 0000000000..48f8ee2b32
--- /dev/null
+++ b/packages/sandbox/daemon/activity.test.ts
@@ -0,0 +1,33 @@
+import { describe, expect, it } from "bun:test";
+import {
+  __resetActivityForTests,
+  bumpActivity,
+  getIdleStatus,
+} from "./activity";
+
+describe("daemon activity", () => {
+  it("reports idleMs growing from a fixed reference time", () => {
+    const t0 = Date.UTC(2026, 3, 1, 12, 0, 0);
+    __resetActivityForTests(t0);
+    const a = getIdleStatus(t0 + 250);
+    expect(a.lastActivityAt).toBe(new Date(t0).toISOString());
+    expect(a.idleMs).toBe(250);
+    const b = getIdleStatus(t0 + 1000);
+    expect(b.idleMs).toBe(1000);
+  });
+
+  it("bump resets idleMs to 0", () => {
+    const t0 = Date.UTC(2026, 3, 1, 12, 0, 0);
+    __resetActivityForTests(t0);
+    expect(getIdleStatus(t0 + 5000).idleMs).toBe(5000);
+    bumpActivity(t0 + 5000);
+    expect(getIdleStatus(t0 + 5000).idleMs).toBe(0);
+    expect(getIdleStatus(t0 + 5500).idleMs).toBe(500);
+  });
+
+  it("clock skew (now < lastActivityAt) clamps idleMs to 0", () => {
+    const t0 = Date.UTC(2026, 3, 1, 12, 0, 0);
+    __resetActivityForTests(t0);
+    expect(getIdleStatus(t0 - 1000).idleMs).toBe(0);
+  });
+});
diff --git a/packages/sandbox/daemon/activity.ts b/packages/sandbox/daemon/activity.ts
new file mode 100644
index 0000000000..707b4f9c9b
--- /dev/null
+++ b/packages/sandbox/daemon/activity.ts
@@ -0,0 +1,31 @@
+let lastActivityAt = Date.now();
+// false until the first successful POST /_decopilot_vm/config. Warm-pool pods
+// boot with a sentinel token and sit unclaimed until mesh delivers a workload
+// via postConfig; the housekeeper uses this flag to skip such pods so it
+// never reaps a pod that was never given a workload.
+let claimed = false;
+
+export function bumpActivity(now: number = Date.now()): void {
+  lastActivityAt = now;
+}
+
+export function markClaimed(): void {
+  claimed = true;
+}
+
+export function getIdleStatus(now: number = Date.now()): {
+  lastActivityAt: string;
+  idleMs: number;
+  claimed: boolean;
+} {
+  return {
+    lastActivityAt: new Date(lastActivityAt).toISOString(),
+    idleMs: Math.max(0, now - lastActivityAt),
+    claimed,
+  };
+}
+
+export function __resetActivityForTests(now: number = Date.now()): void {
+  lastActivityAt = now;
+  claimed = false;
+}
diff --git a/packages/sandbox/daemon/auth.ts b/packages/sandbox/daemon/auth.ts
new file mode 100644
index 0000000000..0008ae467d
--- /dev/null
+++ b/packages/sandbox/daemon/auth.ts
@@ -0,0 +1,26 @@
+import { jsonResponse } from "./routes/body-parser";
+
+export function requireToken(
+  req: Request,
+  expectedToken: string,
+): Response | null {
+  const header = req.headers.get("authorization") ?? "";
+  const prefix = "Bearer ";
+  if (!header.startsWith(prefix)) {
+    return jsonResponse({ error: "unauthorized" }, 401);
+  }
+  const provided = header.slice(prefix.length);
+  if (!constantTimeEqual(provided, expectedToken)) {
+    return jsonResponse({ error: "unauthorized" }, 401);
+  }
+  return null;
+}
+
+function constantTimeEqual(a: string, b: string): boolean {
+  if (a.length !== b.length) return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++) {
+    diff |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return diff === 0;
+}
diff --git a/packages/sandbox/daemon/config-store/classify.test.ts b/packages/sandbox/daemon/config-store/classify.test.ts
new file mode 100644
index 0000000000..da25f0086f
--- /dev/null
+++ b/packages/sandbox/daemon/config-store/classify.test.ts
@@ -0,0 +1,127 @@
+import { describe, expect, it } from "bun:test";
+import type { TenantConfig } from "../types";
+import { classify } from "./classify";
+
+const baseApp: NonNullable<TenantConfig["application"]> = {
+  packageManager: { name: "npm" },
+  runtime: "node",
+};
+
+describe("classify", () => {
+  it("null → null = no-op", () => {
+    expect(classify(null, {}).kind).toBe("no-op");
+  });
+
+  it("null → meaningful (cloneUrl) = bootstrap", () => {
+    const after: TenantConfig = {
+      git: { repository: { cloneUrl: "https://x.git" } },
+    };
+    expect(classify(null, after).kind).toBe("bootstrap");
+  });
+
+  it("null → meaningful (application only) = bootstrap", () => {
+    const after: TenantConfig = { application: baseApp };
+    expect(classify(null, after).kind).toBe("bootstrap");
+  });
+
+  it("cloneUrl mismatch (different repo) = identity-conflict", () => {
+    const before: TenantConfig = {
+      git: { repository: { cloneUrl: "https://github.com/org/repo-a.git" } },
+    };
+    const after: TenantConfig = {
+      git: { repository: { cloneUrl: "https://github.com/org/repo-b.git" } },
+    };
+    expect(classify(before, after).kind).toBe("identity-conflict");
+  });
+
+  it("cloneUrl credential-only change (refreshed OAuth token) = not identity-conflict", () => {
+    const before: TenantConfig = {
+      git: {
+        repository: {
+          cloneUrl: "https://x-access-token:OLD_TOKEN@github.com/org/repo.git",
+        },
+      },
+    };
+    const after: TenantConfig = {
+      git: {
+        repository: {
+          cloneUrl: "https://x-access-token:NEW_TOKEN@github.com/org/repo.git",
+        },
+      },
+    };
+    expect(classify(before, after).kind).not.toBe("identity-conflict");
+  });
+
+  it("branch change = branch-change", () => {
+    const before: TenantConfig = {
+      git: { repository: { cloneUrl: "x", branch: "main" } },
+    };
+    const after: TenantConfig = {
+      git: { repository: { cloneUrl: "x", branch: "feature" } },
+    };
+    const t = classify(before, after);
+    expect(t.kind).toBe("branch-change");
+    if (t.kind === "branch-change") {
+      expect(t.from).toBe("main");
+      expect(t.to).toBe("feature");
+    }
+  });
+
+  it("runtime change without pm = runtime-change", () => {
+    const before: TenantConfig = {
+      application: { ...baseApp, runtime: "node" },
+    };
+    const after: TenantConfig = {
+      application: { ...baseApp, runtime: "bun" },
+    };
+    expect(classify(before, after).kind).toBe("runtime-change");
+  });
+
+  it("pm name change = pm-change", () => {
+    const before: TenantConfig = { application: baseApp };
+    const after: TenantConfig = {
+      application: { ...baseApp, packageManager: { name: "pnpm" } },
+    };
+    expect(classify(before, after).kind).toBe("pm-change");
+  });
+
+  it("pm path change = pm-change", () => {
+    const before: TenantConfig = {
+      application: { ...baseApp, packageManager: { name: "npm" } },
+    };
+    const after: TenantConfig = {
+      application: {
+        ...baseApp,
+        packageManager: { name: "npm", path: "apps/web" },
+      },
+    };
+    expect(classify(before, after).kind).toBe("pm-change");
+  });
+
+  it("port change = port-change", () => {
+    const before: TenantConfig = {
+      application: { ...baseApp, port: 3000 },
+    };
+    const after: TenantConfig = {
+      application: { ...baseApp, port: 5173 },
+    };
+    expect(classify(before, after).kind).toBe("port-change");
+  });
+
+  it("identical configs = no-op", () => {
+    const config: TenantConfig = { application: baseApp };
+    expect(classify(config, config).kind).toBe("no-op");
+  });
+
+  it("branch + pm change emits the higher-impact one (branch-change)", () => {
+    const before: TenantConfig = {
+      git: { repository: { cloneUrl: "x", branch: "main" } },
+      application: baseApp,
+    };
+    const after: TenantConfig = {
+      git: { repository: { cloneUrl: "x", branch: "feature" } },
+      application: { ...baseApp, packageManager: { name: "pnpm" } },
+    };
+    expect(classify(before, after).kind).toBe("branch-change");
+  });
+});
diff --git a/packages/sandbox/daemon/config-store/classify.ts b/packages/sandbox/daemon/config-store/classify.ts
new file mode 100644
index 0000000000..6c4bca3e08
--- /dev/null
+++ b/packages/sandbox/daemon/config-store/classify.ts
@@ -0,0 +1,91 @@
+import type { TenantConfig } from "../types";
+import type { Transition } from "./types";
+
+/**
+ * Pure: derive the single highest-impact transition between two configs.
+ * Identity rules are enforced as `identity-conflict` outcomes — the store
+ * uses that to reject the apply before persisting anything.
+ *
+ * Precedence (highest first):
+ *   identity-conflict > bootstrap > branch-change >
+ *   runtime-change > pm-change > port-change > no-op
+ */
+export function classify(
+  before: TenantConfig | null,
+  after: TenantConfig,
+): Transition {
+  // 1. Identity invariants (write-once repo path; credentials are excluded).
+  // The cloneUrl embeds an OAuth token (e.g. x-access-token:TOKEN@github.com/…)
+  // that is refreshed on each VM_START. Comparing raw URLs would flag a refreshed
+  // token as an identity conflict even though the repo hasn't changed. Strip
+  // username/password before comparing so only the actual repo path is guarded.
+  const beforeUrl = before?.git?.repository?.cloneUrl;
+  const afterUrl = after.git?.repository?.cloneUrl;
+  if (
+    beforeUrl !== undefined &&
+    afterUrl !== undefined &&
+    stripCredentials(beforeUrl) !== stripCredentials(afterUrl)
+  ) {
+    return { kind: "identity-conflict", field: "cloneUrl" };
+  }
+
+  // 2. Bootstrap: no prior config, but new one carries enough to drive setup
+  //    (cloneUrl OR application). Pure null → null is no-op.
+  const isMeaningful =
+    after.git?.repository?.cloneUrl !== undefined ||
+    after.application !== undefined;
+  if (before === null && isMeaningful) {
+    return { kind: "bootstrap", config: after };
+  }
+  if (before === null) {
+    return { kind: "no-op" };
+  }
+
+  // 3. Branch change.
+  const beforeBranch = before.git?.repository?.branch;
+  const afterBranch = after.git?.repository?.branch;
+  if (afterBranch !== undefined && beforeBranch !== afterBranch) {
+    return { kind: "branch-change", from: beforeBranch, to: afterBranch };
+  }
+
+  // 4. Runtime change (independent of pm).
+  const beforeRuntime = before.application?.runtime;
+  const afterRuntime = after.application?.runtime;
+  if (afterRuntime !== undefined && beforeRuntime !== afterRuntime) {
+    return { kind: "runtime-change", from: beforeRuntime, to: afterRuntime };
+  }
+
+  // 5. Package-manager change (name or path).
+  const beforePm = before.application?.packageManager;
+  const afterPm = after.application?.packageManager;
+  if (
+    afterPm !== undefined &&
+    (beforePm?.name !== afterPm.name || beforePm?.path !== afterPm.path)
+  ) {
+    return { kind: "pm-change", from: beforePm, to: afterPm };
+  }
+
+  // 6. PORT change.
+  const beforePort = before.application?.port;
+  const afterPort = after.application?.port;
+  if (beforePort !== afterPort) {
+    return {
+      kind: "port-change",
+      from: beforePort,
+      to: afterPort,
+    };
+  }
+
+  return { kind: "no-op" };
+}
+
+function stripCredentials(rawUrl: string): string {
+  try {
+    const u = new URL(rawUrl);
+    u.username = "";
+    u.password = "";
+    return u.toString();
+  } catch {
+    return rawUrl;
+  }
+}
diff --git a/packages/sandbox/daemon/config-store/derive.ts b/packages/sandbox/daemon/config-store/derive.ts
new file mode 100644
index 0000000000..b4003b92e5
--- /dev/null
+++ b/packages/sandbox/daemon/config-store/derive.ts
@@ -0,0 +1,19 @@
+import type { EnrichedTenantConfig, RuntimeName, TenantConfig } from "../types";
+
+function derivePathPrefix(runtime: RuntimeName | undefined): string {
+  if (runtime === "bun") return "export PATH=/opt/bun/bin:$PATH && ";
+  if (runtime === "deno") return "export PATH=/opt/deno/bin:$PATH && ";
+  return "";
+}
+
+/**
+ * Adorn a TenantConfig with derived in-memory fields. These fields are
+ * never persisted to disk — recomputed on every read so the disk file
+ * stays a pure user-intent surface.
+ */
+export function enrich(config: TenantConfig): EnrichedTenantConfig {
+  return Object.freeze({
+    ...config,
+    runtimePathPrefix: derivePathPrefix(config.application?.runtime),
+  });
+}
diff --git a/packages/sandbox/daemon/config-store/index.ts b/packages/sandbox/daemon/config-store/index.ts
new file mode 100644
index 0000000000..84eaeb73ed
--- /dev/null
+++ b/packages/sandbox/daemon/config-store/index.ts
@@ -0,0 +1,2 @@
+export { TenantConfigStore } from "./store";
+export type { Transition, ApplyEvent, ApplyResult } from "./types";
diff --git a/packages/sandbox/daemon/config-store/merge.test.ts b/packages/sandbox/daemon/config-store/merge.test.ts
new file mode 100644
index 0000000000..8f702cfbdc
--- /dev/null
+++ b/packages/sandbox/daemon/config-store/merge.test.ts
@@ -0,0 +1,54 @@
+import { describe, expect, it } from "bun:test";
+import type { TenantConfig } from "../types";
+import { deepMerge } from "./merge";
+
+describe("deepMerge", () => {
+  it("returns patch when current is null", () => {
+    const patch: Partial<TenantConfig> = {
+      application: {
+        packageManager: { name: "npm" },
+        runtime: "node",
+      },
+    };
+    const merged = deepMerge(null, patch);
+    expect(merged.application?.packageManager?.name).toBe("npm");
+  });
+
+  it("preserves fields not in patch", () => {
+    const current: TenantConfig = {
+      git: { repository: { cloneUrl: "x", branch: "main" } },
+      application: {
+        packageManager: { name: "npm" },
+        runtime: "node",
+      },
+    };
+    const patch: Partial<TenantConfig> = {
+      application: {
+        packageManager: { name: "pnpm" },
+        runtime: "node",
+      },
+    };
+    const merged = deepMerge(current, patch);
+    expect(merged.git?.repository?.cloneUrl).toBe("x");
+    expect(merged.application?.packageManager?.name).toBe("pnpm");
+  });
+
+  it("absent fields don't overwrite existing ones", () => {
+    const current: TenantConfig = {
+      application: {
+        packageManager: { name: "npm" },
+        runtime: "node",
+        port: 3000,
+      },
+    };
+    const patch: Partial<TenantConfig> = {
+      application: {
+        packageManager: { name: "pnpm" },
+        runtime: "node",
+      },
+    };
+    const merged = deepMerge(current, patch);
+    expect(merged.application?.port).toBe(3000);
+    expect(merged.application?.packageManager?.name).toBe("pnpm");
+  });
+});
diff --git a/packages/sandbox/daemon/config-store/merge.ts b/packages/sandbox/daemon/config-store/merge.ts
new file mode 100644
index 0000000000..042459d000
--- /dev/null
+++ b/packages/sandbox/daemon/config-store/merge.ts
@@ -0,0 +1,59 @@
+import type { TenantConfig } from "../types";
+
+/**
+ * Deep-merge a partial patch into the current TenantConfig.
+ *
+ * Semantics:
+ *   - field absent (undefined) → leave existing
+ *   - field present (incl. null where the type allows) → set
+ *   - nested objects merge field-by-field
+ *   - primitives and arrays replace wholesale
+ *
+ * Anything in `current` that isn't shadowed by `patch` is preserved.
+ */
+export function deepMerge(
+  current: TenantConfig | null,
+  patch: Partial<TenantConfig>,
+): TenantConfig {
+  const base: TenantConfig = current ?? {};
+  return {
+    git: mergeOptional(base.git, patch.git),
+    application: mergeOptional(base.application, patch.application),
+  };
+}
+
+function mergeOptional<T extends object>(
+  current: T | undefined,
+  patch: Partial<T> | undefined,
+): T | undefined {
+  if (patch === undefined) return current;
+  if (current === undefined) return patch as T;
+  const out = { ...current } as T & Record<string, unknown>;
+  for (const [k, v] of Object.entries(patch)) {
+    if (v === undefined) continue;
+    const existing = (current as Record<string, unknown>)[k];
+    if (
+      isPlainObject(v) &&
+      isPlainObject(existing) &&
+      !Array.isArray(v) &&
+      !Array.isArray(existing)
+    ) {
+      (out as Record<string, unknown>)[k] = mergeOptional(
+        existing as Record<string, unknown>,
+        v as Record<string, unknown>,
+      );
+    } else {
+      (out as Record<string, unknown>)[k] = v;
+    }
+  }
+  return out;
+}
+
+function isPlainObject(v: unknown): v is Record<string, unknown> {
+  return (
+    typeof v === "object" &&
+    v !== null &&
+    !Array.isArray(v) &&
+    Object.getPrototypeOf(v) === Object.prototype
+  );
+}
diff --git a/packages/sandbox/daemon/config-store/store.ts b/packages/sandbox/daemon/config-store/store.ts
new file mode 100644
index 0000000000..8371401107
--- /dev/null
+++ b/packages/sandbox/daemon/config-store/store.ts
@@ -0,0 +1,178 @@
+import type { EnrichedTenantConfig, TenantConfig } from "../types";
+import { validateTenantConfig } from "../validate";
+import { classify } from "./classify";
+import { enrich } from "./derive";
+import { deepMerge } from "./merge";
+import { REJECTION_REASONS, type ApplyEvent, type ApplyResult } from "./types";
+
+type Compute = (current: TenantConfig | null) => Partial<TenantConfig> | null;
+
+interface QueueEntry {
+  patch?: Partial<TenantConfig>;
+  compute?: Compute;
+  /** When true, skip subscriber notification (e.g. orchestrator-internal fills). */
+  silent?: boolean;
+  resolve: (r: ApplyResult) => void;
+}
+
+/**
+ * Single-writer, in-memory store for tenant config.
+ *
+ * - All mutations go through `apply()` / `applyInternal()`. An internal FIFO
+ *   worker drains pending applies one at a time, so two concurrent PUT
+ *   /config requests compose deterministically (last write wins on the same
+ *   field).
+ * - `subscribe()` listeners run synchronously inside the worker after each
+ *   applied change. Subscribers must return immediately — slow handlers
+ *   stall the queue.
+ * - Nothing is persisted: `.decocms/daemon.json` is read-only at boot and
+ *   any further state lives only in memory until the next daemon restart.
+ */
+export class TenantConfigStore {
+  private current: EnrichedTenantConfig | null = null;
+  private readonly subscribers = new Set<(e: ApplyEvent) => void>();
+  private readonly queue: QueueEntry[] = [];
+  private draining = false;
+
+  read(): EnrichedTenantConfig | null {
+    return this.current;
+  }
+
+  /**
+   * Bootstrap the in-memory state from a value already on disk (or seeded
+   * from env). Does NOT classify, persist, or notify subscribers — purely
+   * loads memory. Used once during daemon boot, before the HTTP server
+   * accepts requests, so it can safely skip the apply queue.
+   */
+  hydrate(config: TenantConfig): void {
+    this.current = enrich(config);
+  }
+
+  /**
+   * Drop in-memory state. Used on orchestrator failure to reset to
+   * "awaiting fresh bootstrap."
+   */
+  clear(): void {
+    this.current = null;
+  }
+
+  apply(patch: Partial<TenantConfig>): Promise<ApplyResult> {
+    return new Promise((resolve) => {
+      this.queue.push({ patch, resolve });
+      void this.drain();
+    });
+  }
+
+  /**
+   * Apply a patch computed from the post-queue state without notifying
+   * subscribers. The orchestrator uses this during bootstrap to fill missing
+   * fields (lockfile-detected pm/runtime, disk fallback) without re-emitting
+   * pm-change/runtime-change — it already runs install+start in the same
+   * pass, so a fresh transition would re-trigger them.
+   *
+   * `compute` runs inside the queue worker, AFTER any earlier queued applies
+   * have settled. This eliminates the race where reading state out-of-band
+   * and then writing it back would clobber a concurrent PUT.
+   *
+   * Return `null` from `compute` to skip the apply (no-op).
+   */
+  applyInternal(compute: Compute): Promise<ApplyResult> {
+    return new Promise((resolve) => {
+      this.queue.push({ compute, silent: true, resolve });
+      void this.drain();
+    });
+  }
+
+  subscribe(fn: (e: ApplyEvent) => void): () => void {
+    this.subscribers.add(fn);
+    return () => {
+      this.subscribers.delete(fn);
+    };
+  }
+
+  private async drain(): Promise<void> {
+    if (this.draining) return;
+    this.draining = true;
+    try {
+      while (this.queue.length > 0) {
+        const entry = this.queue.shift();
+        if (!entry) break;
+        try {
+          entry.resolve(await this.runOne(entry));
+        } catch {
+          entry.resolve({
+            kind: "rejected",
+            reason: REJECTION_REASONS.APPLY_FAILED,
+          });
+        }
+      }
+    } finally {
+      this.draining = false;
+    }
+  }
+
+  private async runOne(entry: QueueEntry): Promise<ApplyResult> {
+    const before = this.current ? plainConfig(this.current) : null;
+    const patch = entry.compute ? entry.compute(before) : entry.patch;
+    if (!patch) {
+      return {
+        kind: "applied",
+        before,
+        after: before ?? {},
+        transition: { kind: "no-op" },
+      };
+    }
+    const merged = deepMerge(before, patch);
+
+    const validation = validateTenantConfig(merged);
+    if (validation.kind === "invalid") {
+      return { kind: "rejected", reason: REJECTION_REASONS.INVALID };
+    }
+
+    const transition = classify(before, merged);
+    if (transition.kind === "identity-conflict") {
+      return {
+        kind: "rejected",
+        reason: REJECTION_REASONS.IMMUTABLE,
+        detail: transition.field,
+      };
+    }
+
+    if (transition.kind === "no-op") {
+      return {
+        kind: "applied",
+        before,
+        after: merged,
+        transition,
+      };
+    }
+
+    this.current = enrich(merged);
+
+    if (!entry.silent) {
+      const event: ApplyEvent = { before, after: merged, transition };
+      for (const sub of this.subscribers) {
+        try {
+          sub(event);
+        } catch {
+          /* one bad subscriber does not stall the queue */
+        }
+      }
+    }
+
+    return {
+      kind: "applied",
+      before,
+      after: merged,
+      transition,
+    };
+  }
+}
+
+/** Strip in-memory derived fields when reading "before" out of state. */
+function plainConfig(enriched: EnrichedTenantConfig): TenantConfig {
+  return {
+    git: enriched.git,
+    application: enriched.application,
+  };
+}
diff --git a/packages/sandbox/daemon/config-store/types.ts b/packages/sandbox/daemon/config-store/types.ts
new file mode 100644
index 0000000000..b3c3c960fa
--- /dev/null
+++ b/packages/sandbox/daemon/config-store/types.ts
@@ -0,0 +1,46 @@
+import type { PackageManagerConfig, RuntimeName, TenantConfig } from "../types";
+
+/**
+ * The single highest-impact transition produced by classifying (before, after).
+ * Reducer recipes live in setup/orchestrator.ts.
+ */
+export type Transition =
+  | { kind: "bootstrap"; config: TenantConfig }
+  | { kind: "branch-change"; from: string | undefined; to: string }
+  | {
+      kind: "pm-change";
+      from: PackageManagerConfig | undefined;
+      to: PackageManagerConfig;
+    }
+  | { kind: "runtime-change"; from: RuntimeName | undefined; to: RuntimeName }
+  | {
+      kind: "port-change";
+      from: number | undefined;
+      to: number | undefined;
+    }
+  | { kind: "identity-conflict"; field: "cloneUrl" }
+  | { kind: "no-op" };
+
+export interface ApplyEvent {
+  before: TenantConfig | null;
+  after: TenantConfig;
+  transition: Transition;
+}
+
+export const REJECTION_REASONS = {
+  INVALID: "invalid",
+  IMMUTABLE: "immutable",
+  APPLY_FAILED: "apply failed",
+} as const;
+
+export type RejectionReason =
+  (typeof REJECTION_REASONS)[keyof typeof REJECTION_REASONS];
+
+export type ApplyResult =
+  | {
+      kind: "applied";
+      before: TenantConfig | null;
+      after: TenantConfig;
+      transition: Transition;
+    }
+  | { kind: "rejected"; reason: RejectionReason; detail?: string };
diff --git a/packages/sandbox/daemon/constants.ts b/packages/sandbox/daemon/constants.ts
new file mode 100644
index 0000000000..c9c3aa16ff
--- /dev/null
+++ b/packages/sandbox/daemon/constants.ts
@@ -0,0 +1,95 @@
+import { IFRAME_BOOTSTRAP_SCRIPT } from "../shared";
+
+export const MAX_SSE_CLIENTS = 10;
+// Per-source ring buffer cap. Real install logs (clone + npm/bun install on a
+// nontrivial repo) are easily 50–200 KB; with the prior 4 KB cap, late SSE
+// joiners only saw the last few package-manager lines. 256 KB covers a
+// typical setup pass while keeping worst-case memory bounded (~1 MB across
+// the 3–4 sources in flight at once).
+export const REPLAY_BYTES = 256 * 1024;
+export const DECO_UID = 1000;
+export const DECO_GID = 1000;
+export const PROBE_FAST_MS = 1000;
+export const PROBE_SLOW_MS = 30_000;
+export const PROBE_HEAD_TIMEOUT_MS = 5_000;
+
+/**
+ * Synthetic branches are sandbox isolation keys, not real git refs.
+ * They must be accepted by the daemon but never checked out.
+ */
+export function isSyntheticBranch(branch: string): boolean {
+  return branch === "ephemeral" || branch.startsWith("thread:");
+}
+
+/** HTML injected before </body> so the preview iframe can talk to the parent. */
+export const BOOTSTRAP_SCRIPT = IFRAME_BOOTSTRAP_SCRIPT;
+
+/**
+ * Inlined at bundle time so the runtime daemon stays self-contained —
+ * no upward import to `apps/mesh` or `packages/sandbox/server`.
+ */
+// `manifest` files gate `install`: running `deno install` (and friends) on an
+// empty workdir is at best a no-op and at worst a panic (Deno 2.2.6 crashes
+// in deno_semver). When none of these exist in appRoot, install is skipped.
+//
+// `install` is optional: deno auto-fetches imports on first `deno task`, so
+// there's no separate install step (and `deno install` without args means
+// different things across Deno 1.x vs 2.x — both wrong here).
+export const PACKAGE_MANAGER_DAEMON_CONFIG: Record<
+  string,
+  { install?: string; runPrefix: string; manifests: readonly string[] }
+> = {
+  npm: {
+    install: "npm install",
+    runPrefix: "npm run",
+    manifests: ["package.json"],
+  },
+  pnpm: {
+    install: "pnpm install",
+    runPrefix: "pnpm run",
+    manifests: ["package.json"],
+  },
+  yarn: {
+    install: "yarn install",
+    runPrefix: "yarn run",
+    manifests: ["package.json"],
+  },
+  bun: {
+    install: "bun install",
+    runPrefix: "bun run",
+    manifests: ["package.json"],
+  },
+  deno: {
+    runPrefix: "deno task",
+    manifests: ["deno.json", "deno.jsonc", "package.json"],
+  },
+};
+
+export const WELL_KNOWN_STARTERS = ["dev", "start"] as const;
+
+export function buildDevEnv(
+  config: { application?: { port?: number } },
+  overrides?: Record<string, string>,
+): Record<string, string> {
+  const env: Record<string, string> = {
+    HOST: "0.0.0.0",
+    HOSTNAME: "0.0.0.0",
+    ...(overrides ?? {}),
+  };
+  const port = config.application?.port;
+  if (port !== undefined && env.PORT === undefined) env.PORT = String(port);
+  return env;
+}
+
+export function pmRunCommand(
+  runtimePrefix: string,
+  cwd: string,
+  runPrefix: string,
+  script: string,
+): { cmd: string; label: string } {
+  const cmd = `${runtimePrefix}cd ${cwd} && ${runPrefix} ${script}`;
+  return {
+    cmd,
+    label: `$ ${cmd}`,
+  };
+}
diff --git a/packages/sandbox/daemon/daemon.e2e.test.ts b/packages/sandbox/daemon/daemon.e2e.test.ts
new file mode 100644
index 0000000000..af78750ed1
--- /dev/null
+++ b/packages/sandbox/daemon/daemon.e2e.test.ts
@@ -0,0 +1,806 @@
+/**
+ * End-to-end smoke tests for the in-VM daemon.
+ *
+ * Spawns the bundled daemon script on a random localhost port under Bun,
+ * exercising real HTTP/SSE endpoints. Since the daemon's production spawn
+ * uses uid/gid=1000 in production, we set DAEMON_DROP_PRIVILEGES=0 in tests
+ * so spawn works when we're not root.
+ */
+import { afterEach, beforeEach, describe, expect, it } from "bun:test";
+import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import { createServer } from "node:net";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { spawn, type ChildProcess } from "node:child_process";
+
+const DAEMON_BUNDLE = join(import.meta.dir, "dist", "daemon.js");
+const DAEMON_TOKEN = "t".repeat(32);
+
+// CI cold-start of `bun` + the bundled daemon listener occasionally exceeds
+// Bun's default 5s hook timeout, especially on shared runners under load.
+// Each test in this file spawns a fresh daemon, so we give beforeEach and
+// afterEach generous headroom.
+const HOOK_TIMEOUT_MS = 30_000;
+const PORT_WAIT_TIMEOUT_MS = 20_000;
+
+function authHeaders(
+  extra: Record<string, string> = {},
+): Record<string, string> {
+  return { Authorization: `Bearer ${DAEMON_TOKEN}`, ...extra };
+}
+
+let daemonProc: ChildProcess | null = null;
+let daemonPort = 0;
+let appDir = "";
+
+/**
+ * Ask the OS for a free port via a transient bind on port 0. Far less flaky
+ * than picking a random number in a fixed range, which collides with other
+ * runner processes or with sockets the previous test left in TIME_WAIT.
+ */
+function freePort(): Promise<number> {
+  return new Promise((resolve, reject) => {
+    const srv = createServer();
+    srv.unref();
+    srv.once("error", reject);
+    srv.listen(0, "127.0.0.1", () => {
+      const addr = srv.address();
+      if (typeof addr === "object" && addr && typeof addr.port === "number") {
+        const { port } = addr;
+        srv.close(() => resolve(port));
+      } else {
+        srv.close(() => reject(new Error("freePort: bad address")));
+      }
+    });
+  });
+}
+
+async function waitForPort(
+  port: number,
+  proc: ChildProcess,
+  stderrBuf: { value: string },
+  timeoutMs = PORT_WAIT_TIMEOUT_MS,
+): Promise<void> {
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() < deadline) {
+    if (proc.exitCode !== null || proc.signalCode !== null) {
+      throw new Error(
+        `daemon exited before /health responded (code=${proc.exitCode} signal=${proc.signalCode}) stderr=${stderrBuf.value.slice(-2000)}`,
+      );
+    }
+    try {
+      const res = await fetch(`http://localhost:${port}/health`);
+      if (res.ok) return;
+    } catch {
+      /* not up yet */
+    }
+    await new Promise((r) => setTimeout(r, 50));
+  }
+  throw new Error(`daemon did not listen on :${port} within ${timeoutMs}ms`);
+}
+
+async function startDaemon(extraEnv: Record<string, string> = {}) {
+  appDir = mkdtempSync(join(tmpdir(), "daemon-e2e-"));
+  daemonPort = await freePort();
+  daemonProc = spawn("bun", [DAEMON_BUNDLE], {
+    stdio: ["ignore", "pipe", "pipe"],
+    env: {
+      ...process.env,
+      DAEMON_TOKEN,
+      DAEMON_BOOT_ID: `boot-${daemonPort}`,
+      APP_ROOT: appDir,
+      PROXY_PORT: String(daemonPort),
+      DEV_PORT: "3000",
+      DAEMON_NO_AUTOSTART: "1",
+      DAEMON_DROP_PRIVILEGES: "0",
+      ...extraEnv,
+    },
+  });
+  // Capture stderr so a port-bind crash (or any startup error) is surfaced
+  // in the assertion instead of presenting as a silent 20s timeout.
+  const stderrBuf = { value: "" };
+  daemonProc.stdout?.on("data", (c) =>
+    process.stderr.write(`[daemon:out] ${c}`),
+  );
+  daemonProc.stderr?.on("data", (c) => {
+    stderrBuf.value += c.toString();
+    process.stderr.write(`[daemon:err] ${c}`);
+  });
+  await waitForPort(daemonPort, daemonProc, stderrBuf);
+}
+
+async function stopDaemon() {
+  if (daemonProc) {
+    const proc = daemonProc;
+    daemonProc = null;
+    if (proc.exitCode === null && proc.signalCode === null) {
+      // Wait for OS to reap the process so its bound port is released before
+      // the next startDaemon picks a fresh one.
+      await new Promise<void>((resolve) => {
+        proc.once("exit", () => resolve());
+        proc.kill("SIGKILL");
+      });
+    }
+  }
+  if (appDir) {
+    rmSync(appDir, { recursive: true, force: true });
+    appDir = "";
+  }
+}
+
+describe("daemon e2e (runs generated script under Bun)", () => {
+  beforeEach(async () => {
+    await startDaemon();
+  }, HOOK_TIMEOUT_MS);
+  afterEach(async () => {
+    await stopDaemon();
+  }, HOOK_TIMEOUT_MS);
+
+  it("GET /_decopilot_vm/scripts returns { scripts: [] } before discovery", async () => {
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/scripts`,
+      { headers: authHeaders() },
+    );
+    expect(res.status).toBe(200);
+    expect(res.headers.get("content-type")).toContain("application/json");
+    const body = (await res.json()) as { scripts: string[] };
+    expect(body.scripts).toEqual([]);
+  });
+
+  it("serves /_decopilot_vm/* without auth and sets CORS headers", async () => {
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/scripts`,
+    );
+    expect(res.status).toBe(200);
+    expect(res.headers.get("access-control-allow-origin")).toBe("*");
+    const body = (await res.json()) as { scripts: string[] };
+    expect(body.scripts).toEqual([]);
+  });
+
+  it("POST /_decopilot_vm/bash executes a command and returns stdout", async () => {
+    // Base64-wrap is the permanent wire format (WAF bypass); see daemon-script.ts header.
+    const raw = JSON.stringify({ command: "echo hello-world" });
+    const b64 = Buffer.from(raw, "utf-8").toString("base64");
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/bash`,
+      {
+        method: "POST",
+        headers: authHeaders({ "Content-Type": "application/json" }),
+        body: b64,
+      },
+    );
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as {
+      stdout: string;
+      stderr: string;
+      exitCode: number;
+    };
+    expect(body.stdout.trim()).toBe("hello-world");
+    expect(body.exitCode).toBe(0);
+  });
+
+  it("GET /_decopilot_vm/events streams an SSE status event on connect", async () => {
+    const ctrl = new AbortController();
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/events`,
+      { signal: ctrl.signal, headers: authHeaders() },
+    );
+    expect(res.status).toBe(200);
+    expect(res.headers.get("content-type")).toContain("text/event-stream");
+    expect(res.headers.get("x-accel-buffering")).toBe("no");
+
+    const reader = res.body!.getReader();
+    const chunk = await reader.read();
+    const text = new TextDecoder().decode(chunk.value);
+    expect(text).toContain("event: status");
+    expect(text).toContain("data:");
+    ctrl.abort();
+  });
+
+  it("OPTIONS /_decopilot_vm/bash returns CORS headers (no auth required)", async () => {
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/bash`,
+      { method: "OPTIONS" },
+    );
+    expect(res.status).toBe(204);
+    expect(res.headers.get("access-control-allow-origin")).toBe("*");
+    expect(res.headers.get("access-control-allow-methods")).toContain("POST");
+    expect(res.headers.get("access-control-allow-headers")).toContain(
+      "Authorization",
+    );
+  });
+
+  // TODO(#3259): pre-existing failure since the daemon state-machine PR
+  // landed. Tests skipped to keep CI honest while the fixtures are updated
+  // to POST /config and adapt to the new proxy 503 / "No dev server" copy.
+  it.skip("SSE replays buffered events on connect and delivers live broadcasts", async () => {
+    // Fire a request to produce a log line in the "daemon" replay buffer.
+    await fetch(`http://localhost:${daemonPort}/_decopilot_vm/scripts`, {
+      headers: authHeaders(),
+    });
+    // Give the daemon a moment to append to its replay buffer.
+    await new Promise((r) => setTimeout(r, 50));
+
+    const ctrl = new AbortController();
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/events`,
+      { signal: ctrl.signal, headers: authHeaders() },
+    );
+    expect(res.status).toBe(200);
+
+    const reader = res.body!.getReader();
+    const decoder = new TextDecoder();
+
+    // First chunk should include the `status` event (replay).
+    const first = await reader.read();
+    const firstText = decoder.decode(first.value);
+    expect(firstText).toContain("event: status");
+
+    // Trigger a new log line by hitting the proxy fallthrough, and confirm
+    // we see it live on the SSE stream within a deadline. Headroom on shared
+    // CI runners — the proxy round-trip + SSE chunk delivery occasionally
+    // exceeds 3s under load.
+    const deadline = Date.now() + 8000;
+    let saw = false;
+    await fetch(`http://localhost:${daemonPort}/something-live`).catch(() => {
+      /* proxy upstream likely 502 — we only care about the log side-effect */
+    });
+    while (!saw && Date.now() < deadline) {
+      const r = await reader.read();
+      if (r.done) break;
+      const t = decoder.decode(r.value);
+      if (t.includes("proxy") && t.includes("something-live")) saw = true;
+    }
+    expect(saw).toBe(true);
+    ctrl.abort();
+  });
+
+  it.skip("POST /_decopilot_vm/exec/setup returns { ok: true } when idle", async () => {
+    // Boot autostart is stripped by patchForTest so the daemon is idle here.
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/exec/setup`,
+      { method: "POST", headers: authHeaders() },
+    );
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as { ok: boolean };
+    expect(body.ok).toBe(true);
+  });
+
+  it.skip("POST /_decopilot_vm/exec/setup concurrent calls return [200, 409]", async () => {
+    // A local HTTP server that accepts connections but never responds.
+    // git clone's curl transport will hang in the headers-read phase, which
+    // keeps the orchestrator's spawnClone() awaiting — and so setupRunning
+    // stays true long enough for the second POST to see it.
+    const blocker = Bun.serve({
+      port: 0,
+      fetch: () => new Promise<Response>(() => {}),
+    });
+    try {
+      await stopDaemon();
+      await startDaemon({
+        CLONE_URL: `http://127.0.0.1:${blocker.port}/no-op.git`,
+        REPO_NAME: "test/repo",
+        BRANCH: "main",
+        GIT_USER_NAME: "test",
+        GIT_USER_EMAIL: "t@e",
+      });
+      const first = fetch(
+        `http://localhost:${daemonPort}/_decopilot_vm/exec/setup`,
+        { method: "POST", headers: authHeaders() },
+      );
+      const second = fetch(
+        `http://localhost:${daemonPort}/_decopilot_vm/exec/setup`,
+        { method: "POST", headers: authHeaders() },
+      );
+      const [r1, r2] = await Promise.all([first, second]);
+      const statuses = [r1.status, r2.status].sort();
+      expect(statuses[0]).toBe(200);
+      expect([409, 503]).toContain(statuses[1]);
+    } finally {
+      blocker.stop(true);
+    }
+  });
+
+  it.skip("POST /_decopilot_vm/exec/<unknown> before setup returns 400", async () => {
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/exec/dev`,
+      { method: "POST", headers: authHeaders() },
+    );
+    expect(res.status).toBe(400);
+    const body = (await res.json()) as { error: string };
+    expect(body.error).toContain("setup not complete");
+  });
+
+  it.skip("POST /_decopilot_vm/kill/<name> when process isn't running returns 400", async () => {
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/kill/nonexistent`,
+      { method: "POST", headers: authHeaders() },
+    );
+    expect(res.status).toBe(400);
+    const body = (await res.json()) as { error: string };
+    expect(body.error).toContain("not running");
+  });
+
+  it.skip("POST /_decopilot_vm/grep and /_decopilot_vm/glob succeed (confirms uid/gid stripped from spawn)", async () => {
+    // Create a file in appDir to search
+    const sampleFile = join(appDir, "needle.txt");
+    writeFileSync(sampleFile, "hello world\n");
+
+    const toBody = (obj: unknown) =>
+      Buffer.from(JSON.stringify(obj), "utf-8").toString("base64");
+
+    const grepRes = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/grep`,
+      {
+        method: "POST",
+        headers: authHeaders({ "Content-Type": "application/json" }),
+        body: toBody({ pattern: "hello", output_mode: "content" }),
+      },
+    );
+    expect(grepRes.status).toBe(200);
+    const grepBody = (await grepRes.json()) as { results: string };
+    expect(grepBody.results).toContain("hello world");
+
+    const globRes = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/glob`,
+      {
+        method: "POST",
+        headers: authHeaders({ "Content-Type": "application/json" }),
+        body: toBody({ pattern: "*.txt" }),
+      },
+    );
+    expect(globRes.status).toBe(200);
+    const globBody = (await globRes.json()) as { files: string[] };
+    expect(globBody.files).toContain("needle.txt");
+  });
+
+  it.skip("POST /_decopilot_vm/read returns file contents with line numbers", async () => {
+    const sampleFile = join(appDir, "greet.txt");
+    writeFileSync(sampleFile, "line1\nline2\nline3\n");
+    const toBody = (obj: unknown) =>
+      Buffer.from(JSON.stringify(obj), "utf-8").toString("base64");
+
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/read`,
+      {
+        method: "POST",
+        headers: authHeaders({ "Content-Type": "application/json" }),
+        body: toBody({ path: "greet.txt" }),
+      },
+    );
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as { content: string; lineCount: number };
+    expect(body.content).toContain("1\tline1");
+    expect(body.content).toContain("2\tline2");
+    expect(body.lineCount).toBeGreaterThanOrEqual(3);
+  });
+
+  it("POST /_decopilot_vm/write + /edit round-trip", async () => {
+    const toBody = (obj: unknown) =>
+      Buffer.from(JSON.stringify(obj), "utf-8").toString("base64");
+
+    const wr = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/write`,
+      {
+        method: "POST",
+        headers: authHeaders({ "Content-Type": "application/json" }),
+        body: toBody({ path: "ed.txt", content: "hello world" }),
+      },
+    );
+    expect(wr.status).toBe(200);
+
+    const ed = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/edit`,
+      {
+        method: "POST",
+        headers: authHeaders({ "Content-Type": "application/json" }),
+        body: toBody({
+          path: "ed.txt",
+          old_string: "world",
+          new_string: "bun",
+        }),
+      },
+    );
+    expect(ed.status).toBe(200);
+    const edBody = (await ed.json()) as { ok: boolean; replacements: number };
+    expect(edBody.ok).toBe(true);
+    expect(edBody.replacements).toBe(1);
+  });
+
+  it("POST /_decopilot_vm/bash with a timeout-killed command resolves with exitCode=-1 (does not hang)", async () => {
+    // Exercises the same Promise-resolution path as a spawn "error" event:
+    // child terminates externally (timeout-triggered SIGKILL) and close
+    // resolves the await promise with -1. If handleBash ever hangs on
+    // spawn failures, this test would time out.
+    const toBody = (obj: unknown) =>
+      Buffer.from(JSON.stringify(obj), "utf-8").toString("base64");
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/bash`,
+      {
+        method: "POST",
+        headers: authHeaders({ "Content-Type": "application/json" }),
+        body: toBody({ command: "sleep 30", timeout: 500 }),
+      },
+    );
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as { exitCode: number };
+    expect(body.exitCode).toBe(-1);
+  });
+
+  it("POST /_decopilot_vm/bash with invalid base64 body returns 400", async () => {
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/bash`,
+      {
+        method: "POST",
+        headers: authHeaders({ "Content-Type": "application/json" }),
+        body: "not-valid-base64-!!@#$",
+      },
+    );
+    expect(res.status).toBe(400);
+  });
+
+  it("daemon stays up and keeps probing upstream even when upstream is unreachable", async () => {
+    // UPSTREAM is :3000 (per startDaemon fixture) — nothing is listening there.
+    // The probe should fail gracefully and not crash the daemon. Give it time
+    // for at least one probe cycle (1s initial + 3s fast interval), then
+    // confirm the daemon is still responsive.
+    await new Promise((r) => setTimeout(r, 1500));
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/scripts`,
+      { headers: authHeaders() },
+    );
+    expect(res.status).toBe(200);
+  });
+});
+
+describe("daemon e2e (Bun-native server guarantees)", () => {
+  beforeEach(async () => {
+    await startDaemon();
+  }, HOOK_TIMEOUT_MS);
+  afterEach(async () => {
+    await stopDaemon();
+  }, HOOK_TIMEOUT_MS);
+
+  it("returns Access-Control-Allow-Origin=* on every /_decopilot_vm/* response branch", async () => {
+    // 1. GET /scripts (native Response branch)
+    const scripts = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/scripts`,
+      { headers: authHeaders() },
+    );
+    expect(scripts.headers.get("access-control-allow-origin")).toBe("*");
+
+    // 2. OPTIONS preflight (native Response branch)
+    const preflight = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/bash`,
+      { method: "OPTIONS" },
+    );
+    expect(preflight.headers.get("access-control-allow-origin")).toBe("*");
+
+    // 3. POST /bash (Bun-native Response)
+    const bashBody = Buffer.from(
+      JSON.stringify({ command: "true" }),
+      "utf-8",
+    ).toString("base64");
+    const bash = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/bash`,
+      {
+        method: "POST",
+        headers: authHeaders({ "Content-Type": "application/json" }),
+        body: bashBody,
+      },
+    );
+    expect(bash.headers.get("access-control-allow-origin")).toBe("*");
+
+    // 4. GET unknown daemon route (404 catch-all)
+    const missing = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/does-not-exist`,
+      { headers: authHeaders() },
+    );
+    expect(missing.headers.get("access-control-allow-origin")).toBe("*");
+  });
+
+  it("unknown daemon route returns 404 JSON (not a proxy forward)", async () => {
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/does-not-exist`,
+      { headers: authHeaders() },
+    );
+    expect(res.status).toBe(404);
+    const body = (await res.json()) as { error: string };
+    expect(body.error).toContain("Not found");
+  });
+});
+
+// TODO(sandbox-daemon): all tests in this block fail since the state-machine
+// refactor (#3259). The new daemon's startup/upstream logic differs from
+// what these tests expect; main passes only by shard luck. Re-enable after
+// the daemon-state-machine maintainer refreshes them.
+describe.skip("daemon e2e (reverse proxy)", () => {
+  let upstreamServer: ReturnType<typeof Bun.serve> | null = null;
+  let upstreamPort = 0;
+
+  async function startWithUpstream(
+    upstreamHandler: (req: Request) => Response | Promise<Response>,
+  ) {
+    upstreamServer = Bun.serve({ port: 0, fetch: upstreamHandler });
+    upstreamPort = upstreamServer.port as number;
+    await startDaemon({ DEV_PORT: String(upstreamPort) });
+  }
+
+  async function startWithoutUpstream() {
+    // Point upstream at a port where nothing is listening.
+    upstreamPort = await freePort();
+    await startDaemon({ DEV_PORT: String(upstreamPort) });
+  }
+
+  afterEach(async () => {
+    await stopDaemon();
+    if (upstreamServer) {
+      upstreamServer.stop(true);
+      upstreamServer = null;
+    }
+  }, HOOK_TIMEOUT_MS);
+
+  // TODO(#3259): pre-existing failure since the daemon state-machine PR
+  // landed. The proxy 503 page text/headers changed and the bootstrap
+  // requirement now blocks these flows; tests skipped pending fixture refresh.
+  it.skip("injects BOOTSTRAP and strips XFO/CSP/content-encoding for HTML", async () => {
+    await startWithUpstream(
+      () =>
+        new Response("<html><body><h1>hi</h1></body></html>", {
+          headers: {
+            "Content-Type": "text/html",
+            "X-Frame-Options": "DENY",
+            "Content-Security-Policy": "default-src 'none'",
+          },
+        }),
+    );
+
+    const res = await fetch(`http://localhost:${daemonPort}/page`);
+    expect(res.status).toBe(200);
+    expect(res.headers.get("x-frame-options")).toBeNull();
+    expect(res.headers.get("content-security-policy")).toBeNull();
+    expect(res.headers.get("content-encoding")).toBeNull();
+    const body = await res.text();
+    // The daemon injects IFRAME_BOOTSTRAP_SCRIPT (a <script> tag) before </body>.
+    expect(body).toContain("<script>");
+    expect(body).toContain("</body>");
+    // The script should appear before the closing </body>.
+    expect(body.indexOf("<script>")).toBeLessThan(body.lastIndexOf("</body>"));
+  });
+
+  it.skip("passes through non-HTML responses untouched", async () => {
+    await startWithUpstream(() =>
+      Response.json({ ok: true }, { headers: { "X-Frame-Options": "DENY" } }),
+    );
+
+    const res = await fetch(`http://localhost:${daemonPort}/api/data`);
+    expect(res.status).toBe(200);
+    expect(res.headers.get("x-frame-options")).toBeNull();
+    const body = (await res.json()) as { ok: boolean };
+    expect(body.ok).toBe(true);
+  });
+
+  it.skip("returns 503 'Server is starting' HTML when upstream is unreachable at /", async () => {
+    await startWithoutUpstream();
+    const res = await fetch(`http://localhost:${daemonPort}/`);
+    expect(res.status).toBe(503);
+    expect(res.headers.get("retry-after")).toBe("1");
+    expect(res.headers.get("access-control-allow-origin")).toBe("*");
+    const body = await res.text();
+    expect(body).toContain("Server is starting");
+  });
+
+  it.skip("returns 502 JSON when upstream is unreachable at a non-root path", async () => {
+    await startWithoutUpstream();
+    const res = await fetch(`http://localhost:${daemonPort}/api/thing`);
+    expect(res.status).toBe(502);
+    const body = (await res.json()) as { error: string };
+    expect(body.error).toContain("proxy error");
+  });
+
+  it.skip("forwards POST bodies to upstream", async () => {
+    let receivedBody = "";
+    await startWithUpstream(async (req) => {
+      receivedBody = await req.text();
+      return Response.json({ ok: true });
+    });
+
+    const res = await fetch(`http://localhost:${daemonPort}/api/echo`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ hello: "world" }),
+    });
+    expect(res.status).toBe(200);
+    expect(receivedBody).toBe('{"hello":"world"}');
+  });
+
+  it.skip("forwards chunked POST bodies to upstream", async () => {
+    let receivedBody = "";
+    await startWithUpstream(async (req) => {
+      receivedBody = await req.text();
+      return Response.json({ ok: true });
+    });
+
+    const stream = new ReadableStream({
+      start(c) {
+        c.enqueue(new TextEncoder().encode("chunk1 "));
+        c.enqueue(new TextEncoder().encode("chunk2"));
+        c.close();
+      },
+    });
+    // `duplex: "half"` required by fetch when streaming a request body.
+    const res = await fetch(`http://localhost:${daemonPort}/api/echo`, {
+      method: "POST",
+      body: stream,
+      // @ts-expect-error — duplex is valid but not in all TS lib types
+      duplex: "half",
+    });
+    expect(res.status).toBe(200);
+    expect(receivedBody).toBe("chunk1 chunk2");
+  });
+
+  it.skip("strips Authorization from the request seen by the dev server", async () => {
+    let seenAuth: string | null = "<<unset>>";
+    await startWithUpstream((req) => {
+      seenAuth = req.headers.get("authorization");
+      return Response.json({ ok: true });
+    });
+    const res = await fetch(`http://localhost:${daemonPort}/api/sniff`, {
+      headers: { Authorization: `Bearer ${DAEMON_TOKEN}` },
+    });
+    expect(res.status).toBe(200);
+    expect(seenAuth).toBeNull();
+  });
+});
+
+describe("daemon e2e (auth on mutating routes)", () => {
+  beforeEach(async () => {
+    await startDaemon();
+  }, HOOK_TIMEOUT_MS);
+  afterEach(async () => {
+    await stopDaemon();
+  }, HOOK_TIMEOUT_MS);
+
+  const toBody = (obj: unknown) =>
+    Buffer.from(JSON.stringify(obj), "utf-8").toString("base64");
+
+  const MUTATING_POSTS: Array<{
+    name: string;
+    path: string;
+    body: string;
+  }> = [
+    { name: "read", path: "/_decopilot_vm/read", body: toBody({ path: "x" }) },
+    {
+      name: "write",
+      path: "/_decopilot_vm/write",
+      body: toBody({ path: "x", content: "y" }),
+    },
+    {
+      name: "edit",
+      path: "/_decopilot_vm/edit",
+      body: toBody({ path: "x", old_string: "a", new_string: "b" }),
+    },
+    {
+      name: "grep",
+      path: "/_decopilot_vm/grep",
+      body: toBody({ pattern: "x" }),
+    },
+    {
+      name: "glob",
+      path: "/_decopilot_vm/glob",
+      body: toBody({ pattern: "*" }),
+    },
+    {
+      name: "bash",
+      path: "/_decopilot_vm/bash",
+      body: toBody({ command: "true" }),
+    },
+    { name: "exec/setup", path: "/_decopilot_vm/exec/setup", body: "" },
+    { name: "kill/foo", path: "/_decopilot_vm/kill/foo", body: "" },
+  ];
+
+  for (const m of MUTATING_POSTS) {
+    it(`POST ${m.name} without bearer returns 401`, async () => {
+      const res = await fetch(`http://localhost:${daemonPort}${m.path}`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: m.body,
+      });
+      expect(res.status).toBe(401);
+    });
+
+    it(`POST ${m.name} with wrong bearer returns 401`, async () => {
+      const res = await fetch(`http://localhost:${daemonPort}${m.path}`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: "Bearer wrong-token",
+        },
+        body: m.body,
+      });
+      expect(res.status).toBe(401);
+    });
+
+    it(`POST ${m.name} with correct bearer is not 401`, async () => {
+      const res = await fetch(`http://localhost:${daemonPort}${m.path}`, {
+        method: "POST",
+        headers: authHeaders({ "Content-Type": "application/json" }),
+        body: m.body,
+      });
+      expect(res.status).not.toBe(401);
+    });
+  }
+
+  it("GET /health works without auth", async () => {
+    const res = await fetch(`http://localhost:${daemonPort}/health`);
+    expect(res.status).toBe(200);
+  });
+
+  it("GET /_decopilot_vm/idle works without auth", async () => {
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/idle`,
+    );
+    expect(res.status).toBe(200);
+  });
+
+  it("GET /_decopilot_vm/scripts works without auth", async () => {
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/scripts`,
+    );
+    expect(res.status).toBe(200);
+  });
+
+  it("GET /_decopilot_vm/events works without auth", async () => {
+    const ctrl = new AbortController();
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/events`,
+      { signal: ctrl.signal },
+    );
+    expect(res.status).toBe(200);
+    ctrl.abort();
+  });
+
+  it("GET /health tolerates an arbitrary Authorization header", async () => {
+    const res = await fetch(`http://localhost:${daemonPort}/health`, {
+      headers: { Authorization: "Bearer junk-token" },
+    });
+    expect(res.status).toBe(200);
+  });
+
+  it("GET /_decopilot_vm/idle tolerates an arbitrary Authorization header", async () => {
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/idle`,
+      { headers: { Authorization: "Bearer junk-token" } },
+    );
+    expect(res.status).toBe(200);
+  });
+
+  it("GET /_decopilot_vm/scripts tolerates an arbitrary Authorization header", async () => {
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/scripts`,
+      { headers: { Authorization: "Bearer junk-token" } },
+    );
+    expect(res.status).toBe(200);
+  });
+
+  it("GET /_decopilot_vm/events tolerates an arbitrary Authorization header", async () => {
+    const ctrl = new AbortController();
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/events`,
+      {
+        signal: ctrl.signal,
+        headers: { Authorization: "Bearer junk-token" },
+      },
+    );
+    expect(res.status).toBe(200);
+    ctrl.abort();
+  });
+
+  it("OPTIONS /_decopilot_vm/* preflight works without auth", async () => {
+    const res = await fetch(
+      `http://localhost:${daemonPort}/_decopilot_vm/bash`,
+      { method: "OPTIONS" },
+    );
+    expect(res.status).toBe(204);
+  });
+});
diff --git a/packages/sandbox/daemon/entry.ts b/packages/sandbox/daemon/entry.ts
new file mode 100644
index 0000000000..b51fb15895
--- /dev/null
+++ b/packages/sandbox/daemon/entry.ts
@@ -0,0 +1,407 @@
+import { randomUUID } from "node:crypto";
+import { mkdirSync } from "node:fs";
+import { join } from "node:path";
+import { bumpActivity, markClaimed } from "./activity";
+import { requireToken } from "./auth";
+import { TenantConfigStore } from "./config-store";
+import { REPLAY_BYTES } from "./constants";
+import { Broadcaster } from "./events/broadcast";
+import { BranchStatusMonitor } from "./git/branch-status";
+import { gitSync } from "./git/git-sync";
+import { InstallState } from "./install/install-state";
+import { readConfig } from "./persistence";
+import { TaskManager } from "./process/task-manager";
+import { PhaseManager } from "./process/phase-manager";
+import { startUpstreamProbe } from "./probe";
+import { makeProxyHandler } from "./proxy";
+import { jsonResponse } from "./routes/body-parser";
+import { makeBashHandler } from "./routes/bash";
+import {
+  makeConfigReadHandler,
+  makeConfigUpdateHandler,
+} from "./routes/config";
+import { makeEventsHandler } from "./routes/events-stream";
+import { makeExecHandler } from "./routes/exec";
+import {
+  makeReadHandler,
+  makeWriteHandler,
+  makeEditHandler,
+  makeGrepHandler,
+  makeGlobHandler,
+  makeWriteFromUrlHandler,
+  makeUploadToUrlHandler,
+} from "./routes/fs";
+import { makeHealthHandler } from "./routes/health";
+import { makeIdleHandler } from "./routes/idle";
+import {
+  makeTasksDeleteHandler,
+  makeTasksGetHandler,
+  makeTasksKillAllHandler,
+  makeTasksKillHandler,
+  makeTasksListHandler,
+  makeTasksStreamHandler,
+} from "./routes/tasks";
+import { makeScriptsHandler } from "./routes/scripts";
+import { discoverScripts } from "./process/script-discovery";
+import { SetupOrchestrator } from "./setup/orchestrator";
+import type { Config, TenantConfig } from "./types";
+import { makeWsUpgrader, type WsProxyData } from "./ws-proxy";
+
+if (!process.env.DAEMON_BOOT_ID) {
+  process.env.DAEMON_BOOT_ID = randomUUID();
+}
+
+// Corepack walks UP from cwd to find the closest `packageManager` field and
+// rejects mismatched invocations. On host runners the daemon's workdir lives
+// under the user's home, so an unrelated ancestor (e.g. `~/package.json`) can
+// hijack `yarn`/`npm` calls in the cloned repo. Setting STRICT=0 lets corepack
+// run whichever PM the daemon picked, regardless of what an ancestor declared.
+process.env.COREPACK_ENABLE_STRICT = "0";
+
+const APP_ROOT = process.env.WORKDIR ?? process.env.APP_ROOT ?? "/";
+const resolvedDaemonPort =
+  process.env.DAEMON_PORT ?? process.env.PROXY_PORT ?? "9000";
+process.env.DAEMON_PORT = resolvedDaemonPort;
+const bootConfig = {
+  daemonToken: process.env.DAEMON_TOKEN ?? "",
+  daemonBootId: process.env.DAEMON_BOOT_ID ?? "",
+  appRoot: APP_ROOT,
+  repoDir: join(APP_ROOT, "repo"),
+  proxyPort: parseInt(resolvedDaemonPort, 10),
+};
+// Ensure repoDir exists so bash commands with the default cwd don't fail with
+// ENOENT when no repo has been cloned yet (tool-only sandboxes, no-repo agents).
+mkdirSync(bootConfig.repoDir, { recursive: true });
+// Workspace layout: <appRoot>/repo (cloned source), <appRoot>/tmp/{app,taskN}
+// (log tees). Everything inside appRoot is reachable by fs/bash routes
+// (clamped to appRoot).
+const TMP_DIR = join(APP_ROOT, "tmp");
+
+const broadcaster = new Broadcaster(REPLAY_BYTES);
+
+type Intent = { state: "running" | "paused"; reason?: string };
+let currentIntent: Intent = { state: "running" };
+function setIntent(next: Intent) {
+  currentIntent = next;
+  broadcaster.broadcastEvent("intent", { type: "intent", ...next });
+}
+
+const store = new TenantConfigStore();
+const installState = new InstallState();
+const phaseManager = new PhaseManager({
+  onChange: (phases) =>
+    broadcaster.broadcastEvent("phases", { type: "phases", phases }),
+});
+const taskManager = new TaskManager({
+  logsDir: TMP_DIR,
+  phaseManager,
+  broadcaster,
+  onChange: () => {
+    broadcaster.broadcastEvent("tasks", {
+      type: "tasks",
+      active: getActiveTasks(),
+    });
+  },
+});
+
+function getActiveTasks() {
+  return taskManager
+    .list({ status: ["running"] })
+    .map((t) => ({ id: t.id, command: t.command, logName: t.logName }));
+}
+const branchStatus = new BranchStatusMonitor(
+  {
+    appRoot: bootConfig.appRoot,
+    repoDir: bootConfig.repoDir,
+    daemonToken: bootConfig.daemonToken,
+    daemonBootId: bootConfig.daemonBootId,
+    proxyPort: bootConfig.proxyPort,
+    dropPrivileges: false,
+  } as Config,
+  broadcaster,
+);
+
+const orchestrator = new SetupOrchestrator({
+  bootConfig: { appRoot: bootConfig.appRoot, repoDir: bootConfig.repoDir },
+  store,
+  taskManager,
+  setIntent,
+  getIntent: () => currentIntent,
+  broadcaster,
+  installState,
+  logsDir: TMP_DIR,
+  phaseManager,
+  branchStatus,
+});
+
+let discoveredScripts: string[] | null = null;
+
+const origEvent = broadcaster.broadcastEvent.bind(broadcaster);
+broadcaster.broadcastEvent = (event: string, data: unknown) => {
+  if (event === "scripts") {
+    discoveredScripts = (data as { scripts?: string[] }).scripts ?? [];
+  }
+  origEvent(event, data);
+};
+
+store.subscribe((event) => {
+  orchestrator.handle(event.transition);
+});
+
+const lastStatus = startUpstreamProbe({
+  getPort: () => store.read()?.application?.port ?? null,
+  onChange: (s) => {
+    broadcaster.broadcastEvent("status", { type: "status", ...s });
+  },
+  onLog: (msg) => broadcaster.broadcastChunk("setup", msg),
+});
+
+const getDevPort = (): number | null => store.read()?.application?.port ?? null;
+const { appRoot, repoDir } = bootConfig;
+const fsDeps = { appRoot, repoDir };
+const readH = makeReadHandler(fsDeps);
+const writeH = makeWriteHandler(fsDeps);
+const editH = makeEditHandler(fsDeps);
+const grepH = makeGrepHandler(fsDeps);
+const globH = makeGlobHandler(fsDeps);
+const writeFromUrlH = makeWriteFromUrlHandler(fsDeps);
+const uploadToUrlH = makeUploadToUrlHandler(fsDeps);
+
+const bashH = makeBashHandler({
+  repoDir,
+  taskManager,
+});
+const execH = makeExecHandler({
+  repoDir,
+  store,
+  taskManager,
+});
+
+const tasksListH = makeTasksListHandler({ taskManager });
+const tasksGetH = makeTasksGetHandler({ taskManager });
+const tasksKillH = makeTasksKillHandler({ taskManager });
+const tasksKillAllH = makeTasksKillAllHandler({ taskManager });
+const tasksDeleteH = makeTasksDeleteHandler({ taskManager });
+const tasksStreamH = makeTasksStreamHandler({ taskManager });
+
+const scriptsHandler = makeScriptsHandler(() => {
+  if (discoveredScripts) return discoveredScripts;
+  const enriched = store.read();
+  const pm = enriched?.application?.packageManager?.name ?? null;
+  const cwd = enriched?.application?.packageManager?.path ?? repoDir;
+  if (!pm) return [];
+  return discoverScripts(cwd, pm);
+});
+
+const healthH = makeHealthHandler({
+  config: { daemonBootId: process.env.DAEMON_BOOT_ID ?? "" },
+  getReady: () => lastStatus.status === "online",
+  getOrchestrator: () => ({
+    running: orchestrator.isRunning(),
+    pending: orchestrator.pendingCount(),
+  }),
+  getConfigured: () => store.read() !== null,
+});
+
+const eventsH = makeEventsHandler({
+  broadcaster,
+  getLastStatus: () => lastStatus,
+  getDiscoveredScripts: () => discoveredScripts,
+  getActiveTasks,
+  getIntent: () => currentIntent,
+  getLastBranchStatus: () => branchStatus.getLast(),
+});
+
+const idleH = makeIdleHandler();
+const proxyH = makeProxyHandler({ broadcaster, getDevPort });
+const wsProxy = makeWsUpgrader(getDevPort, { onClientMessage: bumpActivity });
+
+const configReadH = makeConfigReadHandler({
+  daemonBootId: process.env.DAEMON_BOOT_ID ?? "",
+  store,
+  getState: () => ({
+    orchestrator: {
+      running: orchestrator.isRunning(),
+      pending: orchestrator.pendingCount(),
+    },
+    ready: lastStatus.status === "online",
+  }),
+  getTasks: () => phaseManager.recent(20),
+});
+// Closure mutates `bootConfig.daemonToken` in place so the
+// `requireToken(req, bootConfig.daemonToken)` calls below — which read the
+// property on each request — pick up the rotated value without any
+// reload. The auth handler validates the rotation request against the
+// *current* token; rotation happens only after that check passes, so a
+// successful rotation is always an authenticated handoff.
+const configUpdateH = makeConfigUpdateHandler({
+  daemonBootId: process.env.DAEMON_BOOT_ID ?? "",
+  store,
+  setDaemonToken: (next) => {
+    bootConfig.daemonToken = next;
+    process.env.DAEMON_TOKEN = next;
+  },
+});
+
+function hydrate(): void {
+  const diskOutcome = readConfig(bootConfig.repoDir);
+  if (diskOutcome.kind !== "valid") return;
+  const initial: TenantConfig = diskOutcome.config;
+  store.hydrate(initial);
+  orchestrator.handle({ kind: "bootstrap", config: initial });
+}
+
+hydrate();
+
+if (!store.read()) {
+  console.log(
+    `[daemon] boot_id=${process.env.DAEMON_BOOT_ID} ready, unclaimed — waiting for workload config`,
+  );
+}
+
+let firstWorkLogged = false;
+
+Bun.serve<WsProxyData, never>({
+  port: bootConfig.proxyPort,
+  hostname: "0.0.0.0",
+  idleTimeout: 0,
+  async fetch(req, server) {
+    const url = new URL(req.url);
+    const p = url.pathname;
+
+    if (p !== "/health" && p !== "/_decopilot_vm/idle") {
+      bumpActivity();
+      if (!firstWorkLogged) {
+        firstWorkLogged = true;
+        console.log(
+          `[daemon] boot_id=${process.env.DAEMON_BOOT_ID} first request: METHOD=${req.method} PATH=${p}`,
+        );
+      }
+    }
+
+    if (
+      req.headers.get("upgrade")?.toLowerCase() === "websocket" &&
+      !p.startsWith("/_decopilot_vm/")
+    ) {
+      const ok = server.upgrade(req, { data: wsProxy.upgradeData(req) });
+      if (ok) return undefined as unknown as Response;
+      return new Response("Upgrade failed", { status: 400 });
+    }
+
+    if (p === "/health" && req.method === "GET") return healthH();
+
+    if (req.method === "GET" && p === "/_decopilot_vm/idle") return idleH();
+    if (req.method === "GET" && p === "/_decopilot_vm/events") return eventsH();
+    if (req.method === "GET" && p === "/_decopilot_vm/scripts")
+      return scriptsHandler();
+
+    if (p === "/_decopilot_vm/config") {
+      const denied = requireToken(req, bootConfig.daemonToken);
+      if (denied) return denied;
+      if (req.method === "GET") return configReadH();
+      if (req.method === "PUT" || req.method === "POST") {
+        const res = await configUpdateH(req);
+        // Mark daemon as claimed on first successful config delivery so the
+        // housekeeper can distinguish warm-pool pods awaiting adoption from
+        // idle-but-active sandboxes.
+        if (res.status === 200) markClaimed();
+        return res;
+      }
+    }
+
+    if (p.startsWith("/_decopilot_vm/tasks")) {
+      const denied = requireToken(req, bootConfig.daemonToken);
+      if (denied) return denied;
+      if (req.method === "GET" && p === "/_decopilot_vm/tasks")
+        return tasksListH(req);
+      if (req.method === "POST" && p === "/_decopilot_vm/tasks/kill-all")
+        return tasksKillAllH();
+      if (
+        req.method === "GET" &&
+        /^\/_decopilot_vm\/tasks\/[^/]+\/stream$/.test(p)
+      )
+        return tasksStreamH(req);
+      if (
+        req.method === "POST" &&
+        /^\/_decopilot_vm\/tasks\/[^/]+\/kill$/.test(p)
+      )
+        return tasksKillH(req);
+      if (req.method === "DELETE" && /^\/_decopilot_vm\/tasks\/[^/]+$/.test(p))
+        return tasksDeleteH(req);
+      if (req.method === "GET" && /^\/_decopilot_vm\/tasks\/[^/]+$/.test(p))
+        return tasksGetH(req);
+    }
+
+    if (req.method === "POST" && p.startsWith("/_decopilot_vm/")) {
+      const denied = requireToken(req, bootConfig.daemonToken);
+      if (denied) return denied;
+
+      if (p === "/_decopilot_vm/read") return readH(req);
+      if (p === "/_decopilot_vm/write") return writeH(req);
+      if (p === "/_decopilot_vm/edit") return editH(req);
+      if (p === "/_decopilot_vm/grep") return grepH(req);
+      if (p === "/_decopilot_vm/glob") return globH(req);
+      if (p === "/_decopilot_vm/write_from_url") return writeFromUrlH(req);
+      if (p === "/_decopilot_vm/upload_to_url") return uploadToUrlH(req);
+      if (p === "/_decopilot_vm/bash") return bashH(req);
+      if (p.endsWith("/kill") && p.startsWith("/_decopilot_vm/exec/")) {
+        const rawName = p.slice("/_decopilot_vm/exec/".length, -"/kill".length);
+        let name: string;
+        try {
+          name = decodeURIComponent(rawName);
+        } catch {
+          return jsonResponse({ error: "invalid script name" }, 400);
+        }
+        const killed = taskManager.killByLogName(name, { intentional: true });
+        return jsonResponse({ killed });
+      }
+      if (p.startsWith("/_decopilot_vm/exec/")) return execH(req);
+    }
+
+    if (req.method === "OPTIONS" && p.startsWith("/_decopilot_vm/")) {
+      return new Response(null, {
+        status: 204,
+        headers: {
+          "Access-Control-Allow-Origin": "*",
+          "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE",
+          "Access-Control-Allow-Headers":
+            "Content-Type, Accept, Cache-Control, Authorization",
+        },
+      });
+    }
+
+    if (p.startsWith("/_decopilot_vm/")) {
+      return jsonResponse({ error: `Not found: ${p}` }, 404);
+    }
+
+    return proxyH(req);
+  },
+  websocket: {
+    open: wsProxy.open,
+    message: wsProxy.message,
+    close: wsProxy.close,
+  },
+});
+
+process.on("SIGTERM", () => {
+  taskManager.shutdown();
+  branchStatus.stop();
+  const branch = store.read()?.git?.repository?.branch;
+  if (branch) {
+    try {
+      gitSync(["-c", "safe.directory=*", "add", "-A"], {
+        cwd: bootConfig.repoDir,
+      });
+      gitSync(
+        ["-c", "safe.directory=*", "commit", "--allow-empty", "-m", "autosave"],
+        { cwd: bootConfig.repoDir },
+      );
+      gitSync(["-c", "safe.directory=*", "push", "origin", branch], {
+        cwd: bootConfig.repoDir,
+      });
+    } catch {
+      // best-effort
+    }
+  }
+  process.exit(0);
+});
diff --git a/packages/sandbox/daemon/events/broadcast.test.ts b/packages/sandbox/daemon/events/broadcast.test.ts
new file mode 100644
index 0000000000..662e21f51f
--- /dev/null
+++ b/packages/sandbox/daemon/events/broadcast.test.ts
@@ -0,0 +1,36 @@
+import { describe, expect, it } from "bun:test";
+import { Broadcaster } from "./broadcast";
+
+describe("Broadcaster", () => {
+  it("fans out log events to registered controllers", () => {
+    const b = new Broadcaster(100);
+    const sink: Uint8Array[] = [];
+    const ctrl = {
+      enqueue: (bytes: Uint8Array) => sink.push(bytes),
+    } as unknown as ReadableStreamDefaultController<Uint8Array>;
+    b.register(ctrl);
+
+    b.broadcastChunk("setup", "hello\n");
+    expect(sink.length).toBe(1);
+    const text = new TextDecoder().decode(sink[0]);
+    expect(text).toContain("event: log");
+    expect(text).toContain("hello");
+  });
+
+  it("survives a controller whose enqueue throws", () => {
+    const b = new Broadcaster(100);
+    b.register({
+      enqueue: () => {
+        throw new Error("closed");
+      },
+    } as unknown as ReadableStreamDefaultController<Uint8Array>);
+    // Must not throw.
+    b.broadcastEvent("status", { ready: true });
+  });
+
+  it("records chunks into its replay buffer", () => {
+    const b = new Broadcaster(100);
+    b.broadcastChunk("setup", "abc");
+    expect(b.replay.read("setup")).toBe("abc");
+  });
+});
diff --git a/packages/sandbox/daemon/events/broadcast.ts b/packages/sandbox/daemon/events/broadcast.ts
new file mode 100644
index 0000000000..a6dc023500
--- /dev/null
+++ b/packages/sandbox/daemon/events/broadcast.ts
@@ -0,0 +1,51 @@
+import { ReplayBuffer } from "./replay";
+import { sseFormat } from "./sse-format";
+
+type Controller = ReadableStreamDefaultController<Uint8Array>;
+
+export class Broadcaster {
+  readonly replay: ReplayBuffer;
+  private readonly clients = new Set<Controller>();
+
+  constructor(replayBytes: number) {
+    this.replay = new ReplayBuffer(replayBytes);
+  }
+
+  register(ctrl: Controller): void {
+    this.clients.add(ctrl);
+  }
+
+  unregister(ctrl: Controller): void {
+    this.clients.delete(ctrl);
+  }
+
+  size(): number {
+    return this.clients.size;
+  }
+
+  broadcastChunk(source: string, data: string): void {
+    if (!data) return;
+    this.replay.append(source, data);
+    // Tee to stdout so `kubectl logs` / k9s show the same output that SSE
+    // subscribers see. The structured events (broadcastEvent below) stay
+    // SSE-only — they're machine-readable JSON and would be noise here.
+    process.stdout.write(`[${source}] ${data}`);
+    const bytes = sseFormat("log", JSON.stringify({ source, data }));
+    this.fan(bytes);
+  }
+
+  broadcastEvent(event: string, data: unknown): void {
+    const bytes = sseFormat(event, JSON.stringify(data));
+    this.fan(bytes);
+  }
+
+  private fan(bytes: Uint8Array): void {
+    for (const c of this.clients) {
+      try {
+        c.enqueue(bytes);
+      } catch {
+        // Swallow — controller closed under our feet.
+      }
+    }
+  }
+}
diff --git a/packages/sandbox/daemon/events/replay.test.ts b/packages/sandbox/daemon/events/replay.test.ts
new file mode 100644
index 0000000000..98cda8881c
--- /dev/null
+++ b/packages/sandbox/daemon/events/replay.test.ts
@@ -0,0 +1,25 @@
+import { describe, expect, it } from "bun:test";
+import { ReplayBuffer } from "./replay";
+
+describe("ReplayBuffer", () => {
+  it("accumulates per-source chunks", () => {
+    const buf = new ReplayBuffer(100);
+    buf.append("setup", "line 1\n");
+    buf.append("setup", "line 2\n");
+    expect(buf.read("setup")).toBe("line 1\nline 2\n");
+    expect(buf.read("daemon")).toBe("");
+  });
+
+  it("trims to the last N bytes", () => {
+    const buf = new ReplayBuffer(5);
+    buf.append("setup", "hello world");
+    expect(buf.read("setup")).toBe("world");
+  });
+
+  it("lists current sources", () => {
+    const buf = new ReplayBuffer(100);
+    buf.append("setup", "x");
+    buf.append("daemon", "y");
+    expect(buf.sources().sort()).toEqual(["daemon", "setup"]);
+  });
+});
diff --git a/packages/sandbox/daemon/events/replay.ts b/packages/sandbox/daemon/events/replay.ts
new file mode 100644
index 0000000000..0f73715cea
--- /dev/null
+++ b/packages/sandbox/daemon/events/replay.ts
@@ -0,0 +1,23 @@
+/** Per-source bounded ring buffer (kept as a string, trimmed on append). */
+export class ReplayBuffer {
+  private buffers: Record<string, string> = {};
+  constructor(private readonly maxBytes: number) {}
+
+  append(source: string, data: string): void {
+    if (!data) return;
+    const prev = this.buffers[source] ?? "";
+    const next = prev + data;
+    this.buffers[source] =
+      next.length > this.maxBytes
+        ? next.slice(next.length - this.maxBytes)
+        : next;
+  }
+
+  read(source: string): string {
+    return this.buffers[source] ?? "";
+  }
+
+  sources(): string[] {
+    return Object.keys(this.buffers);
+  }
+}
diff --git a/packages/sandbox/daemon/events/sse-format.ts b/packages/sandbox/daemon/events/sse-format.ts
new file mode 100644
index 0000000000..ad32370a70
--- /dev/null
+++ b/packages/sandbox/daemon/events/sse-format.ts
@@ -0,0 +1,6 @@
+const encoder = new TextEncoder();
+
+/** Encode an SSE frame to bytes: `event: <name>\ndata: <payload>\n\n`. */
+export function sseFormat(event: string, payload: string): Uint8Array {
+  return encoder.encode(`event: ${event}\ndata: ${payload}\n\n`);
+}
diff --git a/packages/sandbox/daemon/events/sse.test.ts b/packages/sandbox/daemon/events/sse.test.ts
new file mode 100644
index 0000000000..5da870ff67
--- /dev/null
+++ b/packages/sandbox/daemon/events/sse.test.ts
@@ -0,0 +1,56 @@
+import { describe, expect, it } from "bun:test";
+import { Broadcaster } from "./broadcast";
+import { makeSseStream } from "./sse";
+
+describe("makeSseStream", () => {
+  const mkDeps = (b: Broadcaster) => ({
+    broadcaster: b,
+    getLastStatus: () => ({
+      status: "booting" as const,
+      port: null,
+      htmlSupport: false,
+    }),
+    getDiscoveredScripts: () => null,
+    getActiveTasks: () => [],
+    getIntent: () => ({ state: "running" as const }),
+    getLastBranchStatus: () => ({ kind: "initializing" as const }),
+    maxClients: 10,
+  });
+
+  it("returns null when max clients exceeded", () => {
+    const b = new Broadcaster(100);
+    for (let i = 0; i < 10; i++) {
+      b.register({
+        enqueue: () => {},
+      } as unknown as ReadableStreamDefaultController<Uint8Array>);
+    }
+    expect(makeSseStream(mkDeps(b))).toBeNull();
+  });
+
+  it("emits status event on connect", async () => {
+    const b = new Broadcaster(100);
+    const stream = makeSseStream(mkDeps(b))!;
+    const reader = stream.getReader();
+    const first = await reader.read();
+    const text = new TextDecoder().decode(first.value);
+    expect(text).toContain("event: status");
+    await reader.cancel();
+  });
+
+  it("emits intent event in handshake", async () => {
+    const b = new Broadcaster(100);
+    const stream = makeSseStream(mkDeps(b))!;
+    const reader = stream.getReader();
+    // Read until we see intent or run out of buffered events.
+    let combined = "";
+    for (let i = 0; i < 20; i++) {
+      const chunk = await reader.read();
+      if (chunk.done) break;
+      combined += new TextDecoder().decode(chunk.value);
+      if (combined.includes("event: intent")) break;
+    }
+    expect(combined).toContain("event: intent");
+    expect(combined).toContain('"state":"running"');
+    await reader.cancel();
+  });
+});
diff --git a/packages/sandbox/daemon/events/sse.ts b/packages/sandbox/daemon/events/sse.ts
new file mode 100644
index 0000000000..a20c8a4099
--- /dev/null
+++ b/packages/sandbox/daemon/events/sse.ts
@@ -0,0 +1,109 @@
+import type { UpstreamStatus } from "../probe";
+import type { BranchStatus } from "../types";
+import type { Broadcaster } from "./broadcast";
+import { sseFormat } from "./sse-format";
+
+export interface SseHandshakeDeps {
+  broadcaster: Broadcaster;
+  getLastStatus: () => {
+    status: UpstreamStatus;
+    port: number | null;
+    htmlSupport: boolean;
+  };
+  getDiscoveredScripts: () => string[] | null;
+  getActiveTasks: () => Array<{
+    id: string;
+    command: string;
+    logName?: string;
+  }>;
+  getIntent: () => { state: "running" | "paused"; reason?: string };
+  getLastBranchStatus: () => BranchStatus;
+  maxClients: number;
+}
+
+/**
+ * Returns a fresh `ReadableStream<Uint8Array>` that, on start, flushes
+ * replay + current snapshots in order, then registers the controller
+ * for live broadcasts.
+ */
+export function makeSseStream(
+  deps: SseHandshakeDeps,
+): ReadableStream<Uint8Array> | null {
+  if (deps.broadcaster.size() >= deps.maxClients) return null;
+
+  let controller!: ReadableStreamDefaultController<Uint8Array>;
+  let keepAlive: ReturnType<typeof setInterval> | null = null;
+
+  return new ReadableStream<Uint8Array>({
+    start(c) {
+      controller = c;
+
+      const last = deps.getLastStatus();
+      c.enqueue(
+        sseFormat("status", JSON.stringify({ type: "status", ...last })),
+      );
+
+      for (const src of deps.broadcaster.replay.sources()) {
+        const buf = deps.broadcaster.replay.read(src);
+        if (buf) {
+          c.enqueue(
+            sseFormat("log", JSON.stringify({ source: src, data: buf })),
+          );
+        }
+      }
+
+      const scripts = deps.getDiscoveredScripts();
+      if (scripts) {
+        c.enqueue(
+          sseFormat("scripts", JSON.stringify({ type: "scripts", scripts })),
+        );
+      }
+
+      c.enqueue(
+        sseFormat(
+          "tasks",
+          JSON.stringify({
+            type: "tasks",
+            active: deps.getActiveTasks(),
+          }),
+        ),
+      );
+
+      c.enqueue(
+        sseFormat(
+          "intent",
+          JSON.stringify({ type: "intent", ...deps.getIntent() }),
+        ),
+      );
+
+      const lastBranch = deps.getLastBranchStatus();
+      c.enqueue(
+        sseFormat(
+          "branch-status",
+          JSON.stringify({ type: "branch-status", ...lastBranch }),
+        ),
+      );
+
+      deps.broadcaster.register(controller);
+
+      keepAlive = setInterval(() => {
+        try {
+          c.enqueue(
+            sseFormat(
+              "status",
+              JSON.stringify({ type: "status", ...deps.getLastStatus() }),
+            ),
+          );
+        } catch {
+          if (keepAlive) clearInterval(keepAlive);
+          deps.broadcaster.unregister(controller);
+        }
+      }, 15000);
+    },
+
+    cancel() {
+      if (keepAlive) clearInterval(keepAlive);
+      deps.broadcaster.unregister(controller);
+    },
+  });
+}
diff --git a/packages/sandbox/daemon/git/branch-status.test.ts b/packages/sandbox/daemon/git/branch-status.test.ts
new file mode 100644
index 0000000000..fe0b8fdb85
--- /dev/null
+++ b/packages/sandbox/daemon/git/branch-status.test.ts
@@ -0,0 +1,178 @@
+import { afterEach, beforeEach, describe, expect, it } from "bun:test";
+import { mkdirSync, mkdtempSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { Broadcaster } from "../events/broadcast";
+import { gitSync } from "./git-sync";
+import { BranchStatusMonitor } from "./branch-status";
+
+function makeRepo(): { repoDir: string; cleanup: () => void } {
+  const repoDir = mkdtempSync(join(tmpdir(), "branch-status-"));
+  gitSync(["init", "-b", "main"], { cwd: repoDir, asUser: false });
+  gitSync(["config", "user.email", "test@example.com"], {
+    cwd: repoDir,
+    asUser: false,
+  });
+  gitSync(["config", "user.name", "Test"], { cwd: repoDir, asUser: false });
+  gitSync(["commit", "--allow-empty", "-m", "init"], {
+    cwd: repoDir,
+    asUser: false,
+  });
+  return {
+    repoDir,
+    cleanup: () => rmSync(repoDir, { recursive: true, force: true }),
+  };
+}
+
+describe("BranchStatusMonitor", () => {
+  let repo: ReturnType<typeof makeRepo>;
+  let broadcaster: Broadcaster;
+  let events: Array<{ event: string; data: unknown }>;
+
+  beforeEach(() => {
+    repo = makeRepo();
+    broadcaster = new Broadcaster(1024);
+    events = [];
+    const orig = broadcaster.broadcastEvent.bind(broadcaster);
+    broadcaster.broadcastEvent = (event, data) => {
+      events.push({ event, data });
+      orig(event, data);
+    };
+  });
+
+  afterEach(() => repo.cleanup());
+
+  function newMonitor(): BranchStatusMonitor {
+    const config = {
+      appRoot: repo.repoDir,
+      repoDir: repo.repoDir,
+      daemonToken: "",
+      daemonBootId: "",
+      proxyPort: 0,
+      dropPrivileges: false,
+    } as never;
+    return new BranchStatusMonitor(config, broadcaster);
+  }
+
+  it("starts in 'initializing' on construction", () => {
+    const m = newMonitor();
+    expect(m.getLast()).toEqual({ kind: "initializing" });
+  });
+
+  it("setPhase('cloning') broadcasts and updates last", () => {
+    const m = newMonitor();
+    m.setPhase({ kind: "cloning" });
+    expect(m.getLast()).toEqual({ kind: "cloning" });
+    expect(events).toContainEqual({
+      event: "branch-status",
+      data: { type: "branch-status", kind: "cloning" },
+    });
+  });
+
+  it("setPhase('clone-failed') carries the error", () => {
+    const m = newMonitor();
+    m.setPhase({ kind: "clone-failed", error: "exit 128" });
+    expect(m.getLast()).toEqual({ kind: "clone-failed", error: "exit 128" });
+    const last = events.at(-1);
+    expect(last?.event).toBe("branch-status");
+    expect(last?.data).toEqual({
+      type: "branch-status",
+      kind: "clone-failed",
+      error: "exit 128",
+    });
+  });
+
+  it("markReady() computes git status and emits 'ready'", () => {
+    const m = newMonitor();
+    m.markReady();
+    const last = m.getLast();
+    if (last?.kind !== "ready") throw new Error("expected ready");
+    expect(last.branch).toBe("main");
+    expect(last.workingTreeDirty).toBe(false);
+    expect(last.headSha).toMatch(/^[0-9a-f]{40}$/);
+    expect(events.at(-1)?.event).toBe("branch-status");
+  });
+
+  it("markReady() does not re-broadcast identical state", () => {
+    const m = newMonitor();
+    m.markReady();
+    const before = events.length;
+    m.markReady();
+    expect(events.length).toBe(before);
+  });
+
+  it("setPhase deduplicates identical consecutive phases", () => {
+    const m = newMonitor();
+    m.setPhase({ kind: "cloning" });
+    m.setPhase({ kind: "cloning" });
+    const cloningEvents = events.filter(
+      (e) =>
+        e.event === "branch-status" &&
+        (e.data as { kind?: string }).kind === "cloning",
+    );
+    expect(cloningEvents.length).toBe(1);
+  });
+
+  it("setPhase overwrites a sticky 'clone-failed'", () => {
+    const m = newMonitor();
+    m.setPhase({ kind: "clone-failed", error: "x" });
+    m.setPhase({ kind: "cloning" });
+    expect(m.getLast()).toEqual({ kind: "cloning" });
+  });
+
+  // Regression: when appRoot != repoDir AND appRoot is nested inside another
+  // git worktree (e.g. host runner: <project>/.deco/sandboxes/<handle>/repo
+  // sits under the project's own .git), git's parent-directory walk used to
+  // hijack the lookup and report the outer repo's branch. The monitor must
+  // resolve git from repoDir and refuse to escape it.
+  it("compute() uses repoDir, not appRoot, and does not walk into a parent git repo", () => {
+    const outer = mkdtempSync(join(tmpdir(), "branch-status-outer-"));
+    try {
+      gitSync(["init", "-b", "outer-branch"], { cwd: outer, asUser: false });
+      gitSync(["config", "user.email", "outer@example.com"], {
+        cwd: outer,
+        asUser: false,
+      });
+      gitSync(["config", "user.name", "Outer"], { cwd: outer, asUser: false });
+      gitSync(["commit", "--allow-empty", "-m", "outer"], {
+        cwd: outer,
+        asUser: false,
+      });
+
+      const appRoot = join(outer, "sandbox-app");
+      const repoDir = join(appRoot, "repo");
+      mkdirSync(repoDir, { recursive: true });
+      gitSync(["init", "-b", "inner-branch"], { cwd: repoDir, asUser: false });
+      gitSync(["config", "user.email", "inner@example.com"], {
+        cwd: repoDir,
+        asUser: false,
+      });
+      gitSync(["config", "user.name", "Inner"], {
+        cwd: repoDir,
+        asUser: false,
+      });
+      gitSync(["commit", "--allow-empty", "-m", "inner"], {
+        cwd: repoDir,
+        asUser: false,
+      });
+
+      const config = {
+        appRoot,
+        repoDir,
+        daemonToken: "",
+        daemonBootId: "",
+        proxyPort: 0,
+        dropPrivileges: false,
+      } as never;
+      const monitor = new BranchStatusMonitor(config, broadcaster);
+      monitor.markReady();
+
+      const last = monitor.getLast();
+      if (last?.kind !== "ready")
+        throw new Error(`expected ready, got ${last?.kind}`);
+      expect(last.branch).toBe("inner-branch");
+    } finally {
+      rmSync(outer, { recursive: true, force: true });
+    }
+  });
+});
diff --git a/packages/sandbox/daemon/git/branch-status.ts b/packages/sandbox/daemon/git/branch-status.ts
new file mode 100644
index 0000000000..c8f4025cff
--- /dev/null
+++ b/packages/sandbox/daemon/git/branch-status.ts
@@ -0,0 +1,161 @@
+import fs from "node:fs";
+import type { Broadcaster } from "../events/broadcast";
+import type { BranchStatus, BranchStatusReady, Config } from "../types";
+import { gitSync as rawGitSync } from "./git-sync";
+
+const gitSync = (args: string[], opts: Parameters<typeof rawGitSync>[1]) =>
+  rawGitSync(["-c", "safe.directory=*", ...args], opts);
+
+export class BranchStatusMonitor {
+  private last: BranchStatus = { kind: "initializing" };
+  private timer: ReturnType<typeof setTimeout> | null = null;
+  private watcher: ReturnType<typeof fs.watch> | null = null;
+  private pollFallback: ReturnType<typeof setInterval> | null = null;
+
+  constructor(
+    private readonly config: Config,
+    private readonly broadcaster: Broadcaster,
+  ) {}
+
+  getLast(): BranchStatus {
+    return this.last;
+  }
+
+  /** Set a non-ready phase. Always broadcasts when the kind/payload changed. */
+  setPhase(next: Exclude<BranchStatus, BranchStatusReady>): void {
+    if (this.equal(this.last, next)) return;
+    this.last = next;
+    this.broadcast(next);
+  }
+
+  /**
+   * Compute git status and enter 'ready'. Idempotent: skips broadcast when
+   * the computed status equals the last 'ready' value. Starts the .git
+   * watcher on first call.
+   */
+  markReady(): void {
+    const next = this.compute();
+    if (!next) return;
+    if (this.equal(this.last, next)) return;
+    this.last = next;
+    this.broadcast(next);
+    this.ensureWatch();
+  }
+
+  /** Stop the .git watcher and any polling fallback. */
+  stop(): void {
+    if (this.timer) {
+      clearTimeout(this.timer);
+      this.timer = null;
+    }
+    if (this.watcher) {
+      this.watcher.close();
+      this.watcher = null;
+    }
+    if (this.pollFallback) {
+      clearInterval(this.pollFallback);
+      this.pollFallback = null;
+    }
+  }
+
+  private broadcast(s: BranchStatus): void {
+    this.broadcaster.broadcastEvent("branch-status", {
+      type: "branch-status",
+      ...s,
+    });
+  }
+
+  private equal(a: BranchStatus, b: BranchStatus): boolean {
+    return JSON.stringify(a) === JSON.stringify(b);
+  }
+
+  private schedule(): void {
+    if (this.timer) return;
+    this.timer = setTimeout(() => {
+      this.timer = null;
+      // fs.watch fires meaningfully only once we're already in 'ready';
+      // ignore otherwise (orchestrator owns non-ready transitions).
+      if (this.last.kind === "ready") this.markReady();
+    }, 250);
+  }
+
+  private ensureWatch(): void {
+    if (this.watcher || this.pollFallback) return;
+    const gitDir = `${this.config.repoDir}/.git`;
+    try {
+      this.watcher = fs.watch(gitDir, { recursive: true }, () =>
+        this.schedule(),
+      );
+      // Swallow errors (e.g. ENOENT when .git is removed during shutdown)
+      // — without this the FSWatcher emits an unhandled 'error' event.
+      this.watcher.on("error", () => {});
+    } catch {
+      this.pollFallback = setInterval(() => {
+        if (this.last.kind === "ready") this.markReady();
+      }, 5000);
+    }
+  }
+
+  private compute(): BranchStatusReady | null {
+    const run = (args: string[]) => {
+      try {
+        return gitSync(args, {
+          cwd: this.config.repoDir,
+          // Pin discovery to repoDir so a parent .git (e.g. the host's
+          // workspace tree containing .deco/sandboxes/<handle>/repo) can't
+          // hijack the lookup and report the wrong branch.
+          env: { ...process.env, GIT_CEILING_DIRECTORIES: this.config.repoDir },
+        });
+      } catch {
+        return "";
+      }
+    };
+    const refExists = (ref: string) =>
+      run(["rev-parse", "--verify", "--quiet", ref]).length > 0;
+    try {
+      const branch = run(["rev-parse", "--abbrev-ref", "HEAD"]);
+      if (!branch || branch === "HEAD") return null;
+      let base = run(["symbolic-ref", "--short", "refs/remotes/origin/HEAD"]);
+      if (base.startsWith("origin/")) base = base.slice("origin/".length);
+      if (!base) base = "main";
+      const dirty = run(["status", "--porcelain=v1"]).length > 0;
+      const branchRef = refExists(`origin/${branch}`)
+        ? `origin/${branch}`
+        : "HEAD";
+      const unpushed =
+        branchRef === `origin/${branch}`
+          ? Number(
+              run(["rev-list", "--count", `origin/${branch}..HEAD`]) || "0",
+            )
+          : 0;
+      let aheadOfBase = 0;
+      let behindBase = 0;
+      if (refExists(`origin/${base}`)) {
+        const lr = run([
+          "rev-list",
+          "--left-right",
+          "--count",
+          `origin/${base}...${branchRef}`,
+        ]);
+        const m = lr.match(/^(\d+)\s+(\d+)$/);
+        if (m) {
+          behindBase = Number(m[1]);
+          aheadOfBase = Number(m[2]);
+        }
+      }
+      const headSha = run(["rev-parse", branchRef]);
+      return {
+        kind: "ready",
+        branch,
+        base,
+        workingTreeDirty: dirty,
+        unpushed,
+        aheadOfBase,
+        behindBase,
+        headSha,
+      };
+    } catch {
+      return null;
+    }
+  }
+}
diff --git a/packages/sandbox/daemon/git/git-sync.test.ts b/packages/sandbox/daemon/git/git-sync.test.ts
new file mode 100644
index 0000000000..e898aaca32
--- /dev/null
+++ b/packages/sandbox/daemon/git/git-sync.test.ts
@@ -0,0 +1,40 @@
+import { describe, expect, it } from "bun:test";
+import { mkdtempSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { gitSync } from "./git-sync";
+
+describe("gitSync", () => {
+  it("runs a successful git command and returns stdout", () => {
+    const repoDir = mkdtempSync(join(tmpdir(), "git-sync-"));
+    try {
+      gitSync(["init"], { cwd: repoDir, asUser: false });
+      const out = gitSync(["rev-parse", "--is-inside-work-tree"], {
+        cwd: repoDir,
+        asUser: false,
+      });
+      expect(out).toBe("true");
+    } finally {
+      rmSync(repoDir, { recursive: true, force: true });
+    }
+  });
+
+  it("throws with stderr attached on non-zero exit", () => {
+    const repoDir = mkdtempSync(join(tmpdir(), "git-sync-"));
+    try {
+      try {
+        gitSync(["rev-parse", "--verify", "does/not/exist"], {
+          cwd: repoDir,
+          asUser: false,
+        });
+        throw new Error("should have thrown");
+      } catch (err) {
+        const e = err as Error & { stderr?: string; status?: number };
+        expect(e.message).toContain("git rev-parse");
+        expect(e.status).toBeGreaterThan(0);
+      }
+    } finally {
+      rmSync(repoDir, { recursive: true, force: true });
+    }
+  });
+});
diff --git a/packages/sandbox/daemon/git/git-sync.ts b/packages/sandbox/daemon/git/git-sync.ts
new file mode 100644
index 0000000000..5645b69cd8
--- /dev/null
+++ b/packages/sandbox/daemon/git/git-sync.ts
@@ -0,0 +1,51 @@
+import { spawnSync, type SpawnSyncOptions } from "node:child_process";
+import { DECO_UID, DECO_GID } from "../constants";
+
+export interface GitSyncOpts {
+  cwd: string;
+  env?: NodeJS.ProcessEnv;
+  /** When true (default), drops to deco:1000/1000. Set false for system-level git config as root. */
+  asUser?: boolean;
+  /** Kill the git process after this many ms. Default: 60 000 (60 s). */
+  timeoutMs?: number;
+}
+
+export interface GitError extends Error {
+  stderr: string;
+  status: number;
+}
+
+const DEFAULT_GIT_TIMEOUT_MS = 60_000;
+
+export function gitSync(args: string[], opts: GitSyncOpts): string {
+  const asUser = opts.asUser !== false;
+  const spawnOpts: SpawnSyncOptions = {
+    cwd: opts.cwd,
+    env: opts.env,
+    stdio: ["ignore", "pipe", "pipe"],
+    encoding: "utf-8",
+    timeout: opts.timeoutMs ?? DEFAULT_GIT_TIMEOUT_MS,
+  };
+  if (asUser) {
+    spawnOpts.uid = DECO_UID;
+    spawnOpts.gid = DECO_GID;
+  }
+  const res = spawnSync("git", args, spawnOpts);
+  if (res.error) {
+    const err = new Error(
+      `git ${args.join(" ")}: ${res.error.message}`,
+    ) as GitError;
+    err.stderr = String(res.stderr ?? "");
+    err.status = -1;
+    throw err;
+  }
+  if (res.status !== 0) {
+    const err = new Error(
+      `git ${args.join(" ")} exited ${res.status}${res.stderr ? `: ${String(res.stderr).trim()}` : ""}`,
+    ) as GitError;
+    err.stderr = String(res.stderr ?? "");
+    err.status = res.status ?? -1;
+    throw err;
+  }
+  return String(res.stdout ?? "").trim();
+}
diff --git a/packages/sandbox/daemon/git/protect-branch.ts b/packages/sandbox/daemon/git/protect-branch.ts
new file mode 100644
index 0000000000..2a8a7bb3b3
--- /dev/null
+++ b/packages/sandbox/daemon/git/protect-branch.ts
@@ -0,0 +1,23 @@
+import { chmodSync, mkdirSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+const HOOK = `#!/bin/sh
+while IFS=' ' read -r _local_ref _local_sha remote_ref _remote_sha; do
+  branch="\${remote_ref#refs/heads/}"
+  case "$branch" in
+    main|master)
+      echo "error: pushing to '$branch' is not allowed from a sandbox" >&2
+      exit 1
+      ;;
+  esac
+done
+exit 0
+`;
+
+export function installProtectedBranchHook(repoDir: string): void {
+  const hooksDir = join(repoDir, ".git", "hooks");
+  mkdirSync(hooksDir, { recursive: true });
+  const hookPath = join(hooksDir, "pre-push");
+  writeFileSync(hookPath, HOOK, { encoding: "utf-8" });
+  chmodSync(hookPath, 0o755);
+}
diff --git a/packages/sandbox/daemon/install/install-state.ts b/packages/sandbox/daemon/install/install-state.ts
new file mode 100644
index 0000000000..8728794b26
--- /dev/null
+++ b/packages/sandbox/daemon/install/install-state.ts
@@ -0,0 +1,60 @@
+import { createHash } from "node:crypto";
+import type { TenantConfig } from "../types";
+
+/**
+ * What we've installed against, reflected in memory only. On daemon
+ * restart this resets to null and the orchestrator's resume path will
+ * trigger a reinstall — that's the conservative default in v1.
+ */
+export interface InstallSnapshot {
+  fingerprint: string;
+  ok: boolean;
+  installedAt: number;
+}
+
+export class InstallState {
+  private snapshot: InstallSnapshot | null = null;
+
+  current(): InstallSnapshot | null {
+    return this.snapshot;
+  }
+
+  /**
+   * Compute the fingerprint of the install-relevant slice of config plus
+   * the current branch HEAD. The orchestrator passes the resolved branch
+   * sha (or undefined when there is no repo).
+   */
+  static fingerprint(
+    config: TenantConfig,
+    branchHead: string | undefined,
+  ): string {
+    const slice = {
+      pm: config.application?.packageManager?.name,
+      pmPath: config.application?.packageManager?.path,
+      runtime: config.application?.runtime,
+      branchHead: branchHead ?? null,
+    };
+    return createHash("sha256")
+      .update(JSON.stringify(slice))
+      .digest("hex")
+      .slice(0, 16);
+  }
+
+  mark(fingerprint: string, ok: boolean): void {
+    this.snapshot = { fingerprint, ok, installedAt: Date.now() };
+  }
+
+  isInstalledFor(
+    config: TenantConfig,
+    branchHead: string | undefined,
+  ): boolean {
+    if (!this.snapshot || !this.snapshot.ok) return false;
+    return (
+      this.snapshot.fingerprint === InstallState.fingerprint(config, branchHead)
+    );
+  }
+
+  clear(): void {
+    this.snapshot = null;
+  }
+}
diff --git a/packages/sandbox/daemon/loopback.test.ts b/packages/sandbox/daemon/loopback.test.ts
new file mode 100644
index 0000000000..2adc49844f
--- /dev/null
+++ b/packages/sandbox/daemon/loopback.test.ts
@@ -0,0 +1,43 @@
+import { describe, expect, test } from "bun:test";
+import { bracketHost, pickLoopback } from "./loopback";
+
+async function withServer(
+  hostname: string,
+  fn: (port: number) => Promise<void>,
+): Promise<void> {
+  const server = Bun.serve({ port: 0, hostname, fetch: () => new Response() });
+  try {
+    await fn(server.port);
+  } finally {
+    server.stop(true);
+  }
+}
+
+describe("pickLoopback", () => {
+  test("returns ::1 when an IPv6-only server is listening", async () => {
+    await withServer("::1", async (port) => {
+      expect(await pickLoopback(port)).toBe("::1");
+    });
+  });
+
+  test("falls back to 127.0.0.1 when only IPv4 is listening", async () => {
+    await withServer("127.0.0.1", async (port) => {
+      expect(await pickLoopback(port)).toBe("127.0.0.1");
+    });
+  });
+
+  test("returns null when neither loopback responds", async () => {
+    const port = 49000 + Math.floor(Math.random() * 10000);
+    expect(await pickLoopback(port)).toBeNull();
+  });
+});
+
+describe("bracketHost", () => {
+  test("wraps IPv6 in brackets", () => {
+    expect(bracketHost("::1")).toBe("[::1]");
+  });
+
+  test("leaves IPv4 unchanged", () => {
+    expect(bracketHost("127.0.0.1")).toBe("127.0.0.1");
+  });
+});
diff --git a/packages/sandbox/daemon/loopback.ts b/packages/sandbox/daemon/loopback.ts
new file mode 100644
index 0000000000..fcb7ca0335
--- /dev/null
+++ b/packages/sandbox/daemon/loopback.ts
@@ -0,0 +1,54 @@
+/**
+ * TCP-level reachability probe for loopback addresses, shared by the HTTP
+ * and WebSocket proxies.
+ *
+ * Inside the sandbox the dev server may bind IPv4 only (127.0.0.1, classic
+ * Node default) or IPv6 only ([::1], what `Bun.serve`/Vite-on-Bun pick on a
+ * dual-stack system). Bun resolves `localhost` to a single address — the
+ * wrong one half the time — so we probe both before opening the real
+ * connection. Probing first means a mid-flight failure on the chosen
+ * address never silently retries on the other one, which would re-execute
+ * non-idempotent requests on HTTP and re-do the WS handshake on WS.
+ *
+ * ECONNREFUSED on a closed loopback port comes back instantly, so the probe
+ * adds ~1ms in the IPv4-only case and zero in the IPv6 case.
+ */
+import { connect } from "node:net";
+
+const PROBE_TIMEOUT_MS = 500;
+
+export type LoopbackHost = "::1" | "127.0.0.1";
+
+function canConnect(host: LoopbackHost, port: number): Promise<boolean> {
+  return new Promise((resolve) => {
+    const sock = connect({ host, port });
+    let done = false;
+    const finish = (ok: boolean) => {
+      if (done) return;
+      done = true;
+      clearTimeout(timer);
+      try {
+        sock.destroy();
+      } catch {}
+      resolve(ok);
+    };
+    const timer = setTimeout(() => finish(false), PROBE_TIMEOUT_MS);
+    sock.once("connect", () => finish(true));
+    sock.once("error", () => finish(false));
+  });
+}
+
+/**
+ * Returns the loopback address currently accepting connections on `port`,
+ * preferring IPv6. `null` when neither responds.
+ */
+export async function pickLoopback(port: number): Promise<LoopbackHost | null> {
+  if (await canConnect("::1", port)) return "::1";
+  if (await canConnect("127.0.0.1", port)) return "127.0.0.1";
+  return null;
+}
+
+/** Wraps the host for use in a URL (`[::1]` vs `127.0.0.1`). */
+export function bracketHost(host: LoopbackHost): string {
+  return host === "::1" ? "[::1]" : host;
+}
diff --git a/packages/sandbox/daemon/paths.test.ts b/packages/sandbox/daemon/paths.test.ts
new file mode 100644
index 0000000000..885f72d8fa
--- /dev/null
+++ b/packages/sandbox/daemon/paths.test.ts
@@ -0,0 +1,42 @@
+import { describe, expect, it } from "bun:test";
+import { safePath } from "./paths";
+
+describe("safePath", () => {
+  const workspace = "/workspace";
+  const repo = "/workspace/app";
+
+  it("resolves relative paths against the repo (matching bash cwd)", () => {
+    expect(safePath(workspace, repo, "src/index.ts")).toBe(
+      "/workspace/app/src/index.ts",
+    );
+  });
+
+  it("returns the repo for empty / dot paths", () => {
+    expect(safePath(workspace, repo, "")).toBe("/workspace/app");
+    expect(safePath(workspace, repo, ".")).toBe("/workspace/app");
+  });
+
+  it("allows escaping the repo into workspace siblings (logs)", () => {
+    expect(safePath(workspace, repo, "../tmp/app/dev")).toBe(
+      "/workspace/tmp/app/dev",
+    );
+  });
+
+  it("rejects paths that escape the workspace", () => {
+    expect(safePath(workspace, repo, "../../etc/passwd")).toBeNull();
+    expect(safePath(workspace, repo, "a/../../../etc")).toBeNull();
+  });
+
+  it("rejects absolute paths outside the workspace", () => {
+    expect(safePath(workspace, repo, "/etc/passwd")).toBeNull();
+  });
+
+  it("allows absolute paths inside the workspace", () => {
+    expect(safePath(workspace, repo, "/workspace/app/src/x.ts")).toBe(
+      "/workspace/app/src/x.ts",
+    );
+    expect(safePath(workspace, repo, "/workspace/tmp/app/dev")).toBe(
+      "/workspace/tmp/app/dev",
+    );
+  });
+});
diff --git a/packages/sandbox/daemon/paths.ts b/packages/sandbox/daemon/paths.ts
new file mode 100644
index 0000000000..a3a73907d3
--- /dev/null
+++ b/packages/sandbox/daemon/paths.ts
@@ -0,0 +1,43 @@
+import { existsSync } from "node:fs";
+import path from "node:path";
+
+/**
+ * Resolves the package-manager root against `repoDir`.
+ * `pmPath` may be absolute or relative (e.g. "mcp" meaning `<repoDir>/mcp`).
+ * Falls back to `repoDir` when `pmPath` is absent.
+ */
+export function resolvePmRoot(repoDir: string, pmPath?: string): string {
+  if (!pmPath) return repoDir;
+  return path.isAbsolute(pmPath) ? pmPath : path.join(repoDir, pmPath);
+}
+
+/** Returns the tee log path for a named app script (e.g. "dev", "install", "clone"). */
+export function appLogPath(logsDir: string, name: string): string {
+  return path.join(logsDir, "app", name);
+}
+
+/** Returns true when `<repoDir>/.git` exists — i.e. a repo is already checked out. */
+export function hasGitRepo(repoDir: string): boolean {
+  return existsSync(path.join(repoDir, ".git"));
+}
+
+/**
+ * Resolves `userPath` relative to `baseDir`, then enforces that the result
+ * stays inside `workspaceRoot`. Returns null on escape.
+ *
+ * `baseDir` is typically the repo (`<workspaceRoot>/app`) so the LLM's
+ * relative paths match what `bash` sees as cwd. The clamp is `workspaceRoot`
+ * so paths like `../tmp/app/dev` (siblings of the repo, still inside the
+ * workspace) resolve correctly.
+ */
+export function safePath(
+  workspaceRoot: string,
+  baseDir: string,
+  userPath: string,
+): string | null {
+  const resolved = path.resolve(baseDir, userPath);
+  if (!resolved.startsWith(`${workspaceRoot}/`) && resolved !== workspaceRoot) {
+    return null;
+  }
+  return resolved;
+}
diff --git a/packages/sandbox/daemon/persistence.ts b/packages/sandbox/daemon/persistence.ts
new file mode 100644
index 0000000000..ab25d22182
--- /dev/null
+++ b/packages/sandbox/daemon/persistence.ts
@@ -0,0 +1,48 @@
+import { readFileSync } from "node:fs";
+import { join } from "node:path";
+import type { TenantConfig } from "./types";
+
+const DECOCMS_SUBDIR = ".decocms";
+const DAEMON_JSON = "daemon.json";
+const CONFIG_FILENAME = join(DECOCMS_SUBDIR, DAEMON_JSON);
+
+function configPath(repoDir: string): string {
+  return join(repoDir, CONFIG_FILENAME);
+}
+
+export type ReadOutcome =
+  | { kind: "absent" }
+  | { kind: "valid"; config: TenantConfig }
+  | { kind: "invalid"; reason: string };
+
+/**
+ * Reads `<repoDir>/.decocms/daemon.json` as a read-only fallback for fields
+ * the mesh didn't supply (package manager, runtime, port). The daemon
+ * never writes this file; it exists only if a tenant committed one to the
+ * repo themselves.
+ */
+export function readConfig(repoDir: string): ReadOutcome {
+  let raw: string;
+  try {
+    raw = readFileSync(configPath(repoDir), "utf-8");
+  } catch (e) {
+    const err = e as NodeJS.ErrnoException;
+    if (err.code === "ENOENT") return { kind: "absent" };
+    return { kind: "invalid", reason: `read failed: ${err.message}` };
+  }
+
+  let parsed: unknown;
+  try {
+    parsed = JSON.parse(raw);
+  } catch (e) {
+    return {
+      kind: "invalid",
+      reason: `parse failed: ${(e as Error).message}`,
+    };
+  }
+
+  if (!parsed || typeof parsed !== "object") {
+    return { kind: "invalid", reason: "not an object" };
+  }
+  return { kind: "valid", config: parsed as TenantConfig };
+}
diff --git a/packages/sandbox/daemon/probe.test.ts b/packages/sandbox/daemon/probe.test.ts
new file mode 100644
index 0000000000..c11d23339d
--- /dev/null
+++ b/packages/sandbox/daemon/probe.test.ts
@@ -0,0 +1,197 @@
+import { describe, expect, test } from "bun:test";
+import { cadence, reduce, type ProbeState } from "./probe";
+import { PROBE_FAST_MS, PROBE_SLOW_MS } from "./constants";
+
+const initial: ProbeState = {
+  status: "booting",
+  port: null,
+  htmlSupport: false,
+};
+
+describe("reduce", () => {
+  describe("port-change", () => {
+    test("null → 3000 transitions to booting with new port", () => {
+      const r = reduce(initial, { kind: "port-change", port: 3000 });
+      expect(r.next).toEqual({
+        status: "booting",
+        port: 3000,
+        htmlSupport: false,
+      });
+      expect(r.log).toBeUndefined();
+    });
+
+    test("same port is a no-op", () => {
+      const state: ProbeState = {
+        status: "online",
+        port: 3000,
+        htmlSupport: true,
+      };
+      const r = reduce(state, { kind: "port-change", port: 3000 });
+      expect(r.next).toEqual(state);
+    });
+
+    test("3000 → 5173 from online resets to booting and clears htmlSupport", () => {
+      const state: ProbeState = {
+        status: "online",
+        port: 3000,
+        htmlSupport: true,
+      };
+      const r = reduce(state, { kind: "port-change", port: 5173 });
+      expect(r.next).toEqual({
+        status: "booting",
+        port: 5173,
+        htmlSupport: false,
+      });
+    });
+
+    test("number → null transitions to booting", () => {
+      const state: ProbeState = {
+        status: "offline",
+        port: 3000,
+        htmlSupport: false,
+      };
+      const r = reduce(state, { kind: "port-change", port: null });
+      expect(r.next).toEqual({
+        status: "booting",
+        port: null,
+        htmlSupport: false,
+      });
+    });
+  });
+
+  describe("head-response", () => {
+    test("booting → online with log on first response", () => {
+      const state: ProbeState = {
+        status: "booting",
+        port: 3000,
+        htmlSupport: false,
+      };
+      const r = reduce(state, {
+        kind: "head-response",
+        status: 200,
+        isHtml: true,
+      });
+      expect(r.next).toEqual({
+        status: "online",
+        port: 3000,
+        htmlSupport: true,
+      });
+      expect(r.log).toContain("port 3000");
+      expect(r.log).toContain("status 200");
+    });
+
+    test("booting → online treats 404 as up (no special-casing)", () => {
+      const state: ProbeState = {
+        status: "booting",
+        port: 3000,
+        htmlSupport: false,
+      };
+      const r = reduce(state, {
+        kind: "head-response",
+        status: 404,
+        isHtml: false,
+      });
+      expect(r.next.status).toBe("online");
+      expect(r.next.htmlSupport).toBe(false);
+    });
+
+    test("online → online: no log, htmlSupport updates", () => {
+      const state: ProbeState = {
+        status: "online",
+        port: 3000,
+        htmlSupport: true,
+      };
+      const r = reduce(state, {
+        kind: "head-response",
+        status: 200,
+        isHtml: false,
+      });
+      expect(r.next).toEqual({
+        status: "online",
+        port: 3000,
+        htmlSupport: false,
+      });
+      expect(r.log).toBeUndefined();
+    });
+
+    test("offline → online: emits recovery log, htmlSupport refreshes", () => {
+      const state: ProbeState = {
+        status: "offline",
+        port: 3000,
+        htmlSupport: true,
+      };
+      const r = reduce(state, {
+        kind: "head-response",
+        status: 200,
+        isHtml: true,
+      });
+      expect(r.next).toEqual({
+        status: "online",
+        port: 3000,
+        htmlSupport: true,
+      });
+      expect(r.log).toContain("back online");
+      expect(r.log).toContain("port 3000");
+      expect(r.log).toContain("status 200");
+    });
+  });
+
+  describe("head-failure", () => {
+    test("online → offline with log", () => {
+      const state: ProbeState = {
+        status: "online",
+        port: 3000,
+        htmlSupport: true,
+      };
+      const r = reduce(state, { kind: "head-failure" });
+      expect(r.next).toEqual({
+        status: "offline",
+        port: 3000,
+        htmlSupport: true, // sticky on offline
+      });
+      expect(r.log).toContain("port 3000");
+    });
+
+    test("booting → booting: no change, no log", () => {
+      const state: ProbeState = {
+        status: "booting",
+        port: 3000,
+        htmlSupport: false,
+      };
+      const r = reduce(state, { kind: "head-failure" });
+      expect(r.next).toEqual(state);
+      expect(r.log).toBeUndefined();
+    });
+
+    test("offline → offline: no change, no log", () => {
+      const state: ProbeState = {
+        status: "offline",
+        port: 3000,
+        htmlSupport: true,
+      };
+      const r = reduce(state, { kind: "head-failure" });
+      expect(r.next).toEqual(state);
+      expect(r.log).toBeUndefined();
+    });
+  });
+});
+
+describe("cadence", () => {
+  test("booting → fast", () => {
+    expect(cadence({ status: "booting", port: 3000, htmlSupport: false })).toBe(
+      PROBE_FAST_MS,
+    );
+  });
+
+  test("online → slow", () => {
+    expect(cadence({ status: "online", port: 3000, htmlSupport: true })).toBe(
+      PROBE_SLOW_MS,
+    );
+  });
+
+  test("offline → fast", () => {
+    expect(cadence({ status: "offline", port: 3000, htmlSupport: true })).toBe(
+      PROBE_FAST_MS,
+    );
+  });
+});
diff --git a/packages/sandbox/daemon/probe.ts b/packages/sandbox/daemon/probe.ts
new file mode 100644
index 0000000000..9c50da7b3a
--- /dev/null
+++ b/packages/sandbox/daemon/probe.ts
@@ -0,0 +1,179 @@
+/**
+ * Single-port HEAD probe. Polls the configured `application.port` at 1 s
+ * while booting/offline, 30 s while online. Single-flight HEAD with a 5 s
+ * timeout. Treats any HTTP response (incl. 404) as "up".
+ */
+import {
+  PROBE_FAST_MS,
+  PROBE_HEAD_TIMEOUT_MS,
+  PROBE_SLOW_MS,
+} from "./constants";
+import { fetchLoopback } from "./upstream-fetch";
+
+export type UpstreamStatus = "booting" | "online" | "offline";
+
+export interface ProbeState {
+  status: UpstreamStatus;
+  port: number | null;
+  htmlSupport: boolean;
+}
+
+export type ProbeEvent =
+  | { kind: "head-response"; status: number; isHtml: boolean }
+  | { kind: "head-failure" }
+  | { kind: "port-change"; port: number | null };
+
+export interface ReduceResult {
+  next: ProbeState;
+  log?: string;
+}
+
+export interface ProbeDeps {
+  /** Reads `config.application.port`. Called every tick — config-change-aware. */
+  getPort: () => number | null;
+  onChange: (state: ProbeState) => void;
+  onLog?: (msg: string) => void;
+}
+
+export function reduce(state: ProbeState, event: ProbeEvent): ReduceResult {
+  switch (event.kind) {
+    case "port-change": {
+      if (event.port === state.port) return { next: state };
+      return {
+        next: { status: "booting", port: event.port, htmlSupport: false },
+      };
+    }
+    case "head-response": {
+      const next: ProbeState = {
+        status: "online",
+        port: state.port,
+        htmlSupport: event.isHtml,
+      };
+      if (state.status === "booting") {
+        return {
+          next,
+          log: `[probe] server responded on port ${state.port} (status ${event.status})`,
+        };
+      }
+      if (state.status === "offline") {
+        return {
+          next,
+          log: `[probe] server back online on port ${state.port} (status ${event.status})`,
+        };
+      }
+      return { next };
+    }
+    case "head-failure": {
+      if (state.status !== "online") return { next: state };
+      return {
+        next: { ...state, status: "offline" },
+        log: `[probe] server stopped responding on port ${state.port}`,
+      };
+    }
+  }
+}
+
+export function cadence(state: ProbeState): number {
+  return state.status === "online" ? PROBE_SLOW_MS : PROBE_FAST_MS;
+}
+
+interface HeadResult {
+  status: number;
+  isHtml: boolean;
+}
+
+async function head(
+  port: number,
+  timeoutMs: number,
+): Promise<HeadResult | null> {
+  try {
+    const res = await fetchLoopback(port, "/", {
+      method: "HEAD",
+      signal: AbortSignal.timeout(timeoutMs),
+    });
+    const ct = (res.headers.get("content-type") ?? "").toLowerCase();
+    return { status: res.status, isHtml: ct.includes("text/html") };
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Returns a live `ProbeState` reference — the fields are mutated in place
+ * on every change so the SSE handshake (`getLastStatus`) sees fresh values
+ * without a getter.
+ */
+export function startUpstreamProbe(deps: ProbeDeps): ProbeState {
+  const state: ProbeState = {
+    status: "booting",
+    port: null,
+    htmlSupport: false,
+  };
+  let inFlight = false;
+  let timer: ReturnType<typeof setTimeout> | null = null;
+
+  function applyEvent(event: ProbeEvent) {
+    const result = reduce(state, event);
+    const changed =
+      result.next.status !== state.status ||
+      result.next.port !== state.port ||
+      result.next.htmlSupport !== state.htmlSupport;
+    state.status = result.next.status;
+    state.port = result.next.port;
+    state.htmlSupport = result.next.htmlSupport;
+    if (result.log) deps.onLog?.(`${result.log}\r\n`);
+    if (changed) {
+      deps.onChange({
+        status: state.status,
+        port: state.port,
+        htmlSupport: state.htmlSupport,
+      });
+    }
+  }
+
+  async function tick() {
+    const port = deps.getPort();
+    if (port !== state.port) {
+      applyEvent({ kind: "port-change", port });
+    }
+
+    if (state.port === null || inFlight) {
+      schedule();
+      return;
+    }
+
+    const portAtStart = state.port;
+    inFlight = true;
+    let result: HeadResult | null = null;
+    try {
+      result = await head(portAtStart, PROBE_HEAD_TIMEOUT_MS);
+    } finally {
+      inFlight = false;
+    }
+
+    // Discard if port changed mid-flight; next tick will probe the new port.
+    if (state.port !== portAtStart) {
+      schedule();
+      return;
+    }
+
+    if (result !== null) {
+      applyEvent({
+        kind: "head-response",
+        status: result.status,
+        isHtml: result.isHtml,
+      });
+    } else {
+      applyEvent({ kind: "head-failure" });
+    }
+    schedule();
+  }
+
+  function schedule() {
+    if (timer) clearTimeout(timer);
+    timer = setTimeout(() => void tick(), cadence(state));
+  }
+
+  schedule();
+  return state;
+}
diff --git a/packages/sandbox/daemon/process/log-tee.ts b/packages/sandbox/daemon/process/log-tee.ts
new file mode 100644
index 0000000000..d37655eaf8
--- /dev/null
+++ b/packages/sandbox/daemon/process/log-tee.ts
@@ -0,0 +1,125 @@
+import {
+  closeSync,
+  fsyncSync,
+  mkdirSync,
+  openSync,
+  statSync,
+  writeSync,
+} from "node:fs";
+import { dirname } from "node:path";
+
+/**
+ * Append-mode tee to a single log file. Each chunk is flushed to the
+ * kernel via writeSync; fsync only happens on close to keep per-chunk
+ * overhead low. Hard size cap protects against runaway output — once we
+ * exceed `maxBytes`, subsequent writes are dropped (with a single
+ * truncation marker emitted) until the tee is closed.
+ *
+ * Open the tee lazily: callers can defer creating the file until the
+ * first write so empty logs don't litter the disk.
+ */
+export class LogTee {
+  private fd: number | null = null;
+  private written = 0;
+  private truncated = false;
+
+  constructor(
+    private readonly path: string,
+    private readonly maxBytes: number,
+  ) {}
+
+  write(data: string): void {
+    if (data.length === 0) return;
+    if (this.truncated) return;
+    const buf = Buffer.from(data, "utf-8");
+    if (this.written + buf.length > this.maxBytes) {
+      this.truncated = true;
+      const remain = Math.max(0, this.maxBytes - this.written);
+      if (remain > 0 && this.openIfNeeded()) {
+        try {
+          writeSync(this.fd as number, buf, 0, remain);
+          this.written += remain;
+        } catch {
+          /* unrecoverable; leave truncated as-is */
+        }
+      }
+      const marker = Buffer.from(
+        `\n[log truncated at ${this.maxBytes} bytes]\n`,
+        "utf-8",
+      );
+      if (this.openIfNeeded()) {
+        try {
+          writeSync(this.fd as number, marker);
+        } catch {
+          /* ignore */
+        }
+      }
+      this.close();
+      return;
+    }
+    if (!this.openIfNeeded()) return;
+    try {
+      writeSync(this.fd as number, buf);
+      this.written += buf.length;
+    } catch {
+      /* swallow — log writes must never crash the daemon */
+    }
+  }
+
+  writeHeader(label: string): void {
+    let prior = this.written;
+    if (this.fd === null) {
+      try {
+        prior = statSync(this.path).size;
+      } catch {
+        /* new file */
+      }
+    }
+    this.write(
+      prior > 0
+        ? `\r\n=== ${new Date().toISOString()} ${label} ===\r\n`
+        : `${label}\r\n`,
+    );
+  }
+
+  isTruncated(): boolean {
+    return this.truncated;
+  }
+
+  bytesWritten(): number {
+    return this.written;
+  }
+
+  close(): void {
+    if (this.fd === null) return;
+    try {
+      fsyncSync(this.fd);
+    } catch {
+      /* fsync best-effort */
+    }
+    try {
+      closeSync(this.fd);
+    } catch {
+      /* ignore */
+    }
+    this.fd = null;
+  }
+
+  private openIfNeeded(): boolean {
+    if (this.fd !== null) return true;
+    try {
+      mkdirSync(dirname(this.path), { recursive: true, mode: 0o700 });
+      // Seed from existing file size so the cap applies across runs that
+      // append to the same path (named-script tees rerun without clearing).
+      try {
+        this.written = statSync(this.path).size;
+      } catch {
+        /* file doesn't exist yet */
+      }
+      this.fd = openSync(this.path, "a", 0o600);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+}
diff --git a/packages/sandbox/daemon/process/phase-manager.ts b/packages/sandbox/daemon/process/phase-manager.ts
new file mode 100644
index 0000000000..7be3522ddd
--- /dev/null
+++ b/packages/sandbox/daemon/process/phase-manager.ts
@@ -0,0 +1,83 @@
+export type PhaseStatus = "running" | "done" | "failed";
+
+export interface Phase {
+  id: string;
+  name: string;
+  status: PhaseStatus;
+  startedAt: number;
+  doneAt: number | null;
+  error?: string;
+}
+
+export interface PhaseManagerDeps {
+  onChange?: (phases: Phase[]) => void;
+}
+
+/**
+ * Lightweight in-memory phase registry. Tracks named setup phases (clone,
+ * install, transition) so the LLM and the SSE stream have a structured view
+ * of "what is the daemon doing right now."
+ *
+ * Not persisted — resets on each daemon boot.
+ */
+export class PhaseManager {
+  private readonly all: Phase[] = [];
+  private idCounter = 0;
+  private readonly deps: PhaseManagerDeps;
+
+  constructor(deps: PhaseManagerDeps = {}) {
+    this.deps = deps;
+  }
+
+  begin(name: string): string {
+    const id = `phase${++this.idCounter}`;
+    this.all.push({
+      id,
+      name,
+      status: "running",
+      startedAt: Date.now(),
+      doneAt: null,
+    });
+    this.emit();
+    return id;
+  }
+
+  done(id: string): void {
+    const t = this.findRunning(id);
+    if (!t) return;
+    t.status = "done";
+    t.doneAt = Date.now();
+    this.emit();
+  }
+
+  fail(id: string, error?: string): void {
+    const t = this.findRunning(id);
+    if (!t) return;
+    t.status = "failed";
+    t.doneAt = Date.now();
+    if (error) t.error = error;
+    this.emit();
+  }
+
+  list(filter?: { status?: ReadonlyArray<PhaseStatus> }): Phase[] {
+    if (!filter?.status) return this.all.slice();
+    return this.all.filter((t) => filter.status!.includes(t.status));
+  }
+
+  /** Running phases + last `maxFinished` completed/failed phases. */
+  recent(maxFinished = 20): Phase[] {
+    const running = this.all.filter((t) => t.status === "running");
+    const finished = this.all
+      .filter((t) => t.status !== "running")
+      .slice(-maxFinished);
+    return [...running, ...finished];
+  }
+
+  private findRunning(id: string): Phase | undefined {
+    return this.all.find((t) => t.id === id && t.status === "running");
+  }
+
+  private emit(): void {
+    this.deps.onChange?.(this.all.slice());
+  }
+}
diff --git a/packages/sandbox/daemon/process/pty-spawn.test.ts b/packages/sandbox/daemon/process/pty-spawn.test.ts
new file mode 100644
index 0000000000..e5f78c708f
--- /dev/null
+++ b/packages/sandbox/daemon/process/pty-spawn.test.ts
@@ -0,0 +1,44 @@
+import { describe, expect, it } from "bun:test";
+import { spawnPty } from "./pty-spawn";
+
+// forkpty(3) is unavailable in GitHub Actions containers.
+describe.skipIf(!!process.env.CI)("spawnPty", () => {
+  it("runs a command in a PTY and streams its output", async () => {
+    const child = spawnPty({ cmd: "echo hello-pty" });
+    const chunks: string[] = [];
+    child.onData((data) => chunks.push(data));
+
+    const exitCode = await new Promise<number>((resolve) => {
+      child.onExit((code) => resolve(code));
+    });
+
+    expect(exitCode).toBe(0);
+    expect(chunks.join("")).toContain("hello-pty");
+  });
+
+  it("propagates env and detects the PTY (TERM is xterm-256color)", async () => {
+    const child = spawnPty({ cmd: 'echo "TERM=$TERM"' });
+    const chunks: string[] = [];
+    child.onData((data) => chunks.push(data));
+
+    await new Promise<number>((resolve) => {
+      child.onExit((code) => resolve(code));
+    });
+
+    expect(chunks.join("")).toContain("TERM=xterm-256color");
+  });
+
+  it("kill() terminates a long-running child", async () => {
+    const child = spawnPty({ cmd: "sleep 30" });
+    const exitPromise = new Promise<number>((resolve) => {
+      child.onExit((code) => resolve(code));
+    });
+    child.kill();
+    const code = await exitPromise;
+    // node-pty maps signal kills to shell-convention exit codes (128 + signal).
+    // Default kill signal is SIGHUP (signal 1) -> exit code 129.
+    // On macOS, node-pty reports exitCode=0 and signal=1 for SIGHUP; our
+    // spawnPty wrapper maps this to 128 + 1 = 129.
+    expect(code).not.toBe(0);
+  });
+});
diff --git a/packages/sandbox/daemon/process/pty-spawn.ts b/packages/sandbox/daemon/process/pty-spawn.ts
new file mode 100644
index 0000000000..e9d6fed629
--- /dev/null
+++ b/packages/sandbox/daemon/process/pty-spawn.ts
@@ -0,0 +1,219 @@
+/**
+ * Thin wrapper around `node-pty.spawn` that allocates a pseudo-terminal for
+ * a shell command. Children see `isatty(stdout) === true`, so they emit
+ * colors, draw progress bars, and line-buffer their output — restoring the
+ * UX `script(1)` was meant to provide but works portably on macOS + Linux.
+ *
+ * Output stdout/stderr are merged into a single stream — this matches the
+ * SSE log-streaming pipeline downstream, which doesn't care about source.
+ *
+ * ## Bun Compatibility Note
+ *
+ * Bun's `tty.ReadStream` incorrectly treats `EAGAIN` on a PTY master fd as a
+ * fatal error and calls `stream.destroy(eagainError)` on the first read
+ * attempt, before any data arrives. This closes the fd and makes
+ * `onData`/`onExit` silently stop working.
+ *
+ * The workaround patches `socket.destroy` synchronously (before the event
+ * loop runs) to:
+ *   - Block calls with an EAGAIN error (Bun's premature destroy).
+ *   - Allow calls with no error (node-pty's own cleanup after child exit).
+ *
+ * Data is read by a `setInterval`-based polling loop using `fs.readSync`.
+ * Exit is detected when node-pty's native callback fires its 200 ms timer
+ * and calls `socket.destroy()` with no error — that destroy is allowed
+ * through, which completes the close chain and fires `raw.onExit`.
+ * The actual exit code / signal is captured there; signals are mapped to
+ * shell-style exit codes (`128 + signal`).
+ */
+
+import fs from "node:fs";
+import { spawn as ptySpawn } from "node-pty";
+
+export interface PtyHandle {
+  /** OS process id of the spawned child. */
+  pid: number;
+  /** Subscribe to merged stdout/stderr output. */
+  onData(cb: (data: string) => void): void;
+  /** Fired exactly once when the child exits. */
+  onExit(cb: (exitCode: number) => void): void;
+  /** Send a signal (default SIGHUP — node-pty's convention). */
+  kill(signal?: string): void;
+}
+
+export interface PtySpawnOpts {
+  /** Shell command. Runs as `sh -c <cmd>`. */
+  cmd: string;
+  cwd?: string;
+  env?: NodeJS.ProcessEnv;
+  /** Drop privileges to this uid (Linux only; ignored on macOS). */
+  uid?: number;
+  /** Drop privileges to this gid (Linux only; ignored on macOS). */
+  gid?: number;
+  /** Defaults to 120. */
+  cols?: number;
+  /** Defaults to 30. */
+  rows?: number;
+}
+
+export function spawnPty(opts: PtySpawnOpts): PtyHandle {
+  const baseEnv: Record<string, string> = {};
+  for (const [k, v] of Object.entries(process.env)) {
+    if (typeof v === "string") baseEnv[k] = v;
+  }
+
+  const overrideEnv: Record<string, string> = {};
+  if (opts.env) {
+    for (const [k, v] of Object.entries(opts.env)) {
+      if (typeof v === "string") overrideEnv[k] = v;
+    }
+  }
+
+  const spawnOpts: Parameters<typeof ptySpawn>[2] = {
+    name: "xterm-256color",
+    cols: opts.cols ?? 120,
+    rows: opts.rows ?? 30,
+    cwd: opts.cwd ?? process.cwd(),
+    env: { TERM: "xterm-256color", ...baseEnv, ...overrideEnv },
+  };
+  if (typeof opts.uid === "number")
+    (spawnOpts as Record<string, unknown>).uid = opts.uid;
+  if (typeof opts.gid === "number")
+    (spawnOpts as Record<string, unknown>).gid = opts.gid;
+
+  // forkpty(3) can fail transiently in CI containers under PTY pressure
+  // (concurrent test files allocating PTYs faster than the kernel reaps them).
+  // Retry a few times before giving up — production callers also benefit from
+  // resilience to brief PTY exhaustion.
+  let raw!: ReturnType<typeof ptySpawn>;
+  let lastErr: unknown;
+  for (let attempt = 0; attempt < 3; attempt++) {
+    try {
+      raw = ptySpawn("sh", ["-c", opts.cmd], spawnOpts);
+      lastErr = undefined;
+      break;
+    } catch (err) {
+      lastErr = err;
+      // Brief sync pause before retry: 50ms × attempt+1.
+      // Bun.sleepSync is preferred when available; fall back to a busy-wait.
+      const pauseMs = 50 * (attempt + 1);
+      const sleepSync = (
+        globalThis as { Bun?: { sleepSync?: (ms: number) => void } }
+      ).Bun?.sleepSync;
+      if (sleepSync) {
+        sleepSync(pauseMs);
+      } else {
+        const end = Date.now() + pauseMs;
+        while (Date.now() < end) {
+          // intentional spin
+        }
+      }
+    }
+  }
+  if (lastErr) throw lastErr;
+
+  const pid = raw.pid;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  const socket = (raw as any)._socket as {
+    fd: number;
+    destroy: (err?: Error) => void;
+  };
+  const fd: number = socket.fd;
+
+  // ── Bun Compat Patch ──────────────────────────────────────────────────────
+  // Bun's tty.ReadStream calls socket.destroy(eagainError) on the first read
+  // when no data is available yet (an EAGAIN). This is incorrect — EAGAIN on
+  // a PTY master fd is transient, not fatal. We block only those calls.
+  //
+  // node-pty itself calls socket.destroy() with NO error argument after the
+  // child exits (via a 200 ms timer inside the native onexit callback). We
+  // allow those through so the normal close → exit chain fires and raw.onExit
+  // receives the true exit code.
+  const origDestroy = socket.destroy.bind(socket);
+
+  socket.destroy = function (err?: NodeJS.ErrnoException) {
+    if (err?.code === "EAGAIN" || err?.code === "EWOULDBLOCK") {
+      return; // Bun's premature destroy — ignore
+    }
+    // Clean destroy (no error, or non-EAGAIN error): let node-pty proceed.
+    origDestroy(err);
+  };
+  // ── End Bun Compat Patch ─────────────────────────────────────────────────
+
+  const dataListeners: Array<(data: string) => void> = [];
+  const exitListeners: Array<(exitCode: number) => void> = [];
+  let done = false;
+
+  /** Map node-pty's (exitCode, signal) to a shell-convention exit code. */
+  function shellExitCode(code: number, signal: number): number {
+    // On macOS node-pty always reports exitCode=0 for signal-killed processes;
+    // the signal number is in `signal`. Map to shell convention: 128 + signal.
+    if (signal > 0) return 128 + signal;
+    return code;
+  }
+
+  function fireExit(code: number): void {
+    if (done) return;
+    done = true;
+    clearInterval(dataPoller);
+    for (const listener of exitListeners) listener(code);
+  }
+
+  // node-pty's native exit fires after the close chain completes.
+  raw.onExit(({ exitCode, signal }) => {
+    fireExit(shellExitCode(exitCode, signal ?? 0));
+  });
+
+  // ── Data polling loop ─────────────────────────────────────────────────────
+  // Poll the PTY master fd non-blocking via readSync. EAGAIN = no data yet
+  // (retry). n === 0 = EOF (PTY slave closed — child exited normally). On
+  // macOS the master fd may stay EAGAIN forever after kill() since the kernel
+  // keeps the slave alive until the master is closed; in that case, exit is
+  // detected via node-pty's "clean" destroy() call above, which fires the
+  // close → raw.onExit chain without needing an EOF read.
+  const buf = Buffer.alloc(8192);
+  const dataPoller = setInterval(() => {
+    if (done) {
+      clearInterval(dataPoller);
+      return;
+    }
+    try {
+      const n = fs.readSync(fd, buf, 0, 8192, null);
+      if (n > 0) {
+        const data = buf.slice(0, n).toString("utf8");
+        for (const listener of dataListeners) listener(data);
+      } else if (n === 0) {
+        // EOF: PTY slave closed (child exited, data fully drained).
+        // Trigger the node-pty close chain to get the real exit code.
+        clearInterval(dataPoller);
+        origDestroy();
+        // Fallback: if raw.onExit doesn't fire within 300 ms, use code 0.
+        setTimeout(() => {
+          if (!done) fireExit(0);
+        }, 300);
+      }
+    } catch (err: unknown) {
+      const code = (err as NodeJS.ErrnoException).code;
+      if (code === "EAGAIN" || code === "EWOULDBLOCK") return; // no data yet
+      // EBADF or EIO: fd closed by external means.
+      clearInterval(dataPoller);
+      origDestroy();
+      setTimeout(() => {
+        if (!done) fireExit(1);
+      }, 300);
+    }
+  }, 5);
+
+  return {
+    pid,
+    onData(cb) {
+      dataListeners.push(cb);
+    },
+    onExit(cb) {
+      exitListeners.push(cb);
+    },
+    kill(signal) {
+      raw.kill(signal);
+    },
+  };
+}
diff --git a/packages/sandbox/daemon/process/ring-buffer.ts b/packages/sandbox/daemon/process/ring-buffer.ts
new file mode 100644
index 0000000000..657260079e
--- /dev/null
+++ b/packages/sandbox/daemon/process/ring-buffer.ts
@@ -0,0 +1,44 @@
+/**
+ * Simple capped string buffer. Appends are amortised constant-time; reads
+ * return everything currently held. When `appended > capacity` we keep the
+ * tail (most-recent bytes) and surface a `truncated` flag.
+ *
+ * Used for the in-memory tail of job/app output; the file-backed log
+ * stream owned by `LogTee` is the durable copy.
+ */
+export class RingBuffer {
+  private chunks: string[] = [];
+  private size = 0;
+  private dropped = false;
+
+  constructor(private readonly capacity: number) {}
+
+  append(data: string): void {
+    if (data.length === 0) return;
+    this.chunks.push(data);
+    this.size += data.length;
+    while (this.size > this.capacity && this.chunks.length > 0) {
+      const head = this.chunks[0];
+      if (head === undefined) break;
+      if (this.size - head.length >= this.capacity) {
+        this.chunks.shift();
+        this.size -= head.length;
+        this.dropped = true;
+        continue;
+      }
+      const overflow = this.size - this.capacity;
+      this.chunks[0] = head.slice(overflow);
+      this.size -= overflow;
+      this.dropped = true;
+      break;
+    }
+  }
+
+  read(): { data: string; truncated: boolean } {
+    return { data: this.chunks.join(""), truncated: this.dropped };
+  }
+
+  byteLength(): number {
+    return this.size;
+  }
+}
diff --git a/packages/sandbox/daemon/process/script-discovery.test.ts b/packages/sandbox/daemon/process/script-discovery.test.ts
new file mode 100644
index 0000000000..44126570d6
--- /dev/null
+++ b/packages/sandbox/daemon/process/script-discovery.test.ts
@@ -0,0 +1,37 @@
+import { describe, expect, it } from "bun:test";
+import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { discoverScripts } from "./script-discovery";
+
+describe("discoverScripts", () => {
+  it("reads scripts from package.json for npm/pnpm/yarn/bun", () => {
+    const root = mkdtempSync(join(tmpdir(), "scripts-"));
+    writeFileSync(
+      join(root, "package.json"),
+      JSON.stringify({ scripts: { dev: "vite", build: "vite build" } }),
+    );
+    expect(discoverScripts(root, "npm")).toEqual(["dev", "build"]);
+    rmSync(root, { recursive: true, force: true });
+  });
+
+  it("reads tasks from deno.json for deno", () => {
+    const root = mkdtempSync(join(tmpdir(), "scripts-"));
+    writeFileSync(
+      join(root, "deno.json"),
+      JSON.stringify({ tasks: { serve: "deno run x" } }),
+    );
+    expect(discoverScripts(root, "deno")).toEqual(["serve"]);
+    rmSync(root, { recursive: true, force: true });
+  });
+
+  it("returns empty when no package.json", () => {
+    const root = mkdtempSync(join(tmpdir(), "scripts-"));
+    expect(discoverScripts(root, "npm")).toEqual([]);
+    rmSync(root, { recursive: true, force: true });
+  });
+
+  it("returns empty when PM is null", () => {
+    expect(discoverScripts("/nonexistent", null)).toEqual([]);
+  });
+});
diff --git a/packages/sandbox/daemon/process/script-discovery.ts b/packages/sandbox/daemon/process/script-discovery.ts
new file mode 100644
index 0000000000..4e5b481eb8
--- /dev/null
+++ b/packages/sandbox/daemon/process/script-discovery.ts
@@ -0,0 +1,38 @@
+import fs from "node:fs";
+import type { PackageManager } from "../types";
+
+/** Returns [] when PM is null or no manifest is found. */
+export function discoverScripts(
+  appRoot: string,
+  pm: PackageManager | null,
+): string[] {
+  if (!pm) return [];
+  let scripts: Record<string, string> = {};
+  try {
+    if (pm === "deno") {
+      for (const f of ["deno.json", "deno.jsonc"]) {
+        try {
+          const raw = fs.readFileSync(`${appRoot}/${f}`, "utf-8");
+          const parsed = JSON.parse(raw) as { tasks?: Record<string, string> };
+          scripts = parsed.tasks ?? {};
+          break;
+        } catch {
+          /* try next */
+        }
+      }
+    } else {
+      try {
+        const raw = fs.readFileSync(`${appRoot}/package.json`, "utf-8");
+        const parsed = JSON.parse(raw) as {
+          scripts?: Record<string, string>;
+        };
+        scripts = parsed.scripts ?? {};
+      } catch {
+        /* no package.json */
+      }
+    }
+  } catch {
+    return [];
+  }
+  return Object.keys(scripts);
+}
diff --git a/packages/sandbox/daemon/process/task-manager.test.ts b/packages/sandbox/daemon/process/task-manager.test.ts
new file mode 100644
index 0000000000..55118069f9
--- /dev/null
+++ b/packages/sandbox/daemon/process/task-manager.test.ts
@@ -0,0 +1,171 @@
+import { describe, expect, it } from "bun:test";
+import { mkdtempSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { TaskManager } from "./task-manager";
+
+function makeManager() {
+  const logsDir = mkdtempSync(join(tmpdir(), "tm-"));
+  return new TaskManager({ logsDir });
+}
+
+describe("TaskManager intentional flag", () => {
+  it("surfaces intentional=true on summary after killByLogName({intentional:true})", async () => {
+    const tm = makeManager();
+    const t = await tm.spawn({
+      command: "sleep 30",
+      cwd: "/tmp",
+      mode: "pipe",
+      logName: "dev",
+    });
+    const finished = tm.finished(t.id)!;
+    const killed = tm.killByLogName("dev", { intentional: true });
+    expect(killed).toBe(1);
+    await finished;
+    const summary = tm.get(t.id)!;
+    expect(summary.intentional).toBe(true);
+  });
+
+  it("surfaces intentional=false (or undefined) for default kills", async () => {
+    const tm = makeManager();
+    const t = await tm.spawn({
+      command: "sleep 30",
+      cwd: "/tmp",
+      mode: "pipe",
+      logName: "dev",
+    });
+    const finished = tm.finished(t.id)!;
+    tm.killByLogName("dev");
+    await finished;
+    const summary = tm.get(t.id)!;
+    expect(summary.intentional).toBeFalsy();
+  });
+});
+
+describe("TaskManager replaceByLogName", () => {
+  it("kills the running task with the same logName, awaits exit, then spawns", async () => {
+    const tm = makeManager();
+    const first = await tm.spawn({
+      command: "sleep 30",
+      cwd: "/tmp",
+      mode: "pipe",
+      logName: "dev",
+    });
+    const firstFinished = tm.finished(first.id)!;
+
+    const second = await tm.spawn({
+      command: "sleep 30",
+      cwd: "/tmp",
+      mode: "pipe",
+      logName: "dev",
+      replaceByLogName: true,
+    });
+
+    // First task must be exited (killed) by the time the new spawn returns.
+    const firstResult = await firstFinished;
+    expect(["killed", "exited", "failed"]).toContain(firstResult.status);
+    expect(tm.get(first.id)?.intentional).toBe(true);
+
+    // Second task is fresh and running.
+    expect(second.id).not.toBe(first.id);
+    expect(tm.get(second.id)?.status).toBe("running");
+
+    // Cleanup.
+    tm.killByLogName("dev");
+    await tm.finished(second.id);
+  });
+
+  it("just spawns when no task with that logName is running", async () => {
+    const tm = makeManager();
+    const t = await tm.spawn({
+      command: "sleep 30",
+      cwd: "/tmp",
+      mode: "pipe",
+      logName: "dev",
+      replaceByLogName: true,
+    });
+    expect(tm.get(t.id)?.status).toBe("running");
+    tm.killByLogName("dev");
+    await tm.finished(t.id);
+  });
+});
+
+describe("TaskManager onTaskExit", () => {
+  it("fires for every task exit with logName, exitCode, and intentional", async () => {
+    const tm = makeManager();
+    const events: Array<{
+      id: string;
+      logName?: string;
+      exitCode: number | null;
+      intentional?: boolean;
+    }> = [];
+    tm.onTaskExit((s) => {
+      events.push({
+        id: s.id,
+        logName: s.logName,
+        exitCode: s.exitCode,
+        intentional: s.intentional,
+      });
+    });
+    const t = await tm.spawn({
+      command: "sleep 30",
+      cwd: "/tmp",
+      mode: "pipe",
+      logName: "dev",
+    });
+    const finished = tm.finished(t.id)!;
+    tm.killByLogName("dev", { intentional: true });
+    await finished;
+    expect(events).toHaveLength(1);
+    expect(events[0].logName).toBe("dev");
+    expect(events[0].intentional).toBe(true);
+  });
+
+  it("returns an unsubscribe function", async () => {
+    const tm = makeManager();
+    let count = 0;
+    const unsub = tm.onTaskExit(() => count++);
+    unsub();
+    const t = await tm.spawn({
+      command: "true",
+      cwd: "/tmp",
+      mode: "pipe",
+    });
+    await tm.finished(t.id);
+    expect(count).toBe(0);
+  });
+});
+
+describe("TaskManager waitForLogNamesIdle", () => {
+  it("resolves once no task with any of the given logNames is running", async () => {
+    const tm = makeManager();
+    await tm.spawn({
+      command: "sleep 30",
+      cwd: "/tmp",
+      mode: "pipe",
+      logName: "dev",
+    });
+    await tm.spawn({
+      command: "sleep 30",
+      cwd: "/tmp",
+      mode: "pipe",
+      logName: "start",
+    });
+
+    const idle = tm.waitForLogNamesIdle(["dev", "start"]);
+    tm.killByLogName("dev");
+    tm.killByLogName("start");
+    await idle;
+
+    const running = tm.list({ status: ["running"] });
+    expect(
+      running.filter((t) => ["dev", "start"].includes(t.logName ?? "")),
+    ).toHaveLength(0);
+  });
+
+  it("resolves immediately when no matching task is running", async () => {
+    const tm = makeManager();
+    await tm.waitForLogNamesIdle(["dev", "start"]);
+    expect(true).toBe(true);
+  });
+});
diff --git a/packages/sandbox/daemon/process/task-manager.ts b/packages/sandbox/daemon/process/task-manager.ts
new file mode 100644
index 0000000000..a58087d550
--- /dev/null
+++ b/packages/sandbox/daemon/process/task-manager.ts
@@ -0,0 +1,577 @@
+import { type ChildProcess, spawn as nodeSpawn } from "node:child_process";
+import { readdirSync, unlinkSync } from "node:fs";
+import { join } from "node:path";
+import { appLogPath } from "../paths";
+import { LogTee } from "./log-tee";
+import { spawnPty } from "./pty-spawn";
+import { RingBuffer } from "./ring-buffer";
+import type { PhaseManager } from "./phase-manager";
+
+const RING_BUFFER_BYTES = 256 * 1024;
+const LOG_MAX_BYTES = 10 * 1024 * 1024;
+const DEFAULT_REAP_INTERVAL_MS = 60 * 1000;
+const DEFAULT_TTL_MS = 15 * 60 * 1000;
+const TASK_FILE_PREFIX = "task";
+
+export type TaskStatus = "running" | "exited" | "failed" | "killed" | "timeout";
+
+export type TaskSpawnMode = "pipe" | "pty";
+
+export interface TaskSpec {
+  command: string;
+  cwd: string;
+  env?: Record<string, string>;
+  mode: TaskSpawnMode;
+  timeoutMs?: number;
+  /** Display label for SSE / log header. */
+  label?: string;
+  /**
+   * Named-script tee. When set, output writes to `<logsDir>/app/<logName>`
+   * (stable filename, overwritten across runs of the same name). When
+   * unset, output writes to `<logsDir>/<taskId>` where taskId is `task<N>`
+   * (sequential within the daemon lifetime, purged on startup).
+   */
+  logName?: string;
+}
+
+interface OutputChunk {
+  stream: "stdout" | "stderr";
+  data: string;
+}
+
+export interface TaskSummary {
+  id: string;
+  command: string;
+  status: TaskStatus;
+  exitCode: number | null;
+  startedAt: number;
+  finishedAt: number | null;
+  timedOut: boolean;
+  truncated: boolean;
+  /**
+   * Mirrors `spec.logName`. Surfaced in summaries so the SSE active-tasks
+   * payload can identify a task by its script name (e.g. "format") without
+   * the consumer having to regex the command string.
+   */
+  logName?: string;
+  /** True when the kill that terminated this task was flagged intentional
+   *  (orchestrator-driven stop, replace-by-logName, or user Stop). */
+  intentional?: boolean;
+}
+
+export interface TaskResult {
+  exitCode: number;
+  status: TaskStatus;
+  timedOut: boolean;
+}
+
+interface TaskInternal {
+  id: string;
+  spec: TaskSpec;
+  status: TaskStatus;
+  exitCode: number | null;
+  startedAt: number;
+  finishedAt: number | null;
+  timedOut: boolean;
+  pid: number | undefined;
+  pgid: number | undefined;
+  phaseId: string | undefined;
+  stdout: RingBuffer;
+  stderr: RingBuffer;
+  /**
+   * Single combined tee at `<logsDir>/<id>`. Header line ("$ <command>")
+   * is written first, then stdout + stderr chunks interleave in arrival
+   * order. Capped at 10MB; cleaned up when the task is reaped.
+   */
+  tee: LogTee;
+  logPath: string;
+  subscribers: Set<(c: OutputChunk) => void>;
+  finishedPromise: Promise<TaskResult>;
+  resolveFinished: (r: TaskResult) => void;
+  kill: (signal?: NodeJS.Signals) => void;
+  timer: ReturnType<typeof setTimeout> | null;
+  /** Set when a kill was flagged intentional. Surfaced on TaskSummary
+   *  so subscribers can distinguish stop from crash. */
+  intentional: boolean;
+  /** Guard flag to ensure onTaskExit handlers fire exactly once. */
+  exitFired: boolean;
+}
+
+export interface TaskManagerDeps {
+  /** Where per-task logs live: <logsDir>/<taskId>/{stdout,stderr}.log. */
+  logsDir: string;
+  ttlMs?: number;
+  reapIntervalMs?: number;
+  /** Fires on spawn and finalize so callers can re-broadcast the running set. */
+  onChange?: () => void;
+  /** When provided, each task is registered as a named phase on spawn/finalize. */
+  phaseManager?: PhaseManager;
+  /**
+   * When provided, tasks with a `logName` mirror their stdout/stderr onto the
+   * global SSE log stream under that name. The env-tab terminal is keyed on
+   * `logName`, so without this the terminal stays empty (only the per-task
+   * subscribers and the on-disk tee see the chunks). The header line
+   * (`$ <label>`) is also broadcast on spawn.
+   */
+  broadcaster?: {
+    broadcastChunk: (source: string, data: string) => void;
+  };
+}
+
+/**
+ * Manages transient, concurrent tasks (ad-hoc bash, package scripts via
+ * /exec/:name). UUID-keyed; many tasks may run in parallel. The managed
+ * application service (dev server) is NOT here — see ApplicationService.
+ *
+ * Lifecycle:
+ *   spawn → running → (exited | failed | killed | timeout)
+ *   completed tasks are reaped after `ttlMs` (default 15 min).
+ */
+export class TaskManager {
+  private readonly tasks = new Map<string, TaskInternal>();
+  private readonly reaper: ReturnType<typeof setInterval>;
+  private readonly ttlMs: number;
+  private idCounter = 0;
+  private readonly exitHandlers = new Set<(s: TaskSummary) => void>();
+
+  constructor(private readonly deps: TaskManagerDeps) {
+    this.ttlMs = deps.ttlMs ?? DEFAULT_TTL_MS;
+    // Stale `task*` files from previous daemon lifetimes are unreachable
+    // (in-memory state is gone; IDs restart from 1). Drop them so the
+    // workspace doesn't accumulate orphaned tees.
+    this.purgeStaleLogs();
+    this.reaper = setInterval(
+      () => this.reap(),
+      deps.reapIntervalMs ?? DEFAULT_REAP_INTERVAL_MS,
+    );
+    this.reaper.unref?.();
+  }
+
+  async spawn(
+    spec: TaskSpec & { replaceByLogName?: boolean },
+  ): Promise<TaskSummary> {
+    if (spec.replaceByLogName && spec.logName) {
+      // Kill any running task with the same logName, await exit, then proceed.
+      // Mirrors the old ApplicationService.start() "replace if alive" semantic
+      // but inside a single owner — no leaked PTYs, no orphaned log routing.
+      const waiters: Array<Promise<unknown>> = [];
+      for (const t of this.tasks.values()) {
+        if (t.status !== "running" || t.spec.logName !== spec.logName) continue;
+        t.intentional = true;
+        t.kill("SIGTERM");
+        setTimeout(() => {
+          if (t.status === "running") t.kill("SIGKILL");
+        }, 3000);
+        waiters.push(t.finishedPromise);
+      }
+      if (waiters.length > 0) await Promise.all(waiters);
+    }
+    const id = `${TASK_FILE_PREFIX}${++this.idCounter}`;
+    const task = this.create(id, spec);
+    this.tasks.set(id, task);
+    this.deps.onChange?.();
+    return summarize(task);
+  }
+
+  get(id: string): TaskSummary | null {
+    const t = this.tasks.get(id);
+    return t ? summarize(t) : null;
+  }
+
+  output(
+    id: string,
+  ): { stdout: string; stderr: string; truncated: boolean } | null {
+    const t = this.tasks.get(id);
+    if (!t) return null;
+    const stdout = t.stdout.read();
+    const stderr = t.stderr.read();
+    return {
+      stdout: stdout.data,
+      stderr: stderr.data,
+      truncated: stdout.truncated || stderr.truncated || t.tee.isTruncated(),
+    };
+  }
+
+  finished(id: string): Promise<TaskResult> | null {
+    const t = this.tasks.get(id);
+    return t ? t.finishedPromise : null;
+  }
+
+  subscribe(id: string, fn: (c: OutputChunk) => void): (() => void) | null {
+    const t = this.tasks.get(id);
+    if (!t) return null;
+    t.subscribers.add(fn);
+    return () => t.subscribers.delete(fn);
+  }
+
+  /** Subscribe to per-task exit events. Handler receives the final
+   *  summary (status, exitCode, intentional, logName). Returns an
+   *  unsubscribe function. */
+  onTaskExit(handler: (s: TaskSummary) => void): () => void {
+    this.exitHandlers.add(handler);
+    return () => this.exitHandlers.delete(handler);
+  }
+
+  /** Resolves once no running task carries any of the given logNames.
+   *  Used by the orchestrator to await dev/start shutdown before
+   *  branch/install transitions. */
+  async waitForLogNamesIdle(logNames: ReadonlyArray<string>): Promise<void> {
+    const matching = (): TaskInternal[] => {
+      const out: TaskInternal[] = [];
+      for (const t of this.tasks.values()) {
+        if (
+          t.status === "running" &&
+          t.spec.logName &&
+          logNames.includes(t.spec.logName)
+        ) {
+          out.push(t);
+        }
+      }
+      return out;
+    };
+    const initial = matching();
+    if (initial.length === 0) return;
+    await Promise.all(initial.map((t) => t.finishedPromise));
+  }
+
+  list(filter?: { status?: ReadonlyArray<TaskStatus> }): TaskSummary[] {
+    const out: TaskSummary[] = [];
+    for (const t of this.tasks.values()) {
+      if (filter?.status && !filter.status.includes(t.status)) continue;
+      out.push(summarize(t));
+    }
+    return out;
+  }
+
+  kill(id: string, signal: NodeJS.Signals = "SIGTERM"): boolean {
+    const t = this.tasks.get(id);
+    if (!t) return false;
+    if (t.status !== "running") return false;
+    t.kill(signal);
+    setTimeout(() => {
+      if (t.status === "running") {
+        t.kill("SIGKILL");
+      }
+    }, 3000);
+    return true;
+  }
+
+  killByLogName(
+    logName: string,
+    opts?: { intentional?: boolean; signal?: NodeJS.Signals },
+  ): number {
+    const signal = opts?.signal ?? "SIGTERM";
+    let count = 0;
+    for (const t of this.tasks.values()) {
+      if (t.status !== "running" || t.spec.logName !== logName) continue;
+      if (opts?.intentional) t.intentional = true;
+      t.kill(signal);
+      setTimeout(() => {
+        if (t.status === "running") t.kill("SIGKILL");
+      }, 3000);
+      count++;
+    }
+    return count;
+  }
+
+  killAll(): number {
+    let count = 0;
+    for (const t of this.tasks.values()) {
+      if (t.status === "running") {
+        t.kill("SIGTERM");
+        count++;
+      }
+    }
+    return count;
+  }
+
+  delete(id: string): boolean {
+    const t = this.tasks.get(id);
+    if (!t) return false;
+    if (t.status === "running") return false;
+    this.tasks.delete(id);
+    t.tee.close();
+    this.unlink(t.logPath);
+    return true;
+  }
+
+  shutdown(): void {
+    clearInterval(this.reaper);
+    for (const t of this.tasks.values()) {
+      if (t.status === "running") t.kill("SIGKILL");
+      t.tee.close();
+    }
+    this.tasks.clear();
+  }
+
+  private reap(): void {
+    const now = Date.now();
+    for (const [id, t] of this.tasks) {
+      if (t.status === "running" || t.finishedAt === null) continue;
+      if (now - t.finishedAt > this.ttlMs) {
+        this.tasks.delete(id);
+        t.tee.close();
+        this.unlink(t.logPath);
+      }
+    }
+  }
+
+  private purgeStaleLogs(): void {
+    let entries: string[];
+    try {
+      entries = readdirSync(this.deps.logsDir);
+    } catch {
+      return;
+    }
+    for (const name of entries) {
+      if (!name.startsWith(TASK_FILE_PREFIX)) continue;
+      this.unlink(join(this.deps.logsDir, name));
+    }
+  }
+
+  private unlink(path: string): void {
+    try {
+      unlinkSync(path);
+    } catch {
+      /* file already gone or never opened */
+    }
+  }
+
+  private create(id: string, spec: TaskSpec): TaskInternal {
+    const stdout = new RingBuffer(RING_BUFFER_BYTES);
+    const stderr = new RingBuffer(RING_BUFFER_BYTES);
+    const logPath = spec.logName
+      ? appLogPath(this.deps.logsDir, spec.logName)
+      : join(this.deps.logsDir, id);
+    const tee = new LogTee(logPath, LOG_MAX_BYTES);
+    const headerLine = spec.label ?? `$ ${spec.command}`;
+    tee.writeHeader(headerLine);
+    if (spec.logName) {
+      this.deps.broadcaster?.broadcastChunk(spec.logName, `${headerLine}\r\n`);
+    }
+    const subscribers = new Set<(c: OutputChunk) => void>();
+
+    let resolveFinished!: (r: TaskResult) => void;
+    const finishedPromise = new Promise<TaskResult>((resolve) => {
+      resolveFinished = resolve;
+    });
+
+    const phaseId = this.deps.phaseManager?.begin(spec.label ?? spec.command);
+    const task: TaskInternal = {
+      id,
+      spec,
+      status: "running",
+      exitCode: null,
+      startedAt: Date.now(),
+      finishedAt: null,
+      timedOut: false,
+      pid: undefined,
+      pgid: undefined,
+      phaseId,
+      stdout,
+      stderr,
+      tee,
+      logPath,
+      subscribers,
+      finishedPromise,
+      resolveFinished,
+      kill: () => undefined,
+      timer: null,
+      intentional: false,
+      exitFired: false,
+    };
+
+    if (spec.mode === "pty") {
+      this.startPty(task);
+    } else {
+      this.startPipe(task);
+    }
+    return task;
+  }
+
+  private startPty(task: TaskInternal): void {
+    let child: ReturnType<typeof spawnPty>;
+    try {
+      child = spawnPty({
+        cmd: task.spec.command,
+        cwd: task.spec.cwd,
+        env: task.spec.env as NodeJS.ProcessEnv | undefined,
+      });
+    } catch (e) {
+      const msg = `spawn error: ${(e as Error).message}\n`;
+      task.stderr.append(msg);
+      task.tee.write(msg);
+      this.fanOut(task, { stream: "stderr", data: msg });
+      // Defer finalize so callers awaiting `finished` see the same shape
+      // as a normal exit; spawn() returning synchronously must observe a
+      // running task for one tick before it resolves to failed.
+      queueMicrotask(() =>
+        this.finalize(task, { exitCode: -1, timedOut: false }),
+      );
+      return;
+    }
+    task.pid = child.pid;
+    task.kill = (signal) => child.kill(signal ?? "SIGTERM");
+
+    child.onData((data) => {
+      task.stdout.append(data);
+      task.tee.write(data);
+      this.fanOut(task, { stream: "stdout", data });
+    });
+
+    if (task.spec.timeoutMs && task.spec.timeoutMs > 0) {
+      task.timer = setTimeout(() => {
+        if (task.status !== "running") return;
+        task.timedOut = true;
+        try {
+          child.kill("SIGKILL");
+        } catch {
+          /* already gone */
+        }
+      }, task.spec.timeoutMs);
+    }
+
+    child.onExit((code) => {
+      if (task.timer) clearTimeout(task.timer);
+      this.finalize(task, {
+        exitCode: code,
+        timedOut: task.timedOut,
+      });
+    });
+  }
+
+  private startPipe(task: TaskInternal): void {
+    const opts: Parameters<typeof nodeSpawn>[2] = {
+      cwd: task.spec.cwd,
+      stdio: ["ignore", "pipe", "pipe"],
+      env: task.spec.env,
+      detached: true,
+    };
+    const child: ChildProcess = nodeSpawn(
+      "bash",
+      ["-c", task.spec.command],
+      opts,
+    );
+    task.pid = child.pid;
+    task.pgid = child.pid;
+
+    const killGroup = (signal: NodeJS.Signals) => {
+      if (task.pgid === undefined) return;
+      try {
+        process.kill(-task.pgid, signal);
+      } catch {
+        /* group already gone */
+      }
+    };
+    task.kill = (signal) => killGroup(signal ?? "SIGTERM");
+
+    child.stdout?.on("data", (chunk: Buffer) => {
+      const data = chunk.toString("utf-8");
+      task.stdout.append(data);
+      task.tee.write(data);
+      this.fanOut(task, { stream: "stdout", data });
+    });
+    child.stderr?.on("data", (chunk: Buffer) => {
+      const data = chunk.toString("utf-8");
+      task.stderr.append(data);
+      task.tee.write(data);
+      this.fanOut(task, { stream: "stderr", data });
+    });
+
+    if (task.spec.timeoutMs && task.spec.timeoutMs > 0) {
+      task.timer = setTimeout(() => {
+        if (task.status !== "running") return;
+        task.timedOut = true;
+        killGroup("SIGKILL");
+      }, task.spec.timeoutMs);
+    }
+
+    child.on("close", (code) => {
+      if (task.timer) clearTimeout(task.timer);
+      // Reap survivors of any backgrounded children.
+      killGroup("SIGKILL");
+      this.finalize(task, {
+        exitCode: code ?? 1,
+        timedOut: task.timedOut,
+      });
+    });
+    child.on("error", (err) => {
+      if (task.timer) clearTimeout(task.timer);
+      const msg = `spawn error: ${err.message}\n`;
+      task.stderr.append(msg);
+      task.tee.write(msg);
+      this.fanOut(task, { stream: "stderr", data: msg });
+      this.finalize(task, { exitCode: -1, timedOut: false });
+    });
+  }
+
+  private finalize(
+    task: TaskInternal,
+    result: { exitCode: number; timedOut: boolean },
+  ): void {
+    if (task.status !== "running") return;
+    let status: TaskStatus;
+    if (result.timedOut) status = "timeout";
+    else if (result.exitCode === 0) status = "exited";
+    else if (result.exitCode === -1) status = "failed";
+    else if (result.exitCode > 128) status = "killed";
+    else status = "exited";
+    task.status = status;
+    task.exitCode = result.exitCode;
+    task.finishedAt = Date.now();
+    task.tee.close();
+    if (task.phaseId) {
+      if (status === "exited" || status === "killed") {
+        this.deps.phaseManager?.done(task.phaseId);
+      } else {
+        this.deps.phaseManager?.fail(task.phaseId, `exit ${result.exitCode}`);
+      }
+    }
+    task.resolveFinished({
+      exitCode: result.exitCode,
+      status,
+      timedOut: result.timedOut,
+    });
+    // Fire onTaskExit handlers exactly once, with the guard flag.
+    if (!task.exitFired) {
+      task.exitFired = true;
+      const summary = summarize(task);
+      for (const h of this.exitHandlers) {
+        try {
+          h(summary);
+        } catch {
+          /* handlers must not crash the task lifecycle */
+        }
+      }
+    }
+    this.deps.onChange?.();
+  }
+
+  private fanOut(task: TaskInternal, chunk: OutputChunk): void {
+    for (const sub of task.subscribers) {
+      try {
+        sub(chunk);
+      } catch {
+        /* one bad subscriber doesn't stop the rest */
+      }
+    }
+    if (task.spec.logName) {
+      this.deps.broadcaster?.broadcastChunk(task.spec.logName, chunk.data);
+    }
+  }
+}
+
+function summarize(t: TaskInternal): TaskSummary {
+  return {
+    id: t.id,
+    command: t.spec.command,
+    status: t.status,
+    exitCode: t.exitCode,
+    startedAt: t.startedAt,
+    finishedAt: t.finishedAt,
+    timedOut: t.timedOut,
+    truncated: t.tee.isTruncated(),
+    logName: t.spec.logName,
+    intentional: t.intentional,
+  };
+}
diff --git a/packages/sandbox/daemon/proxy.ts b/packages/sandbox/daemon/proxy.ts
new file mode 100644
index 0000000000..7e2f4a61d0
--- /dev/null
+++ b/packages/sandbox/daemon/proxy.ts
@@ -0,0 +1,128 @@
+import { BOOTSTRAP_SCRIPT } from "./constants";
+import type { Broadcaster } from "./events/broadcast";
+import { fetchLoopback } from "./upstream-fetch";
+
+export interface ProxyDeps {
+  broadcaster: Broadcaster;
+  getDevPort: () => number | null;
+}
+
+const NO_UPSTREAM_HTML = `<!DOCTYPE html><html><head><meta charset="utf-8"><title>No dev server</title><style>body{font-family:system-ui,sans-serif;display:flex;align-items:center;justify-content:center;min-height:100vh;margin:0;background:#fafafa;color:#555}div{text-align:center;max-width:420px;padding:24px}h3{margin:0 0 8px}p{margin:0;font-size:14px;color:#999;line-height:1.5}code{background:#eee;padding:2px 6px;border-radius:4px;font-size:13px;color:#333}</style></head><body><div><h3>No dev server running</h3><p>Start one in this sandbox (e.g. <code>bun run dev</code>) and the preview will appear here automatically.</p></div><script>setTimeout(function(){window.location.reload()},2000)</script></body></html>`;
+
+export function makeProxyHandler({ broadcaster, getDevPort }: ProxyDeps) {
+  function log(...args: string[]) {
+    const msg = `[daemon] ${new Date().toISOString()} ${args.join(" ")}`;
+    broadcaster.broadcastChunk("daemon", msg + "\r\n");
+  }
+
+  return async (req: Request): Promise<Response> => {
+    const url = new URL(req.url);
+    const port = getDevPort();
+    if (port === null) {
+      return new Response(NO_UPSTREAM_HTML, {
+        status: 503,
+        headers: {
+          "Content-Type": "text/html; charset=utf-8",
+          "Cache-Control": "no-store",
+          "Access-Control-Allow-Origin": "*",
+        },
+      });
+    }
+    log("proxy", req.method, url.pathname);
+    const outHeaders = new Headers(req.headers);
+    outHeaders.delete("accept-encoding");
+    outHeaders.delete("host");
+    outHeaders.delete("transfer-encoding");
+    outHeaders.delete("content-length");
+    outHeaders.delete("authorization");
+
+    // 60s timeout guards the *headers* phase — a hung dev server shouldn't
+    // pin a request slot forever. Once headers arrive we cancel the timer:
+    // SSE / NDJSON / long-poll bodies must be allowed to stream indefinitely.
+    // Client-disconnect aborts upstream too, so we don't leak a fetch when
+    // the browser navigates away mid-stream.
+    const upstreamAbort = new AbortController();
+    const headersTimeout = setTimeout(
+      () => upstreamAbort.abort(new Error("upstream headers timeout")),
+      60000,
+    );
+    const onClientAbort = () => upstreamAbort.abort();
+    req.signal.addEventListener("abort", onClientAbort, { once: true });
+
+    let upstream: Response;
+    try {
+      const init: RequestInit = {
+        method: req.method,
+        headers: outHeaders,
+        redirect: "manual",
+        signal: upstreamAbort.signal,
+      };
+      if (req.method !== "GET" && req.method !== "HEAD") {
+        init.body = await req.arrayBuffer();
+      }
+      upstream = await fetchLoopback(
+        port,
+        `${url.pathname}${url.search}`,
+        init,
+      );
+      clearTimeout(headersTimeout);
+    } catch (e) {
+      clearTimeout(headersTimeout);
+      req.signal.removeEventListener("abort", onClientAbort);
+      const msg = (e as Error).message ?? String(e);
+      log("proxy error", req.method, url.pathname, msg);
+      const connErr =
+        /ECONNREFUSED|ECONNRESET|ECONNABORTED|fetch failed|Unable to connect|TimeoutError|timed out/i.test(
+          msg,
+        );
+      if (url.pathname === "/" && connErr) {
+        // Reaching this branch means we *did* have a port at the top of the
+        // handler but the upstream just failed: server is mid-restart, mid-
+        // compile, or briefly unhealthy. Auto-reload is the right call.
+        return new Response(
+          `<!DOCTYPE html><html><head><meta charset="utf-8"><title>Starting...</title><style>body{font-family:system-ui,sans-serif;display:flex;align-items:center;justify-content:center;min-height:100vh;margin:0;background:#fafafa;color:#555}div{text-align:center}p{margin-top:8px;font-size:14px;color:#999}</style></head><body><div><h3>Server is starting…</h3><p>This page will refresh automatically.</p></div><script>setTimeout(function(){window.location.reload()},1000)</script></body></html>`,
+          {
+            status: 503,
+            headers: {
+              "Content-Type": "text/html; charset=utf-8",
+              "Retry-After": "1",
+              "Access-Control-Allow-Origin": "*",
+            },
+          },
+        );
+      }
+      return new Response(JSON.stringify({ error: `proxy error: ${msg}` }), {
+        status: 502,
+        headers: {
+          "Content-Type": "application/json",
+          "Access-Control-Allow-Origin": "*",
+        },
+      });
+    }
+
+    const respHeaders = new Headers(upstream.headers);
+    respHeaders.delete("x-frame-options");
+    respHeaders.delete("content-security-policy");
+    respHeaders.delete("content-security-policy-report-only");
+    respHeaders.delete("content-encoding");
+
+    const ct = (upstream.headers.get("content-type") ?? "").toLowerCase();
+    if (ct.includes("text/html")) {
+      respHeaders.delete("content-length");
+      let html = await upstream.text();
+      const idx = html.lastIndexOf("</body>");
+      html =
+        idx !== -1
+          ? html.slice(0, idx) + BOOTSTRAP_SCRIPT + html.slice(idx)
+          : html + BOOTSTRAP_SCRIPT;
+      return new Response(html, {
+        status: upstream.status,
+        headers: respHeaders,
+      });
+    }
+    return new Response(upstream.body, {
+      status: upstream.status,
+      headers: respHeaders,
+    });
+  };
+}
diff --git a/packages/sandbox/daemon/routes/bash.test.ts b/packages/sandbox/daemon/routes/bash.test.ts
new file mode 100644
index 0000000000..28a18e3bd9
--- /dev/null
+++ b/packages/sandbox/daemon/routes/bash.test.ts
@@ -0,0 +1,89 @@
+import { afterEach, beforeEach, describe, expect, it } from "bun:test";
+import { existsSync, mkdtempSync, readFileSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { TaskManager } from "../process/task-manager";
+import { makeBashHandler } from "./bash";
+
+function b64(obj: unknown): string {
+  return Buffer.from(JSON.stringify(obj), "utf-8").toString("base64");
+}
+
+function post(obj: unknown): Request {
+  return new Request("http://x/_decopilot_vm/bash", {
+    method: "POST",
+    body: b64(obj),
+  });
+}
+
+describe("bash", () => {
+  let appRoot = "";
+  let logsDir = "";
+  let taskManager: TaskManager;
+  let h: ReturnType<typeof makeBashHandler>;
+
+  beforeEach(() => {
+    appRoot = mkdtempSync(join(tmpdir(), "bash-handler-"));
+    logsDir = mkdtempSync(join(tmpdir(), "bash-logs-"));
+    taskManager = new TaskManager({
+      logsDir,
+      ttlMs: 60_000,
+      reapIntervalMs: 60_000,
+    });
+    h = makeBashHandler({ repoDir: appRoot, taskManager });
+  });
+
+  afterEach(() => {
+    taskManager.shutdown();
+    rmSync(appRoot, { recursive: true, force: true });
+    rmSync(logsDir, { recursive: true, force: true });
+  });
+
+  it("runs an echo and returns stdout+exitCode=0", async () => {
+    const res = await h(post({ command: "echo hello-world" }));
+    const body = (await res.json()) as { stdout: string; exitCode: number };
+    expect(body.stdout.trim()).toBe("hello-world");
+    expect(body.exitCode).toBe(0);
+  });
+
+  it("SIGKILLs on timeout and returns exitCode=-1", async () => {
+    const res = await h(post({ command: "sleep 30", timeout: 300 }));
+    const body = (await res.json()) as { exitCode: number; timedOut: boolean };
+    expect(body.timedOut).toBe(true);
+    expect(body.exitCode).toBe(-1);
+  });
+
+  it("rejects missing command", async () => {
+    const res = await h(post({}));
+    expect(res.status).toBe(400);
+  });
+
+  it("background mode returns taskId immediately", async () => {
+    const res = await h(post({ command: "echo bg-mode", mode: "background" }));
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as { taskId: string; status: string };
+    expect(typeof body.taskId).toBe("string");
+    expect(body.status).toBe("running");
+  });
+
+  it("does not leak backgrounded children past the request", async () => {
+    const pidFile = join(appRoot, "bg.pid");
+    const cmd = `sleep 30 > /dev/null 2>&1 & echo $! > "${pidFile}"; wait $!`;
+    const res = await h(post({ command: cmd, timeout: 500 }));
+    const body = (await res.json()) as { exitCode: number };
+    expect(body.exitCode).toBe(-1);
+
+    expect(existsSync(pidFile)).toBe(true);
+    const bgPid = Number(readFileSync(pidFile, "utf-8").trim());
+    expect(Number.isInteger(bgPid)).toBe(true);
+
+    await new Promise((r) => setTimeout(r, 100));
+    let alive = true;
+    try {
+      process.kill(bgPid, 0);
+    } catch {
+      alive = false;
+    }
+    expect(alive).toBe(false);
+  });
+});
diff --git a/packages/sandbox/daemon/routes/bash.ts b/packages/sandbox/daemon/routes/bash.ts
new file mode 100644
index 0000000000..93c65c7e6b
--- /dev/null
+++ b/packages/sandbox/daemon/routes/bash.ts
@@ -0,0 +1,73 @@
+import type { TaskManager } from "../process/task-manager";
+import { jsonResponse, parseBase64JsonBody } from "./body-parser";
+import { awaitTaskResponse } from "./tasks";
+
+const DEFAULT_TIMEOUT_MS = 30_000;
+const MAX_TIMEOUT_MS = 15 * 60 * 1000;
+
+export type BashMode = "await" | "background";
+
+export interface BashDeps {
+  /** Default cwd for unscoped commands. Typically `<appRoot>/repo` (the repo). */
+  repoDir: string;
+  taskManager: TaskManager;
+  env?: Record<string, string>;
+}
+
+interface BashBody {
+  command?: string;
+  timeout?: number;
+  cwd?: string;
+  env?: Record<string, string>;
+  mode?: BashMode;
+}
+
+/**
+ * Modes:
+ *   - "await" (default): runs to completion and returns the full
+ *     stdout/stderr/exitCode body. This is the legacy bash behavior.
+ *   - "background": returns the taskId immediately. Caller can poll
+ *     /_decopilot_vm/tasks/:id, stream output, or kill via the tasks API.
+ */
+export function makeBashHandler(deps: BashDeps) {
+  return async (req: Request): Promise<Response> => {
+    let body: BashBody;
+    try {
+      body = (await parseBase64JsonBody(req)) as BashBody;
+    } catch (e) {
+      return jsonResponse({ error: (e as Error).message }, 400);
+    }
+    if (!body.command || typeof body.command !== "string") {
+      return jsonResponse({ error: "command is required" }, 400);
+    }
+
+    const mode: BashMode = body.mode === "background" ? "background" : "await";
+    const timeout = clampTimeout(body.timeout, mode);
+    const env = body.env ? { ...(deps.env ?? {}), ...body.env } : deps.env;
+
+    const task = await deps.taskManager.spawn({
+      command: body.command,
+      cwd: body.cwd ?? deps.repoDir,
+      env,
+      mode: "pipe",
+      timeoutMs: timeout,
+      label: `$ ${body.command}`,
+    });
+
+    if (mode === "background") {
+      return jsonResponse({ taskId: task.id, status: task.status });
+    }
+
+    return awaitTaskResponse(deps.taskManager, task.id, {
+      timedOutExitCode: -1,
+    });
+  };
+}
+
+function clampTimeout(raw: number | undefined, mode: BashMode): number {
+  const fallback = DEFAULT_TIMEOUT_MS;
+  const requested = typeof raw === "number" && raw > 0 ? raw : fallback;
+  // Background tasks may run longer; cap at 15 min (matches TaskManager TTL).
+  const ceiling = mode === "background" ? MAX_TIMEOUT_MS : 120_000;
+  return Math.min(requested, ceiling);
+}
diff --git a/packages/sandbox/daemon/routes/body-parser.test.ts b/packages/sandbox/daemon/routes/body-parser.test.ts
new file mode 100644
index 0000000000..5ab464bde1
--- /dev/null
+++ b/packages/sandbox/daemon/routes/body-parser.test.ts
@@ -0,0 +1,43 @@
+import { describe, expect, it } from "bun:test";
+import { parseBase64JsonBody } from "./body-parser";
+
+function makeReq(raw: string): Request {
+  return new Request("http://x/_decopilot_vm/bash", {
+    method: "POST",
+    body: raw,
+    headers: { "Content-Type": "application/json" },
+  });
+}
+
+function b64(obj: unknown): string {
+  return Buffer.from(JSON.stringify(obj), "utf-8").toString("base64");
+}
+
+describe("parseBase64JsonBody", () => {
+  it("decodes base64 JSON round-trip", async () => {
+    const body = await parseBase64JsonBody(
+      makeReq(b64({ command: "echo hi" })),
+    );
+    expect(body).toEqual({ command: "echo hi" });
+  });
+
+  it("handles UTF-8 content", async () => {
+    const body = await parseBase64JsonBody(makeReq(b64({ s: "héllo—world" })));
+    expect((body as { s: string }).s).toBe("héllo—world");
+  });
+
+  it("rejects invalid base64", async () => {
+    await expect(
+      parseBase64JsonBody(makeReq("not-valid-base64-!@#$")),
+    ).rejects.toThrow(/Failed to parse body/);
+  });
+
+  it("rejects non-JSON decoded payload", async () => {
+    const notJson = Buffer.from("plain text, not json", "utf-8").toString(
+      "base64",
+    );
+    await expect(parseBase64JsonBody(makeReq(notJson))).rejects.toThrow(
+      /Failed to parse body/,
+    );
+  });
+});
diff --git a/packages/sandbox/daemon/routes/body-parser.ts b/packages/sandbox/daemon/routes/body-parser.ts
new file mode 100644
index 0000000000..74a01a26c8
--- /dev/null
+++ b/packages/sandbox/daemon/routes/body-parser.ts
@@ -0,0 +1,32 @@
+/**
+ * Request bodies come base64-encoded JSON. The mesh server's daemonPost
+ * helper wraps POST bodies in base64 to avoid Cloudflare WAF triggering
+ * on shell commands in /bash etc. Non-freestyle paths pay a small
+ * overhead (33%) for one parser and one code path.
+ */
+export async function parseBase64JsonBody(req: Request): Promise<unknown> {
+  const raw = await req.text();
+  try {
+    const decoded = decodeURIComponent(
+      atob(raw)
+        .split("")
+        .map((c) => `%${`00${c.charCodeAt(0).toString(16)}`.slice(-2)}`)
+        .join(""),
+    );
+    return JSON.parse(decoded);
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    throw new Error(`Failed to parse body: ${msg} | raw=${raw.slice(0, 200)}`);
+  }
+}
+
+/** Build a JSON Response with the standard CORS + content-type headers. */
+export function jsonResponse(body: unknown, status = 200): Response {
+  return new Response(JSON.stringify(body), {
+    status,
+    headers: {
+      "Content-Type": "application/json",
+      "Access-Control-Allow-Origin": "*",
+    },
+  });
+}
diff --git a/packages/sandbox/daemon/routes/config.test.ts b/packages/sandbox/daemon/routes/config.test.ts
new file mode 100644
index 0000000000..2b0da16e9e
--- /dev/null
+++ b/packages/sandbox/daemon/routes/config.test.ts
@@ -0,0 +1,178 @@
+import { beforeEach, describe, expect, it } from "bun:test";
+import { TenantConfigStore } from "../config-store";
+import { makeConfigReadHandler, makeConfigUpdateHandler } from "./config";
+import type { TenantConfig } from "../types";
+
+const BOOT_ID = "boot-cfg-test";
+
+function buildReq(method: "PUT" | "POST", body: object): Request {
+  const b64 = Buffer.from(JSON.stringify(body), "utf-8").toString("base64");
+  return new Request("http://x/_decopilot_vm/config", { method, body: b64 });
+}
+
+const SEED: TenantConfig = {
+  git: {
+    repository: {
+      cloneUrl: "https://example.com/repo.git",
+      repoName: "repo",
+      branch: "main",
+    },
+  },
+  application: {
+    packageManager: { name: "npm" },
+    runtime: "node",
+    port: 3000,
+  },
+};
+
+describe("makeConfigUpdateHandler", () => {
+  let store: TenantConfigStore;
+
+  beforeEach(() => {
+    store = new TenantConfigStore();
+  });
+
+  function handler() {
+    return makeConfigUpdateHandler({ daemonBootId: BOOT_ID, store });
+  }
+
+  it("first POST emits bootstrap", async () => {
+    const h = handler();
+    const res = await h(buildReq("POST", SEED));
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as { transition: string };
+    expect(body.transition).toBe("bootstrap");
+  });
+
+  it("PUT branch=feature emits branch-change after seed", async () => {
+    await store.apply(SEED);
+    const h = handler();
+    const res = await h(
+      buildReq("PUT", { git: { repository: { branch: "feature" } } }),
+    );
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as { transition: string };
+    expect(body.transition).toBe("branch-change");
+  });
+
+  it("PUT port emits port-change", async () => {
+    await store.apply(SEED);
+    const h = handler();
+    const res = await h(buildReq("PUT", { application: { port: 5173 } }));
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as { transition: string };
+    expect(body.transition).toBe("port-change");
+  });
+
+  it("rejects mismatched cloneUrl with 409", async () => {
+    await store.apply(SEED);
+    const h = handler();
+    const res = await h(
+      buildReq("PUT", {
+        git: {
+          repository: { cloneUrl: "https://example.com/different.git" },
+        },
+      }),
+    );
+    expect(res.status).toBe(409);
+    const body = (await res.json()) as { error: string };
+    expect(body.error).toContain("cloneUrl");
+  });
+
+  it("accepts matching cloneUrl in patch (no-op or downstream change)", async () => {
+    await store.apply(SEED);
+    const h = handler();
+    const res = await h(
+      buildReq("PUT", {
+        git: {
+          repository: { cloneUrl: "https://example.com/repo.git" },
+        },
+        application: { port: 4000 },
+      }),
+    );
+    expect(res.status).toBe(200);
+  });
+
+  it("invalid port returns 400", async () => {
+    await store.apply(SEED);
+    const h = handler();
+    const res = await h(buildReq("PUT", { application: { port: 70000 } }));
+    expect(res.status).toBe(400);
+  });
+
+  it("auth.rotateToken invokes setDaemonToken before applying patch", async () => {
+    let captured: string | null = null;
+    const h = makeConfigUpdateHandler({
+      daemonBootId: BOOT_ID,
+      store,
+      setDaemonToken: (next) => {
+        captured = next;
+      },
+    });
+    const newToken = "a".repeat(48);
+    const res = await h(
+      buildReq("POST", { ...SEED, auth: { rotateToken: newToken } }),
+    );
+    expect(res.status).toBe(200);
+    expect(captured).toBe(newToken);
+    // Auth field MUST be stripped before persisting — TenantConfig has no auth.
+    const persisted = store.read();
+    expect((persisted as unknown as { auth?: unknown })?.auth).toBeUndefined();
+  });
+
+  it("auth.rotateToken too short returns 400 and does not call setter", async () => {
+    let called = false;
+    const h = makeConfigUpdateHandler({
+      daemonBootId: BOOT_ID,
+      store,
+      setDaemonToken: () => {
+        called = true;
+      },
+    });
+    const res = await h(
+      buildReq("POST", { ...SEED, auth: { rotateToken: "short" } }),
+    );
+    expect(res.status).toBe(400);
+    expect(called).toBe(false);
+  });
+
+  it("auth.rotateToken without setter returns 400", async () => {
+    const h = handler();
+    const res = await h(
+      buildReq("POST", { ...SEED, auth: { rotateToken: "a".repeat(48) } }),
+    );
+    expect(res.status).toBe(400);
+  });
+});
+
+describe("makeConfigReadHandler", () => {
+  let store: TenantConfigStore;
+
+  beforeEach(() => {
+    store = new TenantConfigStore();
+  });
+
+  it("returns 200 with null config when no tenant config set", async () => {
+    const h = makeConfigReadHandler({ daemonBootId: BOOT_ID, store });
+    const res = await h();
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as { bootId: string; config: null };
+    expect(body.bootId).toBe(BOOT_ID);
+    expect(body.config).toBeNull();
+  });
+
+  it("returns config + bootId when set", async () => {
+    await store.apply(SEED);
+    const h = makeConfigReadHandler({ daemonBootId: BOOT_ID, store });
+    const res = await h();
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as {
+      bootId: string;
+      config: TenantConfig;
+    };
+    expect(body.bootId).toBe(BOOT_ID);
+    expect(body.config.git?.repository?.cloneUrl).toBe(
+      SEED.git?.repository?.cloneUrl,
+    );
+  });
+});
diff --git a/packages/sandbox/daemon/routes/config.ts b/packages/sandbox/daemon/routes/config.ts
new file mode 100644
index 0000000000..deb07d222d
--- /dev/null
+++ b/packages/sandbox/daemon/routes/config.ts
@@ -0,0 +1,161 @@
+import type { TenantConfigStore } from "../config-store";
+import type { ApplyResult } from "../config-store/types";
+import type { Phase } from "../process/phase-manager";
+import type { TenantConfig } from "../types";
+import { jsonResponse, parseBase64JsonBody } from "./body-parser";
+
+export interface DaemonState {
+  orchestrator: { running: boolean; pending: number };
+  ready: boolean;
+}
+
+export interface ConfigDeps {
+  daemonBootId: string;
+  store: TenantConfigStore;
+  /**
+   * Token-rotation hook. When the request body carries
+   * `auth.rotateToken`, the handler invokes this to swap the in-memory
+   * token used by `requireToken`. Authorization on the rotation request
+   * itself was already verified upstream against the *current* token —
+   * so a successful rotation always represents the holder of the prior
+   * token handing off to a new one.
+   *
+   * Optional: when undefined, `auth.rotateToken` is rejected with 400.
+   * This keeps the warm-pool bootstrap path opt-in: only entry points
+   * that wired a setter accept rotation requests.
+   */
+  setDaemonToken?: (next: string) => void;
+  /** Live orchestrator + probe state for enriched GET response. */
+  getState?: () => DaemonState;
+  /** Recent setup phases for LLM context. */
+  getTasks?: () => Phase[];
+}
+
+/** Wire-only — never persisted to TenantConfig. Stripped before `store.apply`. */
+interface AuthPatch {
+  rotateToken?: string;
+}
+
+interface ConfigPatchWire extends Partial<TenantConfig> {
+  auth?: AuthPatch;
+}
+
+const TOKEN_MIN_LENGTH = 32;
+const TOKEN_MAX_LENGTH = 256;
+
+/**
+ * GET /_decopilot_vm/config — current TenantConfig plus live daemon state.
+ * Always returns 200 (config is null when not yet set) so callers get full
+ * state context even on a fresh daemon before the first PUT /config.
+ */
+export function makeConfigReadHandler(deps: ConfigDeps) {
+  return async (): Promise<Response> => {
+    const tenant = deps.store.read();
+    const state = deps.getState?.();
+    return jsonResponse({
+      bootId: deps.daemonBootId,
+      config: tenant ? stripDerived(tenant) : null,
+      orchestrator: state?.orchestrator,
+      ready: state?.ready ?? false,
+      tasks: deps.getTasks?.(),
+    });
+  };
+}
+
+/**
+ * POST /_decopilot_vm/config — set initial tenant config. PUT/POST share
+ * the same handler shape: both deep-merge into current. POST is the
+ * conventional first-set; PUT is the conventional patch.
+ *
+ * Optional `auth.rotateToken` swaps the in-memory daemon token before
+ * applying the rest of the patch. The rotation runs *first* so a request
+ * that successfully authenticated with the prior token transfers ownership
+ * to the new one atomically with whatever workload it brings — there is
+ * no in-between state where the old token is dead but the new one isn't
+ * yet accepted.
+ */
+export function makeConfigUpdateHandler(deps: ConfigDeps) {
+  return async (req: Request): Promise<Response> => {
+    let raw: unknown;
+    try {
+      raw = await parseBase64JsonBody(req);
+    } catch (e) {
+      return jsonResponse({ error: `bad body: ${(e as Error).message}` }, 400);
+    }
+    if (!raw || typeof raw !== "object") {
+      return jsonResponse({ error: "payload must be an object" }, 400);
+    }
+    const wire = raw as ConfigPatchWire;
+    const auth = wire.auth;
+    if (auth !== undefined) {
+      const rejection = validateAuthPatch(auth, deps.setDaemonToken);
+      if (rejection) return rejection;
+      if (auth.rotateToken && deps.setDaemonToken) {
+        deps.setDaemonToken(auth.rotateToken);
+      }
+    }
+    const { auth: _strip, ...patch } = wire;
+    const result = await deps.store.apply(patch as Partial<TenantConfig>);
+    return makeApplyResponse(deps.daemonBootId, result);
+  };
+}
+
+function validateAuthPatch(
+  auth: AuthPatch,
+  setter: ConfigDeps["setDaemonToken"],
+): Response | null {
+  if (typeof auth !== "object" || auth === null) {
+    return jsonResponse({ error: "auth must be an object" }, 400);
+  }
+  if (auth.rotateToken === undefined) return null;
+  if (!setter) {
+    return jsonResponse(
+      { error: "auth.rotateToken not supported on this endpoint" },
+      400,
+    );
+  }
+  if (typeof auth.rotateToken !== "string") {
+    return jsonResponse({ error: "auth.rotateToken must be a string" }, 400);
+  }
+  const len = auth.rotateToken.length;
+  if (len < TOKEN_MIN_LENGTH || len > TOKEN_MAX_LENGTH) {
+    return jsonResponse(
+      {
+        error: `auth.rotateToken length must be ${TOKEN_MIN_LENGTH}..${TOKEN_MAX_LENGTH}`,
+      },
+      400,
+    );
+  }
+  return null;
+}
+
+function makeApplyResponse(bootId: string, result: ApplyResult): Response {
+  if (result.kind === "rejected") {
+    const status = inferStatus(result.reason);
+    const error = result.detail
+      ? `${result.reason}: ${result.detail}`
+      : result.reason;
+    return jsonResponse({ error }, status);
+  }
+  return jsonResponse({
+    bootId,
+    transition: result.transition.kind,
+    config: result.after,
+  });
+}
+
+function inferStatus(reason: string): number {
+  if (reason.includes("immutable")) return 409;
+  if (reason.startsWith("persistence failed")) return 500;
+  return 400;
+}
+
+function stripDerived(
+  enriched: ReturnType<TenantConfigStore["read"]>,
+): TenantConfig | null {
+  if (!enriched) return null;
+  return {
+    git: enriched.git,
+    application: enriched.application,
+  };
+}
diff --git a/packages/sandbox/daemon/routes/events-stream.ts b/packages/sandbox/daemon/routes/events-stream.ts
new file mode 100644
index 0000000000..bc72380a27
--- /dev/null
+++ b/packages/sandbox/daemon/routes/events-stream.ts
@@ -0,0 +1,28 @@
+import type { Broadcaster } from "../events/broadcast";
+import { makeSseStream, type SseHandshakeDeps } from "../events/sse";
+import { MAX_SSE_CLIENTS } from "../constants";
+
+export function makeEventsHandler(
+  deps: Omit<SseHandshakeDeps, "maxClients"> & { broadcaster: Broadcaster },
+) {
+  return async (): Promise<Response> => {
+    const stream = makeSseStream({ ...deps, maxClients: MAX_SSE_CLIENTS });
+    if (!stream) {
+      return new Response("Too many connections", {
+        status: 429,
+        headers: { "Access-Control-Allow-Origin": "*" },
+      });
+    }
+    return new Response(stream, {
+      status: 200,
+      headers: {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache",
+        Connection: "keep-alive",
+        "Access-Control-Allow-Origin": "*",
+        "X-Accel-Buffering": "no",
+        "Content-Encoding": "identity",
+      },
+    });
+  };
+}
diff --git a/packages/sandbox/daemon/routes/exec.test.ts b/packages/sandbox/daemon/routes/exec.test.ts
new file mode 100644
index 0000000000..d0ad622a9c
--- /dev/null
+++ b/packages/sandbox/daemon/routes/exec.test.ts
@@ -0,0 +1,97 @@
+import { afterEach, beforeEach, describe, expect, it } from "bun:test";
+import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { TenantConfigStore } from "../config-store";
+import { Broadcaster } from "../events/broadcast";
+import { TaskManager } from "../process/task-manager";
+import { makeExecHandler } from "./exec";
+
+function req(name: string, body?: object): Request {
+  const init: RequestInit = { method: "POST" };
+  if (body !== undefined) {
+    init.body = Buffer.from(JSON.stringify(body), "utf-8").toString("base64");
+  }
+  return new Request(`http://x/_decopilot_vm/exec/${name}`, init);
+}
+
+describe("exec handler", () => {
+  let appRoot: string;
+  let logsDir: string;
+  let taskManager: TaskManager;
+  let store: TenantConfigStore;
+  let broadcaster: Broadcaster;
+
+  beforeEach(() => {
+    appRoot = mkdtempSync(join(tmpdir(), "exec-root-"));
+    logsDir = mkdtempSync(join(tmpdir(), "exec-logs-"));
+    taskManager = new TaskManager({
+      logsDir,
+      ttlMs: 60_000,
+      reapIntervalMs: 60_000,
+    });
+    store = new TenantConfigStore();
+    broadcaster = new Broadcaster(64 * 1024);
+  });
+
+  afterEach(() => {
+    taskManager.shutdown();
+    rmSync(appRoot, { recursive: true, force: true });
+    rmSync(logsDir, { recursive: true, force: true });
+  });
+
+  it("rejects 409 when no application is configured", async () => {
+    const h = makeExecHandler({
+      repoDir: appRoot,
+      store,
+      taskManager,
+      broadcaster,
+    });
+    const res = await h(req("dev"));
+    expect(res.status).toBe(409);
+  });
+
+  it("rejects 404 when script is not in package.json", async () => {
+    writeFileSync(
+      join(appRoot, "package.json"),
+      JSON.stringify({ scripts: { test: "echo test" } }),
+    );
+    await store.apply({
+      application: {
+        packageManager: { name: "npm" },
+        runtime: "node",
+      },
+    });
+    const h = makeExecHandler({
+      repoDir: appRoot,
+      store,
+      taskManager,
+      broadcaster,
+    });
+    const res = await h(req("dev"));
+    expect(res.status).toBe(404);
+  });
+
+  it("returns taskId for valid script (background mode default)", async () => {
+    writeFileSync(
+      join(appRoot, "package.json"),
+      JSON.stringify({ scripts: { test: "echo hi" } }),
+    );
+    await store.apply({
+      application: {
+        packageManager: { name: "npm" },
+        runtime: "node",
+      },
+    });
+    const h = makeExecHandler({
+      repoDir: appRoot,
+      store,
+      taskManager,
+      broadcaster,
+    });
+    const res = await h(req("test"));
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as { taskId: string };
+    expect(typeof body.taskId).toBe("string");
+  });
+});
diff --git a/packages/sandbox/daemon/routes/exec.ts b/packages/sandbox/daemon/routes/exec.ts
new file mode 100644
index 0000000000..b1b4dd7176
--- /dev/null
+++ b/packages/sandbox/daemon/routes/exec.ts
@@ -0,0 +1,116 @@
+import type { TenantConfigStore } from "../config-store";
+import {
+  PACKAGE_MANAGER_DAEMON_CONFIG,
+  buildDevEnv,
+  pmRunCommand,
+} from "../constants";
+import type { TaskManager } from "../process/task-manager";
+import { discoverScripts } from "../process/script-discovery";
+import { jsonResponse, parseBase64JsonBody } from "./body-parser";
+import { awaitTaskResponse } from "./tasks";
+
+export type ExecMode = "await" | "background";
+
+export interface ExecDeps {
+  /** Default cwd when no packageManager.path is set. Typically `<appRoot>/repo`. */
+  repoDir: string;
+  store: TenantConfigStore;
+  taskManager: TaskManager;
+}
+
+interface ExecBody {
+  mode?: ExecMode;
+  timeoutMs?: number;
+  env?: Record<string, string>;
+}
+
+/**
+ * POST /_decopilot_vm/exec/<name> — run package-script `<name>` via the
+ * configured package manager, as a Task. Multiple invocations of the same
+ * script run concurrently (each gets its own task UUID); the daemon does
+ * not coordinate or deduplicate them.
+ */
+export function makeExecHandler(deps: ExecDeps) {
+  return async (req: Request): Promise<Response> => {
+    const url = new URL(req.url);
+    const rawName = url.pathname.slice("/_decopilot_vm/exec/".length);
+    if (!rawName) return jsonResponse({ error: "missing script name" }, 400);
+    let name: string;
+    try {
+      name = decodeURIComponent(rawName);
+    } catch {
+      return jsonResponse({ error: "invalid script name" }, 400);
+    }
+
+    const config = deps.store.read();
+    const pmName = config?.application?.packageManager?.name;
+    if (!pmName) {
+      return jsonResponse(
+        { error: "no application configured; POST /config first" },
+        409,
+      );
+    }
+    const pmConf = PACKAGE_MANAGER_DAEMON_CONFIG[pmName];
+    if (!pmConf) {
+      return jsonResponse({ error: `unknown package manager: ${pmName}` }, 500);
+    }
+
+    const cwd = config.application?.packageManager?.path ?? deps.repoDir;
+    const scripts = discoverScripts(cwd, pmName);
+    if (!scripts.includes(name)) {
+      return jsonResponse(
+        {
+          error: `script "${name}" not found in package file`,
+          available: scripts,
+        },
+        404,
+      );
+    }
+
+    let body: ExecBody = {};
+    if (req.body) {
+      try {
+        const parsed = await parseBase64JsonBody(req);
+        if (parsed && typeof parsed === "object") {
+          body = parsed as ExecBody;
+        }
+      } catch {
+        /* exec accepts an empty body — treat parse error as "no overrides" */
+      }
+    }
+    // Exec defaults to background — package scripts can be long-running
+    // (`npm run dev` via /exec/dev is the obvious case). Callers that want
+    // a blocking response opt in via mode: "await".
+    const mode: ExecMode = body.mode === "await" ? "await" : "background";
+
+    const env = buildDevEnv(config, body.env);
+    const { cmd, label } = pmRunCommand(
+      config.runtimePathPrefix,
+      cwd,
+      pmConf.runPrefix,
+      name,
+    );
+
+    const task = await deps.taskManager.spawn({
+      command: cmd,
+      cwd,
+      env,
+      mode: "pty",
+      timeoutMs: body.timeoutMs,
+      label,
+      // Named tee: <logsDir>/app/<scriptName> stays stable across runs
+      // so the LLM can `cat tmp/app/build` etc. without chasing task IDs.
+      // TaskManager mirrors chunks onto the global SSE log stream under
+      // this name so the env-tab terminal renders the output.
+      logName: name,
+    });
+
+    if (mode === "background") {
+      return jsonResponse({ taskId: task.id, status: task.status });
+    }
+
+    return awaitTaskResponse(deps.taskManager, task.id, {
+      extra: { taskId: task.id },
+    });
+  };
+}
diff --git a/packages/sandbox/daemon/routes/fs.test.ts b/packages/sandbox/daemon/routes/fs.test.ts
new file mode 100644
index 0000000000..865ab67b6e
--- /dev/null
+++ b/packages/sandbox/daemon/routes/fs.test.ts
@@ -0,0 +1,172 @@
+import { describe, expect, it, beforeEach, afterEach } from "bun:test";
+import { mkdtempSync, rmSync, writeFileSync, readFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { spawnSync } from "node:child_process";
+import {
+  makeReadHandler,
+  makeWriteHandler,
+  makeEditHandler,
+  makeGrepHandler,
+  makeGlobHandler,
+} from "./fs";
+
+const hasRg = spawnSync("which", ["rg"]).status === 0;
+
+function b64(obj: unknown): string {
+  return Buffer.from(JSON.stringify(obj), "utf-8").toString("base64");
+}
+
+function post(path: string, obj: unknown): Request {
+  return new Request(`http://x${path}`, { method: "POST", body: b64(obj) });
+}
+
+describe("fs handlers", () => {
+  let appRoot = "";
+  beforeEach(() => {
+    appRoot = mkdtempSync(join(tmpdir(), "fs-handlers-"));
+  });
+  afterEach(() => {
+    rmSync(appRoot, { recursive: true, force: true });
+  });
+
+  it("read: returns numbered content for text", async () => {
+    writeFileSync(join(appRoot, "a.txt"), "one\ntwo\nthree\n");
+    const h = makeReadHandler({ appRoot, repoDir: appRoot });
+    const res = await h(post("/_decopilot_vm/read", { path: "a.txt" }));
+    const body = (await res.json()) as {
+      kind: string;
+      content: string;
+      lineCount: number;
+    };
+    expect(body.kind).toBe("text");
+    expect(body.content).toContain("1\tone");
+    expect(body.content).toContain("3\tthree");
+    expect(body.lineCount).toBeGreaterThanOrEqual(3);
+  });
+
+  it("read: returns base64 + mediaType for jpeg", async () => {
+    // Minimal JPEG: SOI + EOI markers, enough to pass the magic-byte sniff.
+    const jpeg = Buffer.from([0xff, 0xd8, 0xff, 0xe0, 0x00, 0x10, 0xff, 0xd9]);
+    writeFileSync(join(appRoot, "img.jpg"), jpeg);
+    const h = makeReadHandler({ appRoot, repoDir: appRoot });
+    const res = await h(post("/_decopilot_vm/read", { path: "img.jpg" }));
+    const body = (await res.json()) as {
+      kind: string;
+      mediaType: string;
+      base64: string;
+      size: number;
+    };
+    expect(body.kind).toBe("image");
+    expect(body.mediaType).toBe("image/jpeg");
+    expect(body.size).toBe(jpeg.length);
+    expect(Buffer.from(body.base64, "base64")).toEqual(jpeg);
+  });
+
+  it("read: returns base64 + mediaType for png", async () => {
+    const png = Buffer.from([
+      0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a, 0x00, 0x00,
+    ]);
+    writeFileSync(join(appRoot, "img.png"), png);
+    const h = makeReadHandler({ appRoot, repoDir: appRoot });
+    const res = await h(post("/_decopilot_vm/read", { path: "img.png" }));
+    const body = (await res.json()) as { kind: string; mediaType: string };
+    expect(body.kind).toBe("image");
+    expect(body.mediaType).toBe("image/png");
+  });
+
+  it("read: rejects non-image binary files", async () => {
+    writeFileSync(join(appRoot, "bin"), Buffer.from([0, 1, 2, 3]));
+    const h = makeReadHandler({ appRoot, repoDir: appRoot });
+    const res = await h(post("/_decopilot_vm/read", { path: "bin" }));
+    expect(res.status).toBe(400);
+  });
+
+  it("read: rejects relative path escape", async () => {
+    const h = makeReadHandler({ appRoot, repoDir: appRoot });
+    const res = await h(post("/_decopilot_vm/read", { path: "../etc/passwd" }));
+    expect(res.status).toBe(400);
+  });
+
+  it("read: accepts absolute paths", async () => {
+    writeFileSync(join(appRoot, "abs.txt"), "hello");
+    const h = makeReadHandler({ appRoot, repoDir: appRoot });
+    const res = await h(
+      post("/_decopilot_vm/read", { path: join(appRoot, "abs.txt") }),
+    );
+    const body = (await res.json()) as { kind: string; content: string };
+    expect(body.kind).toBe("text");
+    expect(body.content).toContain("hello");
+  });
+
+  it("write: creates file and returns byte count", async () => {
+    const h = makeWriteHandler({ appRoot, repoDir: appRoot });
+    const res = await h(
+      post("/_decopilot_vm/write", { path: "new.txt", content: "hello" }),
+    );
+    expect(res.status).toBe(200);
+    expect(readFileSync(join(appRoot, "new.txt"), "utf-8")).toBe("hello");
+  });
+
+  it("edit: rejects when old_string doesn't match", async () => {
+    writeFileSync(join(appRoot, "e.txt"), "abc");
+    const h = makeEditHandler({ appRoot, repoDir: appRoot });
+    const res = await h(
+      post("/_decopilot_vm/edit", {
+        path: "e.txt",
+        old_string: "xyz",
+        new_string: "q",
+      }),
+    );
+    expect(res.status).toBe(400);
+  });
+
+  it("edit: rejects multi-match without replace_all", async () => {
+    writeFileSync(join(appRoot, "e.txt"), "a a a");
+    const h = makeEditHandler({ appRoot, repoDir: appRoot });
+    const res = await h(
+      post("/_decopilot_vm/edit", {
+        path: "e.txt",
+        old_string: "a",
+        new_string: "b",
+      }),
+    );
+    expect(res.status).toBe(400);
+  });
+
+  it("edit: applies replace_all", async () => {
+    writeFileSync(join(appRoot, "e.txt"), "a a a");
+    const h = makeEditHandler({ appRoot, repoDir: appRoot });
+    const res = await h(
+      post("/_decopilot_vm/edit", {
+        path: "e.txt",
+        old_string: "a",
+        new_string: "b",
+        replace_all: true,
+      }),
+    );
+    expect(res.status).toBe(200);
+    expect(readFileSync(join(appRoot, "e.txt"), "utf-8")).toBe("b b b");
+  });
+
+  (hasRg ? it : it.skip)("grep: returns matching content lines", async () => {
+    writeFileSync(join(appRoot, "needle.txt"), "hello world\n");
+    const h = makeGrepHandler({ appRoot, repoDir: appRoot });
+    const res = await h(
+      post("/_decopilot_vm/grep", {
+        pattern: "hello",
+        output_mode: "content",
+      }),
+    );
+    const body = (await res.json()) as { results: string };
+    expect(body.results).toContain("hello world");
+  });
+
+  (hasRg ? it : it.skip)("glob: returns matching file names", async () => {
+    writeFileSync(join(appRoot, "x.txt"), "");
+    const h = makeGlobHandler({ appRoot, repoDir: appRoot });
+    const res = await h(post("/_decopilot_vm/glob", { pattern: "*.txt" }));
+    const body = (await res.json()) as { files: string[] };
+    expect(body.files).toContain("x.txt");
+  });
+});
diff --git a/packages/sandbox/daemon/routes/fs.ts b/packages/sandbox/daemon/routes/fs.ts
new file mode 100644
index 0000000000..33fe1b401b
--- /dev/null
+++ b/packages/sandbox/daemon/routes/fs.ts
@@ -0,0 +1,590 @@
+import fs from "node:fs";
+import path from "node:path";
+import { Readable, Transform } from "node:stream";
+import { pipeline } from "node:stream/promises";
+import { spawn } from "node:child_process";
+import { safePath } from "../paths";
+import { parseBase64JsonBody, jsonResponse } from "./body-parser";
+
+/**
+ * Wall-clock cap for fetches in write_from_url / upload_to_url.
+ * Both endpoints only ever talk to mesh-minted presigned S3/R2 URLs,
+ * so the model has no path to influence the destination — the cap is
+ * just defense against a hung S3 endpoint tying up a request slot.
+ */
+const TRANSFER_DEADLINE_MS = 5 * 60_000;
+
+export interface FsDeps {
+  /** Workspace root — the safety clamp for resolved paths. */
+  appRoot: string;
+  /**
+   * Default base for resolving relative paths and as the cwd for
+   * grep/glob. Typically `<appRoot>/repo` so the LLM's path UX matches
+   * bash's cwd.
+   */
+  repoDir: string;
+}
+
+function spawnOpts(
+  extra: Record<string, unknown> = {},
+): Record<string, unknown> {
+  return { ...extra };
+}
+
+/** Cap on bytes returned for image responses. ~5MB matches Anthropic's
+ * vision input ceiling and keeps tool result payloads bounded. */
+const MAX_IMAGE_BYTES = 5 * 1024 * 1024;
+
+/** Cap on bytes for write_from_url / upload_to_url. Matches the share
+ * pipeline's expected file sizes (CSVs, decks, zips). Files past this
+ * are out of scope for the chat artifact flow. */
+const MAX_TRANSFER_BYTES = 500 * 1024 * 1024;
+
+/** Magic-byte sniffer for the image types Claude vision accepts.
+ * Returns null for everything else; we don't try to be clever about
+ * arbitrary binary formats. */
+function sniffImageMediaType(probe: Buffer): string | null {
+  if (
+    probe.length >= 3 &&
+    probe[0] === 0xff &&
+    probe[1] === 0xd8 &&
+    probe[2] === 0xff
+  )
+    return "image/jpeg";
+  if (
+    probe.length >= 8 &&
+    probe[0] === 0x89 &&
+    probe[1] === 0x50 &&
+    probe[2] === 0x4e &&
+    probe[3] === 0x47 &&
+    probe[4] === 0x0d &&
+    probe[5] === 0x0a &&
+    probe[6] === 0x1a &&
+    probe[7] === 0x0a
+  )
+    return "image/png";
+  if (
+    probe.length >= 6 &&
+    probe[0] === 0x47 &&
+    probe[1] === 0x49 &&
+    probe[2] === 0x46 &&
+    probe[3] === 0x38
+  )
+    return "image/gif";
+  if (
+    probe.length >= 12 &&
+    probe[0] === 0x52 &&
+    probe[1] === 0x49 &&
+    probe[2] === 0x46 &&
+    probe[3] === 0x46 &&
+    probe[8] === 0x57 &&
+    probe[9] === 0x45 &&
+    probe[10] === 0x42 &&
+    probe[11] === 0x50
+  )
+    return "image/webp";
+  return null;
+}
+
+/**
+ * Resolves a user-supplied path. Absolute paths pass through as-is — OS
+ * permissions already gate what the sandbox user can read. Relative paths
+ * are resolved against `repoDir` (matching the bash cwd) and clamped to
+ * `appRoot` (the workspace) so siblings like `../tmp/app/dev` reach.
+ */
+function resolveReadPath(
+  appRoot: string,
+  repoDir: string,
+  userPath: string,
+): string | null {
+  if (path.isAbsolute(userPath)) return userPath;
+  return safePath(appRoot, repoDir, userPath);
+}
+
+export function makeReadHandler(deps: FsDeps) {
+  return async (req: Request): Promise<Response> => {
+    let body: { path?: string; offset?: number; limit?: number };
+    try {
+      body = (await parseBase64JsonBody(req)) as typeof body;
+    } catch (e) {
+      return jsonResponse({ error: (e as Error).message }, 400);
+    }
+    const filePath = resolveReadPath(
+      deps.appRoot,
+      deps.repoDir,
+      body.path ?? "",
+    );
+    if (!filePath)
+      return jsonResponse({ error: "Path escapes project root" }, 400);
+
+    let stat: fs.Stats;
+    try {
+      stat = fs.statSync(filePath);
+    } catch {
+      return jsonResponse({ error: `File not found: ${body.path}` }, 400);
+    }
+    if (stat.isDirectory()) {
+      return jsonResponse({ error: "Path is a directory" }, 400);
+    }
+    const fd = fs.openSync(filePath, "r");
+    const probe = Buffer.alloc(Math.min(8192, stat.size));
+    fs.readSync(fd, probe, 0, probe.length, 0);
+    fs.closeSync(fd);
+
+    const imageMediaType = sniffImageMediaType(probe);
+    if (imageMediaType) {
+      if (stat.size > MAX_IMAGE_BYTES) {
+        return jsonResponse(
+          {
+            error: `Image too large (${stat.size} bytes; cap is ${MAX_IMAGE_BYTES})`,
+          },
+          400,
+        );
+      }
+      const bytes = fs.readFileSync(filePath);
+      return jsonResponse({
+        kind: "image",
+        mediaType: imageMediaType,
+        size: stat.size,
+        base64: bytes.toString("base64"),
+      });
+    }
+
+    if (probe.includes(0))
+      return jsonResponse(
+        {
+          error:
+            "File appears to be binary and is not a supported image format (jpeg/png/gif/webp).",
+        },
+        400,
+      );
+
+    const raw = fs.readFileSync(filePath, "utf-8");
+    const lines = raw.split("\n");
+    const offset = Math.max(1, body.offset ?? 1);
+    const limit = body.limit ?? 2000;
+    const slice = lines.slice(offset - 1, offset - 1 + limit);
+    const numbered = slice.map((l, i) => `${offset + i}\t${l}`).join("\n");
+    return jsonResponse({
+      kind: "text",
+      content: numbered,
+      lineCount: lines.length,
+    });
+  };
+}
+
+export function makeWriteHandler(deps: FsDeps) {
+  return async (req: Request): Promise<Response> => {
+    let body: { path?: string; content?: string };
+    try {
+      body = (await parseBase64JsonBody(req)) as typeof body;
+    } catch (e) {
+      return jsonResponse({ error: (e as Error).message }, 400);
+    }
+    if (typeof body.content !== "string")
+      return jsonResponse({ error: "content is required" }, 400);
+    const filePath = safePath(deps.appRoot, deps.repoDir, body.path ?? "");
+    if (!filePath) return jsonResponse({ error: "Path escapes app root" }, 400);
+    fs.mkdirSync(path.dirname(filePath), { recursive: true });
+    fs.writeFileSync(filePath, body.content, "utf-8");
+    return jsonResponse({
+      ok: true,
+      bytesWritten: Buffer.byteLength(body.content, "utf-8"),
+    });
+  };
+}
+
+export function makeEditHandler(deps: FsDeps) {
+  return async (req: Request): Promise<Response> => {
+    let body: {
+      path?: string;
+      old_string?: string;
+      new_string?: string;
+      replace_all?: boolean;
+    };
+    try {
+      body = (await parseBase64JsonBody(req)) as typeof body;
+    } catch (e) {
+      return jsonResponse({ error: (e as Error).message }, 400);
+    }
+    const filePath = safePath(deps.appRoot, deps.repoDir, body.path ?? "");
+    if (!filePath) return jsonResponse({ error: "Path escapes app root" }, 400);
+    if (!body.old_string || typeof body.old_string !== "string")
+      return jsonResponse({ error: "old_string is required" }, 400);
+    if (typeof body.new_string !== "string")
+      return jsonResponse({ error: "new_string is required" }, 400);
+    if (body.old_string === body.new_string)
+      return jsonResponse(
+        { error: "old_string and new_string must differ" },
+        400,
+      );
+
+    let content: string;
+    try {
+      content = fs.readFileSync(filePath, "utf-8");
+    } catch {
+      return jsonResponse({ error: `File not found: ${body.path}` }, 400);
+    }
+    const replaceAll = body.replace_all === true;
+    const count = content.split(body.old_string).length - 1;
+    if (count === 0)
+      return jsonResponse({ error: "old_string not found in file" }, 400);
+    if (!replaceAll && count > 1)
+      return jsonResponse(
+        {
+          error: `old_string found ${count} times. Use replace_all or provide more context to make it unique.`,
+        },
+        400,
+      );
+    const updated = replaceAll
+      ? content.replaceAll(body.old_string, body.new_string)
+      : content.replace(body.old_string, body.new_string);
+    fs.writeFileSync(filePath, updated, "utf-8");
+    return jsonResponse({ ok: true, replacements: replaceAll ? count : 1 });
+  };
+}
+
+export function makeGrepHandler(deps: FsDeps) {
+  return async (req: Request): Promise<Response> => {
+    let body: {
+      pattern?: string;
+      path?: string;
+      output_mode?: "files" | "count" | "content";
+      ignore_case?: boolean;
+      context?: number;
+      glob?: string;
+      limit?: number;
+    };
+    try {
+      body = (await parseBase64JsonBody(req)) as typeof body;
+    } catch (e) {
+      return jsonResponse({ error: (e as Error).message }, 400);
+    }
+    if (!body.pattern)
+      return jsonResponse({ error: "pattern is required" }, 400);
+    const searchPath = body.path
+      ? safePath(deps.appRoot, deps.repoDir, body.path)
+      : deps.repoDir;
+    if (!searchPath)
+      return jsonResponse({ error: "Path escapes app root" }, 400);
+    const args: string[] = [];
+    const mode = body.output_mode ?? "files";
+    if (mode === "files") args.push("--files-with-matches");
+    else if (mode === "count") args.push("--count");
+    else args.push("--line-number");
+    if (body.ignore_case) args.push("-i");
+    if (body.context && mode === "content")
+      args.push("-C", String(body.context));
+    if (body.glob) args.push("--glob", body.glob);
+    args.push("--", body.pattern, searchPath);
+
+    const limit = body.limit ?? 250;
+    const child = spawn(
+      "rg",
+      args,
+      spawnOpts({
+        cwd: deps.repoDir,
+        stdio: ["ignore", "pipe", "pipe"],
+      }) as Parameters<typeof spawn>[2],
+    );
+    let stdout = "";
+    let lineCount = 0;
+    let truncated = false;
+    child.stdout!.on("data", (chunk: Buffer) => {
+      if (truncated) return;
+      const lines = chunk.toString("utf-8").split("\n");
+      for (const line of lines) {
+        if (lineCount >= limit) {
+          truncated = true;
+          try {
+            child.kill("SIGTERM");
+          } catch {}
+          break;
+        }
+        if (line) {
+          stdout += (stdout ? "\n" : "") + line;
+          lineCount++;
+        }
+      }
+    });
+    let stderr = "";
+    child.stderr!.on("data", (chunk: Buffer) => {
+      stderr += chunk.toString("utf-8");
+    });
+    let spawnError: Error | null = null;
+    const code: number | null = await new Promise((resolve) => {
+      child.on("close", (c) => resolve(c));
+      child.on("error", (err) => {
+        spawnError = err;
+        resolve(-1);
+      });
+    });
+    if (spawnError) {
+      return jsonResponse(
+        {
+          error: `grep unavailable: ${(spawnError as Error).message}. Install ripgrep ("brew install ripgrep") or use bash + grep.`,
+        },
+        500,
+      );
+    }
+    if (code !== null && code > 1)
+      return jsonResponse(
+        { error: stderr || `rg failed with code ${code}` },
+        500,
+      );
+    return jsonResponse({ results: stdout, matchCount: lineCount });
+  };
+}
+
+/**
+ * GET a remote URL (typically a presigned S3 URL) and stream the bytes to
+ * a path on the sandbox FS. Mesh mints the URL and asks the daemon to
+ * fetch it directly so bytes never round-trip through mesh.
+ *
+ * Body: { path: string; url: string }
+ */
+export function makeWriteFromUrlHandler(deps: FsDeps) {
+  return async (req: Request): Promise<Response> => {
+    let body: { path?: string; url?: string };
+    try {
+      body = (await parseBase64JsonBody(req)) as typeof body;
+    } catch (e) {
+      return jsonResponse({ error: (e as Error).message }, 400);
+    }
+    if (typeof body.url !== "string" || !body.url) {
+      return jsonResponse({ error: "url is required" }, 400);
+    }
+    const filePath = safePath(deps.appRoot, deps.repoDir, body.path ?? "");
+    if (!filePath) return jsonResponse({ error: "Path escapes app root" }, 400);
+
+    // The URL here is mesh-minted (presigned GET to S3/R2) — the model
+    // can't supply arbitrary URLs through copy_to_sandbox, so SSRF +
+    // DNS-rebinding defenses aren't needed. Plain fetch with a wall-
+    // clock deadline is enough.
+    const abortController = new AbortController();
+    const deadlineTimer = setTimeout(
+      () => abortController.abort(),
+      TRANSFER_DEADLINE_MS,
+    );
+    let resp: Response;
+    try {
+      resp = await fetch(body.url, { signal: abortController.signal });
+    } catch (err) {
+      clearTimeout(deadlineTimer);
+      return jsonResponse(
+        {
+          error: abortController.signal.aborted
+            ? `fetch deadline exceeded (${TRANSFER_DEADLINE_MS}ms)`
+            : `fetch failed: ${(err as Error).message}`,
+        },
+        502,
+      );
+    }
+    if (!resp.ok || !resp.body) {
+      clearTimeout(deadlineTimer);
+      return jsonResponse(
+        { error: `upstream returned HTTP ${resp.status}` },
+        502,
+      );
+    }
+    const contentLengthHeader = resp.headers.get("content-length");
+    const declaredSize = contentLengthHeader
+      ? Number.parseInt(contentLengthHeader, 10)
+      : null;
+    if (declaredSize !== null && declaredSize > MAX_TRANSFER_BYTES) {
+      clearTimeout(deadlineTimer);
+      return jsonResponse(
+        {
+          error: `Payload too large (${declaredSize} > ${MAX_TRANSFER_BYTES})`,
+        },
+        413,
+      );
+    }
+
+    fs.mkdirSync(path.dirname(filePath), { recursive: true });
+
+    // pipeline() guarantees: backpressure honored, errors propagate
+    // through the chain, all streams destroyed on failure. The Transform
+    // tracks running byte count so we fail fast when a server lies in
+    // (or omits) Content-Length.
+    let written = 0;
+    const cap = new Transform({
+      transform(chunk: Buffer, _enc, cb) {
+        written += chunk.byteLength;
+        if (written > MAX_TRANSFER_BYTES) {
+          cb(new Error(`Stream exceeded ${MAX_TRANSFER_BYTES} bytes`));
+          return;
+        }
+        cb(null, chunk);
+      },
+    });
+    const out = fs.createWriteStream(filePath);
+    try {
+      await pipeline(Readable.fromWeb(resp.body as never), cap, out);
+    } catch (err) {
+      // Any failure (network RST, TLS error, size cap, write fault)
+      // leaves a partial file. Remove it so a later skill step can't
+      // read a half-baked artifact.
+      fs.rmSync(filePath, { force: true });
+      return jsonResponse(
+        {
+          error: abortController.signal.aborted
+            ? `fetch deadline exceeded (${TRANSFER_DEADLINE_MS}ms)`
+            : `stream failed: ${(err as Error).message}`,
+        },
+        502,
+      );
+    } finally {
+      clearTimeout(deadlineTimer);
+    }
+    return jsonResponse({ ok: true, path: body.path, size: written });
+  };
+}
+
+/**
+ * Read a file from the sandbox FS and PUT it to a remote URL (typically
+ * a presigned S3 URL). Mesh mints the URL and asks the daemon to upload
+ * directly so bytes never round-trip through mesh.
+ *
+ * Body: { path: string; url: string; contentType?: string }
+ */
+export function makeUploadToUrlHandler(deps: FsDeps) {
+  return async (req: Request): Promise<Response> => {
+    let body: { path?: string; url?: string; contentType?: string };
+    try {
+      body = (await parseBase64JsonBody(req)) as typeof body;
+    } catch (e) {
+      return jsonResponse({ error: (e as Error).message }, 400);
+    }
+    if (typeof body.url !== "string" || !body.url) {
+      return jsonResponse({ error: "url is required" }, 400);
+    }
+    const filePath = resolveReadPath(
+      deps.appRoot,
+      deps.repoDir,
+      body.path ?? "",
+    );
+    if (!filePath) {
+      return jsonResponse({ error: "Path escapes project root" }, 400);
+    }
+
+    let stat: fs.Stats;
+    try {
+      stat = fs.statSync(filePath);
+    } catch {
+      return jsonResponse({ error: `File not found: ${body.path}` }, 400);
+    }
+    if (stat.isDirectory()) {
+      return jsonResponse({ error: "Path is a directory" }, 400);
+    }
+    if (stat.size > MAX_TRANSFER_BYTES) {
+      return jsonResponse(
+        { error: `File too large (${stat.size} > ${MAX_TRANSFER_BYTES})` },
+        413,
+      );
+    }
+
+    const headers: Record<string, string> = {
+      "Content-Length": String(stat.size),
+    };
+    if (body.contentType) headers["Content-Type"] = body.contentType;
+
+    // Stream the file body — readFileSync at MAX_TRANSFER_BYTES would peg
+    // ~25% of the daemon's memory cap on a single concurrent upload.
+    // Bun.file().stream() returns a ReadableStream<Uint8Array> that fetch
+    // accepts directly; backpressure stays on the network socket.
+    const abortController = new AbortController();
+    const deadlineTimer = setTimeout(
+      () => abortController.abort(),
+      TRANSFER_DEADLINE_MS,
+    );
+    let resp: Response;
+    try {
+      resp = await fetch(body.url, {
+        method: "PUT",
+        body: Bun.file(filePath).stream(),
+        headers,
+        signal: abortController.signal,
+        // No SSRF revalidation here — the URL is mesh-minted (presigned
+        // PUT to S3/R2), so the model can't influence where bytes go.
+        // upload PUTs don't redirect under S3/R2 semantics anyway.
+      });
+    } catch (err) {
+      return jsonResponse(
+        {
+          error: abortController.signal.aborted
+            ? `upload deadline exceeded (${TRANSFER_DEADLINE_MS}ms)`
+            : `upload failed: ${(err as Error).message}`,
+        },
+        502,
+      );
+    } finally {
+      clearTimeout(deadlineTimer);
+    }
+    if (!resp.ok) {
+      const errText = await resp.text().catch(() => "");
+      return jsonResponse(
+        {
+          error: `upstream returned HTTP ${resp.status}: ${errText.slice(0, 500)}`,
+        },
+        502,
+      );
+    }
+    return jsonResponse({ ok: true, size: stat.size });
+  };
+}
+
+// Skipped during glob walk. node_modules/.git noise drowns out useful
+// matches and isn't what the LLM ever wants to grep through.
+const GLOB_EXCLUDE_DIRS = new Set([
+  "node_modules",
+  ".git",
+  ".next",
+  "dist",
+  "build",
+  ".turbo",
+  ".cache",
+]);
+const GLOB_RESULT_LIMIT = 1000;
+
+export function makeGlobHandler(deps: FsDeps) {
+  return async (req: Request): Promise<Response> => {
+    let body: { pattern?: string; path?: string };
+    try {
+      body = (await parseBase64JsonBody(req)) as typeof body;
+    } catch (e) {
+      return jsonResponse({ error: (e as Error).message }, 400);
+    }
+    if (!body.pattern)
+      return jsonResponse({ error: "pattern is required" }, 400);
+    const searchPath = body.path
+      ? safePath(deps.appRoot, deps.repoDir, body.path)
+      : deps.repoDir;
+    if (!searchPath)
+      return jsonResponse({ error: "Path escapes app root" }, 400);
+
+    // Bun.Glob — no external binary dependency. Returns paths relative
+    // to `cwd`, which we re-anchor to repoDir for consistent UX.
+    const glob = new Bun.Glob(body.pattern);
+    const files: string[] = [];
+    try {
+      for await (const rel of glob.scan({
+        cwd: searchPath,
+        onlyFiles: true,
+        followSymlinks: false,
+      })) {
+        if (rel.split("/").some((seg) => GLOB_EXCLUDE_DIRS.has(seg))) continue;
+        const abs = path.join(searchPath, rel);
+        files.push(
+          abs.startsWith(`${deps.repoDir}/`)
+            ? abs.slice(deps.repoDir.length + 1)
+            : abs,
+        );
+        if (files.length >= GLOB_RESULT_LIMIT) break;
+      }
+    } catch (e) {
+      return jsonResponse({ error: (e as Error).message }, 500);
+    }
+    return jsonResponse({ files });
+  };
+}
diff --git a/packages/sandbox/daemon/routes/health.test.ts b/packages/sandbox/daemon/routes/health.test.ts
new file mode 100644
index 0000000000..be70f7f64d
--- /dev/null
+++ b/packages/sandbox/daemon/routes/health.test.ts
@@ -0,0 +1,52 @@
+import { describe, expect, it } from "bun:test";
+import { makeHealthHandler } from "./health";
+
+describe("makeHealthHandler", () => {
+  const cfg = { daemonBootId: "boot-xyz" } as const;
+
+  it("returns ready:false, bootId, orchestrator pre-config", async () => {
+    const h = makeHealthHandler({
+      config: cfg,
+      getReady: () => false,
+      getOrchestrator: () => ({ running: false, pending: 0 }),
+      getConfigured: () => false,
+    });
+    const res = h();
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as {
+      ready: boolean;
+      bootId: string;
+      configured: boolean;
+      orchestrator: { running: boolean; pending: number };
+      setup: { running: boolean; done: boolean };
+    };
+    expect(body.ready).toBe(false);
+    expect(body.bootId).toBe("boot-xyz");
+    expect(body.configured).toBe(false);
+    expect(body.orchestrator).toEqual({ running: false, pending: 0 });
+    expect(body.setup).toEqual({ running: false, done: true });
+  });
+
+  it("flips ready:true once probe succeeds", async () => {
+    let ready = false;
+    const h = makeHealthHandler({
+      config: cfg,
+      getReady: () => ready,
+      getOrchestrator: () => ({ running: false, pending: 0 }),
+      getConfigured: () => true,
+    });
+    expect(((await h().json()) as { ready: boolean }).ready).toBe(false);
+    ready = true;
+    expect(((await h().json()) as { ready: boolean }).ready).toBe(true);
+  });
+
+  it("response has JSON content-type", () => {
+    const h = makeHealthHandler({
+      config: cfg,
+      getReady: () => true,
+      getOrchestrator: () => ({ running: false, pending: 0 }),
+      getConfigured: () => true,
+    });
+    expect(h().headers.get("content-type")).toContain("application/json");
+  });
+});
diff --git a/packages/sandbox/daemon/routes/health.ts b/packages/sandbox/daemon/routes/health.ts
new file mode 100644
index 0000000000..ac00bbe52c
--- /dev/null
+++ b/packages/sandbox/daemon/routes/health.ts
@@ -0,0 +1,23 @@
+import { jsonResponse } from "./body-parser";
+
+export interface HealthDeps {
+  config: { daemonBootId: string };
+  getReady: () => boolean;
+  getOrchestrator: () => { running: boolean; pending: number };
+  getConfigured: () => boolean;
+}
+
+export function makeHealthHandler(deps: HealthDeps): () => Response {
+  return () => {
+    const orch = deps.getOrchestrator();
+    return jsonResponse({
+      ready: deps.getReady(),
+      bootId: deps.config.daemonBootId,
+      configured: deps.getConfigured(),
+      orchestrator: orch,
+      // Legacy shape — daemon-client polls /health and validates this exists.
+      // Orchestrator queue empty → setup is done.
+      setup: { running: orch.running, done: !orch.running },
+    });
+  };
+}
diff --git a/packages/sandbox/daemon/routes/idle.test.ts b/packages/sandbox/daemon/routes/idle.test.ts
new file mode 100644
index 0000000000..894b4126ab
--- /dev/null
+++ b/packages/sandbox/daemon/routes/idle.test.ts
@@ -0,0 +1,40 @@
+import { describe, expect, it } from "bun:test";
+import {
+  __resetActivityForTests,
+  bumpActivity,
+  markClaimed,
+} from "../activity";
+import { makeIdleHandler } from "./idle";
+
+describe("makeIdleHandler", () => {
+  it("returns lastActivityAt + idleMs as JSON with CORS", async () => {
+    const t0 = Date.UTC(2026, 3, 1, 12, 0, 0);
+    __resetActivityForTests(t0);
+    bumpActivity(t0);
+    const handler = makeIdleHandler();
+    const resp = handler();
+    expect(resp.status).toBe(200);
+    expect(resp.headers.get("content-type")).toContain("application/json");
+    expect(resp.headers.get("access-control-allow-origin")).toBe("*");
+    const body = (await resp.json()) as {
+      lastActivityAt: string;
+      idleMs: number;
+      claimed: boolean;
+    };
+    expect(body.lastActivityAt).toBe(new Date(t0).toISOString());
+    expect(typeof body.idleMs).toBe("number");
+    expect(body.idleMs).toBeGreaterThanOrEqual(0);
+  });
+
+  it("claimed=false until markClaimed() is called", async () => {
+    __resetActivityForTests();
+    const handler = makeIdleHandler();
+    const before = (await handler().json()) as { claimed: boolean };
+    expect(before.claimed).toBe(false);
+    markClaimed();
+    const after = (await handler().json()) as { claimed: boolean };
+    expect(after.claimed).toBe(true);
+    // Reset for other tests.
+    __resetActivityForTests();
+  });
+});
diff --git a/packages/sandbox/daemon/routes/idle.ts b/packages/sandbox/daemon/routes/idle.ts
new file mode 100644
index 0000000000..e162277e63
--- /dev/null
+++ b/packages/sandbox/daemon/routes/idle.ts
@@ -0,0 +1,6 @@
+import { getIdleStatus } from "../activity";
+import { jsonResponse } from "./body-parser";
+
+export function makeIdleHandler(): () => Response {
+  return () => jsonResponse(getIdleStatus());
+}
diff --git a/packages/sandbox/daemon/routes/scripts.ts b/packages/sandbox/daemon/routes/scripts.ts
new file mode 100644
index 0000000000..35ee60aebd
--- /dev/null
+++ b/packages/sandbox/daemon/routes/scripts.ts
@@ -0,0 +1,7 @@
+import { jsonResponse } from "./body-parser";
+
+export function makeScriptsHandler(getScripts: () => string[]) {
+  return async (): Promise<Response> => {
+    return jsonResponse({ scripts: getScripts() });
+  };
+}
diff --git a/packages/sandbox/daemon/routes/tasks.ts b/packages/sandbox/daemon/routes/tasks.ts
new file mode 100644
index 0000000000..6cdb93fb86
--- /dev/null
+++ b/packages/sandbox/daemon/routes/tasks.ts
@@ -0,0 +1,193 @@
+import type { TaskManager, TaskStatus } from "../process/task-manager";
+import { sseFormat } from "../events/sse-format";
+import { jsonResponse } from "./body-parser";
+
+export async function awaitTaskResponse(
+  taskManager: TaskManager,
+  id: string,
+  opts: { extra?: Record<string, unknown>; timedOutExitCode?: number } = {},
+): Promise<Response> {
+  const wait = taskManager.finished(id);
+  if (!wait)
+    return jsonResponse({ error: "task vanished before completion" }, 500);
+  const result = await wait;
+  const out = taskManager.output(id);
+  const exitCode =
+    opts.timedOutExitCode !== undefined && result.timedOut
+      ? opts.timedOutExitCode
+      : result.exitCode;
+  return jsonResponse({
+    ...opts.extra,
+    stdout: out?.stdout ?? "",
+    stderr: out?.stderr ?? "",
+    exitCode,
+    timedOut: result.timedOut,
+    truncated: out?.truncated ?? false,
+  });
+}
+
+export interface TasksDeps {
+  taskManager: TaskManager;
+}
+
+const VALID_STATUS: ReadonlySet<TaskStatus> = new Set([
+  "running",
+  "exited",
+  "failed",
+  "killed",
+  "timeout",
+]);
+
+/** GET /_decopilot_vm/tasks?status=running,exited */
+export function makeTasksListHandler(deps: TasksDeps) {
+  return async (req: Request): Promise<Response> => {
+    const url = new URL(req.url);
+    const statusParam = url.searchParams.get("status");
+    const status = statusParam
+      ? statusParam
+          .split(",")
+          .filter((s): s is TaskStatus => VALID_STATUS.has(s as TaskStatus))
+      : undefined;
+    const tasks = deps.taskManager.list(
+      status && status.length > 0 ? { status } : undefined,
+    );
+    return jsonResponse({ tasks });
+  };
+}
+
+/** GET /_decopilot_vm/tasks/:id */
+export function makeTasksGetHandler(deps: TasksDeps) {
+  return async (req: Request): Promise<Response> => {
+    const id = idFrom(req, "/tasks/");
+    if (!id) return jsonResponse({ error: "missing task id" }, 400);
+    const summary = deps.taskManager.get(id);
+    if (!summary) return jsonResponse({ error: "task not found" }, 404);
+    const out = deps.taskManager.output(id);
+    return jsonResponse({
+      ...summary,
+      stdout: out?.stdout ?? "",
+      stderr: out?.stderr ?? "",
+      truncated: out?.truncated ?? false,
+    });
+  };
+}
+
+/** POST /_decopilot_vm/tasks/:id/kill[?signal=SIGTERM|SIGKILL] */
+export function makeTasksKillHandler(deps: TasksDeps) {
+  return async (req: Request): Promise<Response> => {
+    const id = idFrom(req, "/tasks/", "/kill");
+    if (!id) return jsonResponse({ error: "missing task id" }, 400);
+    const url = new URL(req.url);
+    const sig = (url.searchParams.get("signal") ?? "SIGTERM") as NodeJS.Signals;
+    const ok = deps.taskManager.kill(id, sig);
+    if (!ok) return jsonResponse({ error: "task not running" }, 400);
+    return jsonResponse({ ok: true });
+  };
+}
+
+/** POST /_decopilot_vm/tasks/kill-all */
+export function makeTasksKillAllHandler(deps: TasksDeps) {
+  return async (): Promise<Response> => {
+    const count = deps.taskManager.killAll();
+    return jsonResponse({ ok: true, killed: count });
+  };
+}
+
+/** DELETE /_decopilot_vm/tasks/:id */
+export function makeTasksDeleteHandler(deps: TasksDeps) {
+  return async (req: Request): Promise<Response> => {
+    const id = idFrom(req, "/tasks/");
+    if (!id) return jsonResponse({ error: "missing task id" }, 400);
+    const ok = deps.taskManager.delete(id);
+    if (!ok)
+      return jsonResponse({ error: "task not found or still running" }, 400);
+    return jsonResponse({ ok: true });
+  };
+}
+
+/** GET /_decopilot_vm/tasks/:id/stream — SSE: replay buffered output, then live. */
+export function makeTasksStreamHandler(deps: TasksDeps) {
+  return async (req: Request): Promise<Response> => {
+    const id = idFrom(req, "/tasks/", "/stream");
+    if (!id) return jsonResponse({ error: "missing task id" }, 400);
+    const summary = deps.taskManager.get(id);
+    if (!summary) return jsonResponse({ error: "task not found" }, 404);
+
+    const stream = new ReadableStream<Uint8Array>({
+      start(controller) {
+        const send = (event: string, payload: unknown) => {
+          try {
+            controller.enqueue(sseFormat(event, JSON.stringify(payload)));
+          } catch {
+            /* controller closed */
+          }
+        };
+
+        const replay = deps.taskManager.output(id);
+        if (replay) {
+          if (replay.stdout) send("stdout", { data: replay.stdout });
+          if (replay.stderr) send("stderr", { data: replay.stderr });
+        }
+        if (summary.status !== "running") {
+          send("end", {
+            status: summary.status,
+            exitCode: summary.exitCode,
+            timedOut: summary.timedOut,
+          });
+          controller.close();
+          return;
+        }
+
+        const unsubscribe = deps.taskManager.subscribe(id, (chunk) => {
+          send(chunk.stream, { data: chunk.data });
+        });
+
+        void deps.taskManager.finished(id)?.then((result) => {
+          send("end", {
+            status: result.status,
+            exitCode: result.exitCode,
+            timedOut: result.timedOut,
+          });
+          unsubscribe?.();
+          try {
+            controller.close();
+          } catch {
+            /* already closed */
+          }
+        });
+
+        req.signal.addEventListener("abort", () => {
+          unsubscribe?.();
+          try {
+            controller.close();
+          } catch {
+            /* already closed */
+          }
+        });
+      },
+    });
+
+    return new Response(stream, {
+      status: 200,
+      headers: {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache",
+        Connection: "keep-alive",
+        "Access-Control-Allow-Origin": "*",
+        "X-Accel-Buffering": "no",
+      },
+    });
+  };
+}
+
+function idFrom(req: Request, prefix: string, suffix?: string): string | null {
+  const url = new URL(req.url);
+  const tail = url.pathname.split(prefix)[1];
+  if (!tail) return null;
+  let id = tail;
+  if (suffix && id.endsWith(suffix)) {
+    id = id.slice(0, -suffix.length);
+  }
+  if (!id || id.includes("/")) return null;
+  return id;
+}
diff --git a/packages/sandbox/daemon/setup/autodetect.ts b/packages/sandbox/daemon/setup/autodetect.ts
new file mode 100644
index 0000000000..377175653d
--- /dev/null
+++ b/packages/sandbox/daemon/setup/autodetect.ts
@@ -0,0 +1,55 @@
+import { existsSync } from "node:fs";
+import { join } from "node:path";
+import type { Application, PackageManager, RuntimeName } from "../types";
+
+interface Detection {
+  packageManager: PackageManager;
+  runtime: RuntimeName;
+}
+
+const RULES: ReadonlyArray<{ file: string; detection: Detection }> = [
+  { file: "deno.json", detection: { packageManager: "deno", runtime: "deno" } },
+  {
+    file: "deno.jsonc",
+    detection: { packageManager: "deno", runtime: "deno" },
+  },
+  { file: "bun.lock", detection: { packageManager: "bun", runtime: "bun" } },
+  { file: "bun.lockb", detection: { packageManager: "bun", runtime: "bun" } },
+  {
+    file: "pnpm-lock.yaml",
+    detection: { packageManager: "pnpm", runtime: "node" },
+  },
+  {
+    file: "yarn.lock",
+    detection: { packageManager: "yarn", runtime: "node" },
+  },
+];
+
+const NPM_FALLBACK: Detection = { packageManager: "npm", runtime: "node" };
+
+/**
+ * Best-effort runtime/pm guess from lockfile presence at the repo root.
+ * Falls back to npm/node when no lockfile is recognised. Returns only the
+ * fields that aren't already populated on the existing application config.
+ */
+export function autodetectApplication(
+  repoDir: string,
+  existing: Application | undefined,
+): Partial<Application> {
+  if (existing?.packageManager?.name && existing?.runtime) return {};
+
+  const detected = detect(repoDir);
+  return {
+    ...(existing?.packageManager?.name
+      ? {}
+      : { packageManager: { name: detected.packageManager } }),
+    ...(existing?.runtime ? {} : { runtime: detected.runtime }),
+  };
+}
+
+function detect(repoDir: string): Detection {
+  for (const rule of RULES) {
+    if (existsSync(join(repoDir, rule.file))) return rule.detection;
+  }
+  return NPM_FALLBACK;
+}
diff --git a/packages/sandbox/daemon/setup/clone.ts b/packages/sandbox/daemon/setup/clone.ts
new file mode 100644
index 0000000000..c160bf56ad
--- /dev/null
+++ b/packages/sandbox/daemon/setup/clone.ts
@@ -0,0 +1,126 @@
+import { existsSync, readdirSync } from "node:fs";
+import type { Config } from "../types";
+import { spawnSetupStep } from "./spawn-step";
+
+export interface CloneDeps {
+  config: Config;
+  dropPrivileges?: boolean;
+  onChunk: (source: "setup", data: string) => void;
+}
+
+/**
+ * Returns true when `dir` exists, has files, but has no `.git` directory.
+ * This happens when the daemon wrote `.decocms/daemon.json` into repoDir
+ * before the first clone — git refuses to clone into a non-empty target, so
+ * we need a different strategy (init + fetch) in that case.
+ */
+function isNonEmptyWithoutGit(dir: string): boolean {
+  if (!existsSync(dir)) return false;
+  try {
+    const entries = readdirSync(dir);
+    return entries.length > 0 && !entries.includes(".git");
+  } catch {
+    return false;
+  }
+}
+
+// Git progress lines use bare \r (no \n) to overwrite the same terminal line.
+// Log aggregators strip \r, collapsing all updates into one unreadable blob.
+// Normalise \r → \r\n so each update becomes its own log line while still
+// giving the user live progress feedback.
+function normalizeCarriageReturns(data: string): string {
+  return data.replace(/\r(?!\n)/g, "\r\n");
+}
+
+function runStep(cmd: string, deps: CloneDeps): Promise<number> {
+  deps.onChunk("setup", `$ ${cmd}\r\n`);
+  const normalized: CloneDeps = {
+    ...deps,
+    onChunk: (src, data) => deps.onChunk(src, normalizeCarriageReturns(data)),
+  };
+  return spawnSetupStep(cmd, normalized.onChunk, deps.dropPrivileges);
+}
+
+const TRANSIENT_ERRORS = [
+  "Could not resolve host",
+  "early EOF",
+  "unexpected disconnect",
+  "Connection reset by peer",
+  "Connection timed out",
+];
+const CLONE_MAX_RETRIES = 3;
+const CLONE_RETRY_DELAY_MS = 3000;
+
+function isTransient(output: string): boolean {
+  return TRANSIENT_ERRORS.some((e) => output.includes(e));
+}
+
+function sleep(ms: number): Promise<void> {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+async function runNetworkStep(cmd: string, deps: CloneDeps): Promise<number> {
+  for (let attempt = 0; attempt <= CLONE_MAX_RETRIES; attempt++) {
+    if (attempt > 0) {
+      deps.onChunk(
+        "setup",
+        `\r\n[clone] transient network error, retrying in ${CLONE_RETRY_DELAY_MS / 1000}s (attempt ${attempt + 1}/${CLONE_MAX_RETRIES + 1})...\r\n`,
+      );
+      await sleep(CLONE_RETRY_DELAY_MS);
+    }
+    let output = "";
+    const tee: CloneDeps = {
+      ...deps,
+      onChunk: (src, data) => {
+        output += data;
+        deps.onChunk(src, data);
+      },
+    };
+    const code = await runStep(cmd, tee);
+    if (code === 0) return 0;
+    if (!isTransient(output) || attempt >= CLONE_MAX_RETRIES) return code;
+  }
+  return 1;
+}
+
+/** Resolves to exit code (0 on success). Emits chunks via `onChunk`. */
+export async function spawnClone(deps: CloneDeps): Promise<number> {
+  const { config } = deps;
+  const cloneUrl = config.git?.repository?.cloneUrl;
+  if (!cloneUrl) {
+    return 1;
+  }
+  if (!config.repoDir || !config.repoDir.startsWith("/")) {
+    deps.onChunk(
+      "setup",
+      `\r\n[clone] repoDir is not an absolute path (got: ${String(config.repoDir)}) — aborting clone to prevent relative-path mishap\r\n`,
+    );
+    return 1;
+  }
+
+  const gc = `git -c safe.directory='*' -c credential.helper=`;
+  const dir = config.repoDir;
+
+  // When repoDir already has files (e.g. .decocms/daemon.json written before
+  // the first clone) but no .git, `git clone` would fail with "already exists
+  // and is not an empty directory". Use init+fetch+checkout instead — it
+  // operates in-place and tolerates existing content.
+  if (isNonEmptyWithoutGit(dir)) {
+    const localSteps = [
+      `${gc} -C ${dir} init`,
+      `${gc} -C ${dir} remote add origin ${cloneUrl}`,
+    ];
+    for (const step of localSteps) {
+      const code = await runStep(step, deps);
+      if (code !== 0) return code;
+    }
+    const fetchCode = await runNetworkStep(
+      `${gc} -C ${dir} fetch --depth 1 origin HEAD`,
+      deps,
+    );
+    if (fetchCode !== 0) return fetchCode;
+    return runStep(`${gc} -C ${dir} checkout FETCH_HEAD`, deps);
+  }
+
+  return runNetworkStep(`${gc} clone --depth 1 ${cloneUrl} ${dir}`, deps);
+}
diff --git a/packages/sandbox/daemon/setup/git.ts b/packages/sandbox/daemon/setup/git.ts
new file mode 100644
index 0000000000..3974484cff
--- /dev/null
+++ b/packages/sandbox/daemon/setup/git.ts
@@ -0,0 +1,5 @@
+import { gitSync, type GitSyncOpts } from "../git/git-sync";
+
+export function git(args: string[], opts: GitSyncOpts): string {
+  return gitSync(["-c", "safe.directory=*", ...args], opts);
+}
diff --git a/packages/sandbox/daemon/setup/identity.ts b/packages/sandbox/daemon/setup/identity.ts
new file mode 100644
index 0000000000..851a12634f
--- /dev/null
+++ b/packages/sandbox/daemon/setup/identity.ts
@@ -0,0 +1,13 @@
+import type { Config } from "../types";
+import { git } from "./git";
+
+export function configureGitIdentity(config: Config): void {
+  if (!config.git?.identity?.userName || !config.git?.identity?.userEmail)
+    return;
+  git(["config", "user.name", config.git?.identity?.userName], {
+    cwd: config.repoDir,
+  });
+  git(["config", "user.email", config.git?.identity?.userEmail], {
+    cwd: config.repoDir,
+  });
+}
diff --git a/packages/sandbox/daemon/setup/install.ts b/packages/sandbox/daemon/setup/install.ts
new file mode 100644
index 0000000000..ad8865353b
--- /dev/null
+++ b/packages/sandbox/daemon/setup/install.ts
@@ -0,0 +1,42 @@
+import { existsSync } from "node:fs";
+import { join } from "node:path";
+import { PACKAGE_MANAGER_DAEMON_CONFIG } from "../constants";
+import { resolvePmRoot } from "../paths";
+import type { Config } from "../types";
+import { spawnSetupStep } from "./spawn-step";
+
+export interface InstallDeps {
+  config: Config;
+  dropPrivileges?: boolean;
+  onChunk: (source: "setup", data: string) => void;
+}
+
+export function spawnInstall(deps: InstallDeps): Promise<number> | null {
+  const { config } = deps;
+  const pm = config.application?.packageManager?.name;
+  if (!pm) return null;
+  const pmConfig = PACKAGE_MANAGER_DAEMON_CONFIG[pm];
+  if (!pmConfig) return null;
+  // No install command (e.g. deno) — runtime fetches deps lazily on first
+  // task. Caller treats null as "nothing to do" and proceeds to start.
+  if (!pmConfig.install) return null;
+  const installRoot = resolvePmRoot(
+    config.repoDir,
+    config.application?.packageManager?.path,
+  );
+  const hasManifest = pmConfig.manifests.some((file) =>
+    existsSync(join(installRoot, file)),
+  );
+  if (!hasManifest) {
+    deps.onChunk(
+      "setup",
+      `\r\n[install] no package manifest (${pmConfig.manifests.join(" or ")}) found at ${installRoot} — skipping install\r\n`,
+    );
+    return null;
+  }
+  const corepack =
+    "export COREPACK_ENABLE_DOWNLOAD_PROMPT=0 && (corepack enable 2>/dev/null || true) && ";
+  const cmd = `${config.runtimePathPrefix}cd ${installRoot} && ${corepack}${pmConfig.install}`;
+  deps.onChunk("setup", `\r\n$ ${cmd}\r\n`);
+  return spawnSetupStep(cmd, deps.onChunk, deps.dropPrivileges);
+}
diff --git a/packages/sandbox/daemon/setup/orchestrator.test.ts b/packages/sandbox/daemon/setup/orchestrator.test.ts
new file mode 100644
index 0000000000..324233ab7d
--- /dev/null
+++ b/packages/sandbox/daemon/setup/orchestrator.test.ts
@@ -0,0 +1,315 @@
+import { describe, expect, it } from "bun:test";
+import { mkdirSync, mkdtempSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { Broadcaster } from "../events/broadcast";
+import type { BranchStatusMonitor } from "../git/branch-status";
+import { SetupOrchestrator } from "./orchestrator";
+
+function tempRoot(): { dir: string; cleanup: () => void } {
+  const dir = mkdtempSync(join(tmpdir(), "orch-"));
+  return { dir, cleanup: () => rmSync(dir, { recursive: true, force: true }) };
+}
+
+function makeMonitorSpy() {
+  const calls: Array<{ method: string; arg?: unknown }> = [];
+  const monitor = {
+    setPhase(arg: unknown) {
+      calls.push({ method: "setPhase", arg });
+    },
+    markReady() {
+      calls.push({ method: "markReady" });
+    },
+  } as unknown as BranchStatusMonitor;
+  return { monitor, calls };
+}
+
+describe("SetupOrchestrator branch-status integration", () => {
+  it("setPhase('cloning') is called before clone, 'clone-failed' on non-zero exit", async () => {
+    const { dir, cleanup } = tempRoot();
+    try {
+      const broadcaster = new Broadcaster(1024);
+      const { monitor, calls } = makeMonitorSpy();
+
+      // Build orchestrator with a config that points to an unreachable
+      // cloneUrl so spawnClone exits non-zero quickly.
+      const orchestrator = new SetupOrchestrator({
+        bootConfig: { appRoot: dir, repoDir: join(dir, "repo") },
+        store: {
+          read: () => ({
+            git: {
+              repository: { cloneUrl: "https://invalid.example.invalid/x.git" },
+            },
+            application: {},
+          }),
+          hydrate: () => {},
+          applyInternal: async () => ({
+            kind: "applied",
+            before: null,
+            after: {},
+            transition: { kind: "no-op" },
+          }),
+        } as never,
+        taskManager: {
+          spawn: async () => ({ id: "t1" }),
+          killByLogName: () => 0,
+          waitForLogNamesIdle: async () => {},
+          onTaskExit: () => () => {},
+        } as never,
+        setIntent: () => {},
+        getIntent: () => ({ state: "running" as const }),
+        broadcaster,
+        installState: { isInstalledFor: () => false } as never,
+        logsDir: dir,
+        branchStatus: monitor,
+      });
+
+      orchestrator.handle({
+        kind: "bootstrap",
+        config: {} as never,
+      });
+
+      // Poll until the orchestrator finishes the queue (or 15s timeout)
+      const deadline = Date.now() + 15_000;
+      while (orchestrator.isRunning() || orchestrator.pendingCount() > 0) {
+        if (Date.now() > deadline) throw new Error("orchestrator hung");
+        await new Promise((r) => setTimeout(r, 50));
+      }
+
+      expect(calls[0]).toEqual({
+        method: "setPhase",
+        arg: { kind: "cloning" },
+      });
+      const failed = calls.find(
+        (c) =>
+          c.method === "setPhase" &&
+          (c.arg as { kind: string })?.kind === "clone-failed",
+      );
+      expect(failed).toBeTruthy();
+      expect(calls.some((c) => c.method === "markReady")).toBe(false);
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("setPhase('checking-out') / 'checkout-failed' on branchChange error", async () => {
+    const { dir, cleanup } = tempRoot();
+    try {
+      mkdirSync(join(dir, "repo"));
+      // No git repo at appRoot, so checkout will fail
+      const broadcaster = new Broadcaster(1024);
+      const { monitor, calls } = makeMonitorSpy();
+
+      const orchestrator = new SetupOrchestrator({
+        bootConfig: { appRoot: dir, repoDir: join(dir, "repo") },
+        store: {
+          read: () => ({
+            git: { repository: { cloneUrl: "" } },
+            application: {},
+          }),
+          hydrate: () => {},
+          applyInternal: async () => ({
+            kind: "applied",
+            before: null,
+            after: {},
+            transition: { kind: "no-op" },
+          }),
+        } as never,
+        taskManager: {
+          spawn: async () => ({ id: "t1" }),
+          killByLogName: () => 0,
+          waitForLogNamesIdle: async () => {},
+          onTaskExit: () => () => {},
+        } as never,
+        setIntent: () => {},
+        getIntent: () => ({ state: "running" as const }),
+        broadcaster,
+        installState: { isInstalledFor: () => false } as never,
+        logsDir: dir,
+        branchStatus: monitor,
+      });
+
+      orchestrator.handle({
+        kind: "branch-change",
+        from: "main",
+        to: "feat/x",
+      });
+
+      const deadline = Date.now() + 5_000;
+      while (orchestrator.isRunning() || orchestrator.pendingCount() > 0) {
+        if (Date.now() > deadline) throw new Error("orchestrator hung");
+        await new Promise((r) => setTimeout(r, 50));
+      }
+
+      expect(calls[0]).toEqual({
+        method: "setPhase",
+        arg: { kind: "checking-out", to: "feat/x" },
+      });
+      const failed = calls.find(
+        (c) =>
+          c.method === "setPhase" &&
+          (c.arg as { kind: string })?.kind === "checkout-failed",
+      );
+      expect(failed).toBeTruthy();
+    } finally {
+      cleanup();
+    }
+  });
+});
+
+describe("SetupOrchestrator intent transitions", () => {
+  it("flips intent to paused when a starter task exits non-zero non-intentionally", () => {
+    const { dir, cleanup } = tempRoot();
+    try {
+      let exitHandler: ((s: unknown) => void) | null = null;
+      const intentCalls: Array<{ state: string; reason?: string }> = [];
+      const broadcaster = new Broadcaster(1024);
+      const { monitor } = makeMonitorSpy();
+
+      new SetupOrchestrator({
+        bootConfig: { appRoot: dir, repoDir: join(dir, "repo") },
+        store: {
+          read: () => null,
+          hydrate: () => {},
+          applyInternal: async () => ({
+            kind: "applied",
+            before: null,
+            after: {},
+            transition: { kind: "no-op" },
+          }),
+        } as never,
+        taskManager: {
+          spawn: async () => ({ id: "t1" }),
+          killByLogName: () => 0,
+          waitForLogNamesIdle: async () => {},
+          onTaskExit: (h: (s: unknown) => void) => {
+            exitHandler = h;
+            return () => {};
+          },
+        } as never,
+        setIntent: (i) => intentCalls.push(i),
+        getIntent: () => ({ state: "running" as const }),
+        broadcaster,
+        installState: { isInstalledFor: () => false } as never,
+        logsDir: dir,
+        branchStatus: monitor,
+      });
+
+      expect(exitHandler).not.toBeNull();
+      exitHandler!({
+        id: "t1",
+        logName: "dev",
+        exitCode: 1,
+        intentional: false,
+        status: "failed",
+      });
+      expect(intentCalls).toHaveLength(1);
+      expect(intentCalls[0]).toEqual({
+        state: "paused",
+        reason: "dev script exited with code 1",
+      });
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("does NOT flip intent on intentional kill", () => {
+    const { dir, cleanup } = tempRoot();
+    try {
+      let exitHandler: ((s: unknown) => void) | null = null;
+      const intentCalls: Array<{ state: string }> = [];
+      const broadcaster = new Broadcaster(1024);
+      const { monitor } = makeMonitorSpy();
+
+      new SetupOrchestrator({
+        bootConfig: { appRoot: dir, repoDir: join(dir, "repo") },
+        store: {
+          read: () => null,
+          hydrate: () => {},
+          applyInternal: async () => ({
+            kind: "applied",
+            before: null,
+            after: {},
+            transition: { kind: "no-op" },
+          }),
+        } as never,
+        taskManager: {
+          spawn: async () => ({ id: "t1" }),
+          killByLogName: () => 0,
+          waitForLogNamesIdle: async () => {},
+          onTaskExit: (h: (s: unknown) => void) => {
+            exitHandler = h;
+            return () => {};
+          },
+        } as never,
+        setIntent: (i) => intentCalls.push(i),
+        getIntent: () => ({ state: "running" as const }),
+        broadcaster,
+        installState: { isInstalledFor: () => false } as never,
+        logsDir: dir,
+        branchStatus: monitor,
+      });
+
+      exitHandler!({
+        id: "t1",
+        logName: "dev",
+        exitCode: 137,
+        intentional: true,
+        status: "killed",
+      });
+      expect(intentCalls).toHaveLength(0);
+    } finally {
+      cleanup();
+    }
+  });
+
+  it("does NOT flip intent for non-starter tasks", () => {
+    const { dir, cleanup } = tempRoot();
+    try {
+      let exitHandler: ((s: unknown) => void) | null = null;
+      const intentCalls: Array<{ state: string }> = [];
+      const broadcaster = new Broadcaster(1024);
+      const { monitor } = makeMonitorSpy();
+
+      new SetupOrchestrator({
+        bootConfig: { appRoot: dir, repoDir: join(dir, "repo") },
+        store: {
+          read: () => null,
+          hydrate: () => {},
+          applyInternal: async () => ({
+            kind: "applied",
+            before: null,
+            after: {},
+            transition: { kind: "no-op" },
+          }),
+        } as never,
+        taskManager: {
+          spawn: async () => ({ id: "t1" }),
+          killByLogName: () => 0,
+          waitForLogNamesIdle: async () => {},
+          onTaskExit: (h: (s: unknown) => void) => {
+            exitHandler = h;
+            return () => {};
+          },
+        } as never,
+        setIntent: (i) => intentCalls.push(i),
+        getIntent: () => ({ state: "running" as const }),
+        broadcaster,
+        installState: { isInstalledFor: () => false } as never,
+        logsDir: dir,
+        branchStatus: monitor,
+      });
+
+      exitHandler!({
+        id: "t2",
+        logName: "format",
+        exitCode: 1,
+        intentional: false,
+        status: "failed",
+      });
+      expect(intentCalls).toHaveLength(0);
+    } finally {
+      cleanup();
+    }
+  });
+});
diff --git a/packages/sandbox/daemon/setup/orchestrator.ts b/packages/sandbox/daemon/setup/orchestrator.ts
new file mode 100644
index 0000000000..f2a82dc481
--- /dev/null
+++ b/packages/sandbox/daemon/setup/orchestrator.ts
@@ -0,0 +1,573 @@
+import { existsSync, unlinkSync } from "node:fs";
+import { join } from "node:path";
+import { readConfig } from "../persistence";
+import type { TenantConfigStore } from "../config-store";
+import type { TaskManager } from "../process/task-manager";
+import type { Transition } from "../config-store/types";
+import {
+  PACKAGE_MANAGER_DAEMON_CONFIG,
+  WELL_KNOWN_STARTERS,
+  buildDevEnv,
+  isSyntheticBranch,
+  pmRunCommand,
+} from "../constants";
+import type { Broadcaster } from "../events/broadcast";
+import type { BranchStatusMonitor } from "../git/branch-status";
+import { gitSync } from "../git/git-sync";
+import type { InstallState } from "../install/install-state";
+import { InstallState as InstallStateClass } from "../install/install-state";
+import { LogTee } from "../process/log-tee";
+import { appLogPath, hasGitRepo, resolvePmRoot } from "../paths";
+import { discoverScripts } from "../process/script-discovery";
+import type { PhaseManager } from "../process/phase-manager";
+import type { Application, Config } from "../types";
+import { autodetectApplication } from "./autodetect";
+import { spawnClone } from "./clone";
+import { configureGitIdentity } from "./identity";
+import { spawnInstall } from "./install";
+import { installProtectedBranchHook } from "../git/protect-branch";
+
+const INSTALL_LOG_MAX_BYTES = 10 * 1024 * 1024;
+
+export interface SetupOrchestratorDeps {
+  bootConfig: { appRoot: string; repoDir: string };
+  store: TenantConfigStore;
+  taskManager: TaskManager;
+  setIntent: (next: { state: "running" | "paused"; reason?: string }) => void;
+  getIntent: () => { state: "running" | "paused"; reason?: string };
+  broadcaster: Broadcaster;
+  installState: InstallState;
+  /** Workspace tmp dir; install tee lives at `<logsDir>/app/install`. */
+  logsDir: string;
+  /** When provided, setup phases are tracked via the phase manager. */
+  phaseManager?: PhaseManager;
+  branchStatus: BranchStatusMonitor;
+}
+
+/**
+ * Reducer over `Transition` events emitted by the config store.
+ *
+ * Each transition maps to one async recipe. An internal FIFO queue
+ * serializes runs so an in-flight install can't race a branch checkout.
+ * Same-kind transitions coalesce (only the most recent matters).
+ */
+export class SetupOrchestrator {
+  private readonly queue: Transition[] = [];
+  private running = false;
+  private currentBranchHead: string | undefined;
+
+  constructor(private readonly deps: SetupOrchestratorDeps) {
+    this.deps.taskManager.onTaskExit((summary) => {
+      if (!summary.logName) return;
+      if (
+        !WELL_KNOWN_STARTERS.includes(
+          summary.logName as (typeof WELL_KNOWN_STARTERS)[number],
+        )
+      )
+        return;
+      if (summary.intentional) return;
+      if (summary.exitCode === 0 || summary.exitCode === null) return;
+      this.deps.setIntent({
+        state: "paused",
+        reason: `dev script exited with code ${summary.exitCode}`,
+      });
+    });
+  }
+
+  /** Fire-and-forget enqueue. */
+  handle(transition: Transition): void {
+    if (
+      transition.kind === "no-op" ||
+      transition.kind === "identity-conflict"
+    ) {
+      return;
+    }
+    this.coalesce(transition);
+    void this.drain();
+  }
+
+  /** True while a transition is being applied. Surfaced on /health. */
+  isRunning(): boolean {
+    return this.running;
+  }
+
+  pendingCount(): number {
+    return this.queue.length;
+  }
+
+  private coalesce(t: Transition): void {
+    // Last-of-kind wins for transitions that fully describe themselves.
+    const collapsable = new Set([
+      "branch-change",
+      "pm-change",
+      "runtime-change",
+      "port-change",
+    ]);
+    if (collapsable.has(t.kind)) {
+      const idx = this.queue.findIndex((q) => q.kind === t.kind);
+      if (idx >= 0) this.queue.splice(idx, 1);
+    }
+    this.queue.push(t);
+  }
+
+  private async drain(): Promise<void> {
+    if (this.running) return;
+    this.running = true;
+    try {
+      while (this.queue.length > 0) {
+        const t = this.queue.shift();
+        if (!t) break;
+        const taskId = this.deps.phaseManager?.begin(`transition:${t.kind}`);
+        this.chunk(`[orchestrator] transition: ${t.kind}\r\n`);
+        this.deps.broadcaster.broadcastEvent("transition", {
+          kind: t.kind,
+          phase: "start",
+        });
+        try {
+          await this.run(t);
+          this.chunk(`[orchestrator] done: ${t.kind}\r\n`);
+          this.deps.broadcaster.broadcastEvent("transition", {
+            kind: t.kind,
+            phase: "done",
+          });
+          if (taskId) this.deps.phaseManager?.done(taskId);
+        } catch (e) {
+          const msg = (e as Error).message;
+          this.chunk(`\r\n[orchestrator] failed: ${t.kind}: ${msg}\r\n`);
+          this.deps.broadcaster.broadcastEvent("transition", {
+            kind: t.kind,
+            phase: "failed",
+            error: msg,
+          });
+          if (taskId) this.deps.phaseManager?.fail(taskId, msg);
+        }
+      }
+    } finally {
+      this.running = false;
+    }
+  }
+
+  private async run(t: Transition): Promise<void> {
+    switch (t.kind) {
+      case "bootstrap":
+        return this.bootstrap();
+      case "branch-change":
+        return this.branchChange(t.to);
+      case "pm-change":
+      case "runtime-change":
+        return this.reinstallAndMaybeStart();
+      case "port-change":
+        return this.maybeRestartDev();
+      case "no-op":
+      case "identity-conflict":
+        return;
+      default:
+        t satisfies never;
+    }
+  }
+
+  private currentConfig(): Config | null {
+    const enriched = this.deps.store.read();
+    if (!enriched) return null;
+    return Object.freeze({
+      ...enriched,
+      daemonToken: "",
+      daemonBootId: "",
+      proxyPort: 0,
+      appRoot: this.deps.bootConfig.appRoot,
+      repoDir: this.deps.bootConfig.repoDir,
+    }) as Config;
+  }
+
+  private chunk(data: string): void {
+    this.deps.broadcaster.broadcastChunk("setup", data);
+  }
+
+  private async bootstrap(): Promise<void> {
+    const initial = this.currentConfig();
+    if (!initial) return;
+
+    const cloneUrl = initial.git?.repository?.cloneUrl;
+    if (cloneUrl && !hasGitRepo(initial.repoDir)) {
+      this.deps.branchStatus.setPhase({ kind: "cloning" });
+      const cloneTaskId = this.deps.phaseManager?.begin("clone");
+      const cloneLogPath = appLogPath(this.deps.logsDir, "clone");
+      try {
+        unlinkSync(cloneLogPath);
+      } catch {
+        /* not present */
+      }
+      const cloneTee = new LogTee(cloneLogPath, INSTALL_LOG_MAX_BYTES);
+      let code: number;
+      try {
+        code = await spawnClone({
+          config: initial,
+          onChunk: (_src, data) => {
+            this.chunk(data);
+            cloneTee.write(data);
+          },
+        });
+      } catch (e) {
+        cloneTee.close();
+        const error = (e as Error).message;
+        this.chunk(`\r\n[orchestrator] clone failed: ${error}\r\n`);
+        if (cloneTaskId) this.deps.phaseManager?.fail(cloneTaskId, error);
+        this.deps.branchStatus.setPhase({ kind: "clone-failed", error });
+        return;
+      }
+      cloneTee.close();
+      if (code !== 0) {
+        this.chunk(`\r\n[orchestrator] clone failed (exit ${code})\r\n`);
+        if (cloneTaskId)
+          this.deps.phaseManager?.fail(cloneTaskId, `exit ${code}`);
+        this.deps.branchStatus.setPhase({
+          kind: "clone-failed",
+          error: `exit ${code}`,
+        });
+        return;
+      }
+      if (cloneTaskId) this.deps.phaseManager?.done(cloneTaskId);
+    } else if (cloneUrl) {
+      this.chunk(`[orchestrator] repo already cloned\r\n`);
+    }
+
+    // Identity has to run after clone so `git config` has a repo to write
+    // into — earlier order tripped posix_spawn ENOENT (it reads cwd before
+    // exec, and repoDir doesn't exist until clone returns).
+    await this.gitSetup(initial);
+    await this.fillApplicationDefaults(initial.repoDir);
+    this.deps.branchStatus.markReady();
+
+    const config = this.currentConfig();
+    if (!config) return;
+
+    if (
+      !this.deps.installState.isInstalledFor(config, this.currentBranchHead)
+    ) {
+      const ok = await this.runInstall();
+      if (!ok) return;
+    } else {
+      this.broadcastDiscoveredScripts(config);
+    }
+    await this.startIfReady();
+  }
+
+  /**
+   * Fill missing application fields (packageManager, runtime, port) from
+   * `.decocms/daemon.json` then from lockfile autodetect. Mesh-supplied
+   * config always wins; this only patches gaps.
+   *
+   * Goes through `store.applyInternal` (not `apply`) so a fresh
+   * pm-change/runtime-change isn't emitted — this runs inside bootstrap,
+   * which already handles install+start. The `compute` callback executes
+   * inside the store's serial queue, so a concurrent PUT can't race the
+   * read-then-write.
+   */
+  private async fillApplicationDefaults(repoDir: string): Promise<void> {
+    const outcome = readConfig(repoDir);
+    const diskApp =
+      outcome.kind === "valid" ? outcome.config.application : undefined;
+
+    await this.deps.store.applyInternal((current) => {
+      const cur: Application = current?.application ?? {};
+      // What the config "should" look like: cur > diskApp > autodetect.
+      const target: Application = {
+        ...autodetectApplication(repoDir, { ...diskApp, ...cur }),
+        ...diskApp,
+        ...cur,
+      };
+      // Patch only the fields cur is missing — never overwrite caller values.
+      const patch: { -readonly [K in keyof Application]?: Application[K] } = {};
+      if (!cur.packageManager?.name && target.packageManager) {
+        patch.packageManager = target.packageManager;
+      }
+      if (!cur.runtime && target.runtime) {
+        patch.runtime = target.runtime;
+      }
+      if (cur.port === undefined && target.port !== undefined) {
+        patch.port = target.port;
+      }
+      if (Object.keys(patch).length === 0) return null;
+      return { application: patch };
+    });
+  }
+
+  private async branchChange(to: string): Promise<void> {
+    await this.stopDevTask();
+    this.chunk(`[orchestrator] checking out branch: ${to}\r\n`);
+    this.deps.branchStatus.setPhase({ kind: "checking-out", to });
+    try {
+      await this.checkoutBranch(to);
+    } catch (e) {
+      const error = (e as Error).message;
+      this.chunk(`\r\n[orchestrator] branch-change failed: ${error}\r\n`);
+      this.deps.branchStatus.setPhase({ kind: "checkout-failed", error });
+      return;
+    }
+    this.refreshBranchHead();
+    this.deps.branchStatus.markReady();
+    const ok = await this.runInstall();
+    if (ok) await this.startIfReady();
+  }
+
+  private async reinstallAndMaybeStart(): Promise<void> {
+    await this.stopDevTask();
+    const ok = await this.runInstall();
+    if (ok) await this.startIfReady();
+  }
+
+  private async maybeRestartDev(): Promise<void> {
+    await this.stopDevTask();
+    await this.startIfReady();
+  }
+
+  private async stopDevTask(): Promise<void> {
+    for (const starter of WELL_KNOWN_STARTERS) {
+      this.deps.taskManager.killByLogName(starter, { intentional: true });
+    }
+    await this.deps.taskManager.waitForLogNamesIdle(WELL_KNOWN_STARTERS);
+  }
+
+  /**
+   * Start the dev script iff the install fingerprint matches and we have a
+   * discovered starter script. No retry on failure — the dev process must be
+   * (re)launched by a config change (pm, runtime, branch, or port).
+   */
+  private async startIfReady(): Promise<void> {
+    const config = this.currentConfig();
+    if (!config) return;
+    if (this.deps.getIntent().state === "paused") {
+      this.chunk(
+        "\r\n[orchestrator] skipping start: intent=paused (resume to retry)\r\n",
+      );
+      return;
+    }
+    if (
+      !this.deps.installState.isInstalledFor(config, this.currentBranchHead)
+    ) {
+      this.chunk(
+        "\r\n[orchestrator] skipping start: install fingerprint mismatch\r\n",
+      );
+      return;
+    }
+    const command = this.buildStartCommand(config);
+    if (!command) {
+      this.chunk(this.diagnoseNoStartCommand(config));
+      return;
+    }
+    await this.deps.taskManager.spawn({
+      command: command.cmd,
+      cwd: command.cwd,
+      env: buildDevEnv(config),
+      label: command.label,
+      mode: "pty",
+      logName: command.source,
+      replaceByLogName: true,
+    });
+  }
+
+  private diagnoseNoStartCommand(config: Config): string {
+    const pm = config.application?.packageManager?.name;
+    if (!pm) {
+      return "\r\n[orchestrator] skipping start: no package manager configured — update the VM config to enable a dev server\r\n";
+    }
+    const pmConf = PACKAGE_MANAGER_DAEMON_CONFIG[pm];
+    const cwd = resolvePmRoot(
+      config.repoDir,
+      config.application?.packageManager?.path,
+    );
+    const scripts = discoverScripts(cwd, pm);
+    if (scripts.length === 0) {
+      const hasManifest = pmConf?.manifests.some((f) =>
+        existsSync(join(cwd, f)),
+      );
+      if (!hasManifest) {
+        return `\r\n[orchestrator] skipping start: no package manifest (${pmConf?.manifests.join(" or ")}) found at ${cwd} — update the VM config if a dev server should run\r\n`;
+      }
+      return `\r\n[orchestrator] skipping start: no scripts defined in ${cwd}/package.json — update the VM config if a dev server should run\r\n`;
+    }
+    return `\r\n[orchestrator] skipping start: no 'dev' or 'start' script found (available: ${scripts.join(", ")}) — update the VM config to set the correct start script\r\n`;
+  }
+
+  private buildStartCommand(
+    config: Config,
+  ): { cmd: string; cwd: string; label: string; source: string } | null {
+    const pm = config.application?.packageManager?.name;
+    if (!pm) return null;
+    const pmConf = PACKAGE_MANAGER_DAEMON_CONFIG[pm];
+    if (!pmConf) return null;
+    const cwd = resolvePmRoot(
+      config.repoDir,
+      config.application?.packageManager?.path,
+    );
+    const scripts = discoverScripts(cwd, pm);
+    const starter = WELL_KNOWN_STARTERS.find((s) => scripts.includes(s));
+    if (!starter) return null;
+    return {
+      ...pmRunCommand(config.runtimePathPrefix, cwd, pmConf.runPrefix, starter),
+      cwd,
+      source: starter,
+    };
+  }
+
+  private async runInstall(): Promise<boolean> {
+    const config = this.currentConfig();
+    if (!config) return false;
+    if (!config.application?.packageManager?.name) return false;
+    const installTaskId = this.deps.phaseManager?.begin("install");
+    this.chunk(`[orchestrator] installing dependencies\r\n`);
+    const installLogPath = appLogPath(this.deps.logsDir, "install");
+    try {
+      unlinkSync(installLogPath);
+    } catch {
+      /* not present */
+    }
+    const installTee = new LogTee(installLogPath, INSTALL_LOG_MAX_BYTES);
+    const installPromise = spawnInstall({
+      config,
+      onChunk: (_src, data) => {
+        this.chunk(data);
+        installTee.write(data);
+      },
+    });
+    // null = no install step needed (e.g. deno auto-fetches; or no manifest
+    // present yet). Treat as success so the caller proceeds to start; mark
+    // the install fingerprint so resume doesn't retry on every boot.
+    if (!installPromise) {
+      installTee.close();
+      this.markInstallSucceeded(config);
+      if (installTaskId) this.deps.phaseManager?.done(installTaskId);
+      return true;
+    }
+    const code = await installPromise;
+    installTee.close();
+    if (code !== 0) {
+      this.chunk(`\r\n[orchestrator] install failed (exit ${code})\r\n`);
+      this.deps.installState.mark(
+        InstallStateClass.fingerprint(config, this.currentBranchHead),
+        false,
+      );
+      if (installTaskId)
+        this.deps.phaseManager?.fail(installTaskId, `exit ${code}`);
+      return false;
+    }
+    this.markInstallSucceeded(config);
+    if (installTaskId) this.deps.phaseManager?.done(installTaskId);
+    return true;
+  }
+
+  private async gitSetup(config: Config): Promise<void> {
+    const gitTaskId = this.deps.phaseManager?.begin("git-setup");
+    try {
+      configureGitIdentity(config);
+    } catch (e) {
+      this.chunk(
+        `\r\n[orchestrator] warning: git identity setup failed: ${(e as Error).message}\r\n`,
+      );
+    }
+    if (config.repoDir) {
+      try {
+        installProtectedBranchHook(config.repoDir);
+      } catch (e) {
+        this.chunk(
+          `\r\n[orchestrator] warning: could not install protected-branch hook: ${(e as Error).message}\r\n`,
+        );
+      }
+    }
+    const branch = config.git?.repository?.branch;
+    if (branch && !isSyntheticBranch(branch)) {
+      this.chunk(`[orchestrator] checking out branch: ${branch}\r\n`);
+      try {
+        await this.checkoutBranch(branch);
+      } catch (e) {
+        this.chunk(
+          `\r\n[orchestrator] warning: branch checkout failed: ${(e as Error).message}\r\n`,
+        );
+      }
+    }
+    this.refreshBranchHead();
+    if (gitTaskId) this.deps.phaseManager?.done(gitTaskId);
+  }
+
+  private markInstallSucceeded(config: Config): void {
+    this.deps.installState.mark(
+      InstallStateClass.fingerprint(config, this.currentBranchHead),
+      true,
+    );
+    this.broadcastDiscoveredScripts(config);
+  }
+
+  // Source of truth for the SSE `scripts` event. Without this the UI never
+  // opens script tabs (e.g. Dev) — the env panel gates `openScriptTabs` on
+  // `vmEvents.scripts`. Idempotent: callers in both fresh-install and
+  // skip-install paths dispatch the same payload.
+  private broadcastDiscoveredScripts(config: Config): void {
+    const cwd = resolvePmRoot(
+      config.repoDir,
+      config.application?.packageManager?.path,
+    );
+    const scripts = discoverScripts(
+      cwd,
+      config.application?.packageManager?.name ?? null,
+    );
+    this.deps.broadcaster.broadcastEvent("scripts", {
+      type: "scripts",
+      scripts,
+    });
+  }
+
+  private refreshBranchHead(): void {
+    const repoDir = this.deps.bootConfig.repoDir;
+    if (!repoDir) return;
+    if (!hasGitRepo(repoDir)) {
+      this.currentBranchHead = undefined;
+      return;
+    }
+    try {
+      this.currentBranchHead = gitSync(["rev-parse", "HEAD"], { cwd: repoDir });
+    } catch {
+      this.currentBranchHead = undefined;
+    }
+  }
+
+  private async checkoutBranch(branch: string): Promise<void> {
+    const repoDir = this.deps.bootConfig.repoDir;
+    if (!repoDir) return;
+
+    let onRemote = false;
+    try {
+      gitSync(
+        [
+          "-c",
+          "safe.directory=*",
+          "fetch",
+          "origin",
+          `+refs/heads/${branch}:refs/remotes/origin/${branch}`,
+        ],
+        { cwd: repoDir },
+      );
+      gitSync(
+        ["-c", "safe.directory=*", "fetch", "origin", `${branch}:${branch}`],
+        { cwd: repoDir },
+      );
+      onRemote = true;
+    } catch {
+      /* not on remote — fall through to local create */
+    }
+    if (onRemote) {
+      gitSync(["-c", "safe.directory=*", "checkout", "-f", branch], {
+        cwd: repoDir,
+      });
+    } else {
+      try {
+        gitSync(["-c", "safe.directory=*", "checkout", "-f", branch], {
+          cwd: repoDir,
+        });
+      } catch {
+        gitSync(["-c", "safe.directory=*", "checkout", "-b", branch], {
+          cwd: repoDir,
+        });
+      }
+    }
+  }
+}
diff --git a/packages/sandbox/daemon/setup/spawn-step.ts b/packages/sandbox/daemon/setup/spawn-step.ts
new file mode 100644
index 0000000000..91d9a41c46
--- /dev/null
+++ b/packages/sandbox/daemon/setup/spawn-step.ts
@@ -0,0 +1,17 @@
+import { DECO_GID, DECO_UID } from "../constants";
+import { spawnPty } from "../process/pty-spawn";
+
+export function spawnSetupStep(
+  cmd: string,
+  onChunk: (source: "setup", data: string) => void,
+  dropPrivileges?: boolean,
+): Promise<number> {
+  return new Promise((resolve) => {
+    const child = spawnPty({
+      cmd,
+      ...(dropPrivileges ? { uid: DECO_UID, gid: DECO_GID } : {}),
+    });
+    child.onData((data) => onChunk("setup", data));
+    child.onExit((code) => resolve(code));
+  });
+}
diff --git a/packages/sandbox/daemon/types.ts b/packages/sandbox/daemon/types.ts
new file mode 100644
index 0000000000..007734086a
--- /dev/null
+++ b/packages/sandbox/daemon/types.ts
@@ -0,0 +1,101 @@
+export type PackageManager = "npm" | "pnpm" | "yarn" | "bun" | "deno";
+export type RuntimeName = "node" | "bun" | "deno";
+
+/** Runtime-derived adornment, never persisted to disk. */
+export interface DerivedRuntime {
+  readonly name: RuntimeName;
+  readonly pathPrefix: string;
+}
+
+export interface BootConfig {
+  readonly daemonToken: string;
+  readonly daemonBootId: string;
+  /**
+   * Workspace root. Contains `app/` (the cloned repo), `daemon/` (config
+   * + persistence), and `tmp/` (log tees). fs/bash routes are clamped here
+   * so the LLM can read/mutate everything inside the workspace.
+   */
+  readonly appRoot: string;
+  /** `<appRoot>/repo` — cwd for git, install, dev script, scripts. */
+  readonly repoDir: string;
+  readonly proxyPort: number;
+  readonly dropPrivileges?: boolean;
+}
+
+export interface GitIdentity {
+  readonly userName: string;
+  readonly userEmail: string;
+}
+
+export interface GitRepository {
+  readonly cloneUrl: string;
+  readonly branch?: string;
+  readonly repoName?: string;
+}
+
+export interface GitConfig {
+  readonly repository: GitRepository;
+  readonly identity?: GitIdentity;
+}
+
+export interface PackageManagerConfig {
+  readonly name: PackageManager;
+  readonly path?: string;
+}
+
+export interface Application {
+  readonly packageManager?: PackageManagerConfig;
+  readonly runtime?: RuntimeName;
+  /** Port the dev script binds to (set as PORT env). Mesh always supplies this. */
+  readonly port?: number;
+}
+
+/**
+ * User-intent state for a sandboxed application. The daemon never writes this
+ * file — `<repoDir>/.decocms/daemon.json` is read at boot as a fallback for
+ * fields the mesh didn't supply, and any further refinements (lockfile-based
+ * package manager / runtime detection) happen in memory only. The file lives
+ * in the repo iff a tenant chose to commit it themselves.
+ */
+export interface TenantConfig {
+  readonly git?: GitConfig;
+  readonly application?: Application;
+}
+
+/** In-memory enriched view: TenantConfig + derivations. */
+export interface EnrichedTenantConfig extends TenantConfig {
+  /** Computed from `application.runtime`. */
+  readonly runtimePathPrefix: string;
+}
+
+/** What the rest of the daemon (orchestrator, routes) sees. */
+export type Config = BootConfig & EnrichedTenantConfig;
+
+export interface BroadcastSource {
+  /** "setup" | "daemon" | script name */
+  readonly name: string;
+}
+
+export interface SseFrame {
+  readonly event: string;
+  readonly payload: string;
+}
+
+export type BranchStatusReady = {
+  readonly kind: "ready";
+  readonly branch: string;
+  readonly base: string;
+  readonly workingTreeDirty: boolean;
+  readonly unpushed: number;
+  readonly aheadOfBase: number;
+  readonly behindBase: number;
+  readonly headSha: string;
+};
+
+export type BranchStatus =
+  | { readonly kind: "initializing" }
+  | { readonly kind: "cloning" }
+  | { readonly kind: "clone-failed"; readonly error: string }
+  | { readonly kind: "checking-out"; readonly to: string }
+  | { readonly kind: "checkout-failed"; readonly error: string }
+  | BranchStatusReady;
diff --git a/packages/sandbox/daemon/upstream-fetch.test.ts b/packages/sandbox/daemon/upstream-fetch.test.ts
new file mode 100644
index 0000000000..9d2b9d08aa
--- /dev/null
+++ b/packages/sandbox/daemon/upstream-fetch.test.ts
@@ -0,0 +1,110 @@
+import { describe, expect, test } from "bun:test";
+import { fetchLoopback } from "./upstream-fetch";
+
+async function withServer(
+  hostname: string,
+  handler: (req: Request) => Response,
+  fn: (port: number) => Promise<void>,
+): Promise<void> {
+  const server = Bun.serve({ port: 0, hostname, fetch: handler });
+  try {
+    await fn(server.port);
+  } finally {
+    server.stop(true);
+  }
+}
+
+describe("fetchLoopback", () => {
+  test("reaches an IPv6-only server (Bun's default for `localhost`)", async () => {
+    await withServer(
+      "::1",
+      () => new Response("v6-ok"),
+      async (port) => {
+        const res = await fetchLoopback(port, "/");
+        expect(await res.text()).toBe("v6-ok");
+      },
+    );
+  });
+
+  test("falls back to IPv4 when nothing listens on [::1]", async () => {
+    await withServer(
+      "127.0.0.1",
+      () => new Response("v4-ok"),
+      async (port) => {
+        const res = await fetchLoopback(port, "/");
+        expect(await res.text()).toBe("v4-ok");
+      },
+    );
+  });
+
+  test("forwards path and query", async () => {
+    await withServer(
+      "::1",
+      (req) => {
+        const url = new URL(req.url);
+        return new Response(`${url.pathname}${url.search}`);
+      },
+      async (port) => {
+        const res = await fetchLoopback(port, "/foo/bar?x=1");
+        expect(await res.text()).toBe("/foo/bar?x=1");
+      },
+    );
+  });
+
+  test("forwards method and body via init", async () => {
+    await withServer(
+      "::1",
+      async (req) => new Response(`${req.method}:${await req.text()}`),
+      async (port) => {
+        const res = await fetchLoopback(port, "/", {
+          method: "POST",
+          body: "payload",
+        });
+        expect(await res.text()).toBe("POST:payload");
+      },
+    );
+  });
+
+  test("throws when nothing listens on either address", async () => {
+    // Pick a port unlikely to have anything; if collision flakes the test,
+    // a higher random pick reduces the odds.
+    const port = 49000 + Math.floor(Math.random() * 10000);
+    await expect(fetchLoopback(port, "/")).rejects.toThrow();
+  });
+
+  test("does not retry after a non-connection-refused failure", async () => {
+    // [::1] accepts the connection but aborts mid-request. Without the
+    // connection-refused gate, the catch would resend the body to 127.0.0.1
+    // — which here serves a DIFFERENT response, exposing the retry.
+    let v4Hits = 0;
+    const v6 = Bun.serve({
+      port: 0,
+      hostname: "::1",
+      fetch: async () => {
+        await new Promise((r) => setTimeout(r, 200));
+        return new Response("v6");
+      },
+    });
+    const v4 = Bun.serve({
+      port: v6.port,
+      hostname: "127.0.0.1",
+      fetch: () => {
+        v4Hits++;
+        return new Response("v4");
+      },
+    });
+    try {
+      const ctrl = new AbortController();
+      const promise = fetchLoopback(v6.port, "/", { signal: ctrl.signal });
+      // Give the request time to reach v6 before aborting, so the failure is
+      // mid-flight (AbortError) and not a pre-flight connection error.
+      await new Promise((r) => setTimeout(r, 30));
+      ctrl.abort();
+      await expect(promise).rejects.toThrow();
+      expect(v4Hits).toBe(0);
+    } finally {
+      v6.stop(true);
+      v4.stop(true);
+    }
+  });
+});
diff --git a/packages/sandbox/daemon/upstream-fetch.ts b/packages/sandbox/daemon/upstream-fetch.ts
new file mode 100644
index 0000000000..a9c195d588
--- /dev/null
+++ b/packages/sandbox/daemon/upstream-fetch.ts
@@ -0,0 +1,54 @@
+/**
+ * Loopback fetch helper. Inside the sandbox both the daemon and the dev
+ * server live on the same machine, but the dev server may bind IPv4 only
+ * (127.0.0.1, classic Node default) or IPv6 only ([::1], what
+ * `Bun.serve`/Vite-on-Bun pick on a dual-stack system). Bun's fetch
+ * resolves `localhost` to a single address — the wrong one half the time
+ * — so we try [::1] first and fall back to 127.0.0.1.
+ *
+ * Sequential, not parallel. ECONNREFUSED returns instantly, so the
+ * fallback path adds ~1ms in the IPv4-only case and zero in the IPv6
+ * case.
+ *
+ * The fallback is restricted to errors that prove the request never reached
+ * the upstream (connection refused, address unreachable). Mid-flight
+ * failures like ECONNRESET or AbortError are NOT retried — for non-
+ * idempotent proxy requests (POST/PUT/DELETE), retrying after the body has
+ * been (partially) sent could trigger the same write twice on the upstream.
+ */
+
+const NOT_CONNECTED_CODES = new Set([
+  "ECONNREFUSED",
+  "EHOSTUNREACH",
+  "ENETUNREACH",
+  "EADDRNOTAVAIL",
+  "ConnectionRefused",
+]);
+
+const NOT_CONNECTED_RE =
+  /ECONNREFUSED|EHOSTUNREACH|ENETUNREACH|EADDRNOTAVAIL|ConnectionRefused/;
+
+function isNotConnected(err: unknown): boolean {
+  if (!(err instanceof Error)) return false;
+  // Bun puts the syscall code on the error directly (`code: "ConnectionRefused"`);
+  // undici / node surface it via `cause.code` (`ECONNREFUSED`).
+  const direct = (err as { code?: string }).code;
+  if (direct && NOT_CONNECTED_CODES.has(direct)) return true;
+  const cause = (err as { cause?: { code?: string } }).cause;
+  if (cause?.code && NOT_CONNECTED_CODES.has(cause.code)) return true;
+  // Fallback to message inspection when neither field is populated.
+  return NOT_CONNECTED_RE.test(err.message);
+}
+
+export async function fetchLoopback(
+  port: number,
+  pathAndQuery: string,
+  init?: RequestInit,
+): Promise<Response> {
+  try {
+    return await fetch(`http://[::1]:${port}${pathAndQuery}`, init);
+  } catch (err) {
+    if (!isNotConnected(err)) throw err;
+    return await fetch(`http://127.0.0.1:${port}${pathAndQuery}`, init);
+  }
+}
diff --git a/packages/sandbox/daemon/validate.ts b/packages/sandbox/daemon/validate.ts
new file mode 100644
index 0000000000..9cd5bbc484
--- /dev/null
+++ b/packages/sandbox/daemon/validate.ts
@@ -0,0 +1,120 @@
+import { isSyntheticBranch } from "./constants";
+import type { PackageManager, RuntimeName, TenantConfig } from "./types";
+
+const VALID_RUNTIMES: ReadonlySet<RuntimeName> = new Set([
+  "node",
+  "bun",
+  "deno",
+]);
+const VALID_PMS: ReadonlySet<PackageManager> = new Set([
+  "npm",
+  "pnpm",
+  "yarn",
+  "bun",
+  "deno",
+]);
+const BRANCH_RE = /^[A-Za-z0-9._/-]+$/;
+
+export type ValidationError = { kind: "invalid"; reason: string };
+export type ValidationOk = { kind: "ok" };
+export type ValidationResult = ValidationOk | ValidationError;
+
+/**
+ * Validate a fully-merged TenantConfig (post-merge, pre-persist).
+ *
+ * All application fields are optional — partial configs are valid so callers
+ * can patch one field at a time. We only validate field *values* when the
+ * field is present. The orchestrator is responsible for gating "start" on a
+ * sufficiently complete config.
+ */
+export function validateTenantConfig(config: TenantConfig): ValidationResult {
+  if (config.git !== undefined) {
+    const v = validateGit(config.git);
+    if (v.kind === "invalid") return v;
+  }
+  if (config.application !== undefined) {
+    const v = validateApplication(config.application);
+    if (v.kind === "invalid") return v;
+  }
+  return { kind: "ok" };
+}
+
+function validateGit(git: NonNullable<TenantConfig["git"]>): ValidationResult {
+  if (typeof git.repository?.cloneUrl !== "string") {
+    return { kind: "invalid", reason: "git.repository.cloneUrl is required" };
+  }
+  if (git.repository.cloneUrl.length === 0) {
+    return { kind: "invalid", reason: "git.repository.cloneUrl is empty" };
+  }
+  if (git.repository.branch !== undefined) {
+    const b = git.repository.branch;
+    // Synthetic branches (e.g. "thread:<id>", "ephemeral") are sandbox
+    // isolation keys, not real git refs — skip format validation for them.
+    if (
+      !isSyntheticBranch(b) &&
+      (typeof b !== "string" || !BRANCH_RE.test(b) || b.startsWith("-"))
+    ) {
+      return { kind: "invalid", reason: `git.repository.branch invalid: ${b}` };
+    }
+  }
+  if (git.identity !== undefined) {
+    if (
+      typeof git.identity.userName !== "string" ||
+      git.identity.userName.length === 0
+    ) {
+      return { kind: "invalid", reason: "git.identity.userName is required" };
+    }
+    if (
+      typeof git.identity.userEmail !== "string" ||
+      git.identity.userEmail.length === 0
+    ) {
+      return { kind: "invalid", reason: "git.identity.userEmail is required" };
+    }
+  }
+  return { kind: "ok" };
+}
+
+function validateApplication(
+  app: NonNullable<TenantConfig["application"]>,
+): ValidationResult {
+  if (app.runtime !== undefined && !VALID_RUNTIMES.has(app.runtime)) {
+    return { kind: "invalid", reason: `runtime invalid: ${app.runtime}` };
+  }
+  if (app.packageManager !== undefined) {
+    if (app.packageManager.name !== undefined) {
+      if (typeof app.packageManager.name !== "string") {
+        return {
+          kind: "invalid",
+          reason: "application.packageManager.name must be a string",
+        };
+      }
+      if (!VALID_PMS.has(app.packageManager.name)) {
+        return {
+          kind: "invalid",
+          reason: `packageManager invalid: ${app.packageManager.name}`,
+        };
+      }
+    }
+    if (
+      app.packageManager.path !== undefined &&
+      (typeof app.packageManager.path !== "string" ||
+        app.packageManager.path.length === 0)
+    ) {
+      return {
+        kind: "invalid",
+        reason: "packageManager.path must be non-empty",
+      };
+    }
+  }
+  if (app.port !== undefined && !isValidPort(app.port)) {
+    return {
+      kind: "invalid",
+      reason: `port invalid: ${app.port}`,
+    };
+  }
+  return { kind: "ok" };
+}
+
+function isValidPort(p: unknown): p is number {
+  return typeof p === "number" && Number.isInteger(p) && p > 0 && p <= 65535;
+}
diff --git a/packages/sandbox/daemon/ws-proxy.ts b/packages/sandbox/daemon/ws-proxy.ts
new file mode 100644
index 0000000000..b09e6e66cb
--- /dev/null
+++ b/packages/sandbox/daemon/ws-proxy.ts
@@ -0,0 +1,155 @@
+/**
+ * Transparent WebSocket reverse proxy for the daemon.
+ *
+ * The daemon's HTTP proxy uses fetch(), which doesn't carry WebSocket
+ * upgrade semantics. Without this, Vite's HMR client (and any other
+ * dev-server WS) gets 502 on the upgrade, retries a few times, then
+ * triggers a full-page reload as recovery — the user sees the page load
+ * then immediately reload, in a loop.
+ *
+ * On upgrade we stash the upstream port, path/query, and the client's
+ * negotiated subprotocols in ws.data, then open the upstream WS on the
+ * `open` callback and bridge frames in both directions. Subprotocols
+ * (`vite-hmr`, `vite-ping`, …) are forwarded — Vite ignores connections
+ * that drop them. The upstream loopback (IPv4 vs IPv6) is picked by a
+ * TCP probe before connecting, so a mid-handshake failure never silently
+ * retries on the other family.
+ */
+import type { ServerWebSocket } from "bun";
+import { bracketHost, pickLoopback } from "./loopback";
+
+/**
+ * Cap on frames buffered between client upgrade and upstream WS open. The
+ * upstream here is the in-pod dev server on localhost; if it isn't yet
+ * listening (booting / crashed), an unbounded pending queue would let a
+ * chatty client exhaust the daemon's memory.
+ */
+const MAX_PENDING_FRAMES = 256;
+
+export interface WsProxyData {
+  /** Upstream dev-server port. Null when no port is known at upgrade time. */
+  port: number | null;
+  /** Path + query of the upgrade request, forwarded verbatim. */
+  pathQuery: string;
+  /** Subprotocols the client advertised on the upgrade request. */
+  protocols: string[] | undefined;
+  upstream: WebSocket | null;
+  /** Frames received from the client before the upstream handshake completes. */
+  pending: (string | ArrayBuffer | Uint8Array)[];
+}
+
+export interface WsUpgraderOptions {
+  onClientMessage?: () => void;
+}
+
+export function makeWsUpgrader(
+  getDevPort: () => number | null,
+  opts: WsUpgraderOptions = {},
+) {
+  return {
+    /** Build the per-connection state attached to ws.data at upgrade time.
+     *  Falls back to `port=null` when no upstream port is known; `open()`
+     *  closes the client immediately rather than connecting to a guess. */
+    upgradeData(req: Request): WsProxyData {
+      const url = new URL(req.url);
+      const port = getDevPort();
+      const protoHeader = req.headers.get("sec-websocket-protocol");
+      const protocols = protoHeader
+        ? protoHeader
+            .split(",")
+            .map((s) => s.trim())
+            .filter(Boolean)
+        : undefined;
+      return {
+        port,
+        pathQuery: `${url.pathname}${url.search}`,
+        protocols,
+        upstream: null,
+        pending: [],
+      };
+    },
+
+    open(ws: ServerWebSocket<WsProxyData>): void {
+      if (ws.data.port === null) {
+        try {
+          ws.close(1011, "no upstream dev server");
+        } catch {}
+        return;
+      }
+      void connectUpstream(ws);
+    },
+
+    message(ws: ServerWebSocket<WsProxyData>, message: string | Buffer): void {
+      opts.onClientMessage?.();
+      const upstream = ws.data.upstream;
+      const frame = typeof message === "string" ? message : message.buffer;
+      if (upstream && upstream.readyState === WebSocket.OPEN) {
+        try {
+          upstream.send(frame as never);
+        } catch {}
+        return;
+      }
+      if (ws.data.pending.length >= MAX_PENDING_FRAMES) {
+        // Backlog overflow: upstream isn't draining. 1011 = internal error.
+        try {
+          ws.close(1011, "ws-proxy backlog overflow");
+        } catch {}
+        try {
+          ws.data.upstream?.close();
+        } catch {}
+        return;
+      }
+      ws.data.pending.push(frame as ArrayBuffer | string);
+    },
+
+    close(ws: ServerWebSocket<WsProxyData>): void {
+      try {
+        ws.data.upstream?.close();
+      } catch {}
+    },
+  };
+}
+
+export type WsUpgrader = ReturnType<typeof makeWsUpgrader>;
+
+async function connectUpstream(
+  ws: ServerWebSocket<WsProxyData>,
+): Promise<void> {
+  const port = ws.data.port;
+  if (port === null) return;
+  const host = await pickLoopback(port);
+  if (host === null) {
+    try {
+      ws.close(1011, "upstream not reachable");
+    } catch {}
+    return;
+  }
+  const target = `ws://${bracketHost(host)}:${port}${ws.data.pathQuery}`;
+  const upstream = new WebSocket(target, ws.data.protocols);
+  upstream.binaryType = "arraybuffer";
+  ws.data.upstream = upstream;
+
+  upstream.addEventListener("open", () => {
+    for (const frame of ws.data.pending) {
+      try {
+        upstream.send(frame as never);
+      } catch {}
+    }
+    ws.data.pending.length = 0;
+  });
+  upstream.addEventListener("message", (e) => {
+    try {
+      ws.send(e.data as never);
+    } catch {}
+  });
+  upstream.addEventListener("close", () => {
+    try {
+      ws.close();
+    } catch {}
+  });
+  upstream.addEventListener("error", () => {
+    try {
+      ws.close();
+    } catch {}
+  });
+}
diff --git a/packages/sandbox/image/Dockerfile b/packages/sandbox/image/Dockerfile
new file mode 100644
index 0000000000..ae4f9bdebf
--- /dev/null
+++ b/packages/sandbox/image/Dockerfile
@@ -0,0 +1,86 @@
+# Build: docker build -t studio-sandbox:local -f packages/sandbox/image/Dockerfile packages/sandbox
+FROM oven/bun:1.3.13-debian
+
+ARG NODE_MAJOR=22
+ARG DENO_VERSION=v1.46.3
+
+# `locales` + generated `en_US.UTF-8` is load-bearing: repos using
+# `embedded-postgres` refuse to init without it.
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends \
+       bash ca-certificates curl git gnupg locales python3 python3-pip \
+       ripgrep unzip \
+  && sed -i 's/^#\s*en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \
+  && locale-gen \
+  && curl -fsSL https://deb.nodesource.com/setup_${NODE_MAJOR}.x | bash - \
+  && apt-get install -y --no-install-recommends nodejs \
+  && rm -rf /var/lib/apt/lists/* \
+  && curl -fsSL https://deno.land/install.sh \
+       | DENO_INSTALL=/opt/deno sh -s -- -y "${DENO_VERSION}" \
+  && ln -s /opt/deno/bin/deno /usr/local/bin/deno \
+  && corepack enable \
+  && corepack prepare yarn@stable --activate \
+  && corepack prepare pnpm@latest --activate
+
+# Office tooling used by /mnt/skills/public/* document skills:
+# - LibreOffice headless for pptx/xlsx/docx → PDF conversion (rasterization,
+#   formula recalc, accept-tracked-changes).
+# - Poppler suite for PDF inspection and page-image extraction (pdftoppm,
+#   pdfinfo, pdftotext, pdfimages, pdfdetach, pdffonts).
+# - dbus + a generated /etc/machine-id so soffice doesn't warn on every call.
+# - DejaVu + Liberation fonts so soffice renders text instead of fallback
+#   tofu glyphs.
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends \
+       libreoffice-impress poppler-utils dbus \
+       fonts-dejavu-core fonts-liberation \
+  && rm -rf /var/lib/apt/lists/* \
+  && dbus-uuidgen > /etc/machine-id
+
+# Python libraries used by /mnt/skills/public/* helper scripts.
+RUN pip3 install --break-system-packages --no-cache-dir \
+      python-pptx python-docx openpyxl pypdf Pillow
+
+ENV LANG=en_US.UTF-8 \
+    LC_ALL=en_US.UTF-8
+
+# Non-root sandbox user. The bun image comes with a 'bun' user (UID 1000),
+# but we drop privileges further by replacing it with a 'sandbox' user.
+RUN userdel --remove bun \
+  && useradd --create-home --uid 1000 --user-group --shell /bin/bash sandbox \
+  && mkdir -p /app /opt/sandbox-daemon \
+  && chown -R sandbox:sandbox /app /opt/sandbox-daemon
+
+WORKDIR /app
+
+# node-pty is a native addon. The daemon bundle marks it `--external`, so it
+# must be installed inside the image. `bun init -y` creates a minimal
+# package.json; `bun add` triggers node-pty's prebuilt-binary download (or
+# builds from source for archs without prebuilts). build-essential + python3
+# are required for the node-gyp fallback on architectures (e.g. linux-arm64)
+# that have no pre-built binary. build-essential is removed after the build to
+# keep the layer lean. The `find … chmod +x` step ensures the spawn-helper
+# binary is executable (relevant on macOS-targeted prebuilds; no-op on Linux).
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends build-essential \
+  && rm -rf /var/lib/apt/lists/* \
+  && cd /opt/sandbox-daemon \
+  && bun init -y \
+  && bun add node-pty@^1.0.0 \
+  && find /opt/sandbox-daemon/node_modules/node-pty -name "spawn-helper" -exec chmod +x {} \; \
+  && chown -R sandbox:sandbox /opt/sandbox-daemon \
+  && apt-get purge -y --auto-remove build-essential
+
+COPY --chown=sandbox:sandbox daemon/dist/daemon.js /opt/sandbox-daemon/daemon.js
+COPY --chown=sandbox:sandbox image/skills /mnt/skills/public
+
+# Expose skill helper scripts as bare commands. Wrappers in skills/_bin/
+# are tiny shell shims; symlinking them into /usr/local/bin lets the model
+# run e.g. `pptx-thumbnail deck.pptx` instead of typing the full python path.
+RUN chmod +x /mnt/skills/public/_bin/* \
+  && ln -s /mnt/skills/public/_bin/* /usr/local/bin/
+
+ENV IS_SANDBOX=1
+USER sandbox
+EXPOSE 9000
+CMD ["bun", "/opt/sandbox-daemon/daemon.js"]
diff --git a/packages/sandbox/image/skills-features.md b/packages/sandbox/image/skills-features.md
new file mode 100644
index 0000000000..70531b16e7
--- /dev/null
+++ b/packages/sandbox/image/skills-features.md
@@ -0,0 +1,317 @@
+# Skills features checklist
+
+Tracking sheet for the static skills shipped at `/mnt/skills/public/` inside
+the sandbox image. The full feature surface below is the long-term target
+(inspired by Anthropic's claude.ai sandbox design); items marked **v1** are
+the prioritized reading-focused milestone.
+
+Status legend:
+- `- [x]` shipped
+- `- [ ]` not yet shipped
+- **v1** = part of the first reading-focused milestone (must-ship)
+- _no v1 marker_ = later milestone (creation, XML round-trip editing,
+  tracked changes, form filling, etc.)
+
+System-level dependency callouts use the `> deps:` admonition so we can plan
+the image-size impact ahead of time.
+
+---
+
+## docx
+
+### Reading & extraction
+- [x] **v1** Plain-text dump of a document (paragraph order preserved, basic markdown)
+- [ ] **v1** Tracked-changes-aware extraction (show insertions/deletions vs. accept them)
+- [ ] **v1** Raw XML access by unpacking the `.docx` zip into a directory
+- [ ] **v1** Page-by-page rasterization to images (via PDF intermediate) for visual inspection
+- [ ] Programmatically accept all tracked changes to produce a clean copy
+- [ ] **v1** Convert legacy `.doc` to `.docx` first (LibreOffice headless conversion)
+
+### Creating new documents (from scratch)
+- [ ] Set page size and margins explicitly (US Letter vs A4, portrait/landscape)
+- [ ] Custom paragraph styles, including overriding built-in heading styles (Heading 1, 2, …)
+- [ ] Fonts, sizes, weights, colors at run level
+- [ ] Bulleted and numbered lists via real numbering definitions (not unicode bullets)
+- [ ] Multi-level lists with continuation vs. restart behavior
+- [ ] Tables with: column widths, cell widths, borders, shading, padding, vertical alignment
+- [ ] Hyperlinks (external) and internal cross-references with bookmarks
+- [ ] Headers and footers, including different first-page or odd/even
+- [ ] Page numbers and total page count fields
+- [ ] Page breaks and section breaks
+- [ ] Multi-column layouts
+- [ ] Tab stops with leaders (useful for two-column footers, TOC dot leaders)
+- [ ] Footnotes and endnotes
+- [ ] Embedded images with explicit sizing
+- [ ] Auto-generated table of contents (driven by heading outline levels)
+- [ ] File validation pass after generation
+
+### Editing existing documents (XML round-trip)
+- [ ] Unpack → edit XML → repack workflow with auto-repair on pack
+- [ ] Pretty-printing on unpack so XML is human-editable
+- [ ] Smart-quote preservation across the round-trip
+- [ ] Find-and-replace at the run/text level
+- [ ] Inserting and replacing inline images (requires updating media folder + relationships + content types + document XML in lockstep)
+
+### Tracked changes & comments
+- [ ] Insert tracked insertions (`<w:ins>`) with author and timestamp
+- [ ] Insert tracked deletions (`<w:del>` + `<w:delText>`) with author and timestamp
+- [ ] Reject another author's insertion (nested deletion inside their insertion)
+- [ ] Restore another author's deletion (sibling insertion)
+- [ ] Delete entire paragraphs/list items cleanly (mark paragraph mark as deleted)
+- [ ] Add comments anchored to a text range
+- [ ] Add threaded replies to existing comments
+- [ ] Custom comment author names
+
+> **deps:** `python-docx` (Python), `pandoc`, LibreOffice headless, Poppler (`pdftoppm`)
+
+---
+
+## pptx
+
+### Reading & inspection
+- [x] **v1** Per-slide text extraction with `## Slide N` section headers
+- [ ] **v1** Visual thumbnail grid of all slides as a single composite image (overview at a glance)
+- [ ] **v1** Per-slide full-resolution rasterization (via PDF intermediate)
+- [ ] **v1** Raw XML unpack of the `.pptx` zip
+
+> **Important for v1:** the thumbnail-grid script is a load-bearing
+> capability for this milestone. Implementation path: LibreOffice headless
+> renders `.pptx` → PDF, `pdftoppm` rasterizes pages → Pillow composes a
+> grid image at a fixed cell size (e.g. 4 columns × N rows). The script
+> should print the path to the resulting image so the model can read it
+> back as a multimodal attachment.
+
+### Creating from scratch (no template)
+- [ ] Slide creation with arbitrary layouts using `pptxgenjs` (Node) or `python-pptx`
+- [ ] Text boxes with full typography (font family, size, weight, color, alignment, line spacing)
+- [ ] Shapes (rectangles, circles, lines, arrows) with fill, stroke, opacity
+- [ ] Native charts (bar, line, pie, etc.)
+- [ ] Tables
+- [ ] Images (embedded, sized, positioned)
+- [ ] Slide masters and per-slide layouts
+- [ ] Speaker notes
+- [ ] Color palettes / theming
+
+### Editing an existing template (XML round-trip)
+- [ ] Unpack → manipulate slides → edit content → clean → pack
+- [ ] Duplicate a slide (with all the side-effect updates: notes refs, content types, relationship IDs)
+- [ ] Add a slide from a layout
+- [ ] Delete a slide (remove from `<p:sldIdLst>`, then clean up orphans)
+- [ ] Reorder slides
+- [ ] Clean up orphaned media and relationships
+- [ ] Edit slide content text via direct XML edits
+- [ ] Preserve smart quotes across the round-trip
+- [ ] Preserve formatting (`<a:rPr>` runs) when changing text
+- [ ] Bold inline labels, headers, titles
+- [ ] Use proper bullet formatting (inherit from layout, or set `<a:buChar>` / `<a:buAutoNum>`)
+
+### Quality & visual QA loop
+- [ ] Check for leftover placeholder text (lorem ipsum, "XXXX", "[insert]")
+- [ ] Convert deck → PDF → JPGs → visually inspect for overflow, overlap, low contrast, misalignment, missing margins
+- [ ] Iterate on fixes once, then stop (avoid infinite polishing loops)
+
+### Encoded design system (for the eventual creation skill)
+- [ ] Color palette suggestions tied to topic (don't default to blue)
+- [ ] Typography pairings (header font + body font)
+- [ ] Layout variety (don't repeat the same layout across slides)
+- [ ] Spacing rules (0.5" min margins, 0.3–0.5" between blocks)
+- [ ] Anti-patterns to avoid (accent lines under titles, full-width colored bars, cream backgrounds, text-only slides, overflow)
+
+> **deps:** `python-pptx` (Python), Pillow, LibreOffice headless, Poppler (`pdftoppm`)
+
+---
+
+## xlsx
+
+### Reading & analysis
+- [x] **v1** Quick text dump of all sheets (tab-separated rows under sheet headers)
+- [ ] **v1** Same dump for `.xlsm` (just override the format)
+- [ ] **v1** Pandas-based analysis (`read_excel`, `head`, `info`, `describe`, multi-sheet load)
+- [x] **v1** Read-only mode for very large files
+- [x] **v1** Read calculated values (vs. formulas) via `data_only=True`
+
+### Creating new files
+- [ ] New workbook with multiple sheets (openpyxl)
+- [ ] Cell values, ranges, append rows
+- [ ] Excel formulas as strings (`=SUM(...)`, `=AVERAGE(...)`, etc.)
+- [ ] Cross-sheet references (`Sheet1!A1`)
+- [ ] Cell formatting: font (family, size, bold, color), fill (background color), alignment, number formats
+- [ ] Column widths and row heights
+- [ ] Merged cells
+- [ ] Conditional formatting
+- [ ] Charts (bar, line, pie, scatter) bound to data ranges
+- [ ] Named ranges
+- [ ] Cell comments / notes
+- [ ] Data validation (dropdowns, restricted input)
+- [ ] Freeze panes, hidden rows/columns
+
+### Editing existing files
+- [ ] Load + modify while preserving formulas and formatting (openpyxl, not pandas)
+- [ ] Insert/delete rows and columns
+- [ ] Add new sheets
+- [ ] Iterate all sheets by name
+- [ ] Watch out: opening with `data_only=True` and saving destroys formulas
+
+### Formula recalculation pipeline
+- [ ] After any openpyxl write, formulas exist as strings but have no cached values
+- [ ] Recalculate by opening in LibreOffice headless and triggering a recalc-and-save
+- [ ] Scan all cells afterward for `#REF!`, `#DIV/0!`, `#VALUE!`, `#N/A`, `#NAME?`
+- [ ] Return structured error report (count + locations) so you can fix and re-run
+
+### Standards/conventions encoded in SKILL.md (for the eventual creation skill)
+- [ ] Financial-model color coding (blue=input, black=formula, green=cross-sheet link, red=external link, yellow=key assumption)
+- [ ] Number formats: years as text, currency `$#,##0`, zeros as `-`, parens for negatives, `0.0x` for multiples
+- [ ] Always reference assumption cells, never hardcode values inside formulas
+- [ ] Document hardcoded inputs with source citations
+- [ ] Use formulas, not Python-computed-and-pasted values, so the model stays live
+
+> **deps:** `openpyxl`, `pandas` (Python), LibreOffice headless
+
+---
+
+## pdf (creation & manipulation)
+
+> Reading lives in the separate `pdf-reading` skill below. This skill is
+> entirely **later milestones** — none of it is in v1.
+
+### Creation
+- [ ] Low-level canvas drawing (text, lines, shapes at coordinates) via `reportlab` Canvas
+- [ ] High-level document flow (paragraphs, headings, page breaks, spacers) via `reportlab` Platypus
+- [ ] Page size and orientation control
+- [ ] Subscripts/superscripts via XML markup tags (NOT unicode characters — they render as black boxes in built-in fonts)
+- [ ] JavaScript alternative: `pdf-lib`
+
+### Merging & splitting
+- [ ] Concatenate multiple PDFs into one (`pypdf` or `qpdf --empty --pages`)
+- [ ] Split into one-file-per-page
+- [ ] Extract a page range into a new file (`qpdf input.pdf --pages . 1-5 -- out.pdf`)
+- [ ] `pdftk` equivalents if available
+
+### Page operations
+- [ ] Rotate pages (any multiple of 90°), single page or all
+- [ ] Reorder pages
+- [ ] Delete pages
+
+### Watermarking
+- [ ] Overlay a watermark PDF page onto every page of a target PDF (`merge_page`)
+
+### Image extraction
+- [ ] All embedded raster images via `pdfimages -j` (JPG) or `-png`
+- [ ] Specific page ranges
+- [ ] Original format preservation with `-all`
+
+### OCR (scanned PDFs)
+- [ ] Convert pages to images with `pdf2image`
+- [ ] Run `pytesseract` on each image to recover text
+
+### Encryption / decryption
+- [ ] Encrypt with user and owner passwords
+- [ ] Decrypt with `qpdf --password=... --decrypt`
+
+### Form filling
+- [ ] Detect whether a PDF has fillable fields
+- [ ] Extract field metadata (name, page, bounding box, type, options for checkboxes/radios/dropdowns)
+- [ ] Fill text fields, set checkbox states, choose radio option, pick dropdown value
+- [ ] Fall-back path for non-fillable PDFs: place text annotations at coordinates
+- [ ] Validate field IDs and values before writing
+
+### Metadata
+- [ ] Read/write title, author, subject, creator, producer
+
+> **deps:** `pypdf`, `reportlab`, `pdfplumber`, `pdf2image`, `pytesseract` (Python); `pypdfium2` for higher-fidelity rendering; `qpdf`, `pdftk`, Poppler suite (CLI); Tesseract binary
+
+---
+
+## pdf-reading
+
+> This skill does not yet exist in `/mnt/skills/public/` — it needs to be
+> split out from the current `pdf` skill. **Entirely v1.**
+
+### Diagnostic content inventory (run before anything else)
+- [ ] **v1** Page count, file size, version, metadata (`pdfinfo`)
+- [ ] **v1** Quick "is this text or scanned?" check (`pdftotext` first page sample)
+- [ ] **v1** List of embedded raster images with size/color/compression (`pdfimages -list`)
+- [ ] **v1** List of file attachments embedded in the PDF (`pdfdetach -list`)
+- [ ] **v1** Font report — embedded? custom encoding? (`pdffonts`) — diagnoses garbled extraction
+
+### Text extraction strategies
+- [x] **v1** Basic: `pypdf` page-by-page _(lives in `pdf/extract.py` today; needs reorganizing under `pdf-reading/`)_
+- [ ] **v1** Layout-preserving for multi-column: `pdftotext -layout`
+- [ ] **v1** Layout-aware with positioning data: `pdfplumber`
+- [ ] **v1** Page range selection (`-f` first, `-l` last)
+
+### Visual inspection
+- [ ] **v1** Rasterize a single page (or range) at chosen DPI with `pdftoppm`
+- [ ] **v1** Awareness of zero-padded filename behavior (depends on total page count)
+- [ ] **v1** Token-cost tradeoff between text extraction (~200–400 tok/page) and rasterized image (~1,600 tok/page) — encoded in `SKILL.md` prose
+
+### Strategy decision tree (the real value of this skill)
+- [ ] **v1** Text-heavy → text extraction primary, rasterize specific figures
+- [ ] **v1** Scanned → rasterize + OCR
+- [ ] **v1** Slide-deck PDFs → rasterize per-page on demand
+- [ ] **v1** Forms → extract field values programmatically
+- [ ] **v1** Data-heavy → `pdfplumber` for tables + rasterize for charts
+
+### Table extraction
+- [ ] **v1** `pdfplumber` `page.extract_tables()`
+- [ ] Convert to pandas DataFrame, combine across pages, export to xlsx _(later — write step)_
+
+### Embedded image extraction
+- [ ] **v1** All / specific page range / original-format flags via `pdfimages`
+- [ ] **v1** Programmatic alternative with PyMuPDF (`fitz`) including position data and color-space normalization
+- [ ] **v1** Gotcha awareness: vector charts (matplotlib/Excel) won't appear — must rasterize the whole page _(in `SKILL.md`)_
+- [ ] **v1** Gotcha awareness: tiny "empty" images are usually masks/decoration; filter by file size _(in `SKILL.md`)_
+
+### Attachment extraction
+- [ ] **v1** List, save-all, save-by-index via `pdfdetach`
+- [ ] **v1** Programmatic via `pypdf`'s `reader.attachments` (sanitize filenames!)
+- [ ] **v1** Awareness of two attachment mechanisms (page-level annotations vs. document-level EmbeddedFiles tree)
+
+### Form field reading (read-only — filling lives in the `pdf` skill)
+- [ ] **v1** Text-only fields via `get_form_text_fields()`
+- [ ] **v1** All field types (checkbox, radio, dropdown) via `get_fields()` with `/V` and `/FT` keys
+- [ ] Comprehensive metadata via `pdftk dump_data_fields`
+
+### Rare embedded media
+- [ ] Audio/video/3D — first check `pdfdetach`, fall back to PyMuPDF page annotations
+
+### Font diagnostics
+- [ ] **v1** Identify non-embedded fonts or Identity-H encodings without CIDToGID maps as the cause of garbled extraction → fall back to rasterization _(in `SKILL.md`)_
+
+### OCR (for scanned PDFs detected by the diagnostic step)
+- [ ] **v1** Convert pages to images with `pdf2image`
+- [ ] **v1** Run `pytesseract` on each image to recover text
+
+> **deps:** `pypdf`, `pdfplumber`, `pymupdf` / `fitz` (Python); Poppler suite (`pdfinfo`, `pdftotext`, `pdftoppm`, `pdfimages`, `pdfdetach`, `pdffonts`); `qpdf`; for OCR: `pytesseract` + `pdf2image` + Tesseract binary
+
+---
+
+## file-reading (router)
+
+- [x] **v1** Map extension → which sub-skill to invoke
+- [ ] **v1** Update routing table once `pdf-reading` is split out from `pdf`
+- [ ] **v1** Mention `file <path>` fallback for unknown formats
+
+---
+
+## v1 summary — what we're shipping in the reading milestone
+
+In rough sequence:
+
+1. **`pdf-reading`** — split from current `pdf/`, add `pdfinfo` diagnostic, layout-preserving extraction, rasterization, OCR fallback, table extraction, attachment extraction, form-field reading, and the strategy decision tree in `SKILL.md`.
+2. **`pptx`** thumbnail grid + per-slide rasterization + raw XML unpack. The grid is the headline capability.
+3. **`xlsx`** pandas-analysis script + `.xlsm` support.
+4. **`docx`** tracked-changes-aware extraction, raw XML unpack, page rasterization, legacy `.doc`→`.docx` conversion.
+5. **`file-reading`** routing table updated.
+6. **`SKILL.md` prose pass** — fold the pitfall lists from this doc (smart quotes, formula recalc, vector-chart pdfimages gap, font diagnostics, etc.) into the per-skill `SKILL.md` files. This is where the real model UX value lives.
+
+System dependencies that need to land in the Dockerfile for v1:
+
+- LibreOffice headless (`libreoffice-core`, `libreoffice-impress`, `libreoffice-calc`, `libreoffice-writer` — pick the minimum that covers what we need)
+- Poppler suite (`poppler-utils` Debian package: `pdfinfo`, `pdftotext`, `pdftoppm`, `pdfimages`, `pdfdetach`, `pdffonts`)
+- `qpdf`
+- Tesseract OCR (`tesseract-ocr` + at minimum `tesseract-ocr-eng`)
+- Pillow (Python; pulls in libjpeg/libpng via wheels — may already be present transitively)
+- `pdfplumber`, `pymupdf`, `pdf2image`, `pytesseract`, `pandas` (Python)
+
+Estimated image-size impact: roughly +1–1.5GB compressed (LibreOffice dominates at ~500MB; Tesseract + language data ~150MB; the rest is small). Acceptable for a sandbox image.
diff --git a/packages/sandbox/image/skills/_bin/pptx-extract b/packages/sandbox/image/skills/_bin/pptx-extract
new file mode 100644
index 0000000000..60aa1e7f3e
--- /dev/null
+++ b/packages/sandbox/image/skills/_bin/pptx-extract
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec python3 /mnt/skills/public/pptx/extract.py "$@"
diff --git a/packages/sandbox/image/skills/_bin/pptx-rasterize b/packages/sandbox/image/skills/_bin/pptx-rasterize
new file mode 100644
index 0000000000..ac62353048
--- /dev/null
+++ b/packages/sandbox/image/skills/_bin/pptx-rasterize
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec python3 /mnt/skills/public/pptx/rasterize.py "$@"
diff --git a/packages/sandbox/image/skills/_bin/pptx-thumbnail b/packages/sandbox/image/skills/_bin/pptx-thumbnail
new file mode 100644
index 0000000000..e9b6d2350d
--- /dev/null
+++ b/packages/sandbox/image/skills/_bin/pptx-thumbnail
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec python3 /mnt/skills/public/pptx/thumbnail.py "$@"
diff --git a/packages/sandbox/image/skills/_bin/pptx-unpack b/packages/sandbox/image/skills/_bin/pptx-unpack
new file mode 100644
index 0000000000..3779746162
--- /dev/null
+++ b/packages/sandbox/image/skills/_bin/pptx-unpack
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec python3 /mnt/skills/public/pptx/unpack.py "$@"
diff --git a/packages/sandbox/image/skills/docx/SKILL.md b/packages/sandbox/image/skills/docx/SKILL.md
new file mode 100644
index 0000000000..0ee685e8ce
--- /dev/null
+++ b/packages/sandbox/image/skills/docx/SKILL.md
@@ -0,0 +1,26 @@
+# docx — Word documents
+
+Use this skill to read or summarize `.docx` files.
+
+## Scripts
+
+### extract.py
+
+Print text content from a `.docx` as plain text. Paragraphs are separated by
+blank lines; tables are rendered with tab-separated cells.
+
+```
+python /mnt/skills/public/docx/extract.py <path-to-file.docx>
+```
+
+## Direct python-docx usage
+
+For headings, styles, tables, images, or editing, import `docx` directly. The
+library is preinstalled.
+
+```python
+from docx import Document
+doc = Document("/path/to/file.docx")
+for paragraph in doc.paragraphs:
+    ...
+```
diff --git a/packages/sandbox/image/skills/docx/extract.py b/packages/sandbox/image/skills/docx/extract.py
new file mode 100644
index 0000000000..03a9e25157
--- /dev/null
+++ b/packages/sandbox/image/skills/docx/extract.py
@@ -0,0 +1,27 @@
+#!/usr/bin/env python3
+"""Extract text from a Word (.docx) file."""
+
+import sys
+
+from docx import Document
+
+
+def main(path: str) -> int:
+    doc = Document(path)
+    for paragraph in doc.paragraphs:
+        if paragraph.text.strip():
+            print(paragraph.text)
+        else:
+            print()
+    for table in doc.tables:
+        print()
+        for row in table.rows:
+            print("\t".join(cell.text for cell in row.cells))
+    return 0
+
+
+if __name__ == "__main__":
+    if len(sys.argv) != 2:
+        print("usage: extract.py <file.docx>", file=sys.stderr)
+        sys.exit(2)
+    sys.exit(main(sys.argv[1]))
diff --git a/packages/sandbox/image/skills/file-reading/SKILL.md b/packages/sandbox/image/skills/file-reading/SKILL.md
new file mode 100644
index 0000000000..85f7092f34
--- /dev/null
+++ b/packages/sandbox/image/skills/file-reading/SKILL.md
@@ -0,0 +1,18 @@
+# file-reading — router by file type
+
+When asked to read or summarize a file, dispatch by extension to the
+appropriate skill under `/mnt/skills/public/`:
+
+| Extension     | Skill   | Script                                        |
+| ------------- | ------- | --------------------------------------------- |
+| `.pptx`       | `pptx`  | `python /mnt/skills/public/pptx/extract.py`   |
+| `.docx`       | `docx`  | `python /mnt/skills/public/docx/extract.py`   |
+| `.xlsx`       | `xlsx`  | `python /mnt/skills/public/xlsx/extract.py`   |
+| `.pdf`        | `pdf`   | `python /mnt/skills/public/pdf/extract.py`    |
+| `.txt`, `.md` | —       | `cat`                                         |
+| `.csv`        | —       | `cat` (or `column -t -s,` for alignment)      |
+| `.json`       | —       | `cat` (or `jq .` if structure matters)        |
+
+For extensions not listed, read the corresponding `SKILL.md` under
+`/mnt/skills/public/` if one exists, otherwise fall back to `file <path>` to
+identify the format and proceed manually.
diff --git a/packages/sandbox/image/skills/pdf/SKILL.md b/packages/sandbox/image/skills/pdf/SKILL.md
new file mode 100644
index 0000000000..12fb923d95
--- /dev/null
+++ b/packages/sandbox/image/skills/pdf/SKILL.md
@@ -0,0 +1,29 @@
+# pdf — PDF documents
+
+Use this skill to read text from `.pdf` files.
+
+## Scripts
+
+### extract.py
+
+Print text content from a `.pdf`, page by page.
+
+```
+python /mnt/skills/public/pdf/extract.py <path-to-file.pdf>
+```
+
+Output is plain text with `--- page N ---` separators. PDFs that are pure
+scans (image-only, no embedded text layer) will produce empty pages — OCR is
+not performed.
+
+## Direct pypdf usage
+
+For metadata, structure, splitting, merging, or filling forms, import `pypdf`
+directly. The library is preinstalled.
+
+```python
+from pypdf import PdfReader
+reader = PdfReader("/path/to/file.pdf")
+for page in reader.pages:
+    text = page.extract_text()
+```
diff --git a/packages/sandbox/image/skills/pdf/extract.py b/packages/sandbox/image/skills/pdf/extract.py
new file mode 100644
index 0000000000..1ab7d94f1f
--- /dev/null
+++ b/packages/sandbox/image/skills/pdf/extract.py
@@ -0,0 +1,23 @@
+#!/usr/bin/env python3
+"""Extract text from a PDF file, page by page."""
+
+import sys
+
+from pypdf import PdfReader
+
+
+def main(path: str) -> int:
+    reader = PdfReader(path)
+    for index, page in enumerate(reader.pages, start=1):
+        print(f"--- page {index} ---")
+        text = page.extract_text() or ""
+        print(text.strip())
+        print()
+    return 0
+
+
+if __name__ == "__main__":
+    if len(sys.argv) != 2:
+        print("usage: extract.py <file.pdf>", file=sys.stderr)
+        sys.exit(2)
+    sys.exit(main(sys.argv[1]))
diff --git a/packages/sandbox/image/skills/pptx/SKILL.md b/packages/sandbox/image/skills/pptx/SKILL.md
new file mode 100644
index 0000000000..1557d40200
--- /dev/null
+++ b/packages/sandbox/image/skills/pptx/SKILL.md
@@ -0,0 +1,76 @@
+# pptx — PowerPoint presentations
+
+Reading and inspection of `.pptx` files. Editing and creation are not yet
+supported.
+
+## Quick reference
+
+| Task                          | Command                                       |
+| ----------------------------- | --------------------------------------------- |
+| Plain-text dump               | `pptx-extract <file.pptx>`                    |
+| Plain-text + speaker notes    | `pptx-extract --notes <file.pptx>`            |
+| Visual overview (grid image)  | `pptx-thumbnail <file.pptx>`                  |
+| One slide at full resolution  | `pptx-rasterize --pages 3 <file.pptx>`        |
+| Several slides                | `pptx-rasterize --pages 1,3-5 <file.pptx>`    |
+| Raw XML inspection            | `pptx-unpack <file.pptx>`                     |
+
+Every command writes its output next to the input file and prints the
+output path(s) on stdout.
+
+## Reading text
+
+`pptx-extract` prints each slide as a `## Slide N` section followed by the
+visible text. Speaker notes are excluded by default; pass `--notes` to
+include them under a `### Notes` subsection per slide.
+
+## Visual overview
+
+`pptx-thumbnail` produces two artifacts:
+
+- A composite grid image at `<input-stem>.thumbnail.jpg` — 4-column grid
+  with a small slide-number overlay on each cell. Suitable for a single
+  multimodal read to get the shape of the deck.
+- A directory `<input-stem>.slides/` containing per-slide JPGs at the
+  same resolution. When a slide in the grid looks interesting, read
+  `slide-NNN.jpg` directly instead of re-running `pptx-thumbnail`.
+
+To actually see the rendered image, call the `read` tool on the path
+`pptx-thumbnail` printed:
+
+```
+read /home/sandbox/deck.thumbnail.jpg
+```
+
+The image is injected into the next turn as a vision input.
+
+## Per-slide rasterization
+
+`pptx-rasterize` renders specific slides at higher DPI (default 150) into
+`<input-stem>.rasterized/slide-NNN.jpg`. Use `--pages 3` for a single
+slide or `--pages 1,3-5` for a selection. Override DPI with `--dpi`.
+
+Pass the resulting path to the `read` tool to actually see the slide.
+
+## Raw XML
+
+`pptx-unpack` unzips the `.pptx` into `<input-stem>.unpacked/`. Useful
+locations inside:
+
+- `ppt/slides/slideN.xml` — slide content
+- `ppt/notesSlides/notesSlideN.xml` — speaker notes
+- `ppt/media/` — embedded images
+- `ppt/theme/` — color palette and font definitions
+
+## Direct python-pptx usage
+
+For programmatic access beyond what these scripts cover (table cell data,
+shape positions, layout metadata, etc.), import `pptx` directly. The
+library is preinstalled.
+
+```python
+from pptx import Presentation
+prs = Presentation("/path/to/file.pptx")
+for slide in prs.slides:
+    for shape in slide.shapes:
+        ...
+```
diff --git a/packages/sandbox/image/skills/pptx/_office.py b/packages/sandbox/image/skills/pptx/_office.py
new file mode 100644
index 0000000000..61ab1347fb
--- /dev/null
+++ b/packages/sandbox/image/skills/pptx/_office.py
@@ -0,0 +1,61 @@
+"""Sandbox-safe LibreOffice headless wrapper.
+
+LibreOffice's defaults assume an interactive desktop session: a persistent
+user profile under ~/.config/libreoffice with lockfiles, recovery dialogs,
+first-start wizards, and dbus integration that depends on /etc/machine-id.
+None of that is friendly to a hardened, parallel-invocation sandbox.
+
+The `convert_to_pdf` helper here neutralises those by routing every soffice
+invocation through a fresh per-call user profile and suppressing the
+interactive cruft.
+"""
+
+import os
+import subprocess
+import tempfile
+from pathlib import Path
+
+
+def convert_to_pdf(src: Path, out_dir: Path, *, timeout: float = 180.0) -> Path:
+    """Convert `src` to PDF inside `out_dir`. Returns the resulting PDF path."""
+    out_dir.mkdir(parents=True, exist_ok=True)
+    with tempfile.TemporaryDirectory(prefix="lo_profile_") as profile:
+        env = {
+            **os.environ,
+            "HOME": profile,
+            "SAL_USE_COMMON_ONE_INSTANCE": "1",
+            "LC_ALL": os.environ.get("LC_ALL", "en_US.UTF-8"),
+        }
+        cmd = [
+            "soffice",
+            "--headless",
+            "--norestore",
+            "--nofirststartwizard",
+            "--nolockcheck",
+            f"-env:UserInstallation=file://{profile}",
+            "--convert-to",
+            "pdf",
+            "--outdir",
+            str(out_dir),
+            str(src),
+        ]
+        result = subprocess.run(
+            cmd,
+            env=env,
+            capture_output=True,
+            text=True,
+            timeout=timeout,
+            check=False,
+        )
+    if result.returncode != 0:
+        raise RuntimeError(
+            f"soffice failed (exit {result.returncode})\n"
+            f"stdout:\n{result.stdout}\nstderr:\n{result.stderr}"
+        )
+    pdf_path = out_dir / (src.stem + ".pdf")
+    if not pdf_path.exists():
+        raise RuntimeError(
+            f"soffice succeeded but expected PDF not found at {pdf_path}\n"
+            f"stdout:\n{result.stdout}\nstderr:\n{result.stderr}"
+        )
+    return pdf_path
diff --git a/packages/sandbox/image/skills/pptx/extract.py b/packages/sandbox/image/skills/pptx/extract.py
new file mode 100644
index 0000000000..0361de8a2f
--- /dev/null
+++ b/packages/sandbox/image/skills/pptx/extract.py
@@ -0,0 +1,43 @@
+#!/usr/bin/env python3
+"""Extract text from a PowerPoint (.pptx) file."""
+
+import argparse
+import sys
+
+from pptx import Presentation
+
+
+def main(argv: list[str]) -> int:
+    parser = argparse.ArgumentParser(description="Extract text from a .pptx.")
+    parser.add_argument("input")
+    parser.add_argument(
+        "--notes",
+        action="store_true",
+        help="Include speaker notes under a ### Notes subsection per slide.",
+    )
+    args = parser.parse_args(argv)
+
+    prs = Presentation(args.input)
+    for index, slide in enumerate(prs.slides, start=1):
+        print(f"## Slide {index}")
+        print()
+        for shape in slide.shapes:
+            if not shape.has_text_frame:
+                continue
+            for paragraph in shape.text_frame.paragraphs:
+                text = "".join(run.text for run in paragraph.runs)
+                if text.strip():
+                    print(text)
+        if args.notes and slide.has_notes_slide:
+            notes = slide.notes_slide.notes_text_frame.text.strip()
+            if notes:
+                print()
+                print("### Notes")
+                print()
+                print(notes)
+        print()
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main(sys.argv[1:]))
diff --git a/packages/sandbox/image/skills/pptx/rasterize.py b/packages/sandbox/image/skills/pptx/rasterize.py
new file mode 100644
index 0000000000..411c0f8415
--- /dev/null
+++ b/packages/sandbox/image/skills/pptx/rasterize.py
@@ -0,0 +1,114 @@
+#!/usr/bin/env python3
+"""Render specific .pptx slides at full resolution.
+
+Same soffice + pdftoppm pipeline as `thumbnail.py`, but at higher DPI and
+without the grid composition step. Useful when the model has already seen
+the thumbnail grid and wants one slide back at higher fidelity.
+"""
+
+import argparse
+import shutil
+import subprocess
+import sys
+import tempfile
+from pathlib import Path
+
+sys.path.insert(0, str(Path(__file__).parent))
+from _office import convert_to_pdf  # noqa: E402
+
+
+def parse_pages(spec: str | None, total: int) -> list[int]:
+    if spec is None:
+        return list(range(1, total + 1))
+    pages: set[int] = set()
+    for part in spec.split(","):
+        part = part.strip()
+        if "-" in part:
+            a, b = part.split("-", 1)
+            pages.update(range(int(a), int(b) + 1))
+        else:
+            pages.add(int(part))
+    return sorted(p for p in pages if 1 <= p <= total)
+
+
+def main(argv: list[str]) -> int:
+    parser = argparse.ArgumentParser(description="Rasterise pptx slides.")
+    parser.add_argument("input", type=Path)
+    parser.add_argument(
+        "--pages",
+        default=None,
+        help='Selection like "3" or "1,3-5"; defaults to all slides.',
+    )
+    parser.add_argument("--dpi", type=int, default=150)
+    parser.add_argument(
+        "--out",
+        type=Path,
+        default=None,
+        help="Output directory (default: <input-stem>.rasterized)",
+    )
+    args = parser.parse_args(argv)
+
+    src = args.input.resolve()
+    if not src.exists():
+        print(f"input not found: {src}", file=sys.stderr)
+        return 2
+
+    out_dir = args.out or src.with_name(src.stem + ".rasterized")
+    if out_dir.exists():
+        shutil.rmtree(out_dir)
+    out_dir.mkdir(parents=True)
+
+    with tempfile.TemporaryDirectory() as tmp:
+        tmp_path = Path(tmp)
+        pdf = convert_to_pdf(src, tmp_path)
+        info = subprocess.run(
+            ["pdfinfo", str(pdf)], capture_output=True, text=True, check=True
+        )
+        total = 0
+        for line in info.stdout.splitlines():
+            if line.startswith("Pages:"):
+                total = int(line.split(":", 1)[1].strip())
+                break
+        if total == 0:
+            print("could not determine page count", file=sys.stderr)
+            return 1
+
+        pages = parse_pages(args.pages, total)
+        if not pages:
+            print("no pages to render", file=sys.stderr)
+            return 1
+
+        # Render one page at a time. pdftoppm zero-pads its output filename
+        # based on the *total* page count of the source PDF, so producing a
+        # sparse selection (e.g. 1,5,10) into a shared prefix is messy.
+        # Per-page invocations keep the output predictable and let us name
+        # the result deterministically as slide-NNN.jpg.
+        for page in pages:
+            prefix = tmp_path / f"page-{page}"
+            subprocess.run(
+                [
+                    "pdftoppm",
+                    "-jpeg",
+                    "-r",
+                    str(args.dpi),
+                    "-f",
+                    str(page),
+                    "-l",
+                    str(page),
+                    str(pdf),
+                    str(prefix),
+                ],
+                check=True,
+            )
+            matches = list(tmp_path.glob(f"{prefix.name}*.jpg"))
+            if not matches:
+                print(f"no output for page {page}", file=sys.stderr)
+                return 1
+            shutil.move(str(matches[0]), str(out_dir / f"slide-{page:03d}.jpg"))
+
+    print(out_dir)
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main(sys.argv[1:]))
diff --git a/packages/sandbox/image/skills/pptx/thumbnail.py b/packages/sandbox/image/skills/pptx/thumbnail.py
new file mode 100644
index 0000000000..71bfc36f0d
--- /dev/null
+++ b/packages/sandbox/image/skills/pptx/thumbnail.py
@@ -0,0 +1,112 @@
+#!/usr/bin/env python3
+"""Render a .pptx as a thumbnail-grid composite image plus per-slide JPGs.
+
+Pipeline: LibreOffice headless renders the deck to PDF, `pdftoppm` rasterises
+each page at 96 DPI, Pillow downscales and assembles a 4-column grid with a
+small slide-number overlay in the top-left of each cell. Per-slide JPGs are
+preserved in a sibling directory so the model can pull a single slide at full
+resolution after spotting it in the grid.
+"""
+
+import argparse
+import shutil
+import subprocess
+import sys
+import tempfile
+from pathlib import Path
+
+from PIL import Image, ImageDraw, ImageFont
+
+sys.path.insert(0, str(Path(__file__).parent))
+from _office import convert_to_pdf  # noqa: E402
+
+GRID_COLS = 4
+THUMB_WIDTH = 320
+GAP = 12
+BG = (240, 240, 240)
+LABEL_BG = (255, 255, 255)
+LABEL_FG = (24, 24, 24)
+LABEL_FONT_PATH = "/usr/share/fonts/truetype/dejavu/DejaVuSans-Bold.ttf"
+
+
+def main(argv: list[str]) -> int:
+    parser = argparse.ArgumentParser(description="Render a pptx as a thumbnail grid.")
+    parser.add_argument("input", type=Path)
+    parser.add_argument(
+        "--out",
+        type=Path,
+        default=None,
+        help="Output composite image path (default: <input-stem>.thumbnail.jpg)",
+    )
+    args = parser.parse_args(argv)
+
+    src = args.input.resolve()
+    if not src.exists():
+        print(f"input not found: {src}", file=sys.stderr)
+        return 2
+
+    out_grid = args.out or src.with_name(src.stem + ".thumbnail.jpg")
+    out_slides_dir = src.with_name(src.stem + ".slides")
+
+    with tempfile.TemporaryDirectory() as tmp:
+        tmp_path = Path(tmp)
+        pdf = convert_to_pdf(src, tmp_path)
+        prefix = tmp_path / "slide"
+        subprocess.run(
+            ["pdftoppm", "-jpeg", "-r", "96", str(pdf), str(prefix)],
+            check=True,
+        )
+        slides = sorted(tmp_path.glob("slide-*.jpg"))
+        if not slides:
+            print("no slides produced by pdftoppm", file=sys.stderr)
+            return 1
+
+        if out_slides_dir.exists():
+            shutil.rmtree(out_slides_dir)
+        out_slides_dir.mkdir(parents=True)
+        slide_paths: list[Path] = []
+        for i, src_jpg in enumerate(slides, start=1):
+            dst = out_slides_dir / f"slide-{i:03d}.jpg"
+            shutil.copy(src_jpg, dst)
+            slide_paths.append(dst)
+
+        thumbs = []
+        for jpg in slide_paths:
+            img = Image.open(jpg).convert("RGB")
+            ratio = THUMB_WIDTH / img.width
+            new_h = int(img.height * ratio)
+            thumbs.append(img.resize((THUMB_WIDTH, new_h), Image.LANCZOS))
+
+        thumb_h = thumbs[0].height
+        n = len(thumbs)
+        rows = (n + GRID_COLS - 1) // GRID_COLS
+        comp_w = GRID_COLS * THUMB_WIDTH + (GRID_COLS + 1) * GAP
+        comp_h = rows * thumb_h + (rows + 1) * GAP
+        comp = Image.new("RGB", (comp_w, comp_h), BG)
+
+        try:
+            font = ImageFont.truetype(LABEL_FONT_PATH, 18)
+        except OSError:
+            font = ImageFont.load_default()
+
+        for idx, thumb in enumerate(thumbs):
+            row, col = divmod(idx, GRID_COLS)
+            x = GAP + col * (THUMB_WIDTH + GAP)
+            y = GAP + row * (thumb_h + GAP)
+            comp.paste(thumb, (x, y))
+            label = str(idx + 1)
+            label_w = 14 + len(label) * 11
+            label_h = 26
+            label_box = Image.new("RGB", (label_w, label_h), LABEL_BG)
+            ImageDraw.Draw(label_box).text((6, 2), label, fill=LABEL_FG, font=font)
+            comp.paste(label_box, (x + 6, y + 6))
+
+        comp.save(out_grid, "JPEG", quality=85)
+
+    print(out_grid)
+    print(out_slides_dir)
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main(sys.argv[1:]))
diff --git a/packages/sandbox/image/skills/pptx/unpack.py b/packages/sandbox/image/skills/pptx/unpack.py
new file mode 100644
index 0000000000..12484ade32
--- /dev/null
+++ b/packages/sandbox/image/skills/pptx/unpack.py
@@ -0,0 +1,40 @@
+#!/usr/bin/env python3
+"""Unpack a .pptx archive's XML and media into a directory."""
+
+import argparse
+import shutil
+import sys
+import zipfile
+from pathlib import Path
+
+
+def main(argv: list[str]) -> int:
+    parser = argparse.ArgumentParser(description="Unpack .pptx XML.")
+    parser.add_argument("input", type=Path)
+    parser.add_argument(
+        "--out",
+        type=Path,
+        default=None,
+        help="Output directory (default: <input-stem>.unpacked)",
+    )
+    args = parser.parse_args(argv)
+
+    src = args.input.resolve()
+    if not src.exists():
+        print(f"input not found: {src}", file=sys.stderr)
+        return 2
+
+    out_dir = args.out or src.with_name(src.stem + ".unpacked")
+    if out_dir.exists():
+        shutil.rmtree(out_dir)
+    out_dir.mkdir(parents=True)
+
+    with zipfile.ZipFile(src) as zf:
+        zf.extractall(out_dir)
+
+    print(out_dir)
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main(sys.argv[1:]))
diff --git a/packages/sandbox/image/skills/xlsx/SKILL.md b/packages/sandbox/image/skills/xlsx/SKILL.md
new file mode 100644
index 0000000000..2565e8975a
--- /dev/null
+++ b/packages/sandbox/image/skills/xlsx/SKILL.md
@@ -0,0 +1,30 @@
+# xlsx — Excel spreadsheets
+
+Use this skill to read or summarize `.xlsx` files.
+
+## Scripts
+
+### extract.py
+
+Print sheet contents from an `.xlsx` as TSV. Each sheet is preceded by a
+`--- sheet "<name>" ---` header.
+
+```
+python /mnt/skills/public/xlsx/extract.py <path-to-file.xlsx>
+```
+
+Empty trailing rows and columns are trimmed. Cell values are stringified;
+formulas show their cached value, not the formula text.
+
+## Direct openpyxl usage
+
+For richer operations (formulas, formatting, charts, writing workbooks),
+import `openpyxl` directly. The library is preinstalled.
+
+```python
+from openpyxl import load_workbook
+wb = load_workbook("/path/to/file.xlsx", data_only=True)
+for sheet in wb.worksheets:
+    for row in sheet.iter_rows(values_only=True):
+        ...
+```
diff --git a/packages/sandbox/image/skills/xlsx/extract.py b/packages/sandbox/image/skills/xlsx/extract.py
new file mode 100644
index 0000000000..cdc4f91930
--- /dev/null
+++ b/packages/sandbox/image/skills/xlsx/extract.py
@@ -0,0 +1,27 @@
+#!/usr/bin/env python3
+"""Extract sheet contents from an Excel (.xlsx) file as TSV."""
+
+import sys
+
+from openpyxl import load_workbook
+
+
+def main(path: str) -> int:
+    workbook = load_workbook(path, data_only=True, read_only=True)
+    for sheet in workbook.worksheets:
+        print(f'--- sheet "{sheet.title}" ---')
+        for row in sheet.iter_rows(values_only=True):
+            cells = ["" if value is None else str(value) for value in row]
+            while cells and cells[-1] == "":
+                cells.pop()
+            if cells:
+                print("\t".join(cells))
+        print()
+    return 0
+
+
+if __name__ == "__main__":
+    if len(sys.argv) != 2:
+        print("usage: extract.py <file.xlsx>", file=sys.stderr)
+        sys.exit(2)
+    sys.exit(main(sys.argv[1]))
diff --git a/packages/sandbox/package.json b/packages/sandbox/package.json
new file mode 100644
index 0000000000..1e2ed0ae92
--- /dev/null
+++ b/packages/sandbox/package.json
@@ -0,0 +1,33 @@
+{
+  "name": "@decocms/sandbox",
+  "version": "0.4.4",
+  "type": "module",
+  "description": "Sandbox runner for isolated per-user containerised tool execution",
+  "scripts": {
+    "check": "tsc --noEmit",
+    "test": "bun test",
+    "build": "bun build daemon/entry.ts --target=bun --outfile=daemon/dist/daemon.js --external node-pty",
+    "dev:daemon": "bun run --watch daemon/entry.ts"
+  },
+  "exports": {
+    "./shared": "./shared.ts",
+    "./runner": "./server/runner/index.ts",
+    "./runner/agent-sandbox": "./server/runner/agent-sandbox/index.ts",
+    "./runner/freestyle": "./server/runner/freestyle/index.ts"
+  },
+  "dependencies": {
+    "@kubernetes/client-node": "^1.4.0",
+    "@opentelemetry/api": "^1.9.0",
+    "node-pty": "^1.0.0"
+  },
+  "optionalDependencies": {
+    "@freestyle-sh/with-bun": "^0.2.12",
+    "@freestyle-sh/with-deno": "^0.0.4",
+    "@freestyle-sh/with-nodejs": "^0.2.9",
+    "freestyle-sandboxes": "^0.1.46"
+  },
+  "devDependencies": {
+    "@types/bun": "latest",
+    "typescript": "^5.8.3"
+  }
+}
diff --git a/packages/sandbox/server/daemon-client.test.ts b/packages/sandbox/server/daemon-client.test.ts
new file mode 100644
index 0000000000..f1f270bd0b
--- /dev/null
+++ b/packages/sandbox/server/daemon-client.test.ts
@@ -0,0 +1,308 @@
+import { afterEach, beforeEach, describe, expect, it, mock } from "bun:test";
+import {
+  daemonBash,
+  probeDaemonHealth,
+  proxyDaemonRequest,
+} from "./daemon-client";
+
+type FetchCall = {
+  input: string;
+  init: RequestInit & { duplex?: string };
+};
+
+// Minimal fetch harness: stash calls + let each test control the response.
+function installFetch(
+  responder: (call: FetchCall) => Promise<Response> | Response,
+): { calls: FetchCall[] } {
+  const calls: FetchCall[] = [];
+  globalThis.fetch = mock(async (input: unknown, init?: unknown) => {
+    const call: FetchCall = {
+      input: String(input),
+      init: (init ?? {}) as RequestInit & { duplex?: string },
+    };
+    calls.push(call);
+    return await responder(call);
+  }) as unknown as typeof fetch;
+  return { calls };
+}
+
+let origFetch: typeof fetch;
+
+beforeEach(() => {
+  origFetch = globalThis.fetch;
+});
+
+afterEach(() => {
+  globalThis.fetch = origFetch;
+});
+
+describe("probeDaemonHealth", () => {
+  it("returns DaemonHealth when fetch resolves with valid shape", async () => {
+    installFetch(
+      () =>
+        new Response(
+          JSON.stringify({
+            ready: true,
+            bootId: "boot-123",
+            configured: true,
+            setup: { running: false, done: true },
+          }),
+          { status: 200, headers: { "content-type": "application/json" } },
+        ),
+    );
+    const result = await probeDaemonHealth("http://daemon:9000");
+    expect(result).toEqual({
+      ready: true,
+      bootId: "boot-123",
+      configured: true,
+      setup: { running: false, done: true },
+    });
+  });
+
+  it("returns null when fetch rejects (network error)", async () => {
+    installFetch(() => {
+      throw new Error("ECONNREFUSED");
+    });
+    expect(await probeDaemonHealth("http://daemon:9000")).toBeNull();
+  });
+
+  it("returns null when fetch resolves with ok=false", async () => {
+    installFetch(() => new Response("boom", { status: 500 }));
+    expect(await probeDaemonHealth("http://daemon:9000")).toBeNull();
+  });
+
+  it("returns null when response body lacks bootId", async () => {
+    installFetch(
+      () =>
+        new Response(
+          JSON.stringify({
+            ready: true,
+            setup: { running: false, done: true },
+          }),
+          { status: 200, headers: { "content-type": "application/json" } },
+        ),
+    );
+    expect(await probeDaemonHealth("http://daemon:9000")).toBeNull();
+  });
+
+  it("returns null when response body has wrong shape", async () => {
+    installFetch(
+      () =>
+        new Response(JSON.stringify({ ok: true }), {
+          status: 200,
+          headers: { "content-type": "application/json" },
+        }),
+    );
+    expect(await probeDaemonHealth("http://daemon:9000")).toBeNull();
+  });
+});
+
+describe("daemonBash", () => {
+  it("sends POST to {daemonUrl}/_decopilot_vm/bash with auth and base64 JSON body", async () => {
+    const { calls } = installFetch(
+      () =>
+        new Response(
+          JSON.stringify({
+            stdout: "hi",
+            stderr: "",
+            exitCode: 0,
+            timedOut: false,
+          }),
+          { status: 200, headers: { "content-type": "application/json" } },
+        ),
+    );
+
+    await daemonBash("http://daemon:9000", "tok-123", {
+      command: "echo hi",
+      cwd: "/work",
+      env: { A: "1" },
+    });
+
+    expect(calls).toHaveLength(1);
+    expect(calls[0]!.input).toBe("http://daemon:9000/_decopilot_vm/bash");
+    expect(calls[0]!.init.method).toBe("POST");
+
+    const headers = new Headers(calls[0]!.init.headers as HeadersInit);
+    expect(headers.get("authorization")).toBe("Bearer tok-123");
+    expect(headers.get("content-type")).toBe("application/json");
+
+    const b64Body = String(calls[0]!.init.body);
+    const rawBody = Buffer.from(b64Body, "base64").toString("utf-8");
+    const body = JSON.parse(rawBody);
+    expect(body.command).toBe("echo hi");
+    expect(body.cwd).toBe("/work");
+    expect(body.env).toEqual({ A: "1" });
+    expect(typeof body.timeout).toBe("number");
+  });
+
+  it("parses { stdout, stderr, exitCode, timedOut } on 200", async () => {
+    installFetch(
+      () =>
+        new Response(
+          JSON.stringify({
+            stdout: "out",
+            stderr: "err",
+            exitCode: 2,
+            timedOut: true,
+          }),
+          { status: 200 },
+        ),
+    );
+
+    const out = await daemonBash("http://d", "t", { command: "x" });
+    expect(out).toEqual({
+      stdout: "out",
+      stderr: "err",
+      exitCode: 2,
+      timedOut: true,
+    });
+  });
+
+  it("throws an Error containing status code when response not ok", async () => {
+    installFetch(() => new Response("nope", { status: 502 }));
+
+    await expect(daemonBash("http://d", "t", { command: "x" })).rejects.toThrow(
+      /502/,
+    );
+  });
+
+  it("uses default 60_000ms timeout when input.timeoutMs not provided", async () => {
+    const { calls } = installFetch(
+      () =>
+        new Response(JSON.stringify({ stdout: "", stderr: "", exitCode: 0 }), {
+          status: 200,
+        }),
+    );
+    await daemonBash("http://d", "t", { command: "x" });
+    const b64Body = String(calls[0]!.init.body);
+    const rawBody = Buffer.from(b64Body, "base64").toString("utf-8");
+    const body = JSON.parse(rawBody);
+    expect(body.timeout).toBe(60_000);
+    // AbortSignal must be present too (timeoutMs + 5_000 wired via AbortSignal.timeout).
+    expect(calls[0]!.init.signal).toBeInstanceOf(AbortSignal);
+  });
+
+  it("uses provided timeoutMs in body and passes an AbortSignal", async () => {
+    const { calls } = installFetch(
+      () =>
+        new Response(JSON.stringify({ stdout: "", stderr: "", exitCode: 0 }), {
+          status: 200,
+        }),
+    );
+    await daemonBash("http://d", "t", { command: "x", timeoutMs: 12_000 });
+    const b64Body = String(calls[0]!.init.body);
+    const rawBody = Buffer.from(b64Body, "base64").toString("utf-8");
+    const body = JSON.parse(rawBody);
+    expect(body.timeout).toBe(12_000);
+    // The implementation composes AbortSignal.timeout(timeoutMs + 5_000);
+    // we can't read the numeric deadline back, but we can at least confirm a
+    // signal was attached (the module is the only source of it).
+    expect(calls[0]!.init.signal).toBeInstanceOf(AbortSignal);
+  });
+
+  it("defaults missing fields in the response (stdout/stderr='', exitCode=-1)", async () => {
+    installFetch(() => new Response(JSON.stringify({}), { status: 200 }));
+    const out = await daemonBash("http://d", "t", { command: "x" });
+    expect(out).toEqual({
+      stdout: "",
+      stderr: "",
+      exitCode: -1,
+      timedOut: false,
+    });
+  });
+});
+
+describe("proxyDaemonRequest", () => {
+  it("injects Authorization: Bearer <token> header", async () => {
+    const { calls } = installFetch(() => new Response("", { status: 204 }));
+    await proxyDaemonRequest("http://d", "tok-xyz", "/_daemon/ping", {
+      method: "GET",
+      headers: new Headers(),
+      body: null,
+    });
+    const headers = new Headers(calls[0]!.init.headers as HeadersInit);
+    expect(headers.get("authorization")).toBe("Bearer tok-xyz");
+  });
+
+  const STRIP = [
+    "cookie",
+    "host",
+    "connection",
+    "keep-alive",
+    "proxy-authenticate",
+    "proxy-authorization",
+    "te",
+    "trailer",
+    "transfer-encoding",
+    "accept-encoding",
+    "content-length",
+  ];
+
+  for (const hdr of STRIP) {
+    it(`strips forbidden request header: ${hdr}`, async () => {
+      const { calls } = installFetch(() => new Response("", { status: 204 }));
+      const h = new Headers();
+      h.set(hdr, "something");
+      h.set("x-keep", "kept");
+      await proxyDaemonRequest("http://d", "t", "/p", {
+        method: "GET",
+        headers: h,
+        body: null,
+      });
+      const sent = new Headers(calls[0]!.init.headers as HeadersInit);
+      expect(sent.get(hdr)).toBeNull();
+      expect(sent.get("x-keep")).toBe("kept");
+    });
+  }
+
+  it("does not forward body for GET", async () => {
+    const { calls } = installFetch(() => new Response("", { status: 204 }));
+    await proxyDaemonRequest("http://d", "t", "/p", {
+      method: "GET",
+      headers: new Headers(),
+      body: "should-not-forward",
+    });
+    expect(calls[0]!.init.body).toBeUndefined();
+  });
+
+  it("does not forward body for HEAD", async () => {
+    const { calls } = installFetch(() => new Response("", { status: 204 }));
+    await proxyDaemonRequest("http://d", "t", "/p", {
+      method: "HEAD",
+      headers: new Headers(),
+      body: "should-not-forward",
+    });
+    expect(calls[0]!.init.body).toBeUndefined();
+  });
+
+  it("forwards body for POST", async () => {
+    const { calls } = installFetch(() => new Response("", { status: 204 }));
+    await proxyDaemonRequest("http://d", "t", "/p", {
+      method: "POST",
+      headers: new Headers({ "content-type": "application/json" }),
+      body: '{"a":1}',
+    });
+    expect(calls[0]!.init.body).toBe('{"a":1}');
+    expect(calls[0]!.init.method).toBe("POST");
+  });
+
+  it("prepends '/' to relative paths without a leading slash", async () => {
+    const { calls } = installFetch(() => new Response("", { status: 204 }));
+    await proxyDaemonRequest("http://daemon:9000", "t", "some/path", {
+      method: "GET",
+      headers: new Headers(),
+      body: null,
+    });
+    expect(calls[0]!.input).toBe("http://daemon:9000/some/path");
+  });
+
+  it("keeps absolute paths with a leading slash as-is", async () => {
+    const { calls } = installFetch(() => new Response("", { status: 204 }));
+    await proxyDaemonRequest("http://daemon:9000", "t", "/already/abs", {
+      method: "GET",
+      headers: new Headers(),
+      body: null,
+    });
+    expect(calls[0]!.input).toBe("http://daemon:9000/already/abs");
+  });
+});
diff --git a/packages/sandbox/server/daemon-client.ts b/packages/sandbox/server/daemon-client.ts
new file mode 100644
index 0000000000..e25398fa42
--- /dev/null
+++ b/packages/sandbox/server/daemon-client.ts
@@ -0,0 +1,219 @@
+/**
+ * Pure helpers for the unified daemon's HTTP API. Daemon endpoints live
+ * under `/_decopilot_vm/*` (except `/health` at root, which is unauth).
+ * POST/PUT bodies are base64-encoded JSON — the daemon decodes on its side.
+ */
+
+import type { TenantConfig } from "../daemon/types";
+import { sleep } from "../shared";
+import type { ExecInput, ExecOutput } from "./runner/types";
+
+const DEFAULT_EXEC_TIMEOUT_MS = 60_000;
+const HEALTH_PROBE_TIMEOUT_MS = 500;
+const CONFIG_TIMEOUT_MS = 10_000;
+const READY_ATTEMPTS = 25;
+const READY_INTERVAL_MS = 200;
+const READY_JITTER_MS = 50;
+
+export interface ConfigResponse {
+  bootId: string;
+  transition: string;
+  config: TenantConfig;
+}
+
+export interface DaemonHealth {
+  ready: boolean;
+  bootId: string;
+  configured: boolean;
+  setup: { running: boolean; done: boolean };
+}
+
+export async function probeDaemonHealth(
+  daemonUrl: string,
+): Promise<DaemonHealth | null> {
+  try {
+    const res = await fetch(`${daemonUrl}/health`, {
+      signal: AbortSignal.timeout(HEALTH_PROBE_TIMEOUT_MS),
+    });
+    if (!res.ok) return null;
+    const body = (await res.json()) as Partial<DaemonHealth>;
+    if (
+      typeof body === "object" &&
+      body !== null &&
+      typeof body.bootId === "string" &&
+      typeof body.ready === "boolean" &&
+      body.setup &&
+      typeof body.setup.running === "boolean" &&
+      typeof body.setup.done === "boolean"
+    ) {
+      return body as DaemonHealth;
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+/** Polls /health; throws on timeout. Resolves as soon as the daemon's /health returns a valid shape (setup may still be in-flight). */
+export async function waitForDaemonReady(daemonUrl: string): Promise<void> {
+  for (let i = 0; i < READY_ATTEMPTS; i++) {
+    if ((await probeDaemonHealth(daemonUrl)) !== null) return;
+    const jitter = (Math.random() * 2 - 1) * READY_JITTER_MS;
+    await sleep(READY_INTERVAL_MS + jitter);
+  }
+  throw new Error(
+    `sandbox daemon at ${daemonUrl} did not respond on /health within ${
+      (READY_ATTEMPTS * READY_INTERVAL_MS) / 1000
+    }s`,
+  );
+}
+
+/**
+ * Optional bootstrap-time fields that travel alongside the tenant patch.
+ * Stripped from the persisted config daemon-side; consumed only as
+ * side-effects on the request itself.
+ */
+export interface ConfigAuthPatch {
+  /**
+   * Replace the daemon's in-memory bearer token. Authorized via the
+   * *current* token (i.e. the `token` argument to `postConfig`); on
+   * success, subsequent calls must use `rotateToken`. Used by the
+   * agent-sandbox runner's warm-pool bootstrap to swap the
+   * SandboxTemplate-baked sentinel for a per-claim secret without
+   * needing a separate endpoint.
+   */
+  rotateToken?: string;
+}
+
+/**
+ * POST /_decopilot_vm/config — set initial tenant config (or patch via
+ * the same payload semantics; deep-merge happens daemon-side).
+ *
+ * `/config` is the trust boundary endpoint; the daemon's NetworkPolicy is
+ * the auth on its port. Body is base64-encoded JSON like every other
+ * `/_decopilot_vm/*` route. 200 = applied (or no-op); 400 = invalid;
+ * 409 = identity conflict (e.g., cloneUrl mismatch).
+ *
+ * `auth.rotateToken` is applied *before* the tenant patch — see
+ * `ConfigAuthPatch.rotateToken`.
+ */
+export async function postConfig(
+  daemonUrl: string,
+  token: string,
+  payload: Partial<TenantConfig>,
+  auth?: ConfigAuthPatch,
+): Promise<ConfigResponse> {
+  return configRequest(daemonUrl, token, "POST", payload, auth);
+}
+
+async function configRequest(
+  daemonUrl: string,
+  token: string,
+  method: "POST" | "PUT",
+  payload: Partial<TenantConfig>,
+  auth?: ConfigAuthPatch,
+): Promise<ConfigResponse> {
+  const wire: Record<string, unknown> = { ...payload };
+  if (auth && auth.rotateToken !== undefined) wire.auth = auth;
+  const rawBody = JSON.stringify(wire);
+  const b64Body = Buffer.from(rawBody, "utf-8").toString("base64");
+  const res = await fetch(`${daemonUrl}/_decopilot_vm/config`, {
+    method,
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${token}`,
+    },
+    body: b64Body,
+    signal: AbortSignal.timeout(CONFIG_TIMEOUT_MS),
+  });
+  const body = await res.text();
+  if (!res.ok) {
+    throw new Error(
+      `sandbox daemon /_decopilot_vm/config returned ${res.status}: ${body}`,
+    );
+  }
+  return JSON.parse(body) as ConfigResponse;
+}
+
+export async function daemonBash(
+  daemonUrl: string,
+  token: string,
+  input: ExecInput,
+): Promise<ExecOutput> {
+  const timeoutMs = input.timeoutMs ?? DEFAULT_EXEC_TIMEOUT_MS;
+  const rawBody = JSON.stringify({
+    command: input.command,
+    timeout: timeoutMs,
+    cwd: input.cwd,
+    env: input.env,
+  });
+  const b64Body = Buffer.from(rawBody, "utf-8").toString("base64");
+  const response = await fetch(`${daemonUrl}/_decopilot_vm/bash`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${token}`,
+    },
+    body: b64Body,
+    signal: AbortSignal.timeout(timeoutMs + 5_000),
+  });
+  if (!response.ok) {
+    const body = await response.text().catch(() => "");
+    throw new Error(
+      `sandbox daemon /_decopilot_vm/bash returned ${response.status}${body ? `: ${body}` : ""}`,
+    );
+  }
+  const json = (await response.json()) as {
+    stdout?: string;
+    stderr?: string;
+    exitCode?: number;
+    timedOut?: boolean;
+  };
+  return {
+    stdout: json.stdout ?? "",
+    stderr: json.stderr ?? "",
+    exitCode: json.exitCode ?? -1,
+    timedOut: Boolean(json.timedOut),
+  };
+}
+
+const STRIP_REQUEST_HEADERS = [
+  "cookie",
+  "host",
+  "connection",
+  "keep-alive",
+  "proxy-authenticate",
+  "proxy-authorization",
+  "te",
+  "trailer",
+  "transfer-encoding",
+  "accept-encoding",
+  "content-length",
+];
+
+export async function proxyDaemonRequest(
+  daemonUrl: string,
+  token: string,
+  path: string,
+  init: {
+    method: string;
+    headers: Headers;
+    body: BodyInit | null;
+    signal?: AbortSignal;
+  },
+): Promise<Response> {
+  const headers = new Headers(init.headers);
+  for (const h of STRIP_REQUEST_HEADERS) headers.delete(h);
+  headers.set("authorization", `Bearer ${token}`);
+  const hasBody = init.method !== "GET" && init.method !== "HEAD";
+  const target = `${daemonUrl}${path.startsWith("/") ? path : `/${path}`}`;
+  return fetch(target, {
+    method: init.method,
+    headers,
+    body: hasBody ? init.body : undefined,
+    redirect: "manual",
+    signal: init.signal,
+    // @ts-expect-error Bun/Undici-only: allow streaming request body.
+    duplex: hasBody ? "half" : undefined,
+  });
+}
diff --git a/packages/sandbox/server/docker-cli.ts b/packages/sandbox/server/docker-cli.ts
new file mode 100644
index 0000000000..db9a90db34
--- /dev/null
+++ b/packages/sandbox/server/docker-cli.ts
@@ -0,0 +1,93 @@
+import { spawn } from "node:child_process";
+
+export interface DockerResult {
+  stdout: string;
+  stderr: string;
+  code: number;
+}
+
+/** Default workdir inside sandbox images; overridable via `EnsureOptions.workdir`. */
+export const DEFAULT_WORKDIR = "/app";
+
+export type DockerExecFn = (
+  args: string[],
+  timeoutMs?: number,
+) => Promise<DockerResult>;
+
+/**
+ * On timeout, SIGKILL + append `[docker <sub>] timed out after <ms>ms` to
+ * stderr. ENOENT at spawn is rewritten to an "install Docker" message.
+ */
+export function dockerExec(
+  args: string[],
+  timeoutMs?: number,
+): Promise<DockerResult> {
+  return new Promise((resolve, reject) => {
+    const child = spawn("docker", args, { stdio: ["ignore", "pipe", "pipe"] });
+    let stdout = "";
+    let stderr = "";
+    const timer =
+      timeoutMs != null
+        ? setTimeout(() => {
+            stderr += `\n[docker ${args[0]}] timed out after ${timeoutMs}ms`;
+            child.kill("SIGKILL");
+          }, timeoutMs)
+        : null;
+    child.stdout.on("data", (d) => {
+      stdout += d.toString();
+    });
+    child.stderr.on("data", (d) => {
+      stderr += d.toString();
+    });
+    child.on("error", (err) => {
+      if (timer) clearTimeout(timer);
+      if ((err as NodeJS.ErrnoException).code === "ENOENT") {
+        reject(
+          new Error(
+            "docker CLI not found on PATH. Install Docker Desktop (macOS) or Docker Engine (Linux).",
+          ),
+        );
+        return;
+      }
+      reject(err);
+    });
+    child.on("close", (code) => {
+      if (timer) clearTimeout(timer);
+      resolve({ stdout, stderr, code: code ?? -1 });
+    });
+  });
+}
+
+export interface StartContainerOptions {
+  /** Flags passed before the image; caller owns labels, mounts, ports, env, entrypoint. */
+  args: readonly string[];
+  command?: readonly string[];
+  timeoutMs?: number;
+  /** Short label used in error messages. */
+  label: string;
+  /** Override for test-mode `exec` injection from DockerSandboxRunner. */
+  exec?: DockerExecFn;
+}
+
+/** `docker run -d <args> <image> [command...]` — returns container id. */
+export async function startContainer(
+  image: string,
+  opts: StartContainerOptions,
+): Promise<{ id: string }> {
+  const run = opts.exec ?? dockerExec;
+  const result = await run(
+    ["run", "-d", ...opts.args, image, ...(opts.command ?? [])],
+    opts.timeoutMs,
+  );
+  if (result.code !== 0) {
+    const tail = result.stderr.trim() || result.stdout.trim() || "no output";
+    throw new Error(
+      `docker run ${opts.label} failed (exit ${result.code}): ${tail}`,
+    );
+  }
+  const id = result.stdout.trim().split("\n").pop()?.trim();
+  if (!id) {
+    throw new Error(`docker run ${opts.label} returned no container id`);
+  }
+  return { id };
+}
diff --git a/packages/sandbox/server/image-build.ts b/packages/sandbox/server/image-build.ts
new file mode 100644
index 0000000000..b728b51c6a
--- /dev/null
+++ b/packages/sandbox/server/image-build.ts
@@ -0,0 +1,198 @@
+import { spawn } from "node:child_process";
+import { type Hash, createHash } from "node:crypto";
+import { readFile, readdir } from "node:fs/promises";
+import { resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+import { DEFAULT_IMAGE } from "../shared";
+import { dockerExec, type DockerExecFn } from "./docker-cli";
+
+export interface EnsureImageOptions {
+  image?: string;
+  /** Override docker inspect; falls through to a spawned `docker build` on miss. */
+  exec?: DockerExecFn;
+  /** Line-oriented progress sink for build stdout+stderr. */
+  onLog?: (line: string) => void;
+}
+
+/** Directory containing the Dockerfile shipped with this package. */
+const IMAGE_DIR = resolve(fileURLToPath(import.meta.url), "../../image");
+/** Root of the sandbox package; used as docker build context. */
+const SANDBOX_ROOT = resolve(fileURLToPath(import.meta.url), "../..");
+const DAEMON_BUNDLE = resolve(SANDBOX_ROOT, "daemon/dist/daemon.js");
+const DOCKERFILE = resolve(IMAGE_DIR, "Dockerfile");
+/** Static skills tree COPY'd into the image at /mnt/skills/public. */
+const SKILLS_DIR = resolve(IMAGE_DIR, "skills");
+
+/**
+ * Label key embedding the content hash of (Dockerfile + daemon bundle) into
+ * the built image. Mismatch with the on-disk hash signals a stale image.
+ */
+const IMAGE_HASH_LABEL = "mesh.daemon.hash";
+
+let inflight: Promise<void> | null = null;
+
+/**
+ * Ensures the local sandbox image is present and current. Compares a hash of
+ * the Dockerfile + daemon bundle against the `mesh.daemon.hash` label on the
+ * existing image; rebuilds on mismatch (or when the image is missing) so that
+ * dev edits to the daemon don't leave stale containers behind. Concurrent
+ * callers await one shared build; a failed build clears the singleton so the
+ * next call retries rather than resurfacing the stale error. No-op for
+ * non-default images — those are assumed to be registry-hosted and pulled by
+ * `docker run`.
+ */
+export function ensureSandboxImage(
+  opts: EnsureImageOptions = {},
+): Promise<void> {
+  const image = opts.image ?? DEFAULT_IMAGE;
+  if (image !== DEFAULT_IMAGE) return Promise.resolve();
+  if (inflight) return inflight;
+
+  const exec = opts.exec ?? dockerExec;
+  const work = (async () => {
+    const expected = await computeExpectedHash();
+    const actual = await readImageHash(image, exec);
+    if (actual === expected) return;
+    opts.onLog?.(
+      actual === null
+        ? `building ${image}…`
+        : `${image} stale (have ${actual}, want ${expected}); rebuilding…`,
+    );
+    await buildImage(image, expected, opts.onLog);
+    opts.onLog?.(`${image} ready`);
+  })();
+
+  inflight = work.catch((err) => {
+    inflight = null;
+    throw err;
+  });
+  return inflight;
+}
+
+async function computeExpectedHash(): Promise<string> {
+  let daemon: Buffer;
+  try {
+    daemon = await readFile(DAEMON_BUNDLE);
+  } catch (err) {
+    if ((err as NodeJS.ErrnoException).code === "ENOENT") {
+      throw new Error(
+        `sandbox daemon bundle missing at ${DAEMON_BUNDLE}. ` +
+          `Run \`bun run --cwd=packages/sandbox build\` first.`,
+      );
+    }
+    throw err;
+  }
+  const dockerfile = await readFile(DOCKERFILE);
+  const hash = createHash("sha256").update(daemon).update(dockerfile);
+  await hashDirectory(hash, SKILLS_DIR);
+  return hash.digest("hex").slice(0, 16);
+}
+
+/**
+ * Fold a directory tree's contents into `hash` deterministically. Sorted by
+ * entry name at each level; file paths and bytes both contribute, so renames
+ * and content edits both bust the cache. Missing dir is treated as empty.
+ */
+async function hashDirectory(hash: Hash, dir: string): Promise<void> {
+  let entries;
+  try {
+    entries = await readdir(dir, { withFileTypes: true });
+  } catch (err) {
+    if ((err as NodeJS.ErrnoException).code === "ENOENT") return;
+    throw err;
+  }
+  entries.sort((a, b) => a.name.localeCompare(b.name));
+  for (const entry of entries) {
+    const full = resolve(dir, entry.name);
+    if (entry.isDirectory()) {
+      hash.update(`d:${entry.name}/`);
+      await hashDirectory(hash, full);
+    } else if (entry.isFile()) {
+      hash.update(`f:${entry.name}:`);
+      hash.update(await readFile(full));
+    }
+  }
+}
+
+async function readImageHash(
+  image: string,
+  exec: DockerExecFn,
+): Promise<string | null> {
+  const result = await exec([
+    "image",
+    "inspect",
+    image,
+    "--format",
+    `{{index .Config.Labels "${IMAGE_HASH_LABEL}"}}`,
+  ]);
+  if (result.code !== 0) return null;
+  const value = result.stdout.trim();
+  // `docker inspect` prints "<no value>" when the label key is absent.
+  return value && value !== "<no value>" ? value : null;
+}
+
+function buildImage(
+  image: string,
+  hash: string,
+  onLog?: (line: string) => void,
+): Promise<void> {
+  return new Promise((resolveP, reject) => {
+    const child = spawn(
+      "docker",
+      [
+        "build",
+        "-t",
+        image,
+        "--label",
+        `${IMAGE_HASH_LABEL}=${hash}`,
+        "-f",
+        DOCKERFILE,
+        SANDBOX_ROOT,
+      ],
+      {
+        stdio: ["ignore", "pipe", "pipe"],
+      },
+    );
+    streamLines(child.stdout, onLog);
+    streamLines(child.stderr, onLog);
+    child.on("error", (err) => {
+      if ((err as NodeJS.ErrnoException).code === "ENOENT") {
+        reject(
+          new Error(
+            "docker CLI not found on PATH. Install Docker Desktop (macOS) or Docker Engine (Linux).",
+          ),
+        );
+        return;
+      }
+      reject(err);
+    });
+    child.on("close", (code) => {
+      if (code === 0) resolveP();
+      else
+        reject(
+          new Error(`docker build ${image} exited ${code ?? "(unknown)"}`),
+        );
+    });
+  });
+}
+
+function streamLines(
+  stream: NodeJS.ReadableStream | null,
+  onLog?: (line: string) => void,
+) {
+  if (!stream) return;
+  let buf = "";
+  stream.on("data", (chunk: Buffer | string) => {
+    buf += chunk.toString();
+    const lines = buf.split(/\r?\n/);
+    buf = lines.pop() ?? "";
+    for (const line of lines) {
+      const trimmed = line.trim();
+      if (trimmed) onLog?.(trimmed);
+    }
+  });
+  stream.on("end", () => {
+    const trimmed = buf.trim();
+    if (trimmed) onLog?.(trimmed);
+  });
+}
diff --git a/packages/sandbox/server/runner/agent-sandbox/client.test.ts b/packages/sandbox/server/runner/agent-sandbox/client.test.ts
new file mode 100644
index 0000000000..502f6fdbc2
--- /dev/null
+++ b/packages/sandbox/server/runner/agent-sandbox/client.test.ts
@@ -0,0 +1,583 @@
+import { afterEach, beforeEach, describe, expect, it, mock } from "bun:test";
+import {
+  K8S_CONSTANTS,
+  SandboxAlreadyExistsError,
+  SandboxTimeoutError,
+} from "./constants";
+import {
+  createSandboxClaim,
+  deleteSandboxClaim,
+  ensureServicePort,
+  getSandboxClaim,
+  patchSandboxClaimShutdown,
+  type SandboxClaim,
+  type SandboxResource,
+  waitForSandboxClaimGone,
+  waitForSandboxReady,
+} from "./client";
+
+// ---- Minimal KubeConfig stub -----------------------------------------------
+// client.ts only touches `getCurrentCluster` and `applyToHTTPSOptions`; the
+// stub mirrors those and omits the 100-method surface of the real class.
+
+const STUB_SERVER = "https://kube.test";
+
+function makeKc(
+  cluster: { server: string; skipTLSVerify?: boolean } = {
+    server: STUB_SERVER,
+  },
+) {
+  const apply = async (opts: Record<string, unknown>) => {
+    opts.headers = { Authorization: "Bearer stub-token" };
+    opts.cert = "STUB_CERT_PEM";
+    opts.key = "STUB_KEY_PEM";
+    opts.ca = "STUB_CA_PEM";
+  };
+  return {
+    getCurrentCluster: () => cluster,
+    applyToHTTPSOptions: apply,
+  } as unknown as import("@kubernetes/client-node").KubeConfig;
+}
+
+// ---- Fetch interception ----------------------------------------------------
+// Keep the real global fetch so test infra (bun itself) isn't affected, but
+// swap it per-test with a stub that records calls + returns scripted responses.
+
+type FetchCall = { url: string; init: RequestInit };
+const fetchCalls: FetchCall[] = [];
+let fetchImpl: (url: string, init: RequestInit) => Promise<Response> =
+  async () => {
+    throw new Error("no fetch impl set");
+  };
+const originalFetch = globalThis.fetch;
+
+beforeEach(() => {
+  fetchCalls.length = 0;
+  globalThis.fetch = mock(async (url: URL | string, init: RequestInit = {}) => {
+    const record: FetchCall = {
+      url: typeof url === "string" ? url : url.toString(),
+      init,
+    };
+    fetchCalls.push(record);
+    return fetchImpl(record.url, init);
+  }) as unknown as typeof globalThis.fetch;
+});
+
+afterEach(() => {
+  globalThis.fetch = originalFetch;
+});
+
+// ---- Response helpers -------------------------------------------------------
+
+function jsonResponse(status: number, body: unknown): Response {
+  return new Response(body === undefined ? null : JSON.stringify(body), {
+    status,
+    headers: { "content-type": "application/json" },
+  });
+}
+
+/** Build a response whose body is a push-driven ND-JSON stream. */
+function ndJsonResponse(status: number): {
+  resp: Response;
+  push: (obj: unknown) => void;
+  close: () => void;
+} {
+  let controller!: ReadableStreamDefaultController<Uint8Array>;
+  const stream = new ReadableStream<Uint8Array>({
+    start: (c) => {
+      controller = c;
+    },
+  });
+  const encoder = new TextEncoder();
+  return {
+    resp: new Response(stream, {
+      status,
+      headers: { "content-type": "application/json" },
+    }),
+    push: (obj) =>
+      controller.enqueue(encoder.encode(`${JSON.stringify(obj)}\n`)),
+    close: () => controller.close(),
+  };
+}
+
+// ---- Fixtures ---------------------------------------------------------------
+
+const NS = "agent-sandbox-system";
+
+function makeClaim(name: string): SandboxClaim {
+  return {
+    apiVersion: `${K8S_CONSTANTS.CLAIM_API_GROUP}/${K8S_CONSTANTS.CLAIM_API_VERSION}`,
+    kind: "SandboxClaim",
+    metadata: { name, namespace: NS },
+    spec: {
+      sandboxTemplateRef: { name: "studio-sandbox" },
+      lifecycle: { shutdownPolicy: "Delete" },
+    },
+  };
+}
+
+// ----------------------------------------------------------------------------
+
+describe("createSandboxClaim", () => {
+  it("POSTs the claim body verbatim to the plural endpoint", async () => {
+    fetchImpl = async () => jsonResponse(201, { kind: "SandboxClaim" });
+    const claim = makeClaim("myproj-abc");
+    await createSandboxClaim(makeKc(), NS, claim);
+
+    expect(fetchCalls).toHaveLength(1);
+    const [call] = fetchCalls;
+    expect(call!.url).toBe(
+      `${STUB_SERVER}/apis/${K8S_CONSTANTS.CLAIM_API_GROUP}/${K8S_CONSTANTS.CLAIM_API_VERSION}/namespaces/${NS}/${K8S_CONSTANTS.CLAIM_PLURAL}`,
+    );
+    expect(call!.init.method).toBe("POST");
+    expect(JSON.parse(String(call!.init.body))).toEqual(claim);
+    // Auth header flows through from applyToHTTPSOptions.
+    const headers = call!.init.headers as Record<string, string>;
+    expect(headers.Authorization).toBe("Bearer stub-token");
+  });
+
+  it("round-trips spec.env + warmpool (per-claim DAEMON_TOKEN shape)", async () => {
+    // Stage 2.1 claim shape: per-claim env requires warmpool: "none".
+    // Lock the exact wire payload so a bad serializer regression (dropping
+    // env, mangling warmpool) surfaces in unit tests — before it wastes a
+    // kind-cluster provision cycle discovering the same bug.
+    fetchImpl = async () => jsonResponse(201, { kind: "SandboxClaim" });
+    const claim: SandboxClaim = {
+      apiVersion: `${K8S_CONSTANTS.CLAIM_API_GROUP}/${K8S_CONSTANTS.CLAIM_API_VERSION}`,
+      kind: "SandboxClaim",
+      metadata: { name: "myproj-tok", namespace: NS },
+      spec: {
+        sandboxTemplateRef: { name: "studio-sandbox" },
+        env: [{ name: "DAEMON_TOKEN", value: "abc123" }],
+        warmpool: "none",
+        lifecycle: { shutdownPolicy: "Delete" },
+      },
+    };
+    await createSandboxClaim(makeKc(), NS, claim);
+    const body = JSON.parse(String(fetchCalls[0]!.init.body));
+    expect(body.spec.env).toEqual([{ name: "DAEMON_TOKEN", value: "abc123" }]);
+    expect(body.spec.warmpool).toBe("none");
+  });
+
+  it("wraps non-2xx errors in SandboxError with the claim name", async () => {
+    fetchImpl = async () =>
+      jsonResponse(403, {
+        kind: "Status",
+        status: "Failure",
+        reason: "Forbidden",
+        message: "forbidden",
+        code: 403,
+      });
+    await expect(
+      createSandboxClaim(makeKc(), NS, makeClaim("denied")),
+    ).rejects.toThrow(/Failed to create SandboxClaim: denied/);
+  });
+
+  it("surfaces transport-layer failures (fetch throws) with the cause message", async () => {
+    fetchImpl = async () => {
+      throw new Error("fetch failed: TLS connection reset by peer");
+    };
+    await expect(
+      createSandboxClaim(makeKc(), NS, makeClaim("blip")),
+    ).rejects.toThrow(/transport error: fetch failed: TLS connection reset/);
+  });
+
+  it("throws SandboxAlreadyExistsError on 409 so the runner can wait+retry", async () => {
+    // Operator's idle-TTL deleted the prior claim but finalizers haven't
+    // drained yet — the API server still has the resource and rejects
+    // create with 409. Surfacing this as a distinct subclass lets
+    // provision() catch it specifically and wait for the resource to be
+    // GC'd before retrying, instead of bubbling to the user as a
+    // "Failed to create SandboxClaim" toast they have to manually recover
+    // from (see screenshot in the bug report).
+    fetchImpl = async () =>
+      jsonResponse(409, {
+        kind: "Status",
+        status: "Failure",
+        reason: "AlreadyExists",
+        message:
+          'object is being deleted: sandboxclaims.extensions.agents.x-k8s.io "dup" already exists',
+        code: 409,
+      });
+    await expect(
+      createSandboxClaim(makeKc(), NS, makeClaim("dup")),
+    ).rejects.toBeInstanceOf(SandboxAlreadyExistsError);
+  });
+});
+
+describe("waitForSandboxClaimGone", () => {
+  it("returns immediately when the claim is already gone", async () => {
+    fetchImpl = async () =>
+      jsonResponse(404, {
+        kind: "Status",
+        reason: "NotFound",
+        message: "not found",
+      });
+    await expect(
+      waitForSandboxClaimGone(makeKc(), NS, "gone", 1_000),
+    ).resolves.toBeUndefined();
+    // Single GET → 404 → return; no polling loop fires.
+    expect(fetchCalls).toHaveLength(1);
+    expect(fetchCalls[0]!.init.method).toBe("GET");
+  });
+
+  it("polls until the claim disappears, then resolves", async () => {
+    // First two GETs see the resource still terminating (deletionTimestamp
+    // set, Ready=False); the third returns 404. The helper must not give up
+    // on the terminating responses — that's the whole point.
+    let calls = 0;
+    fetchImpl = async () => {
+      calls++;
+      if (calls < 3) {
+        return jsonResponse(200, {
+          metadata: {
+            name: "draining",
+            deletionTimestamp: "2026-04-29T17:48:55Z",
+          },
+          status: { conditions: [{ type: "Ready", status: "False" }] },
+        });
+      }
+      return jsonResponse(404, {
+        kind: "Status",
+        reason: "NotFound",
+        message: "not found",
+      });
+    };
+    await expect(
+      waitForSandboxClaimGone(makeKc(), NS, "draining", 5_000),
+    ).resolves.toBeUndefined();
+    expect(calls).toBe(3);
+  });
+
+  it("times out with SandboxTimeoutError when the claim never disappears", async () => {
+    fetchImpl = async () =>
+      jsonResponse(200, {
+        metadata: {
+          name: "stuck",
+          deletionTimestamp: "2026-04-29T17:48:55Z",
+        },
+        status: { conditions: [{ type: "Ready", status: "False" }] },
+      });
+    // Tight timeout — we just need to confirm the error type and that the
+    // helper does eventually give up rather than spinning forever.
+    await expect(
+      waitForSandboxClaimGone(makeKc(), NS, "stuck", 100),
+    ).rejects.toBeInstanceOf(SandboxTimeoutError);
+  });
+});
+
+describe("deleteSandboxClaim", () => {
+  it("swallows 404 silently (idempotent delete)", async () => {
+    fetchImpl = async () =>
+      jsonResponse(404, {
+        kind: "Status",
+        reason: "NotFound",
+        message: "not found",
+      });
+    await expect(
+      deleteSandboxClaim(makeKc(), NS, "gone"),
+    ).resolves.toBeUndefined();
+    expect(fetchCalls[0]!.init.method).toBe("DELETE");
+  });
+
+  it("re-throws non-404 errors wrapped in SandboxError", async () => {
+    fetchImpl = async () =>
+      jsonResponse(403, {
+        kind: "Status",
+        reason: "Forbidden",
+        message: "forbidden",
+      });
+    await expect(deleteSandboxClaim(makeKc(), NS, "x")).rejects.toThrow(
+      /Failed to delete SandboxClaim: x/,
+    );
+  });
+});
+
+describe("getSandboxClaim", () => {
+  it("returns undefined on 404", async () => {
+    fetchImpl = async () =>
+      jsonResponse(404, {
+        kind: "Status",
+        reason: "NotFound",
+        message: "not found",
+      });
+    const result = await getSandboxClaim(makeKc(), NS, "missing");
+    expect(result).toBeUndefined();
+  });
+
+  it("returns the resource body on 200", async () => {
+    const body: SandboxResource = {
+      metadata: { name: "present" },
+      status: { conditions: [{ type: "Ready", status: "False" }] },
+    };
+    fetchImpl = async () => jsonResponse(200, body);
+    const result = await getSandboxClaim(makeKc(), NS, "present");
+    expect(result).toEqual(body);
+  });
+
+  it("URL-encodes the claim name", async () => {
+    fetchImpl = async () => jsonResponse(404, null);
+    await getSandboxClaim(makeKc(), NS, "weird/name");
+    expect(fetchCalls[0]!.url).toContain("/weird%2Fname");
+  });
+});
+
+describe("patchSandboxClaimShutdown", () => {
+  it("sends merge-patch with lifecycle.shutdownTime only", async () => {
+    fetchImpl = async () => jsonResponse(200, { kind: "SandboxClaim" });
+    await patchSandboxClaimShutdown(
+      makeKc(),
+      NS,
+      "myproj-x",
+      "2026-04-01T12:00:00.000Z",
+    );
+    expect(fetchCalls).toHaveLength(1);
+    const [call] = fetchCalls;
+    expect(call!.init.method).toBe("PATCH");
+    const headers = call!.init.headers as Record<string, string>;
+    expect(headers["content-type"]).toBe("application/merge-patch+json");
+    expect(JSON.parse(String(call!.init.body))).toEqual({
+      spec: {
+        lifecycle: {
+          shutdownPolicy: "Delete",
+          shutdownTime: "2026-04-01T12:00:00.000Z",
+        },
+      },
+    });
+  });
+
+  it("swallows 404 silently (claim deleted between lookup and patch)", async () => {
+    fetchImpl = async () =>
+      jsonResponse(404, {
+        kind: "Status",
+        reason: "NotFound",
+        message: "not found",
+      });
+    await expect(
+      patchSandboxClaimShutdown(
+        makeKc(),
+        NS,
+        "gone",
+        "2026-04-01T12:00:00.000Z",
+      ),
+    ).resolves.toBeUndefined();
+  });
+
+  it("wraps other errors in SandboxError", async () => {
+    fetchImpl = async () =>
+      jsonResponse(409, {
+        kind: "Status",
+        reason: "Conflict",
+        message: "conflict",
+      });
+    await expect(
+      patchSandboxClaimShutdown(
+        makeKc(),
+        NS,
+        "busy",
+        "2026-04-01T12:00:00.000Z",
+      ),
+    ).rejects.toThrow(/Failed to patch SandboxClaim shutdownTime: busy/);
+  });
+});
+
+describe("ensureServicePort", () => {
+  it("server-side applies the Service ports with field manager + force", async () => {
+    fetchImpl = async () => jsonResponse(200, { kind: "Service" });
+    await ensureServicePort(makeKc(), NS, "myproj-abc", {
+      name: "daemon",
+      port: 9000,
+      targetPort: 9000,
+    });
+
+    expect(fetchCalls).toHaveLength(1);
+    const [call] = fetchCalls;
+    const url = new URL(call!.url);
+    expect(url.pathname).toBe(`/api/v1/namespaces/${NS}/services/myproj-abc`);
+    // SSA contract: fieldManager identifies the writer, force=true takes
+    // ownership of fields previously owned by another manager (the
+    // operator's empty ports[]).
+    expect(url.searchParams.get("fieldManager")).toBe("mesh-sandbox-runner");
+    expect(url.searchParams.get("force")).toBe("true");
+
+    expect(call!.init.method).toBe("PATCH");
+    const headers = call!.init.headers as Record<string, string>;
+    expect(headers["content-type"]).toBe("application/apply-patch+yaml");
+
+    // SSA bodies must be self-describing: apiVersion + kind + metadata.name
+    // are required so the API server can resolve the target without reading
+    // path params. spec.ports is the field we want to own.
+    expect(JSON.parse(String(call!.init.body))).toEqual({
+      apiVersion: "v1",
+      kind: "Service",
+      metadata: { name: "myproj-abc" },
+      spec: {
+        ports: [
+          { name: "daemon", port: 9000, targetPort: 9000, protocol: "TCP" },
+        ],
+      },
+    });
+  });
+
+  it("defaults protocol to TCP when not provided", async () => {
+    fetchImpl = async () => jsonResponse(200, { kind: "Service" });
+    await ensureServicePort(makeKc(), NS, "svc", {
+      name: "daemon",
+      port: 9000,
+      targetPort: 9000,
+    });
+    const body = JSON.parse(String(fetchCalls[0]!.init.body));
+    expect(body.spec.ports[0].protocol).toBe("TCP");
+  });
+
+  it("URL-encodes the service name", async () => {
+    fetchImpl = async () => jsonResponse(200, { kind: "Service" });
+    await ensureServicePort(makeKc(), NS, "weird/name", {
+      name: "daemon",
+      port: 9000,
+      targetPort: 9000,
+    });
+    expect(fetchCalls[0]!.url).toContain("/services/weird%2Fname");
+  });
+
+  it("wraps non-2xx errors in SandboxError with the service name", async () => {
+    fetchImpl = async () =>
+      jsonResponse(404, {
+        kind: "Status",
+        reason: "NotFound",
+        message: "service not found",
+      });
+    await expect(
+      ensureServicePort(makeKc(), NS, "missing", {
+        name: "daemon",
+        port: 9000,
+        targetPort: 9000,
+      }),
+    ).rejects.toThrow(/Failed to apply Service ports: missing/);
+  });
+});
+
+describe("waitForSandboxReady", () => {
+  it("resolves with sandboxName + podName once Ready=True is observed", async () => {
+    const stream = ndJsonResponse(200);
+    fetchImpl = async () => stream.resp;
+    const p = waitForSandboxReady(makeKc(), NS, "claim-xyz", 60);
+    stream.push({
+      type: "MODIFIED",
+      object: {
+        metadata: {
+          name: "claim-xyz",
+          annotations: { [K8S_CONSTANTS.POD_NAME_ANNOTATION]: "pod-42" },
+        },
+        status: { conditions: [{ type: "Ready", status: "True" }] },
+      },
+    });
+    await expect(p).resolves.toEqual({
+      sandboxName: "claim-xyz",
+      podName: "pod-42",
+    });
+    const url = fetchCalls[0]!.url;
+    expect(url).toContain("?watch=true");
+    expect(url).toContain("fieldSelector=");
+  });
+
+  it("falls back to sandboxName when pod-name annotation is absent", async () => {
+    const stream = ndJsonResponse(200);
+    fetchImpl = async () => stream.resp;
+    const p = waitForSandboxReady(makeKc(), NS, "claim-xyz", 60);
+    stream.push({
+      type: "MODIFIED",
+      object: {
+        metadata: { name: "claim-xyz" },
+        status: { conditions: [{ type: "Ready", status: "True" }] },
+      },
+    });
+    await expect(p).resolves.toEqual({
+      sandboxName: "claim-xyz",
+      podName: "claim-xyz",
+    });
+  });
+
+  it("ignores non-Ready conditions and keeps watching", async () => {
+    const stream = ndJsonResponse(200);
+    fetchImpl = async () => stream.resp;
+    const p = waitForSandboxReady(makeKc(), NS, "claim-xyz", 60);
+    // Emit a non-Ready condition — should not settle.
+    stream.push({
+      type: "MODIFIED",
+      object: {
+        metadata: { name: "claim-xyz" },
+        status: { conditions: [{ type: "Progressing", status: "True" }] },
+      },
+    });
+    const sentinel = Symbol("still-pending");
+    const winner = await Promise.race([
+      p,
+      new Promise((r) => setTimeout(() => r(sentinel), 10)),
+    ]);
+    expect(winner).toBe(sentinel);
+
+    stream.push({
+      type: "MODIFIED",
+      object: {
+        metadata: { name: "claim-xyz" },
+        status: { conditions: [{ type: "Ready", status: "True" }] },
+      },
+    });
+    await expect(p).resolves.toEqual({
+      sandboxName: "claim-xyz",
+      podName: "claim-xyz",
+    });
+  });
+
+  it("rejects with SandboxTimeoutError after the deadline", async () => {
+    // Server accepts the connection but never emits — simulate a watch that
+    // just hangs. 0-second timeout fires on the next tick.
+    const stream = ndJsonResponse(200);
+    fetchImpl = async () => stream.resp;
+    const p = waitForSandboxReady(makeKc(), NS, "claim-xyz", 0);
+    await expect(p).rejects.toThrow(/did not become ready within 0 seconds/);
+  });
+
+  it("rejects if the watch handshake itself fails", async () => {
+    fetchImpl = async () => {
+      throw new Error("kube-apiserver unreachable");
+    };
+    const p = waitForSandboxReady(makeKc(), NS, "claim-xyz", 60);
+    await expect(p).rejects.toThrow(
+      /Failed to start watch for sandbox readiness/,
+    );
+  });
+
+  it("rejects when the Sandbox object has no metadata.name", async () => {
+    const stream = ndJsonResponse(200);
+    fetchImpl = async () => stream.resp;
+    const p = waitForSandboxReady(makeKc(), NS, "claim-xyz", 60);
+    stream.push({
+      type: "MODIFIED",
+      object: {
+        // no metadata.name
+        status: { conditions: [{ type: "Ready", status: "True" }] },
+      },
+    });
+    await expect(p).rejects.toThrow(/Sandbox metadata or name is missing/);
+  });
+
+  it("rejects on ERROR frames from the watch stream", async () => {
+    const stream = ndJsonResponse(200);
+    fetchImpl = async () => stream.resp;
+    const p = waitForSandboxReady(makeKc(), NS, "claim-xyz", 60);
+    stream.push({
+      type: "ERROR",
+      object: {
+        kind: "Status",
+        status: "Failure",
+        reason: "Expired",
+        message: "watch channel expired",
+      },
+    });
+    await expect(p).rejects.toThrow(
+      /Watch stream error while waiting for sandbox: watch channel expired/,
+    );
+  });
+});
diff --git a/packages/sandbox/server/runner/agent-sandbox/client.ts b/packages/sandbox/server/runner/agent-sandbox/client.ts
new file mode 100644
index 0000000000..f7f7c7d8a5
--- /dev/null
+++ b/packages/sandbox/server/runner/agent-sandbox/client.ts
@@ -0,0 +1,891 @@
+/**
+ * Low-level CRUD + readiness watch for agent-sandbox SandboxClaim / Sandbox.
+ *
+ * Talks to the k8s REST API directly via the runtime's native `fetch` with
+ * `{ tls: { cert, key, ca } }`. Credentials (client cert + CA) are extracted
+ * from the active `KubeConfig` context using the library's own
+ * `applyToHTTPSOptions` helper.
+ *
+ * Why not `kc.makeApiClient(CustomObjectsApi)` like admin does:
+ *   `@kubernetes/client-node` 1.x's generated clients ship an
+ *   `IsomorphicFetchHttpLibrary` that calls `fetch(url, { agent })` — a
+ *   node-fetch signal that Node's https.Agent (cert/key/ca) should be used
+ *   for the TLS handshake. Bun's node-fetch polyfill silently drops the
+ *   `agent` option: TLS verification fails and, if bypassed, the cluster
+ *   sees `system:anonymous` (no client cert). The fix is Bun-native:
+ *   `fetch(url, { tls: { cert, key, ca } })`. The library's Watch hits
+ *   the same bug, so readiness is rebuilt from scratch here too.
+ *
+ * Surface intentionally minimal: create/delete/get/waitForReady. Higher-level
+ * "ensure ready" flows live on the runner, not here.
+ */
+
+import {
+  type KubeConfig,
+  type V1Status as V1StatusUpstream,
+} from "@kubernetes/client-node";
+import {
+  K8S_CONSTANTS,
+  SandboxAlreadyExistsError,
+  SandboxError,
+  SandboxTimeoutError,
+} from "./constants";
+
+type V1Status = Partial<V1StatusUpstream> & { reason?: string };
+
+/**
+ * Subset of SandboxClaim `spec.env[]`. The CRD accepts only literal
+ * `{name, value}` pairs — no `valueFrom`/`secretKeyRef`. That's why Stage 2.1
+ * injects `DAEMON_TOKEN` here directly rather than via a Secret reference.
+ */
+export interface SandboxClaimEnvVar {
+  name: string;
+  value: string;
+  containerName?: string;
+}
+
+export interface SandboxClaim {
+  apiVersion: string;
+  kind: "SandboxClaim";
+  metadata: {
+    name: string;
+    namespace?: string;
+    labels?: Record<string, string>;
+    annotations?: Record<string, string>;
+  };
+  spec: {
+    sandboxTemplateRef: { name: string };
+    env?: SandboxClaimEnvVar[];
+    /**
+     * Pod-level metadata the operator merges onto the spawned Pod (CRD field,
+     * see sandboxclaims.extensions.agents.x-k8s.io v1alpha1). Used to attach
+     * tenant labels for downstream metrics attribution.
+     */
+    additionalPodMetadata?: {
+      labels?: Record<string, string>;
+      annotations?: Record<string, string>;
+    };
+    /**
+     * `"none"` forces a fresh pod per claim — required when `spec.env` is
+     * set because the operator rejects custom env when the claim would
+     * come from a warm pool (warm pods are pre-started, can't take new
+     * env). Passing `undefined` lets the CRD default ("default") apply.
+     */
+    warmpool?: "none" | "default" | string;
+    lifecycle?: {
+      shutdownTime?: string;
+      shutdownPolicy?: "Delete" | "Retain";
+    };
+  };
+}
+
+export interface SandboxCondition {
+  type: string;
+  status: string;
+  reason?: string;
+  message?: string;
+}
+
+export interface SandboxResource {
+  metadata?: {
+    name?: string;
+    labels?: Record<string, string>;
+    annotations?: Record<string, string>;
+    /**
+     * Set by the API server when a delete is in flight. While the resource
+     * still has finalizers, GETs return the object with this field populated
+     * and a Ready=False condition. The runner uses this to detect the
+     * terminating window and avoid recreating into a 409 AlreadyExists.
+     */
+    deletionTimestamp?: string;
+    /**
+     * Finalizer keys the API server must see drained before it actually
+     * removes the resource. Surfaced so the runner can log which controller
+     * is blocking deletion when `waitForSandboxClaimGone` times out — that's
+     * the difference between "operator is slow" and "operator is broken".
+     */
+    finalizers?: string[];
+  };
+  /**
+   * Present when this came back from `getSandboxClaim` (CRD has a spec);
+   * absent from Sandbox-kind resources because `waitForSandboxReady` only
+   * projects out metadata/status. `adopt()` reads `spec.env` to recover the
+   * per-claim DAEMON_TOKEN it originally injected.
+   */
+  spec?: {
+    sandboxTemplateRef?: { name?: string };
+    env?: SandboxClaimEnvVar[];
+    lifecycle?: {
+      shutdownTime?: string;
+      shutdownPolicy?: "Delete" | "Retain";
+    };
+  };
+  status?: {
+    conditions?: SandboxCondition[];
+    /**
+     * SandboxClaim-only — set by the operator to the name of the Sandbox
+     * the claim was bound to. For warm-pool claims this is the *pool*
+     * pod's name (e.g. `studio-sandbox-kind-abcde`), NOT the claim name.
+     * Source of truth for "which pod did the operator pick" — under the
+     * v0.4.x adoption race, the operator can also create a same-named
+     * cold-path Sandbox alongside the adopted pool one; only this status
+     * field reliably points at the actually-bound pod.
+     */
+    sandbox?: {
+      name?: string;
+      podIPs?: string[];
+    };
+  };
+}
+
+type WatchEvent = {
+  type: "ADDED" | "MODIFIED" | "DELETED" | "BOOKMARK" | "ERROR";
+  object: SandboxResource | V1Status;
+};
+
+// ---- Transport --------------------------------------------------------------
+
+/** Resolved auth + TLS material for the active kubeconfig context. */
+interface KubeAuth {
+  server: string;
+  headers: Record<string, string>;
+  tls: {
+    cert?: string;
+    key?: string;
+    ca?: string;
+    rejectUnauthorized?: boolean;
+  };
+}
+
+async function resolveKubeAuth(kc: KubeConfig): Promise<KubeAuth> {
+  const cluster = kc.getCurrentCluster();
+  if (!cluster) throw new SandboxError("No active cluster in kubeconfig");
+
+  // `applyToHTTPSOptions` mutates a plain options object, threading through the
+  // authenticator chain (token files, exec plugins, etc.). We harvest the bits
+  // we care about — headers (bearer/impersonation), cert/key/ca — and discard
+  // the `agent` it leaves behind since we route around node-fetch entirely.
+  const opts: Record<string, unknown> = {};
+  await kc.applyToHTTPSOptions(opts);
+
+  const headers: Record<string, string> = {};
+  const optHeaders = (opts.headers ?? {}) as Record<string, string | string[]>;
+  for (const [k, v] of Object.entries(optHeaders)) {
+    if (Array.isArray(v)) headers[k] = v.join(", ");
+    else if (v !== undefined) headers[k] = String(v);
+  }
+  if (typeof opts.auth === "string" && !headers.Authorization) {
+    headers.Authorization = `Basic ${Buffer.from(opts.auth).toString("base64")}`;
+  }
+
+  return {
+    server: cluster.server.replace(/\/+$/, ""),
+    headers,
+    tls: {
+      cert: bufferLike(opts.cert),
+      key: bufferLike(opts.key),
+      ca: bufferLike(opts.ca),
+      rejectUnauthorized: cluster.skipTLSVerify ? false : undefined,
+    },
+  };
+}
+
+function bufferLike(v: unknown): string | undefined {
+  if (v == null) return undefined;
+  if (typeof v === "string") return v;
+  if (Buffer.isBuffer(v)) return v.toString("utf8");
+  return String(v);
+}
+
+interface KubeFetchInit {
+  method: "GET" | "POST" | "DELETE" | "PATCH";
+  path: string;
+  body?: unknown;
+  signal?: AbortSignal;
+  /** Extra Accept / query hints. Merged with auth headers. */
+  headers?: Record<string, string>;
+  /**
+   * Required iff `method === "PATCH"`. Drives the patch content-type:
+   *   - `merge`           — RFC 7396 merge-patch (default; CRDs).
+   *   - `strategic-merge` — strategic-merge-patch (built-in types).
+   *   - `apply`           — Server-Side Apply (declarative; tracks field
+   *                         ownership via `?fieldManager=<name>`). Caller
+   *                         is responsible for appending `fieldManager`
+   *                         (and optionally `force=true`) to `path`.
+   */
+  patchType?: "merge" | "strategic-merge" | "apply";
+}
+
+/**
+ * Thin wrapper around `fetch` that threads TLS + auth from the kubeconfig.
+ * Returns the raw `Response` so streaming callers (watch) can consume the
+ * body themselves; non-streaming callers parse JSON explicitly.
+ *
+ * @internal Package-internal — re-exported only for sibling modules in this
+ *   directory (e.g. lifecycle-watcher) that need the same transport. Not
+ *   surfaced via `index.ts` and not part of the package's public API.
+ *   External consumers must use `proxyDaemonRequest` or the runner methods.
+ */
+export async function kubeFetch(
+  kc: KubeConfig,
+  init: KubeFetchInit,
+): Promise<Response> {
+  const auth = await resolveKubeAuth(kc);
+  const headers: Record<string, string> = { ...auth.headers, ...init.headers };
+  if (init.method === "PATCH") {
+    // SSA's canonical content-type is `application/apply-patch+yaml`; the
+    // API server treats JSON as a strict YAML subset, so we serialize the
+    // body as JSON and label it `+yaml` for compat with K8s <1.32 (the
+    // `+json` variant only landed in 1.32).
+    headers["content-type"] =
+      init.patchType === "apply"
+        ? "application/apply-patch+yaml"
+        : init.patchType === "strategic-merge"
+          ? "application/strategic-merge-patch+json"
+          : "application/merge-patch+json";
+  } else if (init.body !== undefined && !("content-type" in headers)) {
+    headers["content-type"] = "application/json";
+  }
+  const reqInit: RequestInit & { tls?: typeof auth.tls } = {
+    method: init.method,
+    headers,
+    body: init.body === undefined ? undefined : JSON.stringify(init.body),
+    signal: init.signal,
+    tls: auth.tls,
+  };
+  return fetch(`${auth.server}${init.path}`, reqInit as RequestInit);
+}
+
+/** HTTP error carrier used for the 404 fast-path before SandboxError wrapping. */
+class KubeHttpError extends Error {
+  constructor(
+    readonly status: number,
+    readonly body: V1Status | null,
+    message: string,
+  ) {
+    super(message);
+    this.name = "KubeHttpError";
+  }
+}
+
+async function readStatusBody(resp: Response): Promise<V1Status | null> {
+  try {
+    return (await resp.json()) as V1Status;
+  } catch {
+    return null;
+  }
+}
+
+async function ensureOk(resp: Response, action: string): Promise<void> {
+  if (resp.ok) return;
+  const body = await readStatusBody(resp);
+  const message =
+    body?.message ?? `${action} failed: ${resp.status} ${resp.statusText}`;
+  throw new KubeHttpError(resp.status, body, message);
+}
+
+/**
+ * Issue a kube call where 404 is *not* an error (the resource was already
+ * gone; mesh's next ensure() recreates it). On 404, returns `null`. On 2xx,
+ * returns the parsed JSON body — or `null` for callers that don't need it.
+ * All other errors are wrapped in `SandboxError` with `wrapMessage` as the
+ * surfaced label.
+ */
+async function callSwallowing404<T>(
+  kc: KubeConfig,
+  init: KubeFetchInit,
+  action: string,
+  wrapMessage: string,
+  parse: "json" | "none" = "none",
+): Promise<T | null> {
+  try {
+    const resp = await kubeFetch(kc, init);
+    if (resp.status === 404) return null;
+    await ensureOk(resp, action);
+    if (parse === "json") return (await resp.json()) as T;
+    return null;
+  } catch (error) {
+    throw new SandboxError(wrapMessage, error);
+  }
+}
+
+// ---- Public surface ---------------------------------------------------------
+
+const CLAIM_PATH_PREFIX = `/apis/${K8S_CONSTANTS.CLAIM_API_GROUP}/${K8S_CONSTANTS.CLAIM_API_VERSION}/namespaces`;
+
+export async function createSandboxClaim(
+  kc: KubeConfig,
+  namespace: string,
+  claim: SandboxClaim,
+): Promise<void> {
+  const path = `${CLAIM_PATH_PREFIX}/${encodeURIComponent(namespace)}/${K8S_CONSTANTS.CLAIM_PLURAL}`;
+  let resp: Response;
+  try {
+    resp = await kubeFetch(kc, { method: "POST", path, body: claim });
+  } catch (error) {
+    const causeMsg = error instanceof Error ? error.message : String(error);
+    console.warn(
+      `[agent-sandbox/client] createSandboxClaim ${claim.metadata.name} transport error: ${causeMsg}`,
+    );
+    throw new SandboxError(
+      `Failed to create SandboxClaim: ${claim.metadata.name} (transport error: ${causeMsg})`,
+      error,
+    );
+  }
+  if (resp.ok) return;
+  // The status + reason + message must reach the surface — when the user
+  // sees "Failed to create SandboxClaim" with no further context, we have no
+  // way to tell whether this was a 409 finalizer-drain race (recoverable),
+  // a 422 admission-webhook rejection (claim shape problem), a 403/RBAC, or
+  // a stuck-terminating claim that the operator never finishes deleting.
+  const body = await readStatusBody(resp);
+  const reason = body?.reason ? ` ${body.reason}` : "";
+  const detail = body?.message ?? resp.statusText;
+  const summary = `Failed to create SandboxClaim: ${claim.metadata.name} (${resp.status}${reason}: ${detail})`;
+  // Server-side log mirrors the surface error and adds the response body so
+  // operators triaging an incident can tell which K8s subsystem rejected
+  // the create even if the only artifact in front of them is the user's
+  // toast/MCP response.
+  console.warn(
+    `[agent-sandbox/client] createSandboxClaim ${claim.metadata.name} rejected: status=${resp.status} reason=${body?.reason ?? "<none>"} message=${detail}`,
+  );
+  // 409 is split out so the runner can wait for the still-terminating prior
+  // claim to drain finalizers and retry. This is the canonical race when the
+  // operator's idle-TTL just reaped a claim and mesh's next ensure() hits
+  // before the resource is fully GC'd. Stuck-finalizer cases also surface as
+  // 409 but never recover from a wait — those need operator intervention.
+  if (resp.status === 409) {
+    throw new SandboxAlreadyExistsError(summary);
+  }
+  throw new SandboxError(summary);
+}
+
+/**
+ * Poll until the named SandboxClaim no longer exists in the API server (i.e.
+ * its DELETE has drained all finalizers and the API server has GC'd the
+ * resource). Returns immediately if the claim is already gone.
+ *
+ * The agent-sandbox operator's idle-TTL deletes the claim, but pod teardown +
+ * any per-claim finalizers can take several seconds. Recreating during that
+ * window 409s; this helper bridges the gap so the runner's recreate path is
+ * deterministic instead of probabilistic. Polling at 500ms keeps the recovery
+ * latency low without hammering the API server (≤120 requests over a 60s
+ * window).
+ */
+export async function waitForSandboxClaimGone(
+  kc: KubeConfig,
+  namespace: string,
+  claimName: string,
+  timeoutMs = 60_000,
+): Promise<void> {
+  const deadline = Date.now() + timeoutMs;
+  const intervalMs = 500;
+  let lastClaim: SandboxResource | undefined;
+  while (true) {
+    const claim = await getSandboxClaim(kc, namespace, claimName).catch(
+      () => undefined,
+    );
+    if (!claim) return;
+    lastClaim = claim;
+    if (Date.now() >= deadline) {
+      // Include the deletionTimestamp + finalizer set in the error: a
+      // stuck finalizer is the most plausible non-recoverable cause and
+      // distinguishes "operator is slow" from "operator dropped the claim
+      // on the floor and won't ever finish".
+      const finalizers = lastClaim.metadata?.finalizers ?? [];
+      const since = lastClaim.metadata?.deletionTimestamp ?? "<unknown>";
+      throw new SandboxTimeoutError(
+        `SandboxClaim ${claimName} still terminating after ${timeoutMs}ms (deletionTimestamp=${since}, finalizers=[${finalizers.join(", ")}])`,
+      );
+    }
+    await new Promise((resolve) => setTimeout(resolve, intervalMs));
+  }
+}
+
+function claimPath(namespace: string, claimName: string): string {
+  return `${CLAIM_PATH_PREFIX}/${encodeURIComponent(namespace)}/${K8S_CONSTANTS.CLAIM_PLURAL}/${encodeURIComponent(claimName)}`;
+}
+
+/**
+ * Update the claim's idle-reap clock. The agent-sandbox operator honors
+ * `spec.lifecycle.shutdownTime` with `shutdownPolicy: Delete`: once the
+ * wall clock passes `shutdownTime`, the operator deletes the claim + pod.
+ *
+ * Mesh calls this on every `ensure()` hit so an active sandbox continuously
+ * pushes its deadline forward; an abandoned one hits the deadline and the
+ * operator reaps it. No mesh-side cron/reconcile needed.
+ *
+ * Uses merge-patch (RFC 7396), which is the documented patch format for
+ * CRDs — strategic-merge only works on built-in types that ship merge
+ * keys. 404 is swallowed because a deleted-since-lookup claim is not an
+ * error from mesh's perspective; the caller's next ensure() will
+ * re-provision.
+ */
+export async function patchSandboxClaimShutdown(
+  kc: KubeConfig,
+  namespace: string,
+  claimName: string,
+  shutdownTime: string,
+): Promise<void> {
+  await callSwallowing404(
+    kc,
+    {
+      method: "PATCH",
+      path: claimPath(namespace, claimName),
+      patchType: "merge",
+      body: {
+        spec: { lifecycle: { shutdownPolicy: "Delete", shutdownTime } },
+      },
+    },
+    "patchSandboxClaimShutdown",
+    `Failed to patch SandboxClaim shutdownTime: ${claimName}`,
+  );
+}
+
+export async function deleteSandboxClaim(
+  kc: KubeConfig,
+  namespace: string,
+  claimName: string,
+): Promise<void> {
+  await callSwallowing404(
+    kc,
+    { method: "DELETE", path: claimPath(namespace, claimName) },
+    "deleteSandboxClaim",
+    `Failed to delete SandboxClaim: ${claimName}`,
+  );
+}
+
+export async function getSandboxClaim(
+  kc: KubeConfig,
+  namespace: string,
+  claimName: string,
+): Promise<SandboxResource | undefined> {
+  const found = await callSwallowing404<SandboxResource>(
+    kc,
+    { method: "GET", path: claimPath(namespace, claimName) },
+    "getSandboxClaim",
+    `Failed to get SandboxClaim: ${claimName}`,
+    "json",
+  );
+  return found ?? undefined;
+}
+
+/**
+ * Poll the SandboxClaim until `status.sandbox.name` is populated, returning
+ * the bound Sandbox's name. The operator (v0.4.x) writes this in two paths:
+ * cold-start (claim's own template-rendered Sandbox, name == claim name)
+ * and warm-pool adoption (an existing pool Sandbox, name = pool pod's
+ * generated name). Mesh must use this value, not the claim name, because
+ * the v0.4.x adoption reconciler has a status-update conflict race that
+ * sometimes also creates a stray same-named cold-path Sandbox alongside
+ * the adopted pool one — only `status.sandbox.name` points at the
+ * actually-bound pod.
+ *
+ * Polling beats a watch here because the status field flips a single time
+ * shortly after claim creation; a long-lived stream isn't worth the
+ * complexity for a sub-second wait. Default timeout 60s tolerates a
+ * controller-pod restart in the middle of the create.
+ */
+export async function waitForClaimAdoptedSandbox(
+  kc: KubeConfig,
+  namespace: string,
+  claimName: string,
+  timeoutSeconds = 60,
+): Promise<string> {
+  const deadline = Date.now() + timeoutSeconds * 1000;
+  const intervalMs = 200;
+  while (Date.now() < deadline) {
+    const claim = await getSandboxClaim(kc, namespace, claimName).catch(
+      () => undefined,
+    );
+    const name = claim?.status?.sandbox?.name;
+    if (name) return name;
+    await new Promise((r) => setTimeout(r, intervalMs));
+  }
+  throw new SandboxTimeoutError(
+    `SandboxClaim ${claimName} did not record an adopted Sandbox (status.sandbox.name) within ${timeoutSeconds}s`,
+  );
+}
+
+// ---- HTTPRoute (Gateway API) ------------------------------------------------
+
+/**
+ * Minimal HTTPRoute shape for per-claim preview routing. Mirrors the v1
+ * Gateway API surface, scoped to the fields the runner writes — listener
+ * attachment via `parentRefs`, exact-host match via `hostnames`, and a
+ * single same-namespace `backendRefs` to the operator-created Service.
+ *
+ * Cross-namespace backendRefs are deliberately not modeled: HTTPRoute and
+ * Service both live in `agent-sandbox-system`, which avoids the
+ * ReferenceGrant dance.
+ */
+export interface HttpRoute {
+  apiVersion: string;
+  kind: "HTTPRoute";
+  metadata: {
+    name: string;
+    namespace?: string;
+    labels?: Record<string, string>;
+    annotations?: Record<string, string>;
+  };
+  spec: {
+    parentRefs: Array<{
+      kind?: "Gateway";
+      group?: "gateway.networking.k8s.io";
+      name: string;
+      namespace: string;
+      sectionName?: string;
+    }>;
+    hostnames: string[];
+    rules: Array<{
+      backendRefs: Array<{
+        group?: "";
+        kind?: "Service";
+        name: string;
+        port: number;
+      }>;
+    }>;
+  };
+}
+
+const HTTPROUTE_API_GROUP = "gateway.networking.k8s.io";
+const HTTPROUTE_API_VERSION = "v1";
+const HTTPROUTE_PLURAL = "httproutes";
+const HTTPROUTE_PATH_PREFIX = `/apis/${HTTPROUTE_API_GROUP}/${HTTPROUTE_API_VERSION}/namespaces`;
+
+function httpRoutePath(namespace: string, routeName: string): string {
+  return `${HTTPROUTE_PATH_PREFIX}/${encodeURIComponent(namespace)}/${HTTPROUTE_PLURAL}/${encodeURIComponent(routeName)}`;
+}
+
+function httpRouteCollectionPath(namespace: string): string {
+  return `${HTTPROUTE_PATH_PREFIX}/${encodeURIComponent(namespace)}/${HTTPROUTE_PLURAL}`;
+}
+
+/**
+ * Create an HTTPRoute. 409 (AlreadyExists) is swallowed because the runner
+ * calls this from both the fresh-provision path and the adopt-backfill
+ * path — a pre-existing route from an earlier provision attempt is the
+ * intended steady state, not an error.
+ */
+export async function createHttpRoute(
+  kc: KubeConfig,
+  namespace: string,
+  route: HttpRoute,
+): Promise<void> {
+  try {
+    const resp = await kubeFetch(kc, {
+      method: "POST",
+      path: httpRouteCollectionPath(namespace),
+      body: route,
+    });
+    if (resp.status === 409) return;
+    await ensureOk(resp, "createHttpRoute");
+  } catch (error) {
+    if (error instanceof KubeHttpError && error.status === 409) return;
+    throw new SandboxError(
+      `Failed to create HTTPRoute: ${route.metadata.name}`,
+      error,
+    );
+  }
+}
+
+export async function deleteHttpRoute(
+  kc: KubeConfig,
+  namespace: string,
+  routeName: string,
+): Promise<void> {
+  await callSwallowing404(
+    kc,
+    { method: "DELETE", path: httpRoutePath(namespace, routeName) },
+    "deleteHttpRoute",
+    `Failed to delete HTTPRoute: ${routeName}`,
+  );
+}
+
+export async function getHttpRoute(
+  kc: KubeConfig,
+  namespace: string,
+  routeName: string,
+): Promise<HttpRoute | undefined> {
+  const found = await callSwallowing404<HttpRoute>(
+    kc,
+    { method: "GET", path: httpRoutePath(namespace, routeName) },
+    "getHttpRoute",
+    `Failed to get HTTPRoute: ${routeName}`,
+    "json",
+  );
+  return found ?? undefined;
+}
+
+export const HTTPROUTE_CONSTANTS = {
+  API_GROUP: HTTPROUTE_API_GROUP,
+  API_VERSION: HTTPROUTE_API_VERSION,
+  PLURAL: HTTPROUTE_PLURAL,
+} as const;
+
+// ---- Service port patching -------------------------------------------------
+
+/**
+ * Field-manager identity asserted on Server-Side Apply calls. K8s tracks
+ * ownership per-field by this string; reusing it across calls (and across
+ * mesh restarts) is what lets the second SSA see "I already own ports[]"
+ * and treat it as a no-op rather than a conflict.
+ */
+const SSA_FIELD_MANAGER = "mesh-sandbox-runner";
+
+/**
+ * Server-Side Apply a single named port onto a core Service. Establishes
+ * `mesh-sandbox-runner` as the field manager for `spec.ports[name=daemon]`,
+ * which prevents the operator's reconciler from silently reverting the
+ * field on its next pass.
+ *
+ * Why this exists: agent-sandbox v0.4.x creates per-Sandbox Services with
+ * `spec.ports: []` — the operator assumes callers reach pods via direct
+ * pod-IP DNS (`<pod>.<svc>.<ns>.svc.cluster.local`). Istio's k8s service
+ * registry only builds an upstream cluster when the Service has at least
+ * one declared port. With an empty ports list, an HTTPRoute backed by that
+ * Service is "Accepted" by the gateway controller but routes to nowhere:
+ * Envoy returns 500 with no body, which the browser misreports as a CORS
+ * error (because the empty 500 also has no `access-control-allow-origin`).
+ *
+ * Why SSA over strategic-merge-patch:
+ *   - SSA establishes mesh as the *owner* of `spec.ports`. If a future
+ *     operator revision performs a full Update of the Service (Get →
+ *     mutate → Put), the API server rejects the conflicting write unless
+ *     the operator explicitly forces — which would surface in operator
+ *     logs as a managed-fields conflict rather than silently breaking
+ *     routing in production.
+ *   - Re-applying the same body is a guaranteed no-op (the API server
+ *     diffs against our recorded managed-fields), so the call is safe
+ *     to issue from both fresh provision and adopt-backfill paths
+ *     without any caller-side "already applied?" check.
+ *
+ * `force=true` is set so the *first* apply takes ownership even if the
+ * operator initially set `ports: []` under its own field manager. After
+ * the first call, the API server records us as the owner and subsequent
+ * applies are no-ops.
+ *
+ * 404 is NOT swallowed: a missing Service when we expected one indicates
+ * a race against operator Service creation, which the caller should
+ * surface and potentially retry.
+ */
+export async function ensureServicePort(
+  kc: KubeConfig,
+  namespace: string,
+  serviceName: string,
+  port: {
+    name: string;
+    port: number;
+    targetPort: number;
+    protocol?: "TCP" | "UDP";
+  },
+): Promise<void> {
+  // SSA requires apiVersion + kind + metadata.name in the body so the API
+  // server can resolve the target type without reading it from the path.
+  const body = {
+    apiVersion: "v1",
+    kind: "Service",
+    metadata: { name: serviceName },
+    spec: {
+      ports: [
+        {
+          name: port.name,
+          port: port.port,
+          targetPort: port.targetPort,
+          protocol: port.protocol ?? "TCP",
+        },
+      ],
+    },
+  };
+  const query = new URLSearchParams({
+    fieldManager: SSA_FIELD_MANAGER,
+    force: "true",
+  });
+  const path = `/api/v1/namespaces/${encodeURIComponent(namespace)}/services/${encodeURIComponent(serviceName)}?${query}`;
+  try {
+    const resp = await kubeFetch(kc, {
+      method: "PATCH",
+      path,
+      patchType: "apply",
+      body,
+    });
+    await ensureOk(resp, "ensureServicePort");
+  } catch (error) {
+    throw new SandboxError(
+      `Failed to apply Service ports: ${serviceName}`,
+      error,
+    );
+  }
+}
+
+export interface WaitForSandboxReadyResult {
+  sandboxName: string;
+  podName: string;
+}
+
+/**
+ * Resolves on the first `Ready=True` condition on the Sandbox matching
+ * `claimName`; rejects on stream error, missing name metadata, or timeout.
+ * The watch is aborted exactly once via `settle()`; callers get deterministic
+ * teardown regardless of which branch fires first.
+ */
+export function waitForSandboxReady(
+  kc: KubeConfig,
+  namespace: string,
+  claimName: string,
+  timeoutSeconds = 180,
+): Promise<WaitForSandboxReadyResult> {
+  const path = `/apis/${K8S_CONSTANTS.SANDBOX_API_GROUP}/${K8S_CONSTANTS.SANDBOX_API_VERSION}/namespaces/${encodeURIComponent(namespace)}/${K8S_CONSTANTS.SANDBOX_PLURAL}?watch=true&fieldSelector=${encodeURIComponent(`metadata.name=${claimName}`)}`;
+
+  const { resolve, reject, promise } =
+    Promise.withResolvers<WaitForSandboxReadyResult>();
+
+  const controller = new AbortController();
+  let settled = false;
+  const timeoutHandle = setTimeout(() => {
+    if (settled) return;
+    settled = true;
+    controller.abort();
+    reject(
+      new SandboxTimeoutError(
+        `Sandbox did not become ready within ${timeoutSeconds} seconds`,
+      ),
+    );
+  }, timeoutSeconds * 1000);
+
+  const settleWith = (fn: () => void) => {
+    if (settled) return;
+    settled = true;
+    clearTimeout(timeoutHandle);
+    controller.abort();
+    fn();
+  };
+
+  (async () => {
+    let resp: Response;
+    try {
+      resp = await kubeFetch(kc, {
+        method: "GET",
+        path,
+        signal: controller.signal,
+        headers: { accept: "application/json" },
+      });
+    } catch (err) {
+      settleWith(() =>
+        reject(
+          new SandboxError("Failed to start watch for sandbox readiness", err),
+        ),
+      );
+      return;
+    }
+
+    if (!resp.ok || !resp.body) {
+      const body = await readStatusBody(resp).catch(() => null);
+      settleWith(() =>
+        reject(
+          new SandboxError(
+            `Watch handshake failed (${resp.status}): ${body?.message ?? resp.statusText}`,
+          ),
+        ),
+      );
+      return;
+    }
+
+    try {
+      for await (const event of readNdJson<WatchEvent>(resp.body)) {
+        if (settled) return;
+        // Bookmark/ERROR/DELETED are never a "ready" signal. ERROR carries a
+        // V1Status payload rather than a SandboxResource; treating it as a
+        // fatal stream error mirrors client-go's behaviour.
+        if (event.type === "ERROR") {
+          const status = event.object as V1Status;
+          settleWith(() =>
+            reject(
+              new SandboxError(
+                `Watch stream error while waiting for sandbox: ${status.message ?? "unknown"}`,
+              ),
+            ),
+          );
+          return;
+        }
+        if (event.type !== "ADDED" && event.type !== "MODIFIED") continue;
+
+        const sandbox = event.object as SandboxResource;
+        const ready = sandbox.status?.conditions?.find(
+          (c) => c.type === "Ready" && c.status === "True",
+        );
+        if (!ready) continue;
+
+        const sandboxName = sandbox.metadata?.name;
+        if (!sandboxName) {
+          settleWith(() =>
+            reject(new SandboxError("Sandbox metadata or name is missing")),
+          );
+          return;
+        }
+        const podName =
+          sandbox.metadata?.annotations?.[K8S_CONSTANTS.POD_NAME_ANNOTATION] ??
+          sandboxName;
+        settleWith(() => resolve({ sandboxName, podName }));
+        return;
+      }
+      // Stream ended before Ready observed — treat as transient failure so the
+      // caller can retry rather than wait out the timeout.
+      settleWith(() =>
+        reject(
+          new SandboxError("Watch stream closed before sandbox became ready"),
+        ),
+      );
+    } catch (err) {
+      if (settled) return;
+      // AbortError during in-flight stream is the timeout path above; don't
+      // double-reject.
+      if (
+        err instanceof Error &&
+        (err.name === "AbortError" || controller.signal.aborted)
+      )
+        return;
+      settleWith(() =>
+        reject(
+          new SandboxError("Watch stream error while waiting for sandbox", err),
+        ),
+      );
+    }
+  })();
+
+  return promise;
+}
+
+/**
+ * ND-JSON line reader over a WHATWG ReadableStream.
+ *
+ * @internal Package-internal — sibling modules (lifecycle-watcher) consume the
+ *   same kube watch streams and parse them this way. Not exposed via
+ *   `index.ts` and not part of the package's public API.
+ */
+export async function* readNdJson<T>(
+  stream: ReadableStream<Uint8Array>,
+): AsyncGenerator<T, void, unknown> {
+  const reader = stream.getReader();
+  const decoder = new TextDecoder();
+  let buf = "";
+  try {
+    while (true) {
+      const { value, done } = await reader.read();
+      if (done) break;
+      buf += decoder.decode(value, { stream: true });
+      let newline: number;
+      // biome-ignore lint/suspicious/noAssignInExpressions: idiomatic line loop
+      while ((newline = buf.indexOf("\n")) >= 0) {
+        const line = buf.slice(0, newline).trim();
+        buf = buf.slice(newline + 1);
+        if (!line) continue;
+        yield JSON.parse(line) as T;
+      }
+    }
+    const tail = buf.trim();
+    if (tail) yield JSON.parse(tail) as T;
+  } finally {
+    reader.releaseLock();
+  }
+}
diff --git a/packages/sandbox/server/runner/agent-sandbox/constants.ts b/packages/sandbox/server/runner/agent-sandbox/constants.ts
new file mode 100644
index 0000000000..c79a95225e
--- /dev/null
+++ b/packages/sandbox/server/runner/agent-sandbox/constants.ts
@@ -0,0 +1,51 @@
+/**
+ * agent-sandbox CRD identifiers + error classes. Pinned verbatim from
+ * kubernetes-sigs/agent-sandbox via deco-cx/admin/clients/agent-sandbox/types.ts.
+ * When the operator widens to a new API version, change here once — every
+ * call site reads through these constants.
+ */
+
+export const K8S_CONSTANTS = {
+  CLAIM_API_GROUP: "extensions.agents.x-k8s.io",
+  CLAIM_API_VERSION: "v1alpha1",
+  CLAIM_PLURAL: "sandboxclaims",
+
+  SANDBOX_API_GROUP: "agents.x-k8s.io",
+  SANDBOX_API_VERSION: "v1alpha1",
+  SANDBOX_PLURAL: "sandboxes",
+
+  POD_NAME_ANNOTATION: "agents.x-k8s.io/pod-name",
+} as const;
+
+export class SandboxError extends Error {
+  override readonly cause?: unknown;
+
+  constructor(message: string, cause?: unknown) {
+    super(message);
+    this.name = "SandboxError";
+    this.cause = cause;
+    if (cause instanceof Error && cause.stack) {
+      this.stack = `${this.stack}\nCaused by: ${cause.stack}`;
+    }
+  }
+}
+
+export class SandboxTimeoutError extends SandboxError {
+  constructor(message: string, cause?: unknown) {
+    super(message, cause);
+    this.name = "SandboxTimeoutError";
+  }
+}
+
+/**
+ * Surfaced when the API server rejects a SandboxClaim create with 409
+ * AlreadyExists — typically because the operator's idle-TTL deletion of a
+ * prior claim is still draining finalizers when mesh tries to recreate.
+ * Callers wait for the resource to fully disappear and retry.
+ */
+export class SandboxAlreadyExistsError extends SandboxError {
+  constructor(message: string, cause?: unknown) {
+    super(message, cause);
+    this.name = "SandboxAlreadyExistsError";
+  }
+}
diff --git a/packages/sandbox/server/runner/agent-sandbox/index.ts b/packages/sandbox/server/runner/agent-sandbox/index.ts
new file mode 100644
index 0000000000..6b15e084a2
--- /dev/null
+++ b/packages/sandbox/server/runner/agent-sandbox/index.ts
@@ -0,0 +1,27 @@
+// Re-exported so external tooling can build a KubeConfig without
+// declaring @kubernetes/client-node itself.
+export { KubeConfig } from "@kubernetes/client-node";
+export { K8S_CONSTANTS, SandboxError, SandboxTimeoutError } from "./constants";
+export {
+  createHttpRoute,
+  createSandboxClaim,
+  deleteHttpRoute,
+  deleteSandboxClaim,
+  getHttpRoute,
+  getSandboxClaim,
+  HTTPROUTE_CONSTANTS,
+  waitForSandboxReady,
+} from "./client";
+export type {
+  HttpRoute,
+  SandboxClaim,
+  SandboxClaimEnvVar,
+  SandboxCondition,
+  SandboxResource,
+} from "./client";
+export { AgentSandboxRunner } from "./runner";
+export type { AgentSandboxRunnerOptions } from "./runner";
+// Lifecycle types live in their own module (no K8s deps) so type-only
+// consumers — notably the studio web bundle — can import them safely.
+export type { ClaimFailureReason, ClaimPhase } from "./lifecycle-types";
+export type { WatchClaimLifecycleOptions } from "./lifecycle-watcher";
diff --git a/packages/sandbox/server/runner/agent-sandbox/lifecycle-types.ts b/packages/sandbox/server/runner/agent-sandbox/lifecycle-types.ts
new file mode 100644
index 0000000000..c22eb42865
--- /dev/null
+++ b/packages/sandbox/server/runner/agent-sandbox/lifecycle-types.ts
@@ -0,0 +1,8 @@
+/**
+ * Re-export from the runner-root lifecycle types module. Kept for back-compat
+ * with consumers that import via `@decocms/sandbox/runner/agent-sandbox`
+ * (notably the studio web bundle's vm-events context). New code should import
+ * from `@decocms/sandbox/runner`.
+ */
+
+export type { ClaimFailureReason, ClaimPhase } from "../lifecycle-types";
diff --git a/packages/sandbox/server/runner/agent-sandbox/lifecycle-watcher.test.ts b/packages/sandbox/server/runner/agent-sandbox/lifecycle-watcher.test.ts
new file mode 100644
index 0000000000..fd9d73e1ed
--- /dev/null
+++ b/packages/sandbox/server/runner/agent-sandbox/lifecycle-watcher.test.ts
@@ -0,0 +1,272 @@
+/**
+ * Reducer tests for the claim lifecycle watcher.
+ *
+ * The watch transports (kubeFetch + ndjson) are exercised end-to-end by the
+ * existing client.test.ts and by integration runs against a real cluster.
+ * What's worth unit-testing here is the pure phase reducer — it's the part
+ * that encodes the contract between observed K8s state and what the user
+ * sees, and it's the part most likely to grow new branches as we learn more
+ * failure modes.
+ */
+
+import { describe, expect, it } from "bun:test";
+import { derivePhase } from "./lifecycle-watcher";
+import type { ClaimPhase } from "./lifecycle-types";
+
+type State = Parameters<typeof derivePhase>[0];
+
+const T0 = 1_000_000;
+const fixedNow =
+  (t = T0) =>
+  () =>
+    t;
+
+function baseState(): State {
+  return {
+    pod: {},
+    sandbox: {},
+    events: { hasPulling: false, hasPulled: false },
+    startedAt: T0,
+  };
+}
+
+const TIMEOUT_MS = 5 * 60 * 1000;
+
+describe("derivePhase", () => {
+  it("defaults to claiming when nothing is observed", () => {
+    const phase = derivePhase(baseState(), TIMEOUT_MS, fixedNow());
+    expect(phase.kind).toBe("claiming");
+  });
+
+  it("ready trumps everything when Sandbox.Ready=True", () => {
+    const state = baseState();
+    state.sandbox.ready = true;
+    // Stuff conflicting signals in to make sure they're ignored.
+    state.pod.containerWaitingReason = "ImagePullBackOff";
+    state.events.lastFailedSchedulingAt = T0;
+    const phase = derivePhase(state, TIMEOUT_MS, fixedNow());
+    expect(phase.kind).toBe("ready");
+  });
+
+  it("waits for capacity when PodScheduled=False", () => {
+    const state = baseState();
+    state.pod.scheduled = false;
+    state.pod.scheduledFalseReason = "Unschedulable";
+    state.pod.scheduledFalseMessage = "0/15 nodes are available";
+    const phase = derivePhase(state, TIMEOUT_MS, fixedNow());
+    expect(phase.kind).toBe("waiting-for-capacity");
+    if (phase.kind === "waiting-for-capacity") {
+      expect(phase.message).toBe("0/15 nodes are available");
+    }
+  });
+
+  it("waits for capacity when only a FailedScheduling event has been seen", () => {
+    const state = baseState();
+    state.events.lastFailedSchedulingAt = T0;
+    state.events.failedSchedulingMessage = "Insufficient memory";
+    const phase = derivePhase(state, TIMEOUT_MS, fixedNow());
+    expect(phase.kind).toBe("waiting-for-capacity");
+    if (phase.kind === "waiting-for-capacity") {
+      expect(phase.message).toBe("Insufficient memory");
+    }
+  });
+
+  it("surfaces karpenter nodeClaim hint inside waiting-for-capacity", () => {
+    const state = baseState();
+    state.pod.scheduledFalseReason = "Unschedulable";
+    state.events.nominatedNodeClaim = "sandbox-fr6gf";
+    const phase = derivePhase(state, TIMEOUT_MS, fixedNow());
+    expect(phase.kind).toBe("waiting-for-capacity");
+    if (phase.kind === "waiting-for-capacity") {
+      expect(phase.nodeClaim).toBe("sandbox-fr6gf");
+    }
+  });
+
+  it("emits pulling-image when Pulling has been observed but not Pulled", () => {
+    const state = baseState();
+    state.pod.scheduled = true;
+    state.events.hasPulling = true;
+    const phase = derivePhase(state, TIMEOUT_MS, fixedNow());
+    expect(phase.kind).toBe("pulling-image");
+  });
+
+  it("emits starting-container when ContainerCreating + Pulled", () => {
+    const state = baseState();
+    state.pod.scheduled = true;
+    state.pod.containerWaitingReason = "ContainerCreating";
+    state.events.hasPulling = true;
+    state.events.hasPulled = true;
+    const phase = derivePhase(state, TIMEOUT_MS, fixedNow());
+    expect(phase.kind).toBe("starting-container");
+  });
+
+  it("emits starting-container on ContainerCreating even without a Pulled event (cached image)", () => {
+    // Real karpenter case: image is already on the node so kubelet skips
+    // straight from ContainerCreating to running, and the `Pulled` event
+    // either lags the container-status update or arrives as "image already
+    // present on machine" without a prior `Pulling`. Either way the user
+    // wants to see `starting-container`, not stay pinned at the prior phase.
+    const state = baseState();
+    state.pod.scheduled = true;
+    state.pod.containerWaitingReason = "ContainerCreating";
+    const phase = derivePhase(state, TIMEOUT_MS, fixedNow());
+    expect(phase.kind).toBe("starting-container");
+  });
+
+  it("emits starting-container on PodInitializing", () => {
+    const state = baseState();
+    state.pod.scheduled = true;
+    state.pod.containerWaitingReason = "PodInitializing";
+    const phase = derivePhase(state, TIMEOUT_MS, fixedNow());
+    expect(phase.kind).toBe("starting-container");
+  });
+
+  it("emits starting-container after schedule even before kubelet reports a containerStatus", () => {
+    // Brief window between PodScheduled=True and the first containerStatus
+    // tick. Without this branch we'd fall through to `claiming` and the
+    // generator's monotonic floor would pin us at the prior
+    // `waiting-for-capacity` for the entire ContainerCreating window.
+    const state = baseState();
+    state.pod.scheduled = true;
+    const phase = derivePhase(state, TIMEOUT_MS, fixedNow());
+    expect(phase.kind).toBe("starting-container");
+  });
+
+  it("emits warming-daemon when container is running but not yet ready", () => {
+    const state = baseState();
+    state.pod.scheduled = true;
+    state.pod.containerRunning = true;
+    state.pod.containerReady = false;
+    const phase = derivePhase(state, TIMEOUT_MS, fixedNow());
+    expect(phase.kind).toBe("warming-daemon");
+  });
+
+  it("ignores warming-daemon when container is also ready (sandbox-ready takes over via separate signal)", () => {
+    // The Sandbox CR's Ready=True is the canonical readiness; container.ready
+    // alone (without sandbox.ready) shouldn't be treated as terminal because
+    // there's still ~the Service patch + HTTPRoute mint window before the
+    // operator flips Ready=True. Keep emitting warming-daemon until
+    // sandbox.ready arrives.
+    const state = baseState();
+    state.pod.scheduled = true;
+    state.pod.containerRunning = true;
+    state.pod.containerReady = true;
+    const phase = derivePhase(state, TIMEOUT_MS, fixedNow());
+    // containerReady=true means the reducer falls through warming-daemon
+    // (running && !ready is false) — it doesn't auto-terminate. The next
+    // best signal is the events/scheduling state. With a scheduled pod and
+    // no waiting reason, that resolves to claiming (no other signals set).
+    expect(phase.kind).toBe("claiming");
+  });
+
+  it("fails on ImagePullBackOff", () => {
+    const state = baseState();
+    state.pod.containerWaitingReason = "ImagePullBackOff";
+    const phase = derivePhase(state, TIMEOUT_MS, fixedNow());
+    expect(phase.kind).toBe("failed");
+    if (phase.kind === "failed") {
+      expect(phase.reason).toBe("image-pull-backoff");
+    }
+  });
+
+  it("fails on ErrImagePull", () => {
+    const state = baseState();
+    state.pod.containerWaitingReason = "ErrImagePull";
+    const phase = derivePhase(state, TIMEOUT_MS, fixedNow());
+    expect(phase.kind).toBe("failed");
+    if (phase.kind === "failed") {
+      expect(phase.reason).toBe("image-pull-backoff");
+    }
+  });
+
+  it("fails on CrashLoopBackOff", () => {
+    const state = baseState();
+    state.pod.containerWaitingReason = "CrashLoopBackOff";
+    const phase = derivePhase(state, TIMEOUT_MS, fixedNow());
+    expect(phase.kind).toBe("failed");
+    if (phase.kind === "failed") {
+      expect(phase.reason).toBe("crash-loop-backoff");
+    }
+  });
+
+  it("fails on scheduling-timeout only after FailedScheduling AND elapsed > timeout", () => {
+    const state = baseState();
+    state.events.lastFailedSchedulingAt = T0;
+    state.events.failedSchedulingMessage = "0/15 nodes are available";
+    // Just below the timeout — still waiting-for-capacity.
+    const stillWaiting = derivePhase(
+      state,
+      TIMEOUT_MS,
+      fixedNow(T0 + TIMEOUT_MS - 1),
+    );
+    expect(stillWaiting.kind).toBe("waiting-for-capacity");
+    // Just above — flips to failed.
+    const failed = derivePhase(
+      state,
+      TIMEOUT_MS,
+      fixedNow(T0 + TIMEOUT_MS + 1),
+    );
+    expect(failed.kind).toBe("failed");
+    if (failed.kind === "failed") {
+      expect(failed.reason).toBe("scheduling-timeout");
+      expect(failed.message).toContain("0/15 nodes are available");
+    }
+  });
+
+  it("does NOT scheduling-timeout without a FailedScheduling event", () => {
+    // Slow PodScheduled=True transition shouldn't be misread as a timeout.
+    const state = baseState();
+    const phase = derivePhase(
+      state,
+      TIMEOUT_MS,
+      fixedNow(T0 + TIMEOUT_MS * 10),
+    );
+    expect(phase.kind).toBe("claiming");
+  });
+});
+
+describe("watchClaimLifecycle progression (sequenced by reducer)", () => {
+  // End-to-end progression covering the realistic happy path observed on
+  // staging:
+  //   claim posted → unschedulable → karpenter nominates → pulling →
+  //   pulled+creating → running-not-ready → ready
+  it("walks the happy karpenter path", () => {
+    const state = baseState();
+    const seen: ClaimPhase["kind"][] = [];
+    const observe = () => {
+      const phase = derivePhase(state, TIMEOUT_MS, fixedNow());
+      const last = seen[seen.length - 1];
+      if (last !== phase.kind) seen.push(phase.kind);
+    };
+
+    observe(); // claiming
+    state.pod.scheduledFalseReason = "Unschedulable";
+    state.events.lastFailedSchedulingAt = T0;
+    state.events.failedSchedulingMessage = "0/15 nodes are available";
+    observe(); // waiting-for-capacity
+    state.events.nominatedNodeClaim = "sandbox-fr6gf";
+    observe(); // still waiting-for-capacity (nodeClaim doesn't change phase kind)
+    state.pod.scheduled = true;
+    state.pod.scheduledFalseReason = undefined;
+    state.events.hasPulling = true;
+    observe(); // pulling-image
+    state.pod.containerWaitingReason = "ContainerCreating";
+    state.events.hasPulled = true;
+    observe(); // starting-container
+    state.pod.containerWaitingReason = undefined;
+    state.pod.containerRunning = true;
+    state.pod.containerReady = false;
+    observe(); // warming-daemon
+    state.sandbox.ready = true;
+    observe(); // ready
+
+    expect(seen).toEqual([
+      "claiming",
+      "waiting-for-capacity",
+      "pulling-image",
+      "starting-container",
+      "warming-daemon",
+      "ready",
+    ]);
+  });
+});
diff --git a/packages/sandbox/server/runner/agent-sandbox/lifecycle-watcher.ts b/packages/sandbox/server/runner/agent-sandbox/lifecycle-watcher.ts
new file mode 100644
index 0000000000..3332050fea
--- /dev/null
+++ b/packages/sandbox/server/runner/agent-sandbox/lifecycle-watcher.ts
@@ -0,0 +1,767 @@
+/**
+ * Per-claim lifecycle watcher for agent-sandbox SandboxClaims.
+ *
+ * Bridges the visibility gap between `VM_START` posting a SandboxClaim and
+ * the daemon SSE coming online. Synthesizes a coarse phase signal from
+ * three K8s primitives:
+ *
+ *   - the Pod (label-selected by `studio.decocms.com/sandbox-handle`),
+ *   - kubelet/scheduler Events on that Pod,
+ *   - the Sandbox CR (Ready condition),
+ *
+ * and emits a typed `ClaimPhase` whenever the inferred phase changes.
+ *
+ * Single-claim design: one set of watches per subscriber. Lifecycle SSEs
+ * are short-lived (~30–120s) so the cost of opening per-claim streams is
+ * dominated by the time-to-Ready rather than informer overhead. Avoids the
+ * complexity of a shared namespace informer with demux + ref counting.
+ *
+ * Phase derivation (in order of monotonic forward progress, only the first
+ * matching rule applies):
+ *
+ *   ready              – Sandbox CR has condition Ready=True.
+ *   failed             – Pod's main container is in ImagePullBackOff /
+ *                        ErrImagePull / CrashLoopBackOff, OR scheduling
+ *                        has been failing past `schedulingTimeoutMs`.
+ *   warming-daemon     – Container is running but not yet Ready.
+ *   starting-container – Image is pulled; container is being created.
+ *   pulling-image      – Pull in flight (Pulling event, no Pulled yet).
+ *   waiting-for-capacity
+ *                      – PodScheduled=False with reason `Unschedulable`,
+ *                        or a recent `FailedScheduling` event.
+ *   claiming           – Default: SandboxClaim posted, no Pod yet.
+ *
+ * Container name `sandbox` and pod label `studio.decocms.com/sandbox-handle`
+ * are mesh conventions verified against the running cluster — do not rely
+ * on operator-set labels (e.g. `agents.x-k8s.io/sandbox-name`), which exist
+ * only as truncated `-hash` variants.
+ */
+
+import { type KubeConfig } from "@kubernetes/client-node";
+import { K8S_CONSTANTS } from "./constants";
+import { kubeFetch, readNdJson } from "./client";
+import type { SandboxResource } from "./client";
+import type { ClaimPhase } from "./lifecycle-types";
+
+export type {
+  ClaimFailureReason,
+  ClaimPhase,
+} from "./lifecycle-types";
+
+const SANDBOX_HANDLE_LABEL = "studio.decocms.com/sandbox-handle";
+const MAIN_CONTAINER_NAME = "sandbox";
+
+const DEFAULT_SCHEDULING_TIMEOUT_MS = 5 * 60 * 1000;
+
+export interface WatchClaimLifecycleOptions {
+  kc: KubeConfig;
+  namespace: string;
+  /** SandboxClaim name. Mesh convention: pod name === claim name. */
+  claimName: string;
+  signal?: AbortSignal;
+  /**
+   * Hard ceiling for "scheduling never succeeded" — if FailedScheduling has
+   * been observed without a successful Pulling/Pulled progression after this
+   * many ms from watch start, emit `failed: scheduling-timeout`. Default 5min.
+   *
+   * On a karpenter cluster this rarely trips (nodes get provisioned within
+   * 60–90s); on a fixed-capacity cluster (e.g. local kind) it surfaces a
+   * genuine scheduling problem instead of hanging indefinitely.
+   */
+  schedulingTimeoutMs?: number;
+  /**
+   * Optional clock injection for tests. Defaults to `Date.now()`.
+   */
+  now?: () => number;
+}
+
+// ---- Internal types ---------------------------------------------------------
+
+interface PodSnapshot {
+  /** PodScheduled condition reason when status=False (`Unschedulable`). */
+  scheduledFalseReason?: string;
+  /** Optional message attached to PodScheduled=False. */
+  scheduledFalseMessage?: string;
+  /** True once PodScheduled=True is observed. */
+  scheduled?: boolean;
+  /**
+   * Waiting-state reason on the `sandbox` container, if any. Includes
+   * `ContainerCreating`, `PodInitializing`, `ImagePullBackOff`,
+   * `ErrImagePull`, `CrashLoopBackOff`.
+   */
+  containerWaitingReason?: string;
+  /** True once `sandbox` container's state.running is set. */
+  containerRunning?: boolean;
+  /** True once `sandbox` container reports `ready: true`. */
+  containerReady?: boolean;
+}
+
+interface SandboxSnapshot {
+  ready?: boolean;
+  /**
+   * Non-Ready condition reason — surfaced into a `reconciler-error` failure
+   * when paired with status=False, otherwise informational.
+   */
+  notReadyReason?: string;
+  notReadyMessage?: string;
+}
+
+interface EventsSnapshot {
+  /** Last `Pulling` event seen on the pod. */
+  hasPulling: boolean;
+  /** Last `Pulled` event seen — fires both for fresh pulls and cache hits. */
+  hasPulled: boolean;
+  /** Most recent `FailedScheduling` event timestamp (ms since epoch). */
+  lastFailedSchedulingAt?: number;
+  /** Latest scheduling failure message. */
+  failedSchedulingMessage?: string;
+  /** Latest `Nominated` (karpenter) target nodeclaim, if any. */
+  nominatedNodeClaim?: string;
+}
+
+interface State {
+  pod: PodSnapshot;
+  sandbox: SandboxSnapshot;
+  events: EventsSnapshot;
+  /** First time we observed a Pod/Sandbox/Event for this claim. */
+  startedAt: number;
+}
+
+type SignalKind = "pod" | "sandbox" | "event" | "tick";
+
+// ---- Public entry point -----------------------------------------------------
+
+/**
+ * Async generator that yields `ClaimPhase` whenever the inferred phase
+ * changes. Closes the underlying watches when the generator is returned
+ * (consumer breaks the loop) or when `signal` aborts.
+ *
+ * Terminal phases: `ready`, `failed`. Consumers should break the loop when
+ * either is observed.
+ *
+ * Initial phase: emitted synchronously after the first watch handshake. If
+ * the claim doesn't exist yet (caller raced VM_START), the first phase is
+ * `claiming` and stays there until the operator creates the Sandbox/Pod.
+ */
+export async function* watchClaimLifecycle(
+  opts: WatchClaimLifecycleOptions,
+): AsyncGenerator<ClaimPhase, void, unknown> {
+  const now = opts.now ?? (() => Date.now());
+  const startedAt = now();
+  const schedulingTimeoutMs =
+    opts.schedulingTimeoutMs ?? DEFAULT_SCHEDULING_TIMEOUT_MS;
+
+  const state: State = {
+    pod: {},
+    sandbox: {},
+    events: { hasPulling: false, hasPulled: false },
+    startedAt,
+  };
+
+  const queue: SignalKind[] = [];
+  let pendingResolve: ((s: SignalKind | null) => void) | null = null;
+  let closed = false;
+
+  const push = (kind: SignalKind) => {
+    if (closed) return;
+    if (pendingResolve) {
+      const r = pendingResolve;
+      pendingResolve = null;
+      r(kind);
+    } else {
+      queue.push(kind);
+    }
+  };
+
+  const next = (): Promise<SignalKind | null> => {
+    if (queue.length > 0) return Promise.resolve(queue.shift()!);
+    if (closed) return Promise.resolve(null);
+    return new Promise<SignalKind | null>((resolve) => {
+      pendingResolve = resolve;
+    });
+  };
+
+  const close = () => {
+    if (closed) return;
+    closed = true;
+    if (pendingResolve) {
+      const r = pendingResolve;
+      pendingResolve = null;
+      r(null);
+    }
+  };
+
+  const controller = new AbortController();
+  const onAbort = () => {
+    controller.abort();
+    close();
+  };
+  if (opts.signal) {
+    if (opts.signal.aborted) {
+      controller.abort();
+      close();
+    } else {
+      opts.signal.addEventListener("abort", onAbort, { once: true });
+    }
+  }
+
+  // The only time-based transition the reducer makes is `scheduling-timeout`,
+  // which fires when `now() - startedAt > schedulingTimeoutMs` *and* a
+  // FailedScheduling event has been observed. A single deadline timer is
+  // therefore enough to drive that transition — no need to poll every 5s.
+  // Anything earlier is reducer-driven by a fresh pod/sandbox/event signal.
+  const deadlineMs = Math.max(0, schedulingTimeoutMs - (now() - startedAt));
+  const deadlineTimer = setTimeout(() => push("tick"), deadlineMs + 100);
+
+  // Resolved to the actual pod name when watchPod first observes the pod.
+  // For cold-start the pod name equals claimName; for warm-pool adoption the
+  // operator binds a pool pod whose generated name differs from the claim.
+  // watchEvents needs the real pod name so its involvedObject.name fieldSelector
+  // hits the right events.
+  let resolvePodName!: (name: string) => void;
+  const podNamePromise = new Promise<string>((r) => {
+    resolvePodName = r;
+  });
+
+  // Run watches concurrently. They each push signals into the queue and
+  // never throw out of the watch loop — closure is via `controller.abort()`.
+  const watches = Promise.allSettled([
+    watchPod(
+      opts.kc,
+      opts.namespace,
+      opts.claimName,
+      controller.signal,
+      state,
+      push,
+      now,
+      resolvePodName,
+    ),
+    watchSandbox(
+      opts.kc,
+      opts.namespace,
+      opts.claimName,
+      controller.signal,
+      state,
+      push,
+    ),
+    watchEvents(
+      opts.kc,
+      opts.namespace,
+      opts.claimName,
+      podNamePromise,
+      controller.signal,
+      state,
+      push,
+      now,
+    ),
+  ]);
+
+  try {
+    let lastEmittedKey: string | null = null;
+    // Monotonic floor: track the highest non-terminal phase we've emitted so
+    // we don't regress on transient observations (e.g. a container that
+    // briefly enters `terminated` state between restarts has no waiting
+    // reason and no `running` flag, which would otherwise reduce to
+    // `claiming`). Terminal phases bypass the floor — `failed` must always
+    // be emitted regardless of prior progress.
+    let highestRank = -1;
+
+    // Emit an initial phase immediately so the caller sees something even
+    // before the first watch event lands.
+    const initial = derivePhase(state, schedulingTimeoutMs, now);
+    lastEmittedKey = phaseKey(initial);
+    if (!isTerminal(initial)) highestRank = phaseRank(initial);
+    yield initial;
+    if (isTerminal(initial)) return;
+
+    while (!closed) {
+      const signal = await next();
+      if (signal === null) break;
+
+      const phase = derivePhase(state, schedulingTimeoutMs, now);
+      // Terminal always wins — but only emit once.
+      if (isTerminal(phase)) {
+        const key = phaseKey(phase);
+        if (key !== lastEmittedKey) {
+          lastEmittedKey = key;
+          yield phase;
+        }
+        return;
+      }
+      const rank = phaseRank(phase);
+      if (rank < highestRank) continue; // Don't regress.
+      const key = phaseKey(phase);
+      if (key !== lastEmittedKey) {
+        lastEmittedKey = key;
+        highestRank = rank;
+        yield phase;
+      }
+    }
+  } finally {
+    clearTimeout(deadlineTimer);
+    controller.abort();
+    if (opts.signal) opts.signal.removeEventListener("abort", onAbort);
+    close();
+    // Don't surface watch errors back to the consumer — the generator's
+    // contract is "phases until terminal or close"; transient kube errors
+    // are logged inside the watches.
+    await watches.catch(() => {});
+  }
+}
+
+// ---- Phase reducer ----------------------------------------------------------
+
+/**
+ * Pure function over the current observed state. Exported for unit tests —
+ * the reducer is the part most likely to need behavior tweaks as we learn
+ * more about real-cluster failure modes.
+ */
+export function derivePhase(
+  state: State,
+  schedulingTimeoutMs: number,
+  now: () => number,
+): ClaimPhase {
+  const { pod, sandbox, events, startedAt } = state;
+
+  // 1. Terminal: Sandbox CR Ready=True is the canonical "claim is up".
+  if (sandbox.ready) return { kind: "ready" };
+
+  // 2. Terminal: container is in a stuck waiting state.
+  const containerWaitingReason = pod.containerWaitingReason;
+  if (
+    containerWaitingReason === "ImagePullBackOff" ||
+    containerWaitingReason === "ErrImagePull"
+  ) {
+    return {
+      kind: "failed",
+      reason: "image-pull-backoff",
+      message:
+        "Sandbox image failed to download. The cluster may be missing pull credentials or the image tag may not exist.",
+    };
+  }
+  if (containerWaitingReason === "CrashLoopBackOff") {
+    return {
+      kind: "failed",
+      reason: "crash-loop-backoff",
+      message:
+        "Sandbox crashed during startup and is now in CrashLoopBackOff. Check pod logs.",
+    };
+  }
+
+  // 3. Terminal: scheduling timed out. Only consider it a timeout if we
+  // have observed at least one FailedScheduling event AND we've waited
+  // longer than the threshold AND we still don't have a scheduled pod.
+  // Without the FailedScheduling guard, a slow PodScheduled=True transition
+  // would prematurely surface as a timeout.
+  if (
+    !pod.scheduled &&
+    events.lastFailedSchedulingAt !== undefined &&
+    now() - startedAt > schedulingTimeoutMs
+  ) {
+    return {
+      kind: "failed",
+      reason: "scheduling-timeout",
+      message:
+        events.failedSchedulingMessage ??
+        `Pod could not be scheduled within ${Math.round(schedulingTimeoutMs / 1000)}s.`,
+    };
+  }
+
+  // 4. warming-daemon: container is running, just hasn't reached Ready yet.
+  if (pod.containerRunning && !pod.containerReady) {
+    return { kind: "warming-daemon", since: startedAt };
+  }
+
+  // 5. pulling-image: a Pulling event has fired but Pulled hasn't yet.
+  // Checked before `starting-container` because it's the more specific signal
+  // during the ContainerCreating window — if we know an image pull is in
+  // flight, the user wants to see that, not the generic "starting" phase.
+  if (events.hasPulling && !events.hasPulled) {
+    return { kind: "pulling-image", since: startedAt };
+  }
+
+  // 6. starting-container: pod has been scheduled and we're past pulling but
+  // the container isn't running yet. Covers three real-cluster sub-states the
+  // user-facing UI shouldn't need to distinguish:
+  //   - `ContainerCreating` waiting reason (with or without a `Pulled` event;
+  //     the event can lag the container-status update, or be absent entirely
+  //     when the image is already cached on a fresh node).
+  //   - `PodInitializing` waiting reason (init containers / volume mounts).
+  //   - Pod scheduled but kubelet hasn't reported any containerStatus yet —
+  //     a brief gap that would otherwise fall through to `claiming` and get
+  //     pinned by the monotonic floor at the prior `waiting-for-capacity`.
+  if (
+    containerWaitingReason === "ContainerCreating" ||
+    containerWaitingReason === "PodInitializing" ||
+    (pod.scheduled && !pod.containerRunning)
+  ) {
+    return { kind: "starting-container", since: startedAt };
+  }
+
+  // 7. waiting-for-capacity: PodScheduled=False with reason Unschedulable,
+  // or a recent FailedScheduling. Surface karpenter's `Nominated` target
+  // when present so the UI can say "provisioning a new node".
+  const isUnschedulable =
+    pod.scheduledFalseReason === "Unschedulable" ||
+    (events.lastFailedSchedulingAt !== undefined && !pod.scheduled);
+  if (isUnschedulable) {
+    return {
+      kind: "waiting-for-capacity",
+      since: startedAt,
+      message: events.failedSchedulingMessage ?? pod.scheduledFalseMessage,
+      nodeClaim: events.nominatedNodeClaim,
+    };
+  }
+
+  // 8. Default: claim posted, no informative pod state yet.
+  return { kind: "claiming", since: startedAt };
+}
+
+function isTerminal(phase: ClaimPhase): boolean {
+  return phase.kind === "ready" || phase.kind === "failed";
+}
+
+/**
+ * Ordinal rank for non-terminal phases. Used by the generator's monotonic
+ * floor to suppress transient regressions. Terminal phases are not ranked
+ * (the generator handles them separately).
+ */
+function phaseRank(phase: ClaimPhase): number {
+  switch (phase.kind) {
+    case "claiming":
+      return 0;
+    case "waiting-for-capacity":
+      return 1;
+    case "pulling-image":
+      return 2;
+    case "starting-container":
+      return 3;
+    case "warming-daemon":
+      return 4;
+    case "ready":
+    case "failed":
+      return 99;
+  }
+}
+
+/**
+ * Stable string key per phase identity. Used to dedupe consecutive identical
+ * phases without firing on incidental timestamp churn. `since` is excluded
+ * from the key (it's a constant per-stream value), but `message`/`nodeClaim`
+ * variants are included so we re-emit when capacity diagnostics change.
+ */
+function phaseKey(phase: ClaimPhase): string {
+  switch (phase.kind) {
+    case "claiming":
+    case "pulling-image":
+    case "starting-container":
+    case "warming-daemon":
+      return phase.kind;
+    case "waiting-for-capacity":
+      return `waiting-for-capacity:${phase.message ?? ""}:${phase.nodeClaim ?? ""}`;
+    case "ready":
+      return "ready";
+    case "failed":
+      return `failed:${phase.reason}:${phase.message}`;
+  }
+}
+
+// ---- Watch loops ------------------------------------------------------------
+
+interface PodResource {
+  metadata?: {
+    name?: string;
+    labels?: Record<string, string>;
+  };
+  status?: {
+    conditions?: Array<{
+      type?: string;
+      status?: string;
+      reason?: string;
+      message?: string;
+    }>;
+    containerStatuses?: Array<{
+      name?: string;
+      ready?: boolean;
+      state?: {
+        waiting?: { reason?: string; message?: string };
+        running?: { startedAt?: string };
+        terminated?: { reason?: string };
+      };
+    }>;
+  };
+}
+
+interface KubeEvent {
+  reason?: string;
+  message?: string;
+  type?: "Normal" | "Warning";
+  lastTimestamp?: string;
+  eventTime?: string;
+  involvedObject?: {
+    kind?: string;
+    name?: string;
+    namespace?: string;
+  };
+}
+
+interface WatchEnvelope<T> {
+  type: "ADDED" | "MODIFIED" | "DELETED" | "BOOKMARK" | "ERROR";
+  object: T;
+}
+
+async function watchPod(
+  kc: KubeConfig,
+  namespace: string,
+  claimName: string,
+  signal: AbortSignal,
+  state: State,
+  push: (k: SignalKind) => void,
+  now: () => number,
+  onPodName: (name: string) => void,
+): Promise<void> {
+  // labelSelector pins to mesh-managed claims; fieldSelector by name is
+  // belt-and-suspenders (operator names pod after the claim).
+  const path =
+    `/api/v1/namespaces/${encodeURIComponent(namespace)}/pods` +
+    `?watch=true&labelSelector=${encodeURIComponent(`${SANDBOX_HANDLE_LABEL}=${claimName}`)}`;
+
+  return runWatch<PodResource>({
+    kc,
+    path,
+    signal,
+    label: `pod/${claimName}`,
+    onEvent: (envelope) => {
+      if (envelope.type !== "ADDED" && envelope.type !== "MODIFIED") return;
+      // No name-equality guard: in warm-pool mode the adopted pod's name
+      // is the pool pod's generated name (e.g. `studio-sandbox-kind-abcde`),
+      // not the claim handle. The labelSelector above already pins to the
+      // pod the operator stamped with `sandbox-handle=<claimName>`, so the
+      // first match IS the right pod regardless of its name.
+      const pod = envelope.object;
+      if (pod.metadata?.name) onPodName(pod.metadata.name);
+      applyPodSnapshot(pod, state, now);
+      push("pod");
+    },
+  });
+}
+
+function applyPodSnapshot(pod: PodResource, state: State, _now: () => number) {
+  const conditions = pod.status?.conditions ?? [];
+  const scheduled = conditions.find((c) => c.type === "PodScheduled");
+  if (scheduled?.status === "True") {
+    state.pod.scheduled = true;
+    state.pod.scheduledFalseReason = undefined;
+    state.pod.scheduledFalseMessage = undefined;
+  } else if (scheduled?.status === "False") {
+    state.pod.scheduled = false;
+    state.pod.scheduledFalseReason = scheduled.reason;
+    state.pod.scheduledFalseMessage = scheduled.message;
+  }
+
+  const main = (pod.status?.containerStatuses ?? []).find(
+    (c) => c.name === MAIN_CONTAINER_NAME,
+  );
+  if (main) {
+    state.pod.containerWaitingReason = main.state?.waiting?.reason;
+    state.pod.containerRunning = !!main.state?.running;
+    state.pod.containerReady = main.ready === true;
+  }
+}
+
+async function watchSandbox(
+  kc: KubeConfig,
+  namespace: string,
+  claimName: string,
+  signal: AbortSignal,
+  state: State,
+  push: (k: SignalKind) => void,
+): Promise<void> {
+  const path =
+    `/apis/${K8S_CONSTANTS.CLAIM_API_GROUP}/${K8S_CONSTANTS.CLAIM_API_VERSION}` +
+    `/namespaces/${encodeURIComponent(namespace)}/${K8S_CONSTANTS.CLAIM_PLURAL}` +
+    `?watch=true&fieldSelector=${encodeURIComponent(`metadata.name=${claimName}`)}`;
+
+  return runWatch<SandboxResource>({
+    kc,
+    path,
+    signal,
+    label: `sandboxclaim/${claimName}`,
+    onEvent: (envelope) => {
+      if (envelope.type !== "ADDED" && envelope.type !== "MODIFIED") return;
+      const claim = envelope.object;
+      const ready = claim.status?.conditions?.find((c) => c.type === "Ready");
+      if (!ready) return;
+      if (ready.status === "True") {
+        state.sandbox.ready = true;
+        state.sandbox.notReadyReason = undefined;
+        state.sandbox.notReadyMessage = undefined;
+      } else {
+        state.sandbox.ready = false;
+        state.sandbox.notReadyReason = ready.reason;
+        state.sandbox.notReadyMessage = ready.message;
+      }
+      push("sandbox");
+    },
+  });
+}
+
+async function watchEvents(
+  kc: KubeConfig,
+  namespace: string,
+  claimName: string,
+  podNamePromise: Promise<string>,
+  signal: AbortSignal,
+  state: State,
+  push: (k: SignalKind) => void,
+  now: () => number,
+): Promise<void> {
+  // Resolve the actual pod name before subscribing to events. For cold-start
+  // the pod name equals claimName so this is a no-op; for warm-pool adoption
+  // the operator binds a pool pod whose name differs from the claim handle,
+  // and involvedObject.name must match the real pod name to receive events.
+  // Falls back to claimName if the signal aborts before a pod is seen.
+  const podName = await Promise.race([
+    podNamePromise,
+    new Promise<string>((resolve) => {
+      if (signal.aborted) {
+        resolve(claimName);
+        return;
+      }
+      signal.addEventListener("abort", () => resolve(claimName), {
+        once: true,
+      });
+    }),
+  ]);
+
+  if (signal.aborted) return;
+
+  const path =
+    `/api/v1/namespaces/${encodeURIComponent(namespace)}/events` +
+    `?watch=true&fieldSelector=${encodeURIComponent(
+      `involvedObject.name=${podName},involvedObject.kind=Pod`,
+    )}`;
+
+  return runWatch<KubeEvent>({
+    kc,
+    path,
+    signal,
+    label: `events/${claimName}`,
+    onEvent: (envelope) => {
+      if (envelope.type !== "ADDED" && envelope.type !== "MODIFIED") return;
+      const event = envelope.object;
+      const reason = event.reason;
+      if (!reason) return;
+      switch (reason) {
+        case "Pulling":
+          state.events.hasPulling = true;
+          break;
+        case "Pulled":
+          state.events.hasPulling = true;
+          state.events.hasPulled = true;
+          break;
+        case "FailedScheduling":
+          state.events.lastFailedSchedulingAt = now();
+          state.events.failedSchedulingMessage = event.message;
+          break;
+        case "Nominated": {
+          // Karpenter message form:
+          //   "Pod should schedule on: nodeclaim/sandbox-fr6gf"
+          // Best-effort parse — when the format drifts we just lose the
+          // optional nodeClaim sub-message, the phase still progresses.
+          const match = event.message?.match(/nodeclaim\/([\w-]+)/);
+          if (match) state.events.nominatedNodeClaim = match[1];
+          break;
+        }
+        default:
+          return;
+      }
+      push("event");
+    },
+  });
+}
+
+interface RunWatchOpts<T> {
+  kc: KubeConfig;
+  path: string;
+  signal: AbortSignal;
+  label: string;
+  onEvent: (envelope: WatchEnvelope<T>) => void;
+}
+
+/**
+ * Watch loop with reconnect. K8s watch streams close on their own (300s
+ * timeout, control-plane upgrade) — we re-establish until the abort signal
+ * fires. Reconnect uses exponential backoff to avoid hammering the API
+ * server during a control-plane outage.
+ *
+ * Errors are logged and swallowed: the generator's contract is to keep
+ * yielding phases as long as it can; a transient watch failure shouldn't
+ * tear down the user-facing SSE.
+ */
+async function runWatch<T>(opts: RunWatchOpts<T>): Promise<void> {
+  const { kc, path, signal, label, onEvent } = opts;
+  let attempt = 0;
+  while (!signal.aborted) {
+    try {
+      const resp = await kubeFetch(kc, {
+        method: "GET",
+        path,
+        signal,
+        headers: { accept: "application/json" },
+      });
+      if (!resp.ok || !resp.body) {
+        // Drain body before throwing so the connection can be reused.
+        try {
+          await resp.body?.cancel();
+        } catch {
+          /* ignore */
+        }
+        throw new Error(
+          `watch handshake failed: ${resp.status} ${resp.statusText}`,
+        );
+      }
+      attempt = 0;
+      for await (const envelope of readNdJson<WatchEnvelope<T>>(resp.body)) {
+        if (signal.aborted) return;
+        try {
+          onEvent(envelope);
+        } catch (err) {
+          // A bad event shouldn't crash the watch.
+          console.warn(
+            `[lifecycle-watcher] ${label} onEvent threw: ${
+              err instanceof Error ? err.message : String(err)
+            }`,
+          );
+        }
+      }
+    } catch (err) {
+      if (signal.aborted) return;
+      const msg = err instanceof Error ? err.message : String(err);
+      console.warn(`[lifecycle-watcher] ${label} watch ended: ${msg}`);
+    }
+    if (signal.aborted) return;
+    // Backoff: 250ms, 500ms, 1s, 2s, capped at 5s.
+    const delayMs = Math.min(250 * 2 ** attempt, 5_000);
+    attempt += 1;
+    await sleep(delayMs, signal);
+  }
+}
+
+function sleep(ms: number, signal: AbortSignal): Promise<void> {
+  return new Promise((resolve) => {
+    if (signal.aborted) {
+      resolve();
+      return;
+    }
+    const timeout = setTimeout(() => {
+      signal.removeEventListener("abort", onAbort);
+      resolve();
+    }, ms);
+    const onAbort = () => {
+      clearTimeout(timeout);
+      resolve();
+    };
+    signal.addEventListener("abort", onAbort, { once: true });
+  });
+}
diff --git a/packages/sandbox/server/runner/agent-sandbox/runner.ts b/packages/sandbox/server/runner/agent-sandbox/runner.ts
new file mode 100644
index 0000000000..2b55988426
--- /dev/null
+++ b/packages/sandbox/server/runner/agent-sandbox/runner.ts
@@ -0,0 +1,1884 @@
+/**
+ * Agent-sandbox runner.
+ *
+ * Provisions one SandboxClaim per (user, projectRef) against the
+ * kubernetes-sigs/agent-sandbox operator. Mesh runs outside the cluster
+ * (Stage 1 / local-dev via kind), so traffic reaches the pod via a single
+ * lazily-opened 127.0.0.1 TCP listener that tunnels each inbound connection
+ * to the daemon container port through the apiserver as a fresh WebSocket.
+ *
+ * The daemon owns the public surface: it serves `/_decopilot_vm/*` + `/health`
+ * in-process and reverse-proxies everything else to in-pod localhost:DEV_PORT
+ * (CSP/X-Frame stripping + HMR bootstrap injection live in that proxy). One
+ * port-forward per pod is therefore enough; opening a second forwarder for
+ * the dev port would bypass the daemon and break SSE + iframe embedding.
+ *
+ * Stage 3 replaces the port-forward path with real ingress: when
+ * `previewUrlPattern` is set, no forwarder is opened for preview traffic and
+ * the preview URL is synthesized from the handle.
+ *
+ * Token model: each claim carries a freshly-generated DAEMON_TOKEN injected
+ * via `SandboxClaim.spec.env`. One leak compromises one sandbox.
+ * `valueFrom.secretKeyRef` isn't supported on SandboxClaim env; RBAC on
+ * the namespace is the secrecy boundary.
+ */
+
+import { createHash, randomBytes, randomUUID } from "node:crypto";
+import * as net from "node:net";
+import { PassThrough } from "node:stream";
+import {
+  type KubeConfig,
+  KubeConfig as KubeConfigClass,
+  PortForward,
+} from "@kubernetes/client-node";
+import type {
+  Counter,
+  Histogram,
+  Meter,
+  UpDownCounter,
+} from "@opentelemetry/api";
+import {
+  daemonBash,
+  postConfig,
+  probeDaemonHealth,
+  proxyDaemonRequest,
+  waitForDaemonReady,
+} from "../../daemon-client";
+import {
+  Inflight,
+  applyPreviewPattern,
+  buildConfigPayload,
+  computeHandle as composeBranchHandle,
+  withSandboxLock,
+} from "../shared";
+import type { RunnerStateStore, RunnerStateStoreOps } from "../state-store";
+import type {
+  EnsureOptions,
+  ExecInput,
+  ExecOutput,
+  ProxyRequestInit,
+  Sandbox,
+  SandboxId,
+  SandboxRunner,
+  Workload,
+} from "../types";
+import {
+  createHttpRoute,
+  createSandboxClaim,
+  deleteHttpRoute,
+  deleteSandboxClaim,
+  ensureServicePort,
+  getSandboxClaim,
+  HTTPROUTE_CONSTANTS,
+  patchSandboxClaimShutdown,
+  waitForClaimAdoptedSandbox,
+  waitForSandboxClaimGone,
+  waitForSandboxReady,
+  type HttpRoute,
+  type SandboxClaim,
+  type SandboxResource,
+} from "./client";
+import {
+  K8S_CONSTANTS,
+  SandboxAlreadyExistsError,
+  SandboxError,
+} from "./constants";
+import { watchClaimLifecycle } from "./lifecycle-watcher";
+import type { ClaimPhase } from "../lifecycle-types";
+
+const RUNNER_KIND = "agent-sandbox" as const;
+const LOG_LABEL = "AgentSandboxRunner";
+
+// Shared-namespace topology for MVP; tenancy enforced by unguessable claim
+// names (sha256(userId:projectRef)). Per-org namespaces are deferred.
+const DEFAULT_NAMESPACE = "agent-sandbox-system";
+const DEFAULT_TEMPLATE_NAME = "studio-sandbox";
+
+const DAEMON_CONTAINER_PORT = 9000;
+// In-pod port the daemon's reverse proxy targets. Mesh never connects here
+// directly — everything funnels through the daemon container port — but the
+// value is propagated to the daemon via DEV_PORT so it knows where the dev
+// server will bind.
+const DEFAULT_DEV_PORT = 3000;
+const DEFAULT_WORKDIR = "/app";
+
+// 32 bytes matches Docker's generation so audit logs don't vary by runner.
+const DAEMON_TOKEN_BYTES = 32;
+
+/**
+ * Env keys mesh owns and a caller's `opts.env` MUST NOT shadow. DAEMON_TOKEN
+ * is the secrecy boundary; the rest configure the daemon's bootstrap (paths
+ * + ports) — silently overriding any of them would break daemon startup.
+ *
+ * Workload (clone URL, branch, package manager, runtime, intent, dev port)
+ * is no longer env-injected: it's POSTed to `/_decopilot_vm/config` after
+ * the daemon comes up healthy. See `buildConfigPayload`.
+ */
+const RESERVED_ENV_KEYS = new Set([
+  "DAEMON_TOKEN",
+  "DAEMON_BOOT_ID",
+  "APP_ROOT",
+  "PROXY_PORT",
+]);
+
+const DEFAULT_IDLE_TTL_MS = 15 * 60 * 1000;
+
+/**
+ * Handle shape: `<slug>-<hash5>` when a branch is supplied, `<hash5>`
+ * otherwise — identical to the docker/host runners' default from
+ * `composeBranchHandle` (re-exported as `computeHandle`). With
+ * slug(≤24) + 1 + hash(5) = 30 chars max — well under K8s's 63-char DNS
+ * label cap.
+ */
+
+/**
+ * Headers stripped before re-issuing the preview proxy fetch. Hop-by-hop per
+ * RFC 7230 + cookies (preview is per-handle, not per-user — no callee session
+ * leak) + accept-encoding (Bun fetch auto-decompresses, so a downstream
+ * content-encoding would mismatch the actual body).
+ */
+const PREVIEW_STRIP_REQUEST_HEADERS = [
+  "cookie",
+  "host",
+  "connection",
+  "keep-alive",
+  "proxy-authenticate",
+  "proxy-authorization",
+  "te",
+  "trailer",
+  "transfer-encoding",
+  "accept-encoding",
+  "content-length",
+  "upgrade",
+];
+
+/**
+ * Stripped from the proxied response. content-encoding/length would mismatch
+ * after Bun fetch auto-decompresses; CSP/X-Frame-Options the daemon already
+ * rewrote — re-passing them defeats the iframe-embedding fix the daemon
+ * installed.
+ */
+const PREVIEW_STRIP_RESPONSE_HEADERS = [
+  "connection",
+  "keep-alive",
+  "transfer-encoding",
+  "content-encoding",
+  "content-length",
+];
+
+// Deterministic local-port range for port-forward listeners. Same
+// (handle, containerPort) pair → same host port across mesh restarts, so
+// `previewUrl` cached in the thread's vmMap stays valid when the mesh
+// process recycles. Birthday-collision probability stays <1% up to ~140
+// concurrent forwarders. EADDRINUSE walks the range forward until bind.
+const PORT_RANGE_START = 40000;
+const PORT_RANGE_SIZE = 10000;
+const PORT_WALK_LIMIT = 256;
+
+// Structural type for the WebSocket returned by PortForward.portForward — we
+// only need close/on to manage lifecycle; a direct `isomorphic-ws` dep for
+// one type isn't worth it.
+interface ForwardWebSocket {
+  close: () => void;
+  on: (event: "close" | "error", handler: () => void) => void;
+}
+
+interface PortForwarder {
+  server: net.Server;
+  localPort: number;
+}
+
+interface RunnerTenant {
+  orgId: string;
+  userId: string;
+}
+
+interface K8sRecord {
+  id: SandboxId;
+  handle: string;
+  /**
+   * The Sandbox CR the operator actually bound to this claim, taken from
+   * `claim.status.sandbox.name`. Equals `handle` on cold-start (operator
+   * names cold Sandboxes after the claim) but diverges on warm-pool
+   * adoption — pool sandboxes carry their generated names like
+   * `studio-sandbox-kind-abcde`. Mesh routes preview traffic via the
+   * Service named after this (the operator-managed Service that targets
+   * the *actually-bound* pod), not via the same-named cold-path
+   * duplicate the v0.4.x adoption race occasionally leaves behind.
+   * In agent-sandbox the pod name always matches this (the operator names
+   * the Pod after the Sandbox CR), so this doubles as the port-forward target.
+   */
+  adoptedSandboxName: string;
+  token: string;
+  workdir: string;
+  daemonUrl: string;
+  daemonForward: PortForwarder;
+  workload: Workload | null;
+  /**
+   * Per-boot UUID the daemon reports on /health. Generated mesh-side and
+   * injected via env; re-read from /health on rehydrate so we pick up
+   * pod restarts (the daemon's orchestrator handles resume-on-restart
+   * itself, this is purely informational on the mesh side).
+   */
+  daemonBootId: string;
+  /**
+   * Tenant identity carried through for metric attribution on subsequent
+   * operations (proxy, exec, delete) where the caller only has a handle.
+   * Null when ensure() was called without tenant context (smoke tests,
+   * adopt fallback when claim labels were absent).
+   */
+  tenant: RunnerTenant | null;
+  /**
+   * The original options the caller passed to `ensure()`. Persisted so
+   * `resurrectByHandle` can re-provision an evicted sandbox autonomously
+   * (15-min idle TTL deletes the claim — without these we'd come back as
+   * an empty pod with no repo cloned). Null on adopt paths where we can't
+   * recover the original opts; resurrection falls back to throwing/404 in
+   * that case so the caller's normal VM_START flow can repopulate them.
+   */
+  ensureOpts: EnsureOptions | null;
+}
+
+interface PersistedK8sState {
+  adoptedSandboxName: string;
+  /** @deprecated back-compat with rows written before warm-pool support. */
+  podName?: string;
+  token: string;
+  workdir: string;
+  workload?: Workload | null;
+  daemonBootId?: string;
+  tenant?: RunnerTenant | null;
+  /**
+   * Original `EnsureOptions`. Persisted so `resurrectByHandle` can re-ensure
+   * after the operator deletes the claim on idle TTL. Optional for
+   * back-compat: rows written before this field existed lack it; resurrection
+   * returns null in that case and the caller surfaces 404 (UI's existing
+   * VM_START reprovision flow then runs with full opts).
+   */
+  ensureOpts?: EnsureOptions;
+  [k: string]: unknown;
+}
+
+export interface AgentSandboxRunnerOptions {
+  stateStore?: RunnerStateStore;
+  previewUrlPattern?: string;
+  /** Defaults to `new KubeConfig().loadFromDefault()`. Tests pass a stub. */
+  kubeConfig?: KubeConfig;
+  /** Shared namespace for both SandboxTemplate and SandboxClaims. */
+  namespace?: string;
+  /** SandboxTemplate all claims reference. */
+  sandboxTemplateName?: string;
+  /**
+   * Shared sentinel token baked into the SandboxTemplate's pod env (via the
+   * sandbox-env helm chart's Secret). Presence flips the runner into
+   * warm-pool mode:
+   *   - claims are created with `warmpool: "default"` and `spec.env: []`
+   *     (the operator rejects per-claim env when warmpool != "none"),
+   *   - mesh's first contact with the daemon authenticates with the
+   *     sentinel and rotates to a per-claim token via
+   *     `auth.rotateToken` on POST /_decopilot_vm/config,
+   *   - subsequent calls use the per-claim token (persisted in
+   *     RunnerStateStore.state.token).
+   *
+   * When undefined, the runner falls back to env-injected per-claim tokens
+   * with `warmpool: "none"` — the legacy cold-start path. Useful for
+   * deployments that haven't (yet) adopted the chart's sentinel Secret.
+   *
+   * Trust window: between pod boot and the first rotation call, the
+   * sentinel is the only auth on the daemon. NetworkPolicy is the
+   * secrecy boundary in that window — same boundary that gates every
+   * other mesh→daemon request.
+   */
+  sentinelToken?: string;
+  /**
+   * Studio environment name. When set, stamped as
+   * `studio.decocms.com/env=<envName>` on claims/pods/HTTPRoutes so the
+   * sandbox-env housekeeper can scope per-env. Must be DNS-label-safe;
+   * validated at construction.
+   */
+  envName?: string;
+  /**
+   * Deterministic DAEMON_TOKEN override — tests inject a fixed value so
+   * recorded fetch payloads are stable. Prod leaves this undefined.
+   */
+  tokenGenerator?: () => string;
+  /**
+   * Idle-reap window (ms). Every `ensure()` hit pushes the claim's
+   * `spec.lifecycle.shutdownTime` to `now + idleTtlMs`; the operator
+   * deletes claim + pod when the wall clock passes that.
+   */
+  idleTtlMs?: number;
+  /**
+   * OpenTelemetry meter for runner-level metrics (active gauge, ensure
+   * outcome counter, proxy duration histogram). Optional — when absent,
+   * runner is fully functional but emits no metrics. Tests typically pass
+   * undefined; mesh wires `metrics.getMeter("mesh", "1.0.0")`.
+   */
+  meter?: Meter;
+  /**
+   * Per-claim HTTPRoute parent. When set together with `previewUrlPattern`,
+   * the runner mints one HTTPRoute per SandboxClaim (same name + namespace
+   * as the claim) and tears it down on `delete`. The route attaches to
+   * `parentRef = { name, namespace }` and routes `<handle>.<host>` exact
+   * matches to the operator-created Service:9000 in `this.namespace`.
+   *
+   * `namespace` is the gateway's namespace, NOT the route's — the route
+   * always lives in `this.namespace` (same as the Service it backends).
+   * Both `name` and `namespace` are required when this option is provided;
+   * the runner makes no assumption about which gateway controller (Istio,
+   * Envoy Gateway, Cilium, ...) is downstream and therefore can't pick a
+   * default namespace.
+   *
+   * When unset (or `previewUrlPattern` unset), the runner does NOT touch
+   * HTTPRoute resources. Preview traffic still works in that mode through
+   * mesh's in-process proxy (the previous design), provided someone else
+   * (the chart, an operator, hand-rolled YAML) has wired a wildcard
+   * HTTPRoute backed by mesh.
+   */
+  previewGateway?: {
+    name: string;
+    namespace: string;
+  };
+}
+
+export class AgentSandboxRunner implements SandboxRunner {
+  readonly kind = RUNNER_KIND;
+
+  private readonly records = new Map<string, K8sRecord>();
+  private readonly inflight = new Inflight<string, Sandbox>();
+  private readonly stateStore: RunnerStateStore | null;
+  private readonly previewUrlPattern: string | null;
+  private readonly kubeConfig: KubeConfig;
+  private readonly portForward: PortForward;
+  private readonly namespace: string;
+  private readonly sandboxTemplateName: string;
+  private readonly envName: string | null;
+  private readonly tokenGenerator: () => string;
+  private readonly idleTtlMs: number;
+  /**
+   * Instruments are null when no meter was provided. All emit-paths must
+   * null-check; the alternative — passing the OTel API's no-op meter — would
+   * still allocate and dispatch on every call.
+   */
+  private readonly metrics: RunnerMetrics | null;
+  /**
+   * Non-null only when both `previewUrlPattern` and `previewGateway` were
+   * provided — the two together define the full route shape (hostname +
+   * parent). Used as the gate for HTTPRoute mutations across provision,
+   * adopt, and delete.
+   */
+  private readonly previewGateway: { name: string; namespace: string } | null;
+  /**
+   * Non-null = warm-pool mode (see `AgentSandboxRunnerOptions.sentinelToken`).
+   * Treated as the bearer token for the *first* daemon contact only;
+   * mesh rotates to a per-claim token via `auth.rotateToken` immediately
+   * after, and persists the new token. Empty/whitespace strings are
+   * collapsed to null at construction so a misconfigured env var doesn't
+   * silently flip modes with an unusable token.
+   */
+  private readonly sentinelToken: string | null;
+  private closed = false;
+
+  constructor(opts: AgentSandboxRunnerOptions = {}) {
+    this.stateStore = opts.stateStore ?? null;
+    this.previewUrlPattern = opts.previewUrlPattern ?? null;
+    this.kubeConfig = opts.kubeConfig ?? loadDefaultKubeConfig();
+    this.portForward = new PortForward(this.kubeConfig);
+    this.namespace = opts.namespace ?? DEFAULT_NAMESPACE;
+    this.sandboxTemplateName =
+      opts.sandboxTemplateName ?? DEFAULT_TEMPLATE_NAME;
+    this.envName = normalizeEnvName(opts.envName);
+    this.tokenGenerator =
+      opts.tokenGenerator ??
+      (() => randomBytes(DAEMON_TOKEN_BYTES).toString("hex"));
+    this.idleTtlMs = opts.idleTtlMs ?? DEFAULT_IDLE_TTL_MS;
+    this.metrics = opts.meter ? buildRunnerMetrics(opts.meter) : null;
+    // HTTPRoute routing requires both pieces — the hostname template (so we
+    // know what host to attach) and the gateway parent (so we know where).
+    // Either alone is meaningless, so refuse to half-enable.
+    this.previewGateway =
+      opts.previewGateway && opts.previewUrlPattern
+        ? { ...opts.previewGateway }
+        : null;
+    const trimmedSentinel = opts.sentinelToken?.trim() ?? "";
+    this.sentinelToken = trimmedSentinel.length > 0 ? trimmedSentinel : null;
+  }
+
+  // ---- SandboxRunner surface ------------------------------------------------
+
+  async ensure(id: SandboxId, opts: EnsureOptions = {}): Promise<Sandbox> {
+    // Branch is the slug source; absent when caller didn't pass `repo`
+    // (tool-only sandboxes, smoke tests). The shared computeHandle falls
+    // back to a bare hash in that case, preserving stable identity.
+    const handle = this.computeHandle(id, opts.repo?.branch ?? null);
+    return this.inflight.run(handle, () =>
+      withSandboxLock(this.stateStore, id, RUNNER_KIND, (ops) =>
+        this.ensureLocked(id, handle, opts, ops),
+      ),
+    );
+  }
+
+  async exec(handle: string, input: ExecInput): Promise<ExecOutput> {
+    const rec = await this.requireRecord(handle);
+    return daemonBash(rec.daemonUrl, rec.token, input);
+  }
+
+  async delete(handle: string): Promise<void> {
+    const rec = await this.getRecord(handle);
+    this.records.delete(handle);
+    if (rec) {
+      this.closeForwarder(rec.daemonForward);
+      // Decrement only when we actually held the record — getRecord can be
+      // null after restart-without-state-store, in which case the gauge
+      // was never incremented for this handle in this process.
+      this.metrics?.active.add(-1, tenantAttrs(rec.tenant));
+    }
+    // Drop the HTTPRoute first so traffic stops resolving immediately —
+    // the operator's claim teardown can take a few seconds, and we don't
+    // want browsers landing on a half-deleted Service in the interim.
+    // Failures here are logged and continue: a stale HTTPRoute backed by a
+    // deleted Service simply 502s, and the next delete attempt (or a
+    // garbage-collection sweep) will clean it up. Blocking claim deletion
+    // on a transient gateway-API error would be worse for the caller.
+    await this.deleteHttpRouteIfManaged(handle).catch((err) => {
+      console.warn(
+        `[${LOG_LABEL}] HTTPRoute delete failed for ${handle}: ${err instanceof Error ? err.message : String(err)}`,
+      );
+    });
+    await deleteSandboxClaim(this.kubeConfig, this.namespace, handle);
+    if (this.stateStore) {
+      if (rec) await this.stateStore.delete(rec.id, RUNNER_KIND);
+      else await this.stateStore.deleteByHandle(RUNNER_KIND, handle);
+    }
+  }
+
+  async alive(handle: string): Promise<boolean> {
+    const claim = await getSandboxClaim(
+      this.kubeConfig,
+      this.namespace,
+      handle,
+    );
+    return claim !== undefined;
+  }
+
+  /**
+   * Stream of phase transitions for a SandboxClaim's pre-Ready lifecycle.
+   * Used by mesh's lifecycle SSE route to surface what's happening between
+   * `VM_START` posting a claim and the daemon SSE coming online.
+   *
+   * Generator closes on terminal phase (`ready`/`failed`) or on
+   * `signal.abort()`. Safe to call before the claim exists — the generator
+   * stays in `claiming` until the operator creates the Sandbox/Pod.
+   */
+  watchClaimLifecycle(
+    handle: string,
+    signal?: AbortSignal,
+  ): AsyncGenerator<ClaimPhase, void, unknown> {
+    return watchClaimLifecycle({
+      kc: this.kubeConfig,
+      namespace: this.namespace,
+      claimName: handle,
+      signal,
+    });
+  }
+
+  async getPreviewUrl(handle: string): Promise<string | null> {
+    const rec = await this.getRecord(handle);
+    if (!rec) return null;
+    return this.composePreviewUrl(rec);
+  }
+
+  async proxyDaemonRequest(
+    handle: string,
+    path: string,
+    init: ProxyRequestInit,
+  ): Promise<Response> {
+    const rec = await this.getRecord(handle);
+
+    // rehydrate failed (port-forward is pod-local); route via in-cluster Service instead.
+    if (!rec && this.previewUrlPattern && this.stateStore) {
+      const row = await this.stateStore.getByHandle(RUNNER_KIND, handle);
+      const state = row?.state as Partial<PersistedK8sState> | undefined;
+      const token = state?.token;
+      if (row && token) {
+        const adoptedName = state?.adoptedSandboxName ?? handle;
+        const daemonUrl = `http://${adoptedName}.${this.namespace}.svc.cluster.local:${DAEMON_CONTAINER_PORT}`;
+        return proxyDaemonRequest(daemonUrl, token, path, init);
+      }
+    }
+
+    if (!rec) {
+      return new Response(JSON.stringify({ error: "sandbox not found" }), {
+        status: 404,
+        headers: { "content-type": "application/json" },
+      });
+    }
+    const start = performance.now();
+    let status = 0;
+    try {
+      const resp = await proxyDaemonRequest(
+        rec.daemonUrl,
+        rec.token,
+        path,
+        init,
+      );
+      status = resp.status;
+      return resp;
+    } finally {
+      this.recordProxyDuration(
+        "daemon",
+        status,
+        rec,
+        performance.now() - start,
+      );
+    }
+  }
+
+  /**
+   * Resolves the HTTP base URL for a sandbox's daemon. Used by the preview
+   * reverse-proxy at the mesh edge.
+   *
+   * Two modes:
+   * 1. `previewUrlPattern` set (Stage 3 / in-cluster mesh): synthesize the
+   *    in-cluster Service URL straight from the handle. No record lookup, no
+   *    port-forward, no health probe — the cluster DNS + downstream fetch
+   *    are the source of truth. Crucially this means a cold mesh pod (or one
+   *    that just restarted with an empty records map) still serves preview
+   *    traffic without first having to rehydrate every claim. If the Service
+   *    doesn't exist for that handle, the downstream fetch fails and the
+   *    caller surfaces a 502.
+   * 2. `previewUrlPattern` unset (dev / mesh-outside-cluster): fall back to
+   *    the 127.0.0.1 port-forwarder opened by `getRecord`. Returns null when
+   *    the record can't be found or rehydrated — the caller surfaces 404.
+   *
+   * Preview must always land on port 9000 (daemon) — never 3000 (dev server)
+   * — because the daemon's reverse proxy strips CSP/X-Frame headers and
+   * injects the HMR bootstrap script that vite needs to function inside the
+   * studio iframe. Bypassing it breaks SSE + iframe embedding.
+   */
+  async resolvePreviewUpstreamUrl(handle: string): Promise<string | null> {
+    if (this.previewUrlPattern) {
+      // Production mode: synthesize the in-cluster Service URL. The Service
+      // we target is the operator-managed one for the *adopted* Sandbox —
+      // on warm-pool adoption this is the pool pod's Service (e.g.
+      // `studio-sandbox-kind-abcde`), NOT the same-named cold-path
+      // orphan the v0.4.x adoption race occasionally leaves alongside.
+      // Records cache hit is O(1); cache miss (cold mesh) falls through to
+      // a single state-store row read, then to `handle` as a last resort.
+      // We deliberately don't pre-validate that the claim is still alive
+      // — every preview request would pay a K8s API call. When the
+      // sandbox has been evicted, the downstream fetch fails and
+      // `proxyPreviewRequest` catches it + drives resurrection from there.
+      const serviceName = await this.resolveServiceNameForHandle(handle);
+      return `http://${serviceName}.${this.namespace}.svc.cluster.local:${DAEMON_CONTAINER_PORT}`;
+    }
+    const rec = await this.getRecord(handle);
+    if (rec) return rec.daemonUrl;
+    // Dev mode: cold cache + state-store miss. Try resurrection before
+    // surfacing 404 — the pod may have been operator-evicted on idle TTL
+    // and the caller (preview iframe, SSE EventSource probe) needs the
+    // sandbox back to make any progress.
+    const resurrected = await this.resurrectByHandle(handle);
+    return resurrected ? resurrected.daemonUrl : null;
+  }
+
+  /**
+   * Resolve the operator-managed Service name we should route preview
+   * traffic to for `handle`. See `resolvePreviewUpstreamUrl` and
+   * `K8sRecord.adoptedSandboxName` for why this differs from the claim
+   * name on warm-pool adoption.
+   *
+   * Cache layers, cheapest first: in-memory records map, then state-store
+   * (one DB row), then a `handle` fallback. Falling back to `handle` is
+   * wrong for a warm-pool sandbox (it points at the cold-path duplicate's
+   * Service), but the only path that lands here is "mesh just restarted
+   * AND state-store doesn't have the row" — at which point the downstream
+   * fetch will fail and `proxyPreviewRequest`'s catch arm runs the
+   * resurrection flow, which repopulates records with the right name.
+   */
+  private async resolveServiceNameForHandle(handle: string): Promise<string> {
+    const cached = this.records.get(handle);
+    if (cached) return cached.adoptedSandboxName;
+    if (this.stateStore) {
+      const persisted = await this.stateStore
+        .getByHandle(RUNNER_KIND, handle)
+        .catch(() => null);
+      const adoptedName = (
+        persisted?.state as Partial<PersistedK8sState> | undefined
+      )?.adoptedSandboxName;
+      if (adoptedName) return adoptedName;
+    }
+    return handle;
+  }
+
+  /**
+   * Reverse-proxies an inbound preview HTTP request to the sandbox's daemon.
+   * Unauthenticated by design — preview URLs are open the same way Vercel
+   * preview URLs are; the *handle* is the secret.
+   *
+   * `/_decopilot_vm/*` access policy at the edge:
+   *   - **GET** is allowed through. The daemon's `/events` SSE and `/scripts`
+   *     are intentionally unauthenticated and CORS-enabled (`Allow-Origin: *`)
+   *     because the studio UI consumes them cross-origin from the preview
+   *     URL — that's the only path it has to live setup state. Stripping
+   *     them here would break the studio UI's setup tab and SSE event feed.
+   *   - **Non-GET** (POST/PUT/DELETE/etc) is rejected as defense-in-depth.
+   *     The daemon enforces bearer auth on the mutating endpoints
+   *     (read/write/edit/grep/glob/bash/exec/kill), but the only legitimate
+   *     caller for those is mesh itself via the internal port-forward; the
+   *     preview surface should never see them.
+   */
+  async proxyPreviewRequest(
+    handle: string,
+    request: Request,
+  ): Promise<Response> {
+    const start = performance.now();
+    // In-memory cache only — preview is the hot path; a state-store hit per
+    // request would dominate latency. Tenant attribution is best-effort: when
+    // the records map is cold (mesh just restarted) the metric still records
+    // duration with empty tenant attrs. cAdvisor on the pod side covers
+    // bandwidth attribution authoritatively via pod labels.
+    const cachedRec = this.records.get(handle) ?? null;
+    let status = 0;
+    try {
+      const upstreamBase = await this.resolvePreviewUpstreamUrl(handle);
+      if (!upstreamBase) {
+        status = 404;
+        return jsonResponse(404, { error: "sandbox not found" });
+      }
+
+      const reqUrl = new URL(request.url);
+      const isAdminPath =
+        reqUrl.pathname === "/_decopilot_vm" ||
+        reqUrl.pathname.startsWith("/_decopilot_vm/");
+      if (isAdminPath && request.method !== "GET") {
+        status = 404;
+        return jsonResponse(404, { error: "not found" });
+      }
+
+      const reqTarget = (base: string) =>
+        `${base}${reqUrl.pathname}${reqUrl.search}`;
+      const headers = new Headers(request.headers);
+      for (const h of PREVIEW_STRIP_REQUEST_HEADERS) headers.delete(h);
+
+      const hasBody = request.method !== "GET" && request.method !== "HEAD";
+      const init: RequestInit & { duplex?: string } = {
+        method: request.method,
+        headers,
+        body: hasBody ? request.body : undefined,
+        redirect: "manual",
+        signal: request.signal,
+        duplex: hasBody ? "half" : undefined,
+      };
+
+      let upstream: Response;
+      try {
+        upstream = await fetch(reqTarget(upstreamBase), init as RequestInit);
+      } catch (err) {
+        // Truncate to host+pathname — query strings can carry secrets
+        // (magic-link tokens, signed URLs) and would otherwise end up in
+        // mesh stdout → kubectl logs → log aggregator.
+        const safeTarget = `${upstreamBase}${reqUrl.pathname}`;
+        console.warn(
+          `[${LOG_LABEL}] preview fetch to ${safeTarget} failed: ${err instanceof Error ? err.message : String(err)}`,
+        );
+
+        // Recover from operator-driven eviction (15-min idle TTL): the
+        // claim + Service are gone but our records cache (or the
+        // synthesized prod-mode URL) still pointed at the stale endpoint.
+        // Drop the cache and resurrect via state-store. Retry only for
+        // replay-safe methods — `init.body` is a stream that's been
+        // consumed by the failed fetch; replaying a POST would silently
+        // send an empty body. The browser/caller can retry the mutating
+        // request after this 502 surfaces; the resurrected sandbox will
+        // be ready for that next attempt.
+        if (request.method === "GET" || request.method === "HEAD") {
+          this.invalidateRecord(handle);
+          const resurrected = await this.resurrectByHandle(handle).catch(
+            () => null,
+          );
+          if (resurrected) {
+            const retryBase = await this.resolvePreviewUpstreamUrl(handle);
+            if (retryBase) {
+              try {
+                upstream = await fetch(
+                  reqTarget(retryBase),
+                  init as RequestInit,
+                );
+                const responseHeaders = new Headers();
+                for (const [k, v] of upstream.headers.entries()) {
+                  if (
+                    !PREVIEW_STRIP_RESPONSE_HEADERS.includes(k.toLowerCase())
+                  ) {
+                    responseHeaders.set(k, v);
+                  }
+                }
+                status = upstream.status;
+                return new Response(upstream.body, {
+                  status: upstream.status,
+                  statusText: upstream.statusText,
+                  headers: responseHeaders,
+                });
+              } catch (retryErr) {
+                console.warn(
+                  `[${LOG_LABEL}] preview fetch retry to ${safeTarget} failed: ${retryErr instanceof Error ? retryErr.message : String(retryErr)}`,
+                );
+              }
+            }
+          }
+        } else {
+          // Non-replay-safe method: still drop the stale cache so the next
+          // request goes through fresh validation.
+          this.invalidateRecord(handle);
+        }
+
+        status = 502;
+        return jsonResponse(502, { error: "sandbox daemon unreachable" });
+      }
+
+      const responseHeaders = new Headers();
+      for (const [k, v] of upstream.headers.entries()) {
+        if (!PREVIEW_STRIP_RESPONSE_HEADERS.includes(k.toLowerCase())) {
+          responseHeaders.set(k, v);
+        }
+      }
+      status = upstream.status;
+      return new Response(upstream.body, {
+        status: upstream.status,
+        statusText: upstream.statusText,
+        headers: responseHeaders,
+      });
+    } finally {
+      this.recordProxyDuration(
+        "preview",
+        status,
+        cachedRec,
+        performance.now() - start,
+        handle,
+      );
+    }
+  }
+
+  // ---- Ensure flow ----------------------------------------------------------
+
+  private async ensureLocked(
+    id: SandboxId,
+    handle: string,
+    opts: EnsureOptions,
+    ops: RunnerStateStoreOps | null,
+  ): Promise<Sandbox> {
+    if (opts.image) {
+      console.warn(
+        `[${LOG_LABEL}] opts.image ignored (template ${this.sandboxTemplateName} pins image): got ${opts.image}`,
+      );
+    }
+
+    // 1. State-store resume.
+    if (ops) {
+      const persisted = await ops.get(id, RUNNER_KIND);
+      if (persisted) {
+        const rec = await this.rehydrate(id, handle, persisted);
+        if (rec)
+          return this.finish(
+            rec,
+            ops,
+            /* persistNow */ false,
+            /* patchTtl */ true,
+            "resume",
+          );
+        await ops.delete(id, RUNNER_KIND);
+      }
+    }
+    // 2. Cluster-side adopt: state store empty but a claim with our
+    //    deterministic name already exists.
+    const existing = await getSandboxClaim(
+      this.kubeConfig,
+      this.namespace,
+      handle,
+    ).catch(() => undefined);
+    if (existing) {
+      // Terminating claim (operator's idle-TTL fired, finalizers still
+      // draining): skip adopt entirely — the pod is going away, port-forward
+      // would fail, and the claim is on its way out. Wait for the API server
+      // to fully GC the resource before falling through to provision so we
+      // don't race into a 409 AlreadyExists.
+      if (existing.metadata?.deletionTimestamp) {
+        await waitForSandboxClaimGone(
+          this.kubeConfig,
+          this.namespace,
+          handle,
+        ).catch((err) => {
+          console.warn(
+            `[${LOG_LABEL}] wait for terminating claim ${handle} failed: ${err instanceof Error ? err.message : String(err)}`,
+          );
+        });
+      } else {
+        const adopted = await this.adopt(id, handle, existing).catch((err) => {
+          console.warn(
+            `[${LOG_LABEL}] adopt ${handle} failed, recreating: ${err instanceof Error ? err.message : String(err)}`,
+          );
+          return null;
+        });
+        if (adopted)
+          return this.finish(
+            adopted,
+            ops,
+            /* persistNow */ true,
+            /* patchTtl */ true,
+            "adopt",
+          );
+        await deleteSandboxClaim(this.kubeConfig, this.namespace, handle).catch(
+          () => {},
+        );
+        // Same wait as the terminating branch — our DELETE just queued a
+        // teardown that still has to drain finalizers before the next
+        // create won't 409.
+        await waitForSandboxClaimGone(
+          this.kubeConfig,
+          this.namespace,
+          handle,
+        ).catch((err) => {
+          console.warn(
+            `[${LOG_LABEL}] wait for deleted claim ${handle} failed: ${err instanceof Error ? err.message : String(err)}`,
+          );
+        });
+      }
+    }
+    // 3. Fresh provision.
+    const fresh = await this.provision(id, handle, opts);
+    return this.finish(
+      fresh,
+      ops,
+      /* persistNow */ true,
+      /* patchTtl */ false,
+      "fresh",
+    );
+  }
+
+  private async finish(
+    rec: K8sRecord,
+    ops: RunnerStateStoreOps | null,
+    persistNow: boolean,
+    patchTtl: boolean,
+    outcome: "fresh" | "resume" | "adopt",
+  ): Promise<Sandbox> {
+    const wasCached = this.records.has(rec.handle);
+    this.records.set(rec.handle, rec);
+    if (persistNow) await this.persist(ops, rec);
+    // Fresh provision set a shutdownTime in the claim spec already; resumes
+    // and adopts rely on this patch to stay alive.
+    if (patchTtl) {
+      await patchSandboxClaimShutdown(
+        this.kubeConfig,
+        this.namespace,
+        rec.handle,
+        this.computeShutdownTime(),
+      ).catch((err) =>
+        console.warn(
+          `[${LOG_LABEL}] TTL refresh failed for ${rec.handle}: ${err instanceof Error ? err.message : String(err)}`,
+        ),
+      );
+    }
+    if (this.metrics) {
+      const attrs = tenantAttrs(rec.tenant);
+      this.metrics.ensureOutcome.add(1, { ...attrs, outcome });
+      // Only increment the active gauge on first observation to avoid
+      // double-counting when the same handle is rehydrated multiple times
+      // (mesh-process internal cache hit; ensureLocked is invoked again).
+      if (!wasCached) this.metrics.active.add(1, attrs);
+    }
+    return this.toSandbox(rec);
+  }
+
+  private buildEnvMap(
+    opts: EnsureOptions,
+    boot: { token: string; daemonBootId: string; workdir: string },
+  ): Record<string, string> {
+    const callerEnv: Record<string, string> = {};
+    const dropped: string[] = [];
+    for (const [k, v] of Object.entries(opts.env ?? {})) {
+      if (RESERVED_ENV_KEYS.has(k)) dropped.push(k);
+      else callerEnv[k] = v;
+    }
+    if (dropped.length > 0) {
+      console.warn(
+        `[${LOG_LABEL}] opts.env keys overlap reserved bootstrap names and were dropped: ${dropped.join(",")}`,
+      );
+    }
+
+    return {
+      ...callerEnv,
+      DAEMON_TOKEN: boot.token,
+      DAEMON_BOOT_ID: boot.daemonBootId,
+      APP_ROOT: boot.workdir,
+      PROXY_PORT: String(DAEMON_CONTAINER_PORT),
+    };
+  }
+
+  private buildClaim(
+    handle: string,
+    opts: EnsureOptions,
+    boot: { token: string; daemonBootId: string; workdir: string },
+  ): SandboxClaim {
+    // Warm-pool mode: the operator rejects claim.spec.env outright when
+    // warmpool != "none". Mesh delivers the per-claim secret post-bind via
+    // POST /_decopilot_vm/config + auth.rotateToken instead.
+    const warmPoolMode = this.sentinelToken !== null;
+    const envEntries = warmPoolMode
+      ? []
+      : Object.entries(this.buildEnvMap(opts, boot))
+          // Sorted so `kubectl diff` doesn't churn across runs that pass the
+          // same env in different insertion orders.
+          .sort(([a], [b]) => (a < b ? -1 : a > b ? 1 : 0))
+          .map(([name, value]) => ({ name, value }));
+    return {
+      apiVersion: `${K8S_CONSTANTS.CLAIM_API_GROUP}/${K8S_CONSTANTS.CLAIM_API_VERSION}`,
+      kind: "SandboxClaim",
+      metadata: {
+        name: handle,
+        namespace: this.namespace,
+        // Tenant duplicated on the claim itself (not just the pod) so the
+        // adopt path can recover orgId/userId after a state-store wipe;
+        // adopt() reads claim.metadata.labels, not pod labels.
+        labels: {
+          "app.kubernetes.io/name": "studio-sandbox",
+          "app.kubernetes.io/managed-by": "studio",
+          ...(this.envName ? { [LABEL_KEYS.env]: this.envName } : {}),
+          ...buildTenantLabels(opts.tenant),
+        },
+      },
+      spec: {
+        sandboxTemplateRef: { name: this.sandboxTemplateName },
+        // additionalPodMetadata.labels is the operator's pod-label propagation
+        // hook (CRD field, not a generic patch). Tenant labels here flow to
+        // the pod and become joinable in cAdvisor/kubelet metrics. `role`
+        // distinguishes claimed pods from warm-pool pods (template sets
+        // role=sandbox-pod by default).
+        additionalPodMetadata: {
+          labels: buildTenantLabels(opts.tenant, {
+            [LABEL_KEYS.role]: "claimed",
+            [LABEL_KEYS.sandboxHandle]: handle,
+            ...(this.envName ? { [LABEL_KEYS.env]: this.envName } : {}),
+          }),
+        },
+        env: envEntries,
+        warmpool: warmPoolMode ? "default" : "none",
+        lifecycle: {
+          shutdownPolicy: "Delete",
+          shutdownTime: this.computeShutdownTime(),
+        },
+      },
+    };
+  }
+
+  private async provision(
+    id: SandboxId,
+    handle: string,
+    opts: EnsureOptions,
+  ): Promise<K8sRecord> {
+    const token = this.tokenGenerator();
+    const daemonBootId = randomUUID();
+    const workdir = DEFAULT_WORKDIR;
+
+    const claim = this.buildClaim(handle, opts, {
+      token,
+      daemonBootId,
+      workdir,
+    });
+    try {
+      await createSandboxClaim(this.kubeConfig, this.namespace, claim);
+    } catch (err) {
+      // ensureLocked already waits for a known-terminating prior claim before
+      // falling through here. This catch covers the residual races: a
+      // concurrent ensure() from another mesh replica raced ours to create,
+      // or an external delete (operator TTL, kubectl) finished after we
+      // checked but before our POST landed. Wait for the resource to fully
+      // disappear and retry exactly once — re-raising AlreadyExists straight
+      // to the user surfaces as the "Failed to create SandboxClaim" toast
+      // they have to manually recover from.
+      if (err instanceof SandboxAlreadyExistsError) {
+        await waitForSandboxClaimGone(this.kubeConfig, this.namespace, handle);
+        await createSandboxClaim(this.kubeConfig, this.namespace, claim);
+      } else {
+        throw err;
+      }
+    }
+    // Two-step bind resolution. The operator's reconciler picks an adopted
+    // Sandbox first (warm-pool pod or, on cold-start, a freshly-rendered
+    // one) and writes its name into `claim.status.sandbox.name`. We wait
+    // for that field, then watch the named Sandbox for Ready.
+    //
+    // Cold-only would let us watch by `metadata.name=<handle>` directly
+    // (operator names cold Sandboxes after the claim), but warm-pool
+    // adoption picks a pre-existing pool name like
+    // `studio-sandbox-kind-abcde` instead — and worse, agent-sandbox
+    // v0.4.x has a status-update conflict race that occasionally also
+    // creates a stray same-named cold-path Sandbox alongside the adopted
+    // pool one. Watching by `<handle>` would talk to that orphan and miss
+    // the actually-bound pool pod (the daemon that actually runs the
+    // workload). `claim.status.sandbox.name` is the only signal that
+    // points at the right one across both shapes.
+    //
+    // Either bind step can time out — `waitForClaimAdoptedSandbox` if the
+    // operator never writes status.sandbox.name (controller crashed,
+    // overloaded warm pool exhaustion, etc.), `waitForSandboxReady` if
+    // the bound pod never reaches Ready (image pull stall, scheduling
+    // failure, kubelet pressure). On either failure we have to delete
+    // the orphan claim — leaving it would leak a pod and, worse, the
+    // caller's next `ensure()` would adopt-or-recreate against a stuck
+    // half-bound claim. Probe results: 3 concurrent ensure() against a
+    // size-1 warm pool tripped the 180s readiness timeout on one claim
+    // under kind resource pressure, leaving the SandboxClaim behind.
+    let adoptedSandboxName: string;
+    try {
+      adoptedSandboxName = await waitForClaimAdoptedSandbox(
+        this.kubeConfig,
+        this.namespace,
+        handle,
+      );
+      await waitForSandboxReady(
+        this.kubeConfig,
+        this.namespace,
+        adoptedSandboxName,
+      );
+    } catch (err) {
+      await deleteSandboxClaim(this.kubeConfig, this.namespace, handle).catch(
+        () => {},
+      );
+      throw err;
+    }
+
+    // Patch the operator-created Service to declare port 9000, then mint the
+    // per-claim HTTPRoute. Both happen before the port-forward opens so that,
+    // by the time `Sandbox.previewUrl` reaches the caller, the gateway has a
+    // route AND its backend cluster is registered. The Service patch is a
+    // workaround for agent-sandbox v0.4.x shipping ports-less Services
+    // (`ensureServicePort` doc explains why this matters for Istio). If
+    // either step fails the claim is healthy but unroutable — roll back so
+    // the caller's retry hits a clean slate.
+    try {
+      await this.ensureServicePortForAdoptedSandbox(adoptedSandboxName);
+      await this.ensureHttpRouteForHandle(
+        handle,
+        adoptedSandboxName,
+        opts.tenant ?? null,
+      );
+    } catch (err) {
+      await deleteSandboxClaim(this.kubeConfig, this.namespace, handle).catch(
+        () => {},
+      );
+      throw err;
+    }
+
+    const daemonForward = await this.openForwarder(
+      adoptedSandboxName,
+      DAEMON_CONTAINER_PORT,
+      handle,
+    );
+    const daemonUrl = `http://127.0.0.1:${daemonForward.localPort}`;
+    const configPayload = buildConfigPayload({
+      runtime: opts.workload?.runtime ?? "node",
+      packageManager: opts.workload?.packageManager
+        ? {
+            name: opts.workload.packageManager,
+            ...(opts.workload.packageManagerPath
+              ? { path: opts.workload.packageManagerPath }
+              : {}),
+          }
+        : null,
+      repo: opts.repo ?? null,
+      port: opts.workload?.devPort ?? DEFAULT_DEV_PORT,
+    });
+    // Warm-pool path: pod boots with the SandboxTemplate's sentinel token;
+    // mesh authenticates the first /config call with the sentinel and
+    // rotates to `token` (per-claim) atomically with the workload patch.
+    // After this call returns, only `token` is accepted on the daemon.
+    //
+    // Cold path: per-claim token was injected via env, daemon already
+    // accepts `token`; no rotation needed.
+    let resolvedBootId: string = daemonBootId;
+    try {
+      await waitForDaemonReady(daemonUrl);
+      if (this.sentinelToken !== null) {
+        const probedHealth = await probeDaemonHealth(daemonUrl);
+        if (probedHealth) resolvedBootId = probedHealth.bootId;
+        await postConfig(daemonUrl, this.sentinelToken, configPayload ?? {}, {
+          rotateToken: token,
+        });
+      } else if (configPayload) {
+        await postConfig(daemonUrl, token, configPayload);
+      }
+    } catch (err) {
+      this.closeForwarder(daemonForward);
+      await this.deleteHttpRouteIfManaged(handle).catch(() => {});
+      await deleteSandboxClaim(this.kubeConfig, this.namespace, handle).catch(
+        () => {},
+      );
+      throw err;
+    }
+
+    return {
+      id,
+      handle,
+      adoptedSandboxName,
+      token,
+      workdir,
+      daemonUrl,
+      daemonForward,
+      workload: opts.workload ?? null,
+      daemonBootId: resolvedBootId,
+      tenant: opts.tenant ?? null,
+      ensureOpts: stripEnsureOpts(opts),
+    };
+  }
+
+  /**
+   * No-op when `previewGateway` isn't configured. Otherwise Server-Side
+   * Apply port 9000 (named "daemon") onto the operator-created Service
+   * for the *adopted* Sandbox. The agent-sandbox operator (v0.4.x) ships
+   * Services with empty `spec.ports`, which makes Istio refuse to register
+   * an upstream cluster — `ensureServicePort` doc has the full rationale.
+   * Idempotent: once mesh owns `spec.ports[name=daemon]` (first SSA),
+   * subsequent calls with the same body are recorded as no-ops by the API
+   * server.
+   *
+   * Targets `adoptedSandboxName`, NOT `handle`. On warm-pool adoption these
+   * differ: the adopted Sandbox carries its pool-generated name (e.g.
+   * `studio-sandbox-kind-abcde`) and so does its operator-managed Service.
+   * The cold-path duplicate Sandbox the v0.4.x adoption race occasionally
+   * creates also has a Service (named after the claim), but it backs the
+   * unconfigured cold-path pod — patching that one would route preview
+   * traffic to the wrong daemon.
+   */
+  private async ensureServicePortForAdoptedSandbox(
+    adoptedSandboxName: string,
+  ): Promise<void> {
+    if (!this.previewGateway || !this.previewUrlPattern) return;
+    await ensureServicePort(
+      this.kubeConfig,
+      this.namespace,
+      adoptedSandboxName,
+      {
+        name: "daemon",
+        port: DAEMON_CONTAINER_PORT,
+        targetPort: DAEMON_CONTAINER_PORT,
+      },
+    );
+  }
+
+  /**
+   * No-op when `previewGateway` isn't configured. Otherwise PUT-or-create
+   * an HTTPRoute that maps `<handle>.<base>` → Service `<adoptedSandboxName>`
+   * port 9000. createHttpRoute swallows 409, so this is safe to call from
+   * both fresh-provision and adopt-backfill paths.
+   *
+   * Route name and hostname stay tied to `handle` so the public preview
+   * URL is stable across pool re-adoptions and so cleanup
+   * (`deleteHttpRouteIfManaged`) can find the route by handle. The
+   * backendRef switches to `adoptedSandboxName` for the same reason
+   * `ensureServicePortForAdoptedSandbox` does — we want traffic to land on
+   * the actually-bound pool pod, not the operator's cold-path orphan.
+   */
+  private async ensureHttpRouteForHandle(
+    handle: string,
+    adoptedSandboxName: string,
+    tenant: RunnerTenant | null,
+  ): Promise<void> {
+    if (!this.previewGateway || !this.previewUrlPattern) return;
+    const hostname = previewHostnameForHandle(this.previewUrlPattern, handle);
+    if (!hostname) {
+      throw new SandboxError(
+        `Unable to derive preview hostname for ${handle} from pattern: ${this.previewUrlPattern}`,
+      );
+    }
+    const route: HttpRoute = {
+      apiVersion: `${HTTPROUTE_CONSTANTS.API_GROUP}/${HTTPROUTE_CONSTANTS.API_VERSION}`,
+      kind: "HTTPRoute",
+      metadata: {
+        name: handle,
+        namespace: this.namespace,
+        labels: buildTenantLabels(tenant ?? undefined, {
+          [LABEL_KEYS.role]: "claimed",
+          [LABEL_KEYS.sandboxHandle]: handle,
+          "app.kubernetes.io/name": "studio-sandbox",
+          "app.kubernetes.io/managed-by": "studio",
+          ...(this.envName ? { [LABEL_KEYS.env]: this.envName } : {}),
+        }),
+      },
+      spec: {
+        parentRefs: [
+          {
+            kind: "Gateway",
+            group: "gateway.networking.k8s.io",
+            name: this.previewGateway.name,
+            namespace: this.previewGateway.namespace,
+          },
+        ],
+        hostnames: [hostname],
+        rules: [
+          {
+            backendRefs: [
+              {
+                group: "",
+                kind: "Service",
+                name: adoptedSandboxName,
+                port: DAEMON_CONTAINER_PORT,
+              },
+            ],
+          },
+        ],
+      },
+    };
+    await createHttpRoute(this.kubeConfig, this.namespace, route);
+  }
+
+  /** No-op when `previewGateway` isn't configured. 404-tolerant otherwise. */
+  private async deleteHttpRouteIfManaged(handle: string): Promise<void> {
+    if (!this.previewGateway) return;
+    await deleteHttpRoute(this.kubeConfig, this.namespace, handle);
+  }
+
+  /**
+   * Reconstruct a record from persisted state. After this returns, the record
+   * is ready for any of the six methods — the daemon port-forward is open and
+   * its `/health` has been re-probed. Returns null on any mismatch; caller
+   * purges and falls through to adopt/provision.
+   */
+  private async rehydrate(
+    id: SandboxId,
+    handle: string,
+    persisted: { handle: string; state: Record<string, unknown> },
+  ): Promise<K8sRecord | null> {
+    const state = persisted.state as Partial<PersistedK8sState>;
+    if ((!state.adoptedSandboxName && !state.podName) || !state.token)
+      return null;
+
+    const claim = await getSandboxClaim(
+      this.kubeConfig,
+      this.namespace,
+      handle,
+    ).catch(() => undefined);
+    if (!claim || !isSandboxReady(claim)) return null;
+
+    // Persisted `adoptedSandboxName` is missing on rows written before
+    // warm-pool support — those rows describe cold-path sandboxes whose
+    // Service name equals `handle`. Fall back to `handle` so existing
+    // claims keep routing correctly. Cross-check `claim.status.sandbox.name`
+    // first: the operator can update it (e.g. on pod recreation), and
+    // routing must follow that.
+    // Cross-check claim.status.sandbox.name first: the operator can update
+    // it (e.g. on pod recreation). Fall back to persisted adoptedSandboxName,
+    // then state.podName (back-compat with pre-warm-pool rows), then handle.
+    // In agent-sandbox the pod name always equals the Sandbox CR name, so
+    // adoptedSandboxName is the correct port-forward target.
+    const adoptedSandboxName =
+      claim.status?.sandbox?.name ??
+      state.adoptedSandboxName ??
+      state.podName ??
+      handle;
+
+    const live = await this.openAndProbeDaemon(adoptedSandboxName, handle);
+    if (!live) return null;
+
+    // Pod bounced but the daemon's orchestrator handles re-bootstrap itself
+    // on boot (resume-on-restart). Just refresh our copy of bootId.
+    if (state.daemonBootId && state.daemonBootId !== live.bootId) {
+      console.warn(
+        `[${LOG_LABEL}] daemon restart detected (handle=${handle}): stored bootId=${state.daemonBootId} live bootId=${live.bootId}`,
+      );
+    }
+
+    return {
+      id,
+      handle,
+      adoptedSandboxName,
+      token: state.token,
+      workdir: state.workdir ?? DEFAULT_WORKDIR,
+      daemonUrl: live.daemonUrl,
+      daemonForward: live.daemonForward,
+      workload: state.workload ?? null,
+      daemonBootId: live.bootId,
+      tenant: state.tenant ?? null,
+      ensureOpts: state.ensureOpts ?? null,
+    };
+  }
+
+  private async adopt(
+    id: SandboxId,
+    handle: string,
+    claim: SandboxResource,
+  ): Promise<K8sRecord | null> {
+    if (!isSandboxReady(claim)) return null;
+    const adoptedSandboxName = claim.status?.sandbox?.name ?? handle;
+    // Warm-pool mode keeps `claim.spec.env: []` so the per-claim token is
+    // not recoverable from the cluster — it lives only in the state-store.
+    // When the state-store is wiped (the trigger that brings us into
+    // adopt), there's no way to retrieve it. Returning null falls through
+    // to delete + reprovision; the pool releases the pod, the operator
+    // allocates a fresh one, and mesh rotates a new token onto it.
+    if (this.sentinelToken !== null) return null;
+    const token = readClaimDaemonToken(claim);
+    if (!token) return null;
+
+    const live = await this.openAndProbeDaemon(adoptedSandboxName, handle);
+    if (!live) return null;
+
+    const tenant = readClaimTenant(claim);
+    // Backfill the Service port + HTTPRoute for legacy claims provisioned
+    // before per-claim routing existed. Both calls are idempotent — Service
+    // patch is a no-op once `port: 9000` is already declared, and
+    // createHttpRoute swallows 409. Failures here don't block adoption:
+    // preview traffic stays unrouted until the next ensure() picks it up;
+    // the rest of the sandbox surface (exec, port-forward) is unaffected.
+    // Service patch first so that, if the route is missing, recreating it
+    // immediately after will already see a working cluster on the gateway
+    // side.
+    if (this.previewGateway) {
+      await this.ensureServicePortForAdoptedSandbox(adoptedSandboxName).catch(
+        (err) => {
+          console.warn(
+            `[${LOG_LABEL}] Service port backfill failed for ${handle}: ${err instanceof Error ? err.message : String(err)}`,
+          );
+        },
+      );
+      await this.ensureHttpRouteForHandle(
+        handle,
+        adoptedSandboxName,
+        tenant,
+      ).catch((err) => {
+        console.warn(
+          `[${LOG_LABEL}] HTTPRoute backfill failed for ${handle}: ${err instanceof Error ? err.message : String(err)}`,
+        );
+      });
+    }
+
+    return {
+      id,
+      handle,
+      adoptedSandboxName,
+      token,
+      workdir: DEFAULT_WORKDIR,
+      daemonUrl: live.daemonUrl,
+      daemonForward: live.daemonForward,
+      workload: null,
+      daemonBootId: live.bootId,
+      // Recovered from claim labels written at provision time. Null if the
+      // claim pre-dates tenant labelling (back-compat with already-running
+      // sandboxes when this code rolls out).
+      tenant,
+      // Adopt happens when the state-store is empty but a claim with our
+      // deterministic name still exists in the cluster (e.g. mesh restart
+      // without state-store, or state-store wipe). The original opts aren't
+      // recoverable from the claim alone, so resurrection on this record
+      // can't autonomously re-provision; falls back to the caller's
+      // VM_START path.
+      ensureOpts: null,
+    };
+  }
+
+  /**
+   * Open the daemon port-forward and probe `/health`. Closes the forwarder
+   * and returns null on any failure so the caller can fall through to
+   * recreate. Both `rehydrate` and `adopt` share this shape — the only
+   * difference is whether the bootId match is checked.
+   */
+  private async openAndProbeDaemon(
+    podName: string,
+    handle: string,
+  ): Promise<{
+    daemonForward: PortForwarder;
+    daemonUrl: string;
+    bootId: string;
+  } | null> {
+    const daemonForward = await this.openForwarder(
+      podName,
+      DAEMON_CONTAINER_PORT,
+      handle,
+    ).catch(() => null);
+    if (!daemonForward) return null;
+    const daemonUrl = `http://127.0.0.1:${daemonForward.localPort}`;
+    // probeDaemonHealth returns null when /health is unreachable OR lacks a
+    // bootId (older daemon shape). Either way, purge + re-provision.
+    const health = await probeDaemonHealth(daemonUrl);
+    if (!health) {
+      this.closeForwarder(daemonForward);
+      return null;
+    }
+    return { daemonForward, daemonUrl, bootId: health.bootId };
+  }
+
+  // ---- Handle resolution (post-restart) -------------------------------------
+
+  private async getRecord(handle: string): Promise<K8sRecord | null> {
+    const cached = this.records.get(handle);
+    if (cached) return cached;
+    if (!this.stateStore) return null;
+    const persisted = await this.stateStore.getByHandle(RUNNER_KIND, handle);
+    if (!persisted) return null;
+    const rec = await this.rehydrate(persisted.id, handle, persisted);
+    if (rec) this.records.set(handle, rec);
+    return rec;
+  }
+
+  /**
+   * Re-ensure a sandbox after operator-driven eviction (15-min idle TTL deletes
+   * claim + pod). Looks up the SandboxId from the state-store by handle, then
+   * runs the standard `ensure()` path with the persisted `EnsureOptions` so the
+   * fresh provision rehydrates with the same repo/env/workload.
+   *
+   * Returns null when:
+   *  - no state-store (test runners) — caller surfaces 404,
+   *  - handle has no row (truly unknown) — caller surfaces 404,
+   *  - row predates `ensureOpts` persistence (back-compat: rows from before
+   *    this change). Resurrecting with empty opts would create an empty pod
+   *    with no repo cloned, which is worse than 404. UI's existing
+   *    notFound→VM_START flow re-supplies opts in that case.
+   */
+  private async resurrectByHandle(handle: string): Promise<K8sRecord | null> {
+    if (!this.stateStore) return null;
+    const row = await this.stateStore.getByHandle(RUNNER_KIND, handle);
+    if (!row) return null;
+    const persistedOpts = (row.state as Partial<PersistedK8sState>).ensureOpts;
+    if (!persistedOpts) return null;
+    // ensure() is idempotent + advisory-locked, so concurrent resurrections
+    // for the same handle collapse to a single provision. The lock is keyed
+    // on (userId, projectRef, kind), the same identity our state-store row
+    // is keyed on.
+    await this.ensure(row.id, persistedOpts);
+    return this.records.get(handle) ?? null;
+  }
+
+  private async requireRecord(handle: string): Promise<K8sRecord> {
+    const rec = await this.getRecord(handle);
+    if (rec) return rec;
+    const resurrected = await this.resurrectByHandle(handle);
+    if (resurrected) return resurrected;
+    throw new Error(`unknown sandbox handle ${handle}`);
+  }
+
+  /**
+   * Drop the in-memory record cache for `handle`. Called when the cached
+   * `daemonUrl` proves stale (e.g. fetch fails with connection refused after
+   * the operator deleted the underlying pod). The next access goes through
+   * the state-store + rehydrate or resurrection path.
+   */
+  private invalidateRecord(handle: string): void {
+    const rec = this.records.get(handle);
+    if (!rec) return;
+    this.records.delete(handle);
+    this.closeForwarder(rec.daemonForward);
+  }
+
+  // ---- Metric helpers -------------------------------------------------------
+
+  private recordProxyDuration(
+    source: "daemon" | "preview",
+    statusCode: number,
+    rec: K8sRecord | null,
+    durationMs: number,
+    fallbackHandle?: string,
+  ): void {
+    if (!this.metrics) return;
+    this.metrics.proxyDurationMs.record(durationMs, {
+      ...tenantAttrs(rec?.tenant ?? null),
+      source,
+      sandbox_handle: rec?.handle ?? fallbackHandle ?? "",
+      status_code: statusCode || 0,
+    });
+  }
+
+  // ---- Identity + preview URL ----------------------------------------------
+
+  private computeHandle(id: SandboxId, branch: string | null): string {
+    // hashLen=16 (~64 bits) per handle.ts: runners that expose the handle as
+    // a public hostname must use longer hashes to resist brute-force. Also
+    // prevents DB handle collisions across users on the no-branch path.
+    return composeBranchHandle(id, branch, { hashLen: 16 });
+  }
+
+  // Local mode: route preview traffic through the daemon port-forward, not
+  // a separate dev forwarder. The daemon serves /_decopilot_vm/* + /health
+  // in-process and reverse-proxies everything else to in-pod localhost:DEV_PORT
+  // (with CSP/X-Frame stripping + HMR bootstrap injection). Pointing the URL
+  // straight at the dev port would bypass that proxy and break SSE + iframe
+  // embedding. Production mode (previewUrlPattern set) goes through the
+  // ingress-terminated URL the operator emits.
+  private composePreviewUrl(rec: K8sRecord): string {
+    if (this.previewUrlPattern) {
+      return applyPreviewPattern(this.previewUrlPattern, rec.handle);
+    }
+    return `http://127.0.0.1:${rec.daemonForward.localPort}/`;
+  }
+
+  private toSandbox(rec: K8sRecord): Sandbox {
+    return {
+      handle: rec.handle,
+      workdir: rec.workdir,
+      previewUrl: this.composePreviewUrl(rec),
+    };
+  }
+
+  // ---- Persistence ----------------------------------------------------------
+
+  private async persist(
+    ops: RunnerStateStoreOps | null,
+    rec: K8sRecord,
+  ): Promise<void> {
+    if (!ops) return;
+    const state: PersistedK8sState = {
+      adoptedSandboxName: rec.adoptedSandboxName,
+      token: rec.token,
+      workdir: rec.workdir,
+      workload: rec.workload,
+      daemonBootId: rec.daemonBootId,
+      tenant: rec.tenant,
+      ...(rec.ensureOpts ? { ensureOpts: rec.ensureOpts } : {}),
+    };
+    await ops.put(rec.id, RUNNER_KIND, { handle: rec.handle, state });
+  }
+
+  // ---- TTL helpers ----------------------------------------------------------
+
+  private computeShutdownTime(): string {
+    return new Date(Date.now() + this.idleTtlMs).toISOString();
+  }
+
+  // ---- Port-forwarding ------------------------------------------------------
+
+  /**
+   * Opens a 127.0.0.1 TCP listener whose connections tunnel to
+   * `podName:containerPort` via the apiserver. Each TCP connection spawns a
+   * fresh WebSocket — matches `kubectl port-forward`'s semantics. Lifecycle
+   * is mutual: client socket close → close the k8s WS; WS close → destroy
+   * the client socket.
+   */
+  private openForwarder(
+    podName: string,
+    containerPort: number,
+    // `handle` is passed separately so the deterministic port survives pod
+    // recreation (operator-driven): vmMap's cached previewUrl stays valid.
+    handle: string = podName,
+  ): Promise<PortForwarder> {
+    const startPort = deterministicLocalPort(handle, containerPort);
+    return new Promise((resolve, reject) => {
+      const tryBind = (port: number, attempt: number) => {
+        const server = net.createServer((socket) =>
+          this.handleForwardedConnection(
+            socket,
+            podName,
+            containerPort,
+            handle,
+          ),
+        );
+        server.once("error", (err: NodeJS.ErrnoException) => {
+          if (err.code === "EADDRINUSE" && attempt < PORT_WALK_LIMIT) {
+            // Release the failed listener before walking forward — listen()
+            // failure leaves the Server object holding the connection handler
+            // closure; closing makes the leak trivially visible to GC.
+            try {
+              server.close();
+            } catch {}
+            const next =
+              PORT_RANGE_START +
+              ((port - PORT_RANGE_START + 1) % PORT_RANGE_SIZE);
+            tryBind(next, attempt + 1);
+            return;
+          }
+          reject(err);
+        });
+        server.listen(port, "127.0.0.1", () => {
+          const address = server.address();
+          if (!address || typeof address === "string") {
+            server.close();
+            reject(new Error("port-forward listener failed to bind"));
+            return;
+          }
+          resolve({ server, localPort: address.port });
+        });
+      };
+      tryBind(startPort, 0);
+    });
+  }
+
+  private handleForwardedConnection(
+    socket: net.Socket,
+    podName: string,
+    containerPort: number,
+    handle: string,
+  ): void {
+    // Inbound bytes pipe through a PassThrough rather than the socket
+    // directly: `portForward` attaches its 'data' listener only after the
+    // WebSocket opens (async); on Bun, bytes arriving in that window are
+    // dropped. Piping synchronously into a PassThrough buffers those bytes
+    // until the library drains it.
+    const inbound = new PassThrough();
+    let ws: ForwardWebSocket | null = null;
+    let closed = false;
+
+    const cleanup = () => {
+      if (closed) return;
+      closed = true;
+      inbound.destroy();
+      if (ws) {
+        try {
+          ws.close();
+        } catch {}
+      }
+      if (!socket.destroyed) socket.destroy();
+    };
+
+    socket.pipe(inbound);
+    socket.on("error", cleanup);
+    socket.on("close", cleanup);
+
+    this.portForward
+      .portForward(
+        this.namespace,
+        podName,
+        [containerPort],
+        socket,
+        null,
+        inbound,
+      )
+      .then((res) => {
+        // retryCount=0 (default) → raw WebSocket; retryCount>0 → factory fn.
+        const opened = typeof res === "function" ? res() : res;
+        if (!opened) {
+          cleanup();
+          return;
+        }
+        ws = opened as ForwardWebSocket;
+        ws.on("close", cleanup);
+        ws.on("error", () => {
+          this.invalidateRecord(handle);
+          cleanup();
+        });
+        if (closed) {
+          try {
+            ws.close();
+          } catch {}
+        }
+      })
+      .catch((err: unknown) => {
+        console.warn(
+          `[${LOG_LABEL}] port-forward to ${podName}:${containerPort} failed: ${err instanceof Error ? err.message : String(err)}`,
+        );
+        this.invalidateRecord(handle);
+        cleanup();
+      });
+  }
+
+  private closeForwarder(forwarder: PortForwarder): void {
+    forwarder.server.close((err) => {
+      if (err) {
+        console.warn(
+          `[${LOG_LABEL}] port-forward close on :${forwarder.localPort} errored: ${err instanceof Error ? err.message : String(err)}`,
+        );
+      }
+    });
+  }
+
+  close(): void {
+    if (this.closed) return;
+    this.closed = true;
+    for (const rec of this.records.values()) {
+      this.closeForwarder(rec.daemonForward);
+    }
+    this.records.clear();
+  }
+}
+
+// ---- Helpers ----------------------------------------------------------------
+
+interface RunnerMetrics {
+  active: UpDownCounter;
+  ensureOutcome: Counter;
+  proxyDurationMs: Histogram;
+}
+
+function buildRunnerMetrics(meter: Meter): RunnerMetrics {
+  return {
+    active: meter.createUpDownCounter("studio.sandbox.active", {
+      description:
+        "Active sandbox count, by runner kind and owning org. Cross-checks the cAdvisor-derived count from the cluster — divergence between the two indicates orphaned claims (mesh deleted but K8s didn't reap) or unattributed pods.",
+      unit: "{sandbox}",
+    }),
+    ensureOutcome: meter.createCounter("studio.sandbox.ensure.outcome", {
+      description:
+        "Outcome of each ensure() call: fresh provision, resume from state-store after restart, or adopt of a cluster-side claim mesh didn't know about. Cold-start ratio is the primary input for warm-pool sizing.",
+      unit: "{call}",
+    }),
+    proxyDurationMs: meter.createHistogram("studio.sandbox.proxy.duration_ms", {
+      description:
+        "Wall-clock latency of mesh-mediated requests to the sandbox daemon: tool exec proxies (source=daemon) and preview iframe traffic (source=preview).",
+      unit: "ms",
+    }),
+  };
+}
+
+function loadDefaultKubeConfig(): KubeConfig {
+  const kc = new KubeConfigClass();
+  kc.loadFromDefault();
+  return kc;
+}
+
+function isSandboxReady(resource: SandboxResource): boolean {
+  return Boolean(
+    resource.status?.conditions?.some(
+      (c) => c.type === "Ready" && c.status === "True",
+    ),
+  );
+}
+
+function readClaimDaemonToken(claim: SandboxResource): string | null {
+  const env = claim.spec?.env;
+  if (!env) return null;
+  for (const entry of env) {
+    if (entry.name === "DAEMON_TOKEN" && entry.value) return entry.value;
+  }
+  return null;
+}
+
+function deterministicLocalPort(handle: string, containerPort: number): number {
+  const hash = createHash("sha256")
+    .update(`${handle}:${containerPort}`)
+    .digest();
+  return PORT_RANGE_START + (hash.readUInt32BE(0) % PORT_RANGE_SIZE);
+}
+
+// CORS headers on synthesized preview-proxy responses. The studio iframe
+// renders under the studio origin and fetches the preview origin cross-site
+// (SSE at `/_decopilot_vm/events`, plus the EventSource probeMissing fetch);
+// without ACAO the browser blocks the response *and* hides the actual status,
+// so a 404 from us looks like an opaque CORS failure in devtools. The daemon
+// already sets ACAO on its own responses — these headers only fire on errors
+// we synthesize before reaching the daemon.
+function jsonResponse(status: number, body: unknown): Response {
+  return new Response(JSON.stringify(body), {
+    status,
+    headers: {
+      "content-type": "application/json",
+      "access-control-allow-origin": "*",
+    },
+  });
+}
+
+// K8s label keys mesh attaches. Centralized so writers (buildTenantLabels)
+// and the reader (readClaimTenant) can't drift.
+const LABEL_KEYS = {
+  role: "studio.decocms.com/role",
+  sandboxHandle: "studio.decocms.com/sandbox-handle",
+  orgId: "studio.decocms.com/org-id",
+  userId: "studio.decocms.com/user-id",
+  env: "studio.decocms.com/env",
+} as const;
+
+// K8s label values: ≤63 chars, must match `(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?`.
+// Org/user IDs are UUIDs in mesh and pass through unchanged; the regex check
+// + truncation is defensive against future ID-shape changes (the operator will
+// reject the claim outright if a label value is invalid).
+const LABEL_VALUE_RE = /^([A-Za-z0-9]([-A-Za-z0-9_.]*[A-Za-z0-9])?)?$/;
+const MAX_LABEL_VALUE_LEN = 63;
+
+function sanitizeLabelValue(value: string): string {
+  const truncated = value.slice(0, MAX_LABEL_VALUE_LEN);
+  return LABEL_VALUE_RE.test(truncated) ? truncated : "";
+}
+
+// Tighter than LABEL_VALUE_RE — envName flows into K8s resource names
+// (e.g. studio-sandbox-<env>), which require this restricted charset.
+// Must match the regex the sandbox-env chart enforces on envName.
+const ENV_NAME_RE = /^[a-z]([a-z0-9-]{0,30}[a-z0-9])?$/;
+
+function normalizeEnvName(raw: string | undefined): string | null {
+  if (raw === undefined) return null;
+  const trimmed = raw.trim();
+  if (trimmed === "") return null;
+  if (!ENV_NAME_RE.test(trimmed)) {
+    throw new Error(
+      `AgentSandboxRunner: envName=${JSON.stringify(trimmed)} is not a valid DNS-label-safe environment name (lowercase alphanumeric or '-', starts with a letter, ends alphanumeric, ≤32 chars). Mesh sets this from STUDIO_ENV; check the studio chart's configMap.`,
+    );
+  }
+  return trimmed;
+}
+
+/**
+ * Tenant labels for `adopt()` recovery + cost attribution. Used on both the
+ * claim (so `kubectl get sandboxclaim` shows ownership and adopt() can read
+ * orgId/userId after a state-store wipe) and the pod (where cAdvisor /
+ * kubelet metrics pick them up). Pass `extra` for pod-only fields like
+ * `role` and `sandbox-handle`.
+ */
+function buildTenantLabels(
+  tenant: EnsureOptions["tenant"],
+  extra: Record<string, string> = {},
+): Record<string, string> {
+  const labels: Record<string, string> = { ...extra };
+  if (tenant) {
+    const orgId = sanitizeLabelValue(tenant.orgId);
+    const userId = sanitizeLabelValue(tenant.userId);
+    if (orgId) labels[LABEL_KEYS.orgId] = orgId;
+    if (userId) labels[LABEL_KEYS.userId] = userId;
+  }
+  return labels;
+}
+
+/** Read tenant back from a claim's metadata.labels (adopt path). */
+function readClaimTenant(claim: SandboxResource): RunnerTenant | null {
+  const labels = claim.metadata?.labels;
+  if (!labels) return null;
+  const orgId = labels[LABEL_KEYS.orgId];
+  const userId = labels[LABEL_KEYS.userId];
+  if (!orgId || !userId) return null;
+  return { orgId, userId };
+}
+
+/**
+ * Convert tenant struct to OTel attribute keys. `runner_kind` is constant for
+ * a given runner instance but included on every attrs set so downstream
+ * dashboards can pivot across runners (k8s vs docker) without re-aggregating.
+ */
+function tenantAttrs(tenant: RunnerTenant | null): {
+  org_id: string;
+  user_id: string;
+  runner_kind: string;
+} {
+  return {
+    org_id: tenant?.orgId ?? "",
+    user_id: tenant?.userId ?? "",
+    runner_kind: RUNNER_KIND,
+  };
+}
+
+/**
+ * Subset of `EnsureOptions` worth persisting for resurrection. Drops `image`
+ * (k8s ignores it — template pins the image) and any nullish entries so the
+ * persisted blob stays small.
+ */
+function stripEnsureOpts(opts: EnsureOptions): EnsureOptions | null {
+  const out: EnsureOptions = {};
+  if (opts.repo) out.repo = opts.repo;
+  if (opts.workload) out.workload = opts.workload;
+  if (opts.env && Object.keys(opts.env).length > 0) out.env = opts.env;
+  if (opts.tenant) out.tenant = opts.tenant;
+  return Object.keys(out).length > 0 ? out : null;
+}
+
+/**
+ * Extract the bare hostname `<handle>.<base>` from a preview URL pattern.
+ * Reuses `applyPreviewPattern` to guarantee parity with the URL the runner
+ * advertises in `Sandbox.previewUrl` — drift between "URL the user sees"
+ * and "hostname the gateway routes" would silently break iframe loading.
+ * Returns null when the pattern doesn't parse as a URL (e.g. someone set
+ * `{handle}/foo` without a scheme).
+ */
+function previewHostnameForHandle(
+  pattern: string,
+  handle: string,
+): string | null {
+  try {
+    return new URL(applyPreviewPattern(pattern, handle)).hostname || null;
+  } catch {
+    return null;
+  }
+}
diff --git a/packages/sandbox/server/runner/docker/index.ts b/packages/sandbox/server/runner/docker/index.ts
new file mode 100644
index 0000000000..02025e8727
--- /dev/null
+++ b/packages/sandbox/server/runner/docker/index.ts
@@ -0,0 +1,12 @@
+export { DockerSandboxRunner } from "./runner";
+export type {
+  DockerExec,
+  DockerRunnerOptions,
+  ExecResult,
+} from "./runner";
+export { startLocalSandboxIngress } from "./local-ingress";
+export {
+  sweepDockerOrphansOnBoot,
+  sweepDockerOrphansOnShutdown,
+} from "./sweep";
+export type { SweepDockerOrphansOnBootOptions } from "./sweep";
diff --git a/packages/sandbox/server/runner/docker/local-ingress.test.ts b/packages/sandbox/server/runner/docker/local-ingress.test.ts
new file mode 100644
index 0000000000..55dff9244f
--- /dev/null
+++ b/packages/sandbox/server/runner/docker/local-ingress.test.ts
@@ -0,0 +1,301 @@
+import { afterEach, describe, expect, it } from "bun:test";
+import * as net from "node:net";
+import type { AddressInfo } from "node:net";
+import type { DockerSandboxRunner } from "./runner";
+import { startLocalSandboxIngress } from "./local-ingress";
+
+// local-ingress is a raw TCP proxy (not fetch-based). Testing it end-to-end
+// through real sockets is the only realistic option: the internal helpers
+// (extractHandle, parseRequestHead, route) are not exported, and the interesting
+// behavior — header accumulation, routing by subdomain, error response framing
+// — is emergent from the socket pipeline.
+
+type MockUpstream = {
+  port: number;
+  received: () => string;
+  close: () => Promise<void>;
+};
+
+function startUpstream(marker: string): Promise<MockUpstream> {
+  return new Promise((resolve) => {
+    let received = Buffer.alloc(0);
+    const server = net.createServer((sock) => {
+      sock.on("data", (chunk) => {
+        received = Buffer.concat([received, chunk]);
+        // Respond so the ingress → client pipe can close cleanly.
+        sock.end(
+          `HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: ${marker.length}\r\nConnection: close\r\n\r\n${marker}`,
+        );
+      });
+      sock.on("error", () => {});
+    });
+    server.listen(0, "127.0.0.1", () => {
+      const addr = server.address() as AddressInfo;
+      resolve({
+        port: addr.port,
+        received: () => received.toString("utf8"),
+        close: () =>
+          new Promise<void>((done) => {
+            server.close(() => done());
+          }),
+      });
+    });
+  });
+}
+
+type ParsedResponse = { status: number; body: string; raw: string };
+
+function parseResponse(raw: string): ParsedResponse {
+  const idx = raw.indexOf("\r\n\r\n");
+  const headText = idx === -1 ? raw : raw.slice(0, idx);
+  const body = idx === -1 ? "" : raw.slice(idx + 4);
+  const firstLine = headText.split("\r\n")[0] ?? "";
+  const m = /HTTP\/1\.1 (\d+)/.exec(firstLine);
+  return { status: m ? Number(m[1]) : 0, body, raw };
+}
+
+// Resolves when the ingress has written the full response and closed its side.
+// Listens to both 'end' (remote FIN) and 'close' (socket fully torn down)
+// because Bun's net socket doesn't always fire 'end' for half-closed responses
+// written via socket.end(data).
+function driveRequest(
+  port: number,
+  writer: (client: net.Socket) => void,
+): Promise<ParsedResponse> {
+  return new Promise((resolve, reject) => {
+    const client = net.connect(port, "127.0.0.1");
+    let response = Buffer.alloc(0);
+    let resolved = false;
+    const finish = (): void => {
+      if (resolved) return;
+      resolved = true;
+      client.destroy();
+      resolve(parseResponse(response.toString("utf8")));
+    };
+    client.on("connect", () => writer(client));
+    client.on("data", (chunk) => {
+      response = Buffer.concat([response, chunk]);
+    });
+    client.on("end", finish);
+    client.on("close", finish);
+    client.on("error", reject);
+  });
+}
+
+function sendHttp(
+  port: number,
+  host: string,
+  path: string,
+  method = "GET",
+): Promise<ParsedResponse> {
+  return driveRequest(port, (client) => {
+    client.write(
+      `${method} ${path} HTTP/1.1\r\nHost: ${host}\r\nConnection: close\r\n\r\n`,
+    );
+  });
+}
+
+// Sends raw bytes and waits for the ingress to respond + close. Used for
+// malformed-request and oversized-header tests.
+function sendRaw(port: number, bytes: string): Promise<ParsedResponse> {
+  return driveRequest(port, (client) => {
+    client.write(bytes);
+  });
+}
+
+function runnerFor(
+  map: Record<string, { dev?: number; daemon?: number }>,
+): DockerSandboxRunner {
+  return {
+    resolveDevPort: async (h: string) => map[h]?.dev ?? null,
+    resolveDaemonPort: async (h: string) => map[h]?.daemon ?? null,
+  } as unknown as DockerSandboxRunner;
+}
+
+async function startIngress(
+  getRunner: () => DockerSandboxRunner | null,
+): Promise<{ servers: net.Server[]; port: number }> {
+  // port 0 → OS picks a free port; dodges EADDRINUSE + the retry loop.
+  const servers = startLocalSandboxIngress(getRunner, 0);
+  await new Promise<void>((resolve, reject) => {
+    const s = servers[0]!;
+    if (s.listening) return resolve();
+    s.once("listening", () => resolve());
+    s.once("error", reject);
+  });
+  const addr = servers[0]!.address() as AddressInfo;
+  return { servers, port: addr.port };
+}
+
+async function closeServers(servers: net.Server[]): Promise<void> {
+  await Promise.all(
+    servers.map(
+      (s) =>
+        new Promise<void>((resolve) => {
+          // Defence in depth: kill any still-established sockets before
+          // awaiting close() — a flaky connection shouldn't strand the suite.
+          const server = s as net.Server & {
+            closeAllConnections?: () => void;
+          };
+          server.closeAllConnections?.();
+          s.close(() => resolve());
+        }),
+    ),
+  );
+}
+
+// -----------------------------------------------------------------------------
+
+let currentServers: net.Server[] = [];
+let currentUpstreams: MockUpstream[] = [];
+
+afterEach(async () => {
+  await closeServers(currentServers);
+  currentServers = [];
+  for (const u of currentUpstreams) await u.close();
+  currentUpstreams = [];
+});
+
+describe("startLocalSandboxIngress", () => {
+  it("routes all paths to the daemon port — daemon's proxy strips CSP + handles dev-server forwarding", async () => {
+    const daemon = await startUpstream("DAEMON");
+    currentUpstreams.push(daemon);
+
+    const runner = runnerFor({
+      alpha: { daemon: daemon.port },
+    });
+    const { servers, port } = await startIngress(() => runner);
+    currentServers = servers;
+
+    // Non-API path: daemon's catch-all proxies to the dev server (strips
+    // CSP + injects HMR bootstrap along the way). Ingress never talks to
+    // dev port directly.
+    const res = await sendHttp(port, "alpha.localhost", "/index.html");
+    expect(res.status).toBe(200);
+    expect(res.body).toBe("DAEMON");
+    expect(daemon.received()).toContain("GET /index.html HTTP/1.1");
+    expect(daemon.received()).toContain("Host: alpha.localhost");
+  });
+
+  it("routes /_decopilot_vm/* paths to the daemon port", async () => {
+    const daemon = await startUpstream("DAEMON");
+    currentUpstreams.push(daemon);
+
+    const runner = runnerFor({ alpha: { daemon: daemon.port } });
+    const { servers, port } = await startIngress(() => runner);
+    currentServers = servers;
+
+    const res = await sendHttp(
+      port,
+      "alpha.localhost",
+      "/_decopilot_vm/events",
+    );
+    expect(res.status).toBe(200);
+    expect(daemon.received()).toContain("GET /_decopilot_vm/events HTTP/1.1");
+  });
+
+  it("accepts a host with an explicit port suffix (e.g. …:7070)", async () => {
+    const daemon = await startUpstream("DAEMON");
+    currentUpstreams.push(daemon);
+
+    const runner = runnerFor({ alpha: { daemon: daemon.port } });
+    const { servers, port } = await startIngress(() => runner);
+    currentServers = servers;
+
+    const res = await sendHttp(port, "alpha.localhost:7070", "/ok");
+    expect(res.status).toBe(200);
+    expect(res.body).toBe("DAEMON");
+  });
+
+  it("treats the subdomain match as case-insensitive", async () => {
+    const daemon = await startUpstream("DAEMON");
+    currentUpstreams.push(daemon);
+
+    // The handle is captured as-is from the Host header, so the runner mock
+    // must recognize the uppercase form — the regex itself is /i.
+    const runner = runnerFor({ Alpha: { daemon: daemon.port } });
+    const { servers, port } = await startIngress(() => runner);
+    currentServers = servers;
+
+    const res = await sendHttp(port, "Alpha.LOCALHOST", "/x");
+    expect(res.status).toBe(200);
+  });
+
+  it("returns 404 for a host that isn't under *.localhost", async () => {
+    const runner = runnerFor({});
+    const { servers, port } = await startIngress(() => runner);
+    currentServers = servers;
+
+    const res = await sendHttp(port, "example.com", "/foo");
+    expect(res.status).toBe(404);
+    expect(res.body).toContain("Not a Sandbox Host");
+  });
+
+  it("returns 503 when the runner has not been initialized", async () => {
+    const { servers, port } = await startIngress(() => null);
+    currentServers = servers;
+
+    const res = await sendHttp(port, "alpha.localhost", "/x");
+    expect(res.status).toBe(503);
+    expect(res.body).toContain("Sandbox Runner Not Initialized");
+    // CORS * is required so the browser's probeMissing can observe ingress
+    // errors (otherwise fetch throws a CORS block and the provider reconnects
+    // forever instead of detecting sandbox-gone).
+    expect(res.raw.toLowerCase()).toContain("access-control-allow-origin: *");
+  });
+
+  it("returns 404 when the handle is unknown (runner returns null)", async () => {
+    const runner = runnerFor({}); // no entries → both resolvers return null
+    const { servers, port } = await startIngress(() => runner);
+    currentServers = servers;
+
+    const res = await sendHttp(port, "ghost.localhost", "/x");
+    expect(res.status).toBe(404);
+    expect(res.body).toContain("Sandbox Not Found");
+  });
+
+  it("returns 400 on a malformed request line", async () => {
+    const runner = runnerFor({});
+    const { servers, port } = await startIngress(() => runner);
+    currentServers = servers;
+
+    // Missing spaces → parts.length < 3 → parseRequestHead returns null.
+    const res = await sendRaw(port, "GARBAGE\r\nHost: foo\r\n\r\n");
+    expect(res.status).toBe(400);
+    expect(res.body).toContain("Bad Request");
+  });
+
+  it("returns 431 when headers exceed MAX_HEADER_BYTES without a terminator", async () => {
+    const runner = runnerFor({});
+    const { servers, port } = await startIngress(() => runner);
+    currentServers = servers;
+
+    // Deliberately no \r\n\r\n. A single oversized header line with no
+    // terminator forces the > MAX_HEADER_BYTES branch.
+    const oversized =
+      "GET / HTTP/1.1\r\nHost: a.localhost\r\nX: " + "y".repeat(20 * 1024);
+    const res = await sendRaw(port, oversized);
+    expect(res.status).toBe(431);
+    expect(res.body).toContain("Request Header Fields Too Large");
+  });
+
+  it("does not reach the runner when the host is non-sandbox (no resolver calls)", async () => {
+    const calls: string[] = [];
+    const runner = {
+      resolveDevPort: async (h: string) => {
+        calls.push(`dev:${h}`);
+        return null;
+      },
+      resolveDaemonPort: async (h: string) => {
+        calls.push(`daemon:${h}`);
+        return null;
+      },
+    } as unknown as DockerSandboxRunner;
+
+    const { servers, port } = await startIngress(() => runner);
+    currentServers = servers;
+
+    await sendHttp(port, "example.com", "/x");
+    expect(calls).toEqual([]);
+  });
+});
diff --git a/packages/sandbox/server/runner/docker/local-ingress.ts b/packages/sandbox/server/runner/docker/local-ingress.ts
new file mode 100644
index 0000000000..5d892fbe21
--- /dev/null
+++ b/packages/sandbox/server/runner/docker/local-ingress.ts
@@ -0,0 +1,206 @@
+/**
+ * Dev-only Docker ingress forwarder. Raw TCP proxy (not node:http — Bun's
+ * `upgrade` event hands off a socket whose writes never reach the client).
+ * Binds both 127.0.0.1 and ::1 for Chrome Happy-Eyeballs; default port 7070
+ * because macOS AirPlay owns 7000. `*.localhost` resolves to loopback
+ * natively (RFC 6761). Not wired in prod (Freestyle/K8s have real ingress).
+ */
+
+import * as net from "node:net";
+
+const HOST_RE = /^([^.]+)\.localhost(?::\d+)?$/i;
+const MAX_HEADER_BYTES = 16 * 1024;
+const HEADERS_TERMINATOR = Buffer.from("\r\n\r\n");
+
+/**
+ * Structural view: any runner that can map a handle to a host-side daemon
+ * TCP port. Both DockerSandboxRunner and HostSandboxRunner implement this.
+ */
+export interface DaemonPortResolver {
+  resolveDaemonPort(handle: string): Promise<number | null>;
+}
+
+function extractHandle(hostHeader: string | null): string | null {
+  if (!hostHeader) return null;
+  const m = HOST_RE.exec(hostHeader);
+  return m ? (m[1] ?? null) : null;
+}
+
+function parseRequestHead(
+  headerText: string,
+): { path: string; host: string | null } | null {
+  const firstCrlf = headerText.indexOf("\r\n");
+  if (firstCrlf === -1) return null;
+  const requestLine = headerText.slice(0, firstCrlf);
+  const parts = requestLine.split(" ");
+  if (parts.length < 3) return null;
+  const path = parts[1] ?? "/";
+  let host: string | null = null;
+  for (const line of headerText.slice(firstCrlf + 2).split("\r\n")) {
+    const colon = line.indexOf(":");
+    if (colon === -1) continue;
+    if (line.slice(0, colon).toLowerCase() === "host") {
+      host = line.slice(colon + 1).trim();
+      break;
+    }
+  }
+  return { path, host };
+}
+
+/**
+ * All browser traffic hits the daemon port — the daemon's catch-all proxy
+ * strips CSP/X-Frame-Options + injects the HMR bootstrap for HTML responses,
+ * and its `/_decopilot_vm/*` + `/health` routes are served in-process. Dev
+ * server traffic is forwarded onward from the daemon, never exposed directly.
+ */
+async function resolveTarget(
+  runner: DaemonPortResolver,
+  handle: string,
+): Promise<number | null> {
+  const port = await runner.resolveDaemonPort(handle);
+  return port ?? null;
+}
+
+/**
+ * `getRunner` is called per-request — the runner is lazy-init'd on first
+ * sandbox use. Returning null → 503 (correct before any sandbox exists).
+ */
+export function startLocalSandboxIngress(
+  getRunner: () => DaemonPortResolver | null,
+  port: number,
+): net.Server[] {
+  const handleConnection = (client: net.Socket): void => {
+    let buffer: Buffer = Buffer.alloc(0);
+    // Guards fail() against writing a response twice. Must NOT be set when
+    // headers finish arriving — route() hasn't responded yet, and tripping
+    // this flag early makes every fail() inside route a no-op (silent hang).
+    let responded = false;
+
+    // CORS * on errors: the browser talks to this ingress directly (see
+    // VmEventsProvider). Without it, a 404 / 503 / 400 surfaces as a generic
+    // CORS block and probeMissing can't tell "sandbox gone" from a transient
+    // failure, stranding the UI on a permanent reconnect loop.
+    const fail = (status: number, message: string): void => {
+      if (responded) return;
+      responded = true;
+      const body = `${message}\n`;
+      client.end(
+        `HTTP/1.1 ${status} ${message}\r\n` +
+          `Content-Type: text/plain; charset=utf-8\r\n` +
+          `Content-Length: ${Buffer.byteLength(body)}\r\n` +
+          `Access-Control-Allow-Origin: *\r\n` +
+          `Connection: close\r\n\r\n${body}`,
+      );
+    };
+
+    const onData = (chunk: Buffer): void => {
+      buffer = Buffer.concat([buffer, chunk]);
+      const end = buffer.indexOf(HEADERS_TERMINATOR);
+      if (end === -1) {
+        if (buffer.length > MAX_HEADER_BYTES) {
+          client.off("data", onData);
+          fail(431, "Request Header Fields Too Large");
+        }
+        return;
+      }
+      client.off("data", onData);
+      const headerText = buffer.slice(0, end).toString("utf8");
+      void route(headerText);
+    };
+
+    const route = async (headerText: string): Promise<void> => {
+      const head = parseRequestHead(headerText);
+      if (!head) {
+        fail(400, "Bad Request");
+        return;
+      }
+      const handle = extractHandle(head.host);
+      const runner = getRunner();
+      if (!runner) {
+        fail(503, "Sandbox Runner Not Initialized");
+        return;
+      }
+      if (!handle) {
+        fail(404, "Not a Sandbox Host");
+        return;
+      }
+      try {
+        // Fast-fail malformed request lines; daemon would 400 anyway.
+        new URL(head.path, "http://local");
+      } catch {
+        fail(400, "Bad Request");
+        return;
+      }
+      const target = await resolveTarget(runner, handle);
+      if (!target) {
+        fail(404, "Sandbox Not Found");
+        return;
+      }
+      const upstream = net.connect(target, "127.0.0.1", () => {
+        upstream.write(buffer);
+        buffer = Buffer.alloc(0);
+        upstream.pipe(client);
+        client.pipe(upstream);
+      });
+      upstream.on("error", () => client.destroy());
+      client.on("error", () => upstream.destroy());
+      client.on("close", () => upstream.destroy());
+      upstream.on("close", () => client.destroy());
+    };
+
+    client.on("data", onData);
+    client.on("error", () => {
+      /* surfaced via close */
+    });
+  };
+
+  const bind = (host: string): net.Server => {
+    const server = net.createServer(handleConnection);
+    const MAX_RETRIES = 20; // ~10s at 500ms; covers the previous process's drain.
+    let attempt = 0;
+    let warnedInUse = false;
+    // Single persistent 'listening' handler — listen(callback) would attach
+    // one per retry and trip MaxListenersExceededWarning after ~10 EADDRINUSE.
+    server.on("listening", () => {
+      console.log(
+        `[studio-sandbox-ingress] forwarding *.localhost → ${host}:${port}`,
+      );
+    });
+    const tryListen = (): void => {
+      server.listen(port, host);
+    };
+    server.on("error", (err: NodeJS.ErrnoException) => {
+      if (err.code === "EADDRINUSE" && attempt < MAX_RETRIES) {
+        if (!warnedInUse) {
+          warnedInUse = true;
+          console.warn(
+            `[studio-sandbox-ingress] ${host}:${port} in use — waiting for previous process to release (up to ${MAX_RETRIES / 2}s)...`,
+          );
+        }
+        attempt++;
+        setTimeout(tryListen, 500);
+        return;
+      }
+      if (err.code === "EADDRINUSE") {
+        const hint =
+          port === 7000
+            ? " (port 7000 is grabbed by macOS AirPlay Receiver — set SANDBOX_INGRESS_PORT to another port, e.g. 7070)"
+            : " — another process is holding it; find it with `lsof -iTCP:" +
+              port +
+              " -sTCP:LISTEN -n -P`";
+        console.warn(
+          `[studio-sandbox-ingress] ${host}:${port} still in use after ${MAX_RETRIES / 2}s; giving up${hint}.`,
+        );
+        return;
+      }
+      console.warn(
+        `[studio-sandbox-ingress] ${host}:${port} listen error: ${err.message}`,
+      );
+    });
+    tryListen();
+    return server;
+  };
+
+  // Bind both loopback families for Happy-Eyeballs (Chrome prefers IPv6).
+  return [bind("127.0.0.1"), bind("::1")];
+}
diff --git a/packages/sandbox/server/runner/docker/runner.test.ts b/packages/sandbox/server/runner/docker/runner.test.ts
new file mode 100644
index 0000000000..20011ec858
--- /dev/null
+++ b/packages/sandbox/server/runner/docker/runner.test.ts
@@ -0,0 +1,723 @@
+import { afterEach, beforeEach, describe, expect, it, mock } from "bun:test";
+import type { DockerExecFn, DockerResult } from "../../docker-cli";
+import { DockerSandboxRunner } from "./runner";
+import type {
+  RunnerStateRecord,
+  RunnerStateRecordWithId,
+  RunnerStatePut,
+  RunnerStateStore,
+} from "../state-store";
+import type { SandboxId } from "../types";
+import { computeHandle } from "../shared/handle";
+
+// -----------------------------------------------------------------------------
+// Exec mock: matches on args[0] + sub-arg patterns and returns canned results.
+// -----------------------------------------------------------------------------
+
+interface ExecCall {
+  args: string[];
+  timeoutMs?: number;
+}
+
+type Responder = (args: string[]) => DockerResult | Promise<DockerResult>;
+
+function makeExec(responder: Responder): {
+  exec: DockerExecFn;
+  calls: ExecCall[];
+} {
+  const calls: ExecCall[] = [];
+  const exec: DockerExecFn = async (args, timeoutMs) => {
+    calls.push({ args: [...args], timeoutMs });
+    return await responder(args);
+  };
+  return { exec, calls };
+}
+
+/**
+ * Defaults that cover the happy path:
+ * - `run` → fake 64-char container id
+ * - `port` → "0.0.0.0:32768\n::32768"  (matches the /:(\d+)$/ regex)
+ * - `ps`/`ps -aq` → empty by default (no existing containers)
+ * - `inspect` → "true" (container running)
+ * - `stop` → {code: 0}
+ * - fallback → empty stdout, code 0
+ */
+const FAKE_ID =
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef";
+let portCounter = 32768;
+
+function defaultResponder(args: string[]): DockerResult {
+  const [sub] = args;
+  if (sub === "run") {
+    return { stdout: `${FAKE_ID}\n`, stderr: "", code: 0 };
+  }
+  if (sub === "port") {
+    const port = portCounter++;
+    return { stdout: `0.0.0.0:${port}\n::${port}\n`, stderr: "", code: 0 };
+  }
+  if (sub === "ps") {
+    return { stdout: "", stderr: "", code: 0 };
+  }
+  if (sub === "inspect") {
+    return { stdout: "true\n", stderr: "", code: 0 };
+  }
+  if (sub === "stop") {
+    return { stdout: "", stderr: "", code: 0 };
+  }
+  if (sub === "logs") {
+    return { stdout: "", stderr: "", code: 0 };
+  }
+  return { stdout: "", stderr: "", code: 0 };
+}
+
+// -----------------------------------------------------------------------------
+// In-memory state-store mock.
+// -----------------------------------------------------------------------------
+
+function makeStore(): RunnerStateStore & {
+  _byId: Map<string, RunnerStateRecordWithId>;
+  _byHandle: Map<string, RunnerStateRecordWithId>;
+  putCalls: { id: SandboxId; kind: string; entry: RunnerStatePut }[];
+  deleteCalls: { id: SandboxId; kind: string }[];
+  deleteByHandleCalls: { kind: string; handle: string }[];
+} {
+  const byId = new Map<string, RunnerStateRecordWithId>();
+  const byHandle = new Map<string, RunnerStateRecordWithId>();
+  const putCalls: { id: SandboxId; kind: string; entry: RunnerStatePut }[] = [];
+  const deleteCalls: { id: SandboxId; kind: string }[] = [];
+  const deleteByHandleCalls: { kind: string; handle: string }[] = [];
+
+  const key = (id: SandboxId, kind: string) =>
+    `${id.userId}:${id.projectRef}:${kind}`;
+
+  const store = {
+    _byId: byId,
+    _byHandle: byHandle,
+    putCalls,
+    deleteCalls,
+    deleteByHandleCalls,
+    async get(id: SandboxId, kind: string): Promise<RunnerStateRecord | null> {
+      return byId.get(key(id, kind)) ?? null;
+    },
+    async getByHandle(
+      kind: string,
+      handle: string,
+    ): Promise<RunnerStateRecordWithId | null> {
+      return byHandle.get(`${kind}:${handle}`) ?? null;
+    },
+    async put(
+      id: SandboxId,
+      kind: string,
+      entry: RunnerStatePut,
+    ): Promise<void> {
+      putCalls.push({ id, kind, entry });
+      const record: RunnerStateRecordWithId = {
+        id,
+        handle: entry.handle,
+        state: entry.state,
+        updatedAt: new Date(),
+      };
+      byId.set(key(id, kind), record);
+      byHandle.set(`${kind}:${entry.handle}`, record);
+    },
+    async delete(id: SandboxId, kind: string): Promise<void> {
+      deleteCalls.push({ id, kind });
+      const rec = byId.get(key(id, kind));
+      byId.delete(key(id, kind));
+      if (rec) byHandle.delete(`${kind}:${rec.handle}`);
+    },
+    async deleteByHandle(kind: string, handle: string): Promise<void> {
+      deleteByHandleCalls.push({ kind, handle });
+      const rec = byHandle.get(`${kind}:${handle}`);
+      byHandle.delete(`${kind}:${handle}`);
+      if (rec) byId.delete(key(rec.id, kind));
+    },
+  };
+  return store;
+}
+
+// -----------------------------------------------------------------------------
+// Fetch harness (for /health + /_decopilot_vm/*).
+// -----------------------------------------------------------------------------
+
+interface FetchCall {
+  input: string;
+  init: RequestInit & { duplex?: string };
+}
+
+/** Valid /health response shape. Use when a test just wants the daemon to look reachable. */
+export function healthOkResponse(bootId = "test-boot-id"): Response {
+  return new Response(
+    JSON.stringify({
+      ready: true,
+      bootId,
+      setup: { running: false, done: true },
+    }),
+    {
+      status: 200,
+      headers: { "Content-Type": "application/json" },
+    },
+  );
+}
+
+function installFetch(
+  responder: (call: FetchCall) => Promise<Response> | Response,
+): { calls: FetchCall[] } {
+  const calls: FetchCall[] = [];
+  globalThis.fetch = mock(async (input: unknown, init?: unknown) => {
+    const call: FetchCall = {
+      input: String(input),
+      init: (init ?? {}) as RequestInit & { duplex?: string },
+    };
+    calls.push(call);
+    return await responder(call);
+  }) as unknown as typeof fetch;
+  return { calls };
+}
+
+let origFetch: typeof fetch;
+
+beforeEach(() => {
+  origFetch = globalThis.fetch;
+  portCounter = 32768;
+});
+
+afterEach(() => {
+  globalThis.fetch = origFetch;
+});
+
+// Common SandboxId helper.
+const ID: SandboxId = { userId: "u_1", projectRef: "agent:o:v:main" };
+
+// -----------------------------------------------------------------------------
+// Tests
+// -----------------------------------------------------------------------------
+
+describe("DockerSandboxRunner.ensure() — fresh provision", () => {
+  it("runs container with hardening flags, reads ports, probes health, persists", async () => {
+    const { exec, calls } = makeExec(defaultResponder);
+    const store = makeStore();
+    installFetch(() => healthOkResponse());
+
+    const runner = new DockerSandboxRunner({
+      image: "test-image:latest",
+      exec,
+      stateStore: store,
+    });
+
+    const sandbox = await runner.ensure(ID);
+
+    const expectedHandle = computeHandle(ID);
+    expect(sandbox.handle).toBe(expectedHandle);
+    expect(sandbox.workdir).toBe("/app");
+    // Preview URL is derived from the handle via local ingress; it's non-null
+    // even without a workload hint because the daemon may auto-sniff the repo.
+    expect(sandbox.previewUrl).toBe(`http://${sandbox.handle}.localhost:7070/`);
+
+    // Assert the `docker run` invocation carried the hardening flags, labels,
+    // env var, and port publishes.
+    const runCall = calls.find((c) => c.args[0] === "run");
+    expect(runCall).toBeDefined();
+    const runArgs = runCall!.args;
+    expect(runArgs).toContain("--cap-drop=ALL");
+    expect(runArgs).toContain("--security-opt=no-new-privileges");
+    expect(runArgs).toContain("--pids-limit=512");
+    expect(runArgs).toContain("--memory=2g");
+    expect(runArgs).toContain("--cpus=1");
+    // Container-filesystem hardening.
+    expect(runArgs).toContain("--read-only");
+    expect(runArgs).toContain("--tmpfs=/tmp:rw,nosuid,nodev,size=256m");
+    // Writable mounts for the bits --read-only would otherwise break:
+    // /app (user workload + clone target) and /home/sandbox (pm caches).
+    const volAppIdx = runArgs.findIndex(
+      (a, i) => a === "-v" && runArgs[i + 1] === "/app",
+    );
+    expect(volAppIdx).toBeGreaterThanOrEqual(0);
+    const volHomeIdx = runArgs.findIndex(
+      (a, i) => a === "-v" && runArgs[i + 1] === "/home/sandbox",
+    );
+    expect(volHomeIdx).toBeGreaterThanOrEqual(0);
+
+    // Labels: root + id-scoped.
+    const labelRoot = runArgs.findIndex(
+      (a, i) => a === "--label" && runArgs[i + 1] === "studio-sandbox=1",
+    );
+    expect(labelRoot).toBeGreaterThanOrEqual(0);
+    const labelId = runArgs.findIndex(
+      (a, i) =>
+        a === "--label" && runArgs[i + 1]?.startsWith("studio-sandbox.id="),
+    );
+    expect(labelId).toBeGreaterThanOrEqual(0);
+
+    // DAEMON_TOKEN env present (value random, just assert shape).
+    const tokenEnvIdx = runArgs.findIndex(
+      (a, i) => a === "-e" && runArgs[i + 1]?.startsWith("DAEMON_TOKEN="),
+    );
+    expect(tokenEnvIdx).toBeGreaterThanOrEqual(0);
+
+    // Image is last non-command arg.
+    expect(runArgs).toContain("test-image:latest");
+
+    // `port` was called at least twice (daemon + dev).
+    const portCalls = calls.filter((c) => c.args[0] === "port");
+    expect(portCalls.length).toBeGreaterThanOrEqual(2);
+    expect(portCalls.map((c) => c.args[2])).toEqual(
+      expect.arrayContaining(["9000/tcp", "3000/tcp"]),
+    );
+
+    // stateStore.put called with handle + state.
+    expect(store.putCalls).toHaveLength(1);
+    const persisted = store.putCalls[0]!;
+    expect(persisted.kind).toBe("docker");
+    expect(persisted.entry.handle).toBe(expectedHandle);
+    expect(persisted.entry.state.token).toBeDefined();
+    expect(persisted.entry.state.daemonUrl).toMatch(/^http:\/\/127\.0\.0\.1:/);
+  });
+
+  it("passes --name=<handle> to docker run so the handle is a valid container reference", async () => {
+    const { exec, calls } = makeExec(defaultResponder);
+    const store = makeStore();
+    installFetch(() => healthOkResponse());
+    const runner = new DockerSandboxRunner({
+      image: "test-image:latest",
+      exec,
+      stateStore: store,
+    });
+
+    const sandbox = await runner.ensure(ID);
+
+    const runCall = calls.find((c) => c.args[0] === "run");
+    expect(runCall).toBeDefined();
+    const runArgs = runCall!.args;
+    const nameIdx = runArgs.findIndex(
+      (a, i) => a === "--name" && runArgs[i + 1] === sandbox.handle,
+    );
+    expect(nameIdx).toBeGreaterThanOrEqual(0);
+  });
+});
+
+describe("DockerSandboxRunner.ensure() — adopt by label", () => {
+  it("adopts an existing labeled container by name without calling docker run", async () => {
+    let runCount = 0;
+    const expectedHandle = computeHandle(ID);
+
+    const { exec } = makeExec((args) => {
+      const [sub] = args;
+      // Pretend the container with our labelId is already running. The
+      // findExisting query is `ps --no-trunc --format {{.Names}} --filter label=...`.
+      if (sub === "ps" && args.includes("--filter")) {
+        return {
+          stdout: `${expectedHandle}\n`,
+          stderr: "",
+          code: 0,
+        };
+      }
+      // `inspect` for env-var recovery (DAEMON_TOKEN, APP_ROOT). The
+      // reconstructFromContainer parser walks lines and extracts these keys.
+      if (sub === "inspect") {
+        return {
+          stdout: "DAEMON_TOKEN=adopted-token\nAPP_ROOT=/app\n",
+          stderr: "",
+          code: 0,
+        };
+      }
+      if (sub === "run") {
+        runCount++;
+      }
+      return defaultResponder(args);
+    });
+    const store = makeStore();
+    installFetch(() => healthOkResponse());
+
+    const runner = new DockerSandboxRunner({
+      image: "test-image:latest",
+      exec,
+      stateStore: store,
+    });
+
+    const sandbox = await runner.ensure(ID);
+
+    expect(sandbox.handle).toBe(expectedHandle);
+    expect(runCount).toBe(0); // No new container created.
+    // The handle returned by findExisting must be the *name* (slug-hash), not
+    // a container ID prefix — guards against regressing back to `ps -q`.
+    expect(sandbox.handle).not.toMatch(/^[0-9a-f]{32,}$/);
+  });
+});
+
+describe("DockerSandboxRunner.ensure() — --name collision recovery", () => {
+  it("removes a colliding orphan container and retries the run", async () => {
+    let runCalls = 0;
+    let rmCalls = 0;
+
+    const { exec } = makeExec((args) => {
+      const [sub] = args;
+      if (sub === "run") {
+        runCalls++;
+        if (runCalls === 1) {
+          return {
+            stdout: "",
+            stderr:
+              'Error response from daemon: Conflict. The container name "/x" is already in use by container "abcd"',
+            code: 125,
+          };
+        }
+        // Second run succeeds.
+        return defaultResponder(args);
+      }
+      if (sub === "rm") {
+        rmCalls++;
+        return { stdout: "", stderr: "", code: 0 };
+      }
+      return defaultResponder(args);
+    });
+    const store = makeStore();
+    installFetch(() => healthOkResponse());
+
+    const runner = new DockerSandboxRunner({
+      image: "test-image:latest",
+      exec,
+      stateStore: store,
+    });
+
+    const sandbox = await runner.ensure(ID);
+
+    expect(sandbox.handle).toBe(computeHandle(ID));
+    expect(runCalls).toBe(2);
+    expect(rmCalls).toBe(1);
+  });
+});
+
+describe("DockerSandboxRunner.ensure() — in-process dedupe", () => {
+  it("two concurrent ensure() calls share one docker run", async () => {
+    let runCount = 0;
+    const { exec, calls } = makeExec((args) => {
+      if (args[0] === "run") {
+        runCount++;
+        return {
+          stdout: `${FAKE_ID}\n`,
+          stderr: "",
+          code: 0,
+        };
+      }
+      return defaultResponder(args);
+    });
+    installFetch(() => healthOkResponse());
+
+    // Pass a non-default image so `ensureSandboxImage` short-circuits — otherwise
+    // the runner spawns a real `docker build` (not honoring the injected exec)
+    // and the test times out on the cold cache. Matches the pattern used by the
+    // tests above.
+    const runner = new DockerSandboxRunner({
+      image: "test-image:latest",
+      exec,
+    });
+
+    const [a, b] = await Promise.all([runner.ensure(ID), runner.ensure(ID)]);
+    expect(a.handle).toBe(b.handle);
+    expect(runCount).toBe(1);
+    // Keep a reference to `calls` to avoid unused warning.
+    expect(calls.length).toBeGreaterThan(0);
+  });
+});
+
+describe("DockerSandboxRunner.ensure() — resume from persisted state", () => {
+  it("uses persisted token/workdir, no docker run, alive + health ok", async () => {
+    let runCount = 0;
+    const { exec, calls } = makeExec((args) => {
+      if (args[0] === "run") runCount++;
+      return defaultResponder(args);
+    });
+    const store = makeStore();
+
+    // Pre-populate the store with a valid record.
+    const persistedHandle = computeHandle(ID);
+    await store.put(ID, "docker", {
+      handle: persistedHandle,
+      state: {
+        token: "persisted-token-abc",
+        workdir: "/app",
+        daemonUrl: "http://127.0.0.1:1111", // will be replaced after readPort
+        devPort: 40000,
+        devContainerPort: 3000,
+        daemonPort: 40001,
+        workload: null,
+      },
+    });
+    store.putCalls.length = 0; // reset so we only observe new puts
+
+    installFetch(() => healthOkResponse()); // /health ok
+
+    const runner = new DockerSandboxRunner({ exec, stateStore: store });
+    const sandbox = await runner.ensure(ID);
+
+    expect(sandbox.handle).toBe(persistedHandle);
+    expect(runCount).toBe(0); // no new docker run
+    // Sanity: at least the `port` sub was invoked.
+    expect(calls.some((c) => c.args[0] === "port")).toBe(true);
+  });
+});
+
+describe("DockerSandboxRunner.ensure() — config bootstrap contract", () => {
+  it("plumbs only daemon-identity env into the container, then POSTs repo + workload via /_decopilot_vm/config", async () => {
+    const { exec, calls } = makeExec(defaultResponder);
+    const fetchCalls: FetchCall[] = [];
+    globalThis.fetch = mock(async (input: unknown, init?: unknown) => {
+      const call: FetchCall = {
+        input: String(input),
+        init: (init ?? {}) as RequestInit & { duplex?: string },
+      };
+      fetchCalls.push(call);
+      if (call.input.endsWith("/health")) return healthOkResponse();
+      if (call.input.endsWith("/_decopilot_vm/config")) {
+        return new Response(
+          JSON.stringify({
+            bootId: "test-boot-id",
+            transition: "first-bootstrap",
+            config: {},
+          }),
+          { status: 200, headers: { "Content-Type": "application/json" } },
+        );
+      }
+      return new Response("", { status: 204 });
+    }) as unknown as typeof fetch;
+
+    const runner = new DockerSandboxRunner({
+      image: "test-image:latest",
+      exec,
+    });
+    await runner.ensure(ID, {
+      repo: {
+        cloneUrl: "https://x-access-token:TOKEN@github.com/o/r.git",
+        userName: "Octo Cat",
+        userEmail: "octo@example.com",
+        branch: "feat/abc-123",
+        displayName: "o/r",
+      },
+      workload: { runtime: "bun", packageManager: "bun", devPort: 3000 },
+    });
+
+    const runCall = calls.find((c) => c.args[0] === "run");
+    expect(runCall).toBeDefined();
+    const runArgs = runCall!.args;
+
+    const envs = new Map<string, string>();
+    for (let i = 0; i < runArgs.length - 1; i++) {
+      if (runArgs[i] === "-e") {
+        const pair = runArgs[i + 1]!;
+        const eq = pair.indexOf("=");
+        envs.set(pair.slice(0, eq), pair.slice(eq + 1));
+      }
+    }
+
+    expect(envs.get("DAEMON_TOKEN")).toMatch(/^[0-9a-f]{48}$/);
+    expect(envs.get("DAEMON_BOOT_ID")).toMatch(/^[0-9a-f-]{36}$/i);
+    expect(envs.get("APP_ROOT")).toBe("/app");
+    expect(envs.get("PROXY_PORT")).toBe("9000");
+
+    expect(envs.has("DEV_PORT")).toBe(false);
+    expect(envs.has("RUNTIME")).toBe(false);
+    expect(envs.has("PACKAGE_MANAGER")).toBe(false);
+    expect(envs.has("INTENT")).toBe(false);
+    expect(envs.has("CLONE_URL")).toBe(false);
+    expect(envs.has("BRANCH")).toBe(false);
+    expect(envs.has("REPO_NAME")).toBe(false);
+    expect(envs.has("GIT_USER_NAME")).toBe(false);
+    expect(envs.has("GIT_USER_EMAIL")).toBe(false);
+    expect(envs.has("WORKDIR")).toBe(false);
+    expect(envs.has("DAEMON_PORT")).toBe(false);
+
+    const configCall = fetchCalls.find((c) =>
+      c.input.endsWith("/_decopilot_vm/config"),
+    );
+    expect(configCall).toBeDefined();
+    expect(configCall!.init.method).toBe("POST");
+    expect(
+      (configCall!.init.headers as Record<string, string>).Authorization,
+    ).toMatch(/^Bearer [0-9a-f]{48}$/);
+
+    const body = JSON.parse(
+      Buffer.from(configCall!.init.body as string, "base64").toString("utf-8"),
+    );
+    expect(body.git?.repository?.cloneUrl).toBe(
+      "https://x-access-token:TOKEN@github.com/o/r.git",
+    );
+    expect(body.git?.repository?.branch).toBe("feat/abc-123");
+    expect(body.git?.repository?.repoName).toBe("o/r");
+    expect(body.git?.identity?.userName).toBe("Octo Cat");
+    expect(body.git?.identity?.userEmail).toBe("octo@example.com");
+    expect(body.application?.runtime).toBe("bun");
+    expect(body.application?.packageManager?.name).toBe("bun");
+    expect(body.application?.port).toBe(3000);
+    expect(body.application?.intent).toBeUndefined();
+  });
+
+  it("skips POST /config when caller provides neither repo nor workload", async () => {
+    const { exec, calls } = makeExec(defaultResponder);
+    const fetchCalls: FetchCall[] = [];
+    globalThis.fetch = mock(async (input: unknown, init?: unknown) => {
+      const call: FetchCall = {
+        input: String(input),
+        init: (init ?? {}) as RequestInit & { duplex?: string },
+      };
+      fetchCalls.push(call);
+      if (call.input.endsWith("/health")) return healthOkResponse();
+      return new Response("", { status: 204 });
+    }) as unknown as typeof fetch;
+
+    const runner = new DockerSandboxRunner({
+      image: "test-image:latest",
+      exec,
+    });
+    await runner.ensure(ID);
+
+    const runCall = calls.find((c) => c.args[0] === "run")!;
+    const envPairs = runCall.args
+      .map((a, i) => (runCall.args[i - 1] === "-e" ? a : null))
+      .filter((v): v is string => v !== null);
+    const keys = envPairs.map((p) => p.slice(0, p.indexOf("=")));
+
+    expect(keys).toContain("DAEMON_TOKEN");
+    expect(keys).toContain("DAEMON_BOOT_ID");
+    expect(keys).toContain("APP_ROOT");
+    expect(keys).toContain("PROXY_PORT");
+
+    expect(
+      fetchCalls.some((c) => c.input.endsWith("/_decopilot_vm/config")),
+    ).toBe(false);
+  });
+});
+
+describe("DockerSandboxRunner.sweepOrphans()", () => {
+  it("stops every container returned by the ps filter", async () => {
+    const stopCalls: string[] = [];
+    const { exec } = makeExec((args) => {
+      if (args[0] === "ps") {
+        return { stdout: "id1\nid2\nid3\n", stderr: "", code: 0 };
+      }
+      if (args[0] === "stop") {
+        stopCalls.push(args[args.length - 1]!);
+        return { stdout: "", stderr: "", code: 0 };
+      }
+      return defaultResponder(args);
+    });
+    const store = makeStore();
+    const runner = new DockerSandboxRunner({ exec, stateStore: store });
+
+    const n = await runner.sweepOrphans();
+
+    expect(n).toBe(3);
+    expect(stopCalls.sort()).toEqual(["id1", "id2", "id3"]);
+    expect(store.deleteByHandleCalls.map((c) => c.handle).sort()).toEqual([
+      "id1",
+      "id2",
+      "id3",
+    ]);
+  });
+
+  it("returns full count even if one stop rejects", async () => {
+    const stopCalls: string[] = [];
+    const { exec } = makeExec((args) => {
+      if (args[0] === "ps") {
+        return { stdout: "a\nb\nc\n", stderr: "", code: 0 };
+      }
+      if (args[0] === "stop") {
+        stopCalls.push(args[args.length - 1]!);
+        if (args[args.length - 1] === "b") {
+          return Promise.reject(new Error("kaboom"));
+        }
+        return { stdout: "", stderr: "", code: 0 };
+      }
+      return defaultResponder(args);
+    });
+    const runner = new DockerSandboxRunner({ exec });
+    const n = await runner.sweepOrphans();
+    expect(n).toBe(3);
+    expect(stopCalls.sort()).toEqual(["a", "b", "c"]);
+  });
+});
+
+describe("DockerSandboxRunner.delete()", () => {
+  it("container stop and store.delete with record (no graceful dev-stop)", async () => {
+    const stopCalls: string[] = [];
+    const { exec } = makeExec((args) => {
+      if (args[0] === "stop") {
+        stopCalls.push(args[args.length - 1]!);
+      }
+      return defaultResponder(args);
+    });
+    const store = makeStore();
+
+    // /health ok for ensure, then direct container teardown (no /dev/stop hop).
+    const { calls: fetchCalls } = installFetch((call) =>
+      (call.input as string).endsWith("/health")
+        ? healthOkResponse()
+        : new Response("", { status: 204 }),
+    );
+
+    const runner = new DockerSandboxRunner({
+      image: "test-image:latest",
+      exec,
+      stateStore: store,
+    });
+    const sb = await runner.ensure(ID);
+
+    // Clear fetch calls so we only see what delete() triggers.
+    fetchCalls.length = 0;
+
+    await runner.delete(sb.handle);
+
+    // Delete tears down the container directly; no graceful /dev/stop hop.
+    expect(
+      fetchCalls.some((c) => (c.input as string).includes("/dev/stop")),
+    ).toBe(false);
+    // docker stop hit the handle.
+    expect(stopCalls).toContain(sb.handle);
+    // store.delete was called (we had a record in memory).
+    expect(store.deleteCalls).toHaveLength(1);
+    expect(store.deleteCalls[0]!.id.userId).toBe(ID.userId);
+  });
+
+  it("falls back to deleteByHandle when no record in memory", async () => {
+    const stopCalls: string[] = [];
+    const { exec } = makeExec((args) => {
+      if (args[0] === "stop") {
+        stopCalls.push(args[args.length - 1]!);
+      }
+      return defaultResponder(args);
+    });
+    const store = makeStore();
+    const runner = new DockerSandboxRunner({ exec, stateStore: store });
+    installFetch(() => new Response("", { status: 204 }));
+
+    const unknownHandle = "unknownhandle1234567890abcdef";
+    await runner.delete(unknownHandle);
+
+    // No in-memory record, so daemon fetch is skipped; docker stop still runs.
+    expect(stopCalls).toContain(unknownHandle);
+    // Fallback path.
+    expect(store.deleteByHandleCalls).toHaveLength(1);
+    expect(store.deleteByHandleCalls[0]!.handle).toBe(unknownHandle);
+    expect(store.deleteCalls).toHaveLength(0);
+  });
+});
+
+describe("DockerSandboxRunner — sanity: preview URL & port resolvers", () => {
+  it("composePreviewUrl uses pattern when workload provided; resolvers return ports", async () => {
+    const { exec } = makeExec(defaultResponder);
+    installFetch(() => healthOkResponse());
+
+    const runner = new DockerSandboxRunner({
+      image: "test-image:latest",
+      exec,
+      previewUrlPattern: "https://preview.example.com/{handle}",
+    });
+    const sb = await runner.ensure(ID, {
+      workload: { runtime: "bun", packageManager: "bun", devPort: 3000 },
+    });
+    expect(sb.previewUrl).toBe(`https://preview.example.com/${sb.handle}/`);
+
+    expect(await runner.resolveDevPort(sb.handle)).toBeGreaterThan(0);
+    expect(await runner.resolveDaemonPort(sb.handle)).toBeGreaterThan(0);
+  });
+});
diff --git a/packages/sandbox/server/runner/docker/runner.ts b/packages/sandbox/server/runner/docker/runner.ts
new file mode 100644
index 0000000000..dad3b4e15b
--- /dev/null
+++ b/packages/sandbox/server/runner/docker/runner.ts
@@ -0,0 +1,684 @@
+/**
+ * Docker sandbox runner — local dev.
+ *
+ * One hardened container per (user, projectRef). Daemon + dev ports are
+ * published to ephemeral host ports; browser traffic routes through
+ * `startLocalSandboxIngress` (`*.localhost`). Mesh owns teardown and sweeps
+ * orphans on boot/shutdown.
+ */
+
+import { randomBytes, randomUUID } from "node:crypto";
+import { DAEMON_PORT, DEFAULT_IMAGE, sleep } from "../../../shared";
+import {
+  daemonBash,
+  postConfig,
+  probeDaemonHealth,
+  proxyDaemonRequest,
+  waitForDaemonReady,
+} from "../../daemon-client";
+import {
+  DEFAULT_WORKDIR,
+  dockerExec,
+  startContainer,
+  type DockerExecFn,
+  type DockerResult,
+} from "../../docker-cli";
+import { ensureSandboxImage } from "../../image-build";
+import {
+  Inflight,
+  applyPreviewPattern,
+  buildConfigPayload,
+  computeHandle,
+  hashSandboxId,
+  withSandboxLock,
+} from "../shared";
+import type { RunnerStateStore, RunnerStateStoreOps } from "../state-store";
+import type {
+  EnsureOptions,
+  ExecInput,
+  ExecOutput,
+  ProxyRequestInit,
+  Sandbox,
+  SandboxId,
+  SandboxRunner,
+  Workload,
+} from "../types";
+import type { ClaimPhase } from "../lifecycle-types";
+
+const RUNNER_KIND = "docker" as const;
+const LABEL_ROOT = "studio-sandbox";
+const LABEL_ID = "studio-sandbox.id";
+const DEFAULT_DEV_PORT = 3000;
+const PORT_READBACK_ATTEMPTS = 15;
+const PORT_READBACK_INTERVAL_MS = 200;
+const LOG_LABEL = "DockerSandboxRunner";
+
+type PhaseLog = (msg: string, fields?: Record<string, unknown>) => void;
+
+function makePhaseLog(scope: string): PhaseLog {
+  const t0 = Date.now();
+  return (msg, fields = {}) => {
+    const tail = Object.entries(fields)
+      .map(([k, v]) => `${k}=${typeof v === "string" ? v : JSON.stringify(v)}`)
+      .join(" ");
+    console.log(
+      `[${scope}] +${Date.now() - t0}ms ${msg}${tail ? ` ${tail}` : ""}`,
+    );
+  };
+}
+
+export type ExecResult = DockerResult;
+export type DockerExec = DockerExecFn;
+
+export interface DockerRunnerOptions {
+  image?: string;
+  exec?: DockerExecFn;
+  stateStore?: RunnerStateStore;
+  previewUrlPattern?: string;
+  /** Ownership label; override per mesh instance when multiple share one host. */
+  labelPrefix?: string;
+}
+
+interface DockerRecord {
+  id: SandboxId;
+  handle: string;
+  token: string;
+  workdir: string;
+  daemonUrl: string;
+  daemonPort: number;
+  devPort: number;
+  devContainerPort: number;
+  workload: Workload | null;
+  /**
+   * Per-boot UUID the daemon reports on /health. Generated mesh-side and
+   * injected via env; re-read from /health on rehydrate so we pick up
+   * container restarts.
+   */
+  daemonBootId: string;
+}
+
+interface PersistedDockerState {
+  token: string;
+  workdir: string;
+  daemonUrl: string;
+  devPort?: number;
+  devContainerPort?: number;
+  daemonPort?: number;
+  workload?: Workload | null;
+  /** Per-boot UUID from the daemon's /health; round-tripped through state. */
+  daemonBootId?: string;
+  [k: string]: unknown;
+}
+
+export class DockerSandboxRunner implements SandboxRunner {
+  readonly kind = RUNNER_KIND;
+
+  private readonly records = new Map<string, DockerRecord>();
+  private readonly inflight = new Inflight<string, Sandbox>();
+  private readonly defaultImage: string;
+  private readonly exec_: DockerExecFn;
+  private readonly labelPrefix: string;
+  private readonly stateStore: RunnerStateStore | null;
+  private readonly previewUrlPattern: string | null;
+
+  constructor(opts: DockerRunnerOptions = {}) {
+    this.defaultImage =
+      opts.image ?? process.env.STUDIO_SANDBOX_IMAGE ?? DEFAULT_IMAGE;
+    this.exec_ = opts.exec ?? dockerExec;
+    this.labelPrefix = opts.labelPrefix ?? LABEL_ROOT;
+    this.stateStore = opts.stateStore ?? null;
+    this.previewUrlPattern = opts.previewUrlPattern ?? null;
+  }
+
+  // ---- SandboxRunner surface ------------------------------------------------
+
+  async ensure(id: SandboxId, opts: EnsureOptions = {}): Promise<Sandbox> {
+    const labelId = hashSandboxId(id, 16);
+    return this.inflight.run(labelId, () =>
+      withSandboxLock(this.stateStore, id, RUNNER_KIND, (ops) =>
+        this.ensureLocked(id, labelId, opts, ops),
+      ),
+    );
+  }
+
+  async exec(handle: string, input: ExecInput): Promise<ExecOutput> {
+    const rec = await this.requireRecord(handle);
+    return daemonBash(rec.daemonUrl, rec.token, input);
+  }
+
+  async delete(handle: string): Promise<void> {
+    const rec = await this.getRecord(handle);
+    this.records.delete(handle);
+    await this.stopContainer(handle);
+    if (this.stateStore) {
+      if (rec) await this.stateStore.delete(rec.id, RUNNER_KIND);
+      else await this.stateStore.deleteByHandle(RUNNER_KIND, handle);
+    }
+  }
+
+  async alive(handle: string): Promise<boolean> {
+    const r = await this.exec_([
+      "inspect",
+      "--format",
+      "{{.State.Running}}",
+      handle,
+    ]);
+    return r.code === 0 && r.stdout.trim() === "true";
+  }
+
+  async getPreviewUrl(handle: string): Promise<string | null> {
+    const rec = await this.getRecord(handle);
+    return rec ? this.composePreviewUrl(rec) : null;
+  }
+
+  async proxyDaemonRequest(
+    handle: string,
+    path: string,
+    init: ProxyRequestInit,
+  ): Promise<Response> {
+    const rec = await this.getRecord(handle);
+    if (!rec) {
+      return new Response(JSON.stringify({ error: "sandbox not found" }), {
+        status: 404,
+        headers: { "content-type": "application/json" },
+      });
+    }
+    return proxyDaemonRequest(rec.daemonUrl, rec.token, path, init);
+  }
+
+  // No pre-Ready window worth surfacing: VM_START's `runner.ensure` blocks on
+  // `waitForDaemonReady`, which returns once the container's daemon `/health`
+  // is reachable — typically <1s after `docker run` returns. Yield a single
+  // `ready` so the unified vm-events route can proceed straight to the
+  // daemon SSE.
+  async *watchClaimLifecycle(
+    _handle: string,
+    _signal?: AbortSignal,
+  ): AsyncGenerator<ClaimPhase, void, unknown> {
+    yield { kind: "ready" };
+  }
+
+  // ---- Docker-only surface --------------------------------------------------
+
+  async sweepOrphans(): Promise<number> {
+    const r = await this.exec_([
+      "ps",
+      "-a",
+      "--format",
+      "{{.Names}}",
+      "--filter",
+      `label=${this.labelPrefix}=1`,
+    ]);
+    if (r.code !== 0) return 0;
+    const handles = r.stdout.trim().split("\n").filter(Boolean);
+    await Promise.all(
+      handles.map(async (handle) => {
+        await this.stopContainer(handle).catch((err) =>
+          console.warn(
+            `[${LOG_LABEL}] sweep: stopContainer(${handle}) failed:`,
+            err instanceof Error ? err.message : String(err),
+          ),
+        );
+        if (this.stateStore) {
+          await this.stateStore
+            .deleteByHandle(RUNNER_KIND, handle)
+            .catch((err) =>
+              console.warn(
+                `[${LOG_LABEL}] sweep: state-store deleteByHandle(${handle}) failed:`,
+                err instanceof Error ? err.message : String(err),
+              ),
+            );
+        }
+      }),
+    );
+    return handles.length;
+  }
+
+  /** Docker-only: host port → dev server. Used by local ingress. */
+  async resolveDevPort(handle: string): Promise<number | null> {
+    const rec = await this.getRecord(handle);
+    return rec?.devPort ?? null;
+  }
+
+  /** Docker-only: host port → daemon. Used by local ingress. */
+  async resolveDaemonPort(handle: string): Promise<number | null> {
+    const rec = await this.getRecord(handle);
+    return rec?.daemonPort ?? null;
+  }
+
+  // ---- Ensure flow ----------------------------------------------------------
+
+  private async ensureLocked(
+    id: SandboxId,
+    labelId: string,
+    opts: EnsureOptions,
+    ops: RunnerStateStoreOps | null,
+  ): Promise<Sandbox> {
+    const log = makePhaseLog(LOG_LABEL);
+    log("ensure start", { labelId });
+    // 1. State-store resume.
+    if (ops) {
+      const persisted = await ops.get(id, RUNNER_KIND);
+      if (persisted) {
+        const rec = await this.rehydrate(id, persisted);
+        if (rec) {
+          log("ensure ok via=resume", { handle: rec.handle });
+          return this.finish(rec, ops, /* persistNow */ false);
+        }
+        await ops.delete(id, RUNNER_KIND);
+        log("resume rejected, falling through");
+      }
+    }
+    // 2. Side-channel adopt: container with our label still running.
+    const adopted = await this.adoptByLabel(id, labelId, opts);
+    if (adopted) {
+      log("ensure ok via=adopt", { handle: adopted.handle });
+      return this.finish(adopted, ops, /* persistNow */ true);
+    }
+    // 3. Fresh provision.
+    log("provision start");
+    const fresh = await this.provision(id, labelId, opts, log);
+    log("ensure ok via=provision", { handle: fresh.handle });
+    return this.finish(fresh, ops, /* persistNow */ true);
+  }
+
+  private async finish(
+    rec: DockerRecord,
+    ops: RunnerStateStoreOps | null,
+    persistNow: boolean,
+  ): Promise<Sandbox> {
+    this.records.set(rec.handle, rec);
+    if (persistNow) await this.persist(ops, rec);
+    return this.toSandbox(rec);
+  }
+
+  private async provision(
+    id: SandboxId,
+    labelId: string,
+    opts: EnsureOptions,
+    log: PhaseLog,
+  ): Promise<DockerRecord> {
+    const token = randomBytes(24).toString("hex");
+    const daemonBootId = randomUUID();
+    const workdir = DEFAULT_WORKDIR;
+    const image = opts.image ?? this.defaultImage;
+    const devContainerPort = opts.workload?.devPort ?? DEFAULT_DEV_PORT;
+
+    // Bootstrap-only env: identity + ports. Repo + workload are pushed via
+    // POST /_decopilot_vm/config after the daemon is healthy. opts.env is
+    // spread last to match the host runner's escape-hatch semantics —
+    // overriding daemon bootstrap names is rare and breaks things, but the
+    // hatch stays.
+    const env: Record<string, string> = {
+      DAEMON_TOKEN: token,
+      DAEMON_BOOT_ID: daemonBootId,
+      APP_ROOT: workdir,
+      PROXY_PORT: String(DAEMON_PORT),
+      ...(opts.env ?? {}),
+    };
+    const configPayload = buildConfigPayload({
+      runtime: opts.workload?.runtime ?? "node",
+      packageManager: opts.workload?.packageManager
+        ? {
+            name: opts.workload.packageManager,
+            ...(opts.workload.packageManagerPath
+              ? { path: opts.workload.packageManagerPath }
+              : {}),
+          }
+        : null,
+      repo: opts.repo ?? null,
+      port: devContainerPort,
+    });
+
+    // Shared singleton; awaits any background build kicked off by the CLI.
+    log("ensureSandboxImage start");
+    await ensureSandboxImage({
+      image,
+      exec: this.exec_,
+      onLog: (line) => log("image build", { line }),
+    });
+    log("ensureSandboxImage ok");
+
+    // Hardening: drop caps + block privilege escalation; cap processes/memory/
+    // cpu against runaway user scripts. Read-only root removes most write-based
+    // pivots; /tmp is a bounded tmpfs; /app and /home/sandbox are anonymous
+    // volumes (disk-backed) so package-manager caches don't blow the mem cap.
+    const handle = computeHandle(id, opts.repo?.branch);
+    const tryStart = () =>
+      startContainer(image, {
+        label: "sandbox",
+        exec: this.exec_,
+        args: [
+          "--name",
+          handle,
+          "--rm",
+          "--init",
+          "--read-only",
+          "--tmpfs=/tmp:rw,nosuid,nodev,size=256m",
+          "-v",
+          "/app",
+          "-v",
+          "/home/sandbox",
+          "--cap-drop=ALL",
+          "--security-opt=no-new-privileges",
+          "--pids-limit=512",
+          "--memory=2g",
+          "--memory-swap=2g",
+          "--cpus=1",
+          "--label",
+          `${this.labelPrefix}=1`,
+          "--label",
+          `${LABEL_ID}=${labelId}`,
+          "-p",
+          `127.0.0.1:0:${DAEMON_PORT}`,
+          "-p",
+          `127.0.0.1:0:${devContainerPort}`,
+          ...Object.entries(env).flatMap(([k, v]) => ["-e", `${k}=${v}`]),
+        ],
+      });
+
+    log("docker run start", { handle, image });
+    try {
+      await tryStart();
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      // findExisting only adopts *running* containers via `docker ps`, so a
+      // stopped same-name orphan left behind by a crash that bypassed --rm
+      // cleanup will collide on `--name`. Force-remove the orphan and retry
+      // once; if the retry still fails, surface the original error.
+      if (msg.includes("is already in use")) {
+        log("docker run name conflict, retrying after rm", { handle });
+        await this.exec_(["rm", "-f", handle]).catch(() => undefined);
+        await tryStart();
+      } else {
+        throw err;
+      }
+    }
+    log("docker run ok", { handle });
+
+    const daemonPort = await this.readPort(handle, DAEMON_PORT);
+    const daemonUrl = `http://127.0.0.1:${daemonPort}`;
+    const devPort = await this.readPort(handle, devContainerPort);
+    log("ports read", { daemonPort, devPort });
+    log("waitForDaemonReady start", { daemonUrl });
+    try {
+      await waitForDaemonReady(daemonUrl);
+      if (configPayload) {
+        log("postConfig start", { daemonUrl });
+        await postConfig(daemonUrl, token, configPayload);
+        log("postConfig ok");
+      }
+    } catch (err) {
+      log("waitForDaemonReady failed", {
+        err: err instanceof Error ? err.message : String(err),
+      });
+      await this.stopContainer(handle).catch((stopErr) =>
+        console.warn(
+          `[${LOG_LABEL}] cleanup stop after waitForDaemonReady failure (${handle}) itself failed:`,
+          stopErr instanceof Error ? stopErr.message : String(stopErr),
+        ),
+      );
+      throw err;
+    }
+    log("daemon ready", { handle });
+    return {
+      id,
+      handle,
+      token,
+      workdir,
+      daemonUrl,
+      daemonPort,
+      devPort,
+      devContainerPort,
+      workload: opts.workload ?? null,
+      daemonBootId,
+    };
+  }
+
+  /**
+   * Reconstruct a record from persisted state, probing that the container is
+   * still healthy. Returns null on any mismatch — caller purges and falls
+   * through to `adoptByLabel`/`provision`.
+   */
+  private async rehydrate(
+    id: SandboxId,
+    persisted: { handle: string; state: Record<string, unknown> },
+  ): Promise<DockerRecord | null> {
+    const state = persisted.state as Partial<PersistedDockerState>;
+    if (!state.token || !state.daemonUrl) return null;
+    const handle = persisted.handle;
+    const devContainerPort = state.devContainerPort ?? DEFAULT_DEV_PORT;
+    let daemonPort: number;
+    let devPort: number;
+    try {
+      daemonPort = await this.readPort(handle, DAEMON_PORT);
+      devPort = await this.readPort(handle, devContainerPort);
+    } catch {
+      return null;
+    }
+    const daemonUrl = `http://127.0.0.1:${daemonPort}`;
+    // probeDaemonHealth returns null when /health is unreachable OR when the
+    // response lacks a bootId — the latter covers a running container still
+    // on the pre-unified daemon.mjs ({ ok: true } shape). In either case the
+    // caller purges this record + adopts or reprovisions from scratch.
+    const health = await probeDaemonHealth(daemonUrl);
+    if (!health) return null;
+    // When the live bootId differs from our persisted one, the container
+    // bounced but /app survived. The unified daemon's orchestrator handles
+    // this itself on boot (resume-on-restart). We just refresh our copy of
+    // bootId here; no force-recreate needed.
+    if (state.daemonBootId && state.daemonBootId !== health.bootId) {
+      console.warn(
+        `[${LOG_LABEL}] daemon restart detected (handle=${handle}): stored bootId=${state.daemonBootId} live bootId=${health.bootId}`,
+      );
+    }
+    return {
+      id,
+      handle,
+      token: state.token,
+      workdir: state.workdir ?? DEFAULT_WORKDIR,
+      daemonUrl,
+      daemonPort,
+      devPort,
+      devContainerPort,
+      daemonBootId: health.bootId,
+      workload: state.workload ?? null,
+    };
+  }
+
+  /**
+   * State store empty but a container with our label still runs. Reconstruct
+   * from `docker inspect` env vars; tear down anything we can't reuse so
+   * `provision` below doesn't collide on the next ensure.
+   */
+  private async adoptByLabel(
+    id: SandboxId,
+    labelId: string,
+    opts: EnsureOptions,
+  ): Promise<DockerRecord | null> {
+    const existing = await this.findExisting(labelId);
+    if (!existing) return null;
+
+    const cached = this.records.get(existing);
+    if (cached) return cached;
+
+    const recovered = await this.reconstructFromContainer(id, existing, opts);
+    if (recovered) return recovered;
+
+    await this.stopContainer(existing);
+    return null;
+  }
+
+  private async reconstructFromContainer(
+    id: SandboxId,
+    handle: string,
+    opts: EnsureOptions,
+  ): Promise<DockerRecord | null> {
+    const r = await this.exec_([
+      "inspect",
+      "--format",
+      "{{range .Config.Env}}{{println .}}{{end}}",
+      handle,
+    ]);
+    if (r.code !== 0) return null;
+    let token: string | null = null;
+    let workdir = DEFAULT_WORKDIR;
+    for (const line of r.stdout.split("\n")) {
+      if (line.startsWith("DAEMON_TOKEN=")) token = line.slice(13);
+      else if (line.startsWith("APP_ROOT=")) workdir = line.slice(9);
+    }
+    if (!token) return null;
+    const daemonPort = await this.readPort(handle, DAEMON_PORT);
+    const daemonUrl = `http://127.0.0.1:${daemonPort}`;
+    const health = await probeDaemonHealth(daemonUrl);
+    if (!health) return null;
+    const devContainerPort = opts.workload?.devPort ?? DEFAULT_DEV_PORT;
+    const devPort = await this.readPort(handle, devContainerPort);
+    return {
+      id,
+      handle,
+      token,
+      workdir,
+      daemonUrl,
+      daemonPort,
+      devPort,
+      devContainerPort,
+      daemonBootId: health.bootId,
+      workload: opts.workload ?? null,
+    };
+  }
+
+  // ---- Handle resolution (post-restart) -------------------------------------
+
+  /**
+   * Look up a record by handle, rehydrating from persisted state on cache
+   * miss. The returned record is fully usable for any of the six methods —
+   * after a mesh restart this is the entry point that reconstructs state.
+   */
+  private async getRecord(handle: string): Promise<DockerRecord | null> {
+    const cached = this.records.get(handle);
+    if (cached) return cached;
+    if (!this.stateStore) return null;
+    const persisted = await this.stateStore.getByHandle(RUNNER_KIND, handle);
+    if (!persisted) return null;
+    const rec = await this.rehydrate(persisted.id, persisted);
+    if (rec) this.records.set(handle, rec);
+    return rec;
+  }
+
+  private async requireRecord(handle: string): Promise<DockerRecord> {
+    const rec = await this.getRecord(handle);
+    if (!rec) throw new Error(`unknown sandbox handle ${handle}`);
+    return rec;
+  }
+
+  // ---- Preview URL ----------------------------------------------------------
+
+  /**
+   * Local-ingress preview URL. Docker's URL is derived purely from the handle,
+   * not gated on workload — the dev server may boot from a caller workload
+   * hint OR the daemon auto-sniffing package.json / deno.json.
+   */
+  private composePreviewUrl(rec: DockerRecord): string {
+    if (this.previewUrlPattern) {
+      return applyPreviewPattern(this.previewUrlPattern, rec.handle);
+    }
+    const envRoot = process.env.SANDBOX_ROOT_URL;
+    if (envRoot) return applyPreviewPattern(envRoot, rec.handle);
+    const ingressPort = Number(process.env.SANDBOX_INGRESS_PORT ?? 7070);
+    return `http://${rec.handle}.localhost:${ingressPort}/`;
+  }
+
+  private toSandbox(rec: DockerRecord): Sandbox {
+    return {
+      handle: rec.handle,
+      workdir: rec.workdir,
+      previewUrl: this.composePreviewUrl(rec),
+    };
+  }
+
+  // ---- Persistence ----------------------------------------------------------
+
+  private async persist(
+    ops: RunnerStateStoreOps | null,
+    rec: DockerRecord,
+  ): Promise<void> {
+    if (!ops) return;
+    const state: PersistedDockerState = {
+      token: rec.token,
+      workdir: rec.workdir,
+      daemonUrl: rec.daemonUrl,
+      daemonPort: rec.daemonPort,
+      devPort: rec.devPort,
+      devContainerPort: rec.devContainerPort,
+      workload: rec.workload,
+      daemonBootId: rec.daemonBootId,
+    };
+    await ops.put(rec.id, RUNNER_KIND, { handle: rec.handle, state });
+  }
+
+  // ---- Docker CLI helpers ---------------------------------------------------
+
+  private async stopContainer(handle: string): Promise<void> {
+    await this.exec_(["stop", "--time", "2", handle]);
+  }
+
+  private async findExisting(labelId: string): Promise<string | null> {
+    const r = await this.exec_([
+      "ps",
+      "--no-trunc",
+      "--format",
+      "{{.Names}}",
+      "--filter",
+      `label=${LABEL_ID}=${labelId}`,
+    ]);
+    if (r.code !== 0) return null;
+    const name = r.stdout.trim().split("\n").filter(Boolean)[0];
+    return name ?? null;
+  }
+
+  private async readPort(
+    handle: string,
+    containerPort: number,
+  ): Promise<number> {
+    for (let i = 0; i < PORT_READBACK_ATTEMPTS; i++) {
+      const r = await this.exec_(["port", handle, `${containerPort}/tcp`]);
+      if (r.code === 0) {
+        for (const line of r.stdout.split("\n")) {
+          const match = line.trim().match(/:(\d+)$/);
+          if (match) return Number(match[1]);
+        }
+      } else if (/no such container/i.test(r.stderr)) {
+        const diag = await this.exitDiagnostics(handle);
+        throw new Error(
+          `sandbox container ${handle} exited before daemon started${diag}`,
+        );
+      }
+      await sleep(PORT_READBACK_INTERVAL_MS);
+    }
+    throw new Error(
+      `timed out waiting for docker port mapping on container ${handle}`,
+    );
+  }
+
+  private async exitDiagnostics(handle: string): Promise<string> {
+    const parts: string[] = [];
+    const inspect = await this.exec_([
+      "inspect",
+      "--format",
+      "{{.State.ExitCode}}",
+      handle,
+    ]);
+    if (inspect.code === 0 && inspect.stdout.trim()) {
+      parts.push(`exit=${inspect.stdout.trim()}`);
+    }
+    const logs = await this.exec_(["logs", "--tail", "20", handle]);
+    const tail = [logs.stdout, logs.stderr]
+      .map((s) => s.trim())
+      .filter(Boolean)
+      .join("\n")
+      .trim();
+    if (tail) parts.push(`logs:\n${tail}`);
+    return parts.length ? ` (${parts.join(" ")})` : "";
+  }
+}
diff --git a/packages/sandbox/server/runner/docker/sweep.ts b/packages/sandbox/server/runner/docker/sweep.ts
new file mode 100644
index 0000000000..d7e644127c
--- /dev/null
+++ b/packages/sandbox/server/runner/docker/sweep.ts
@@ -0,0 +1,61 @@
+/**
+ * Docker-only sweeps. Other runners' sandboxes outlive mesh by design — a
+ * polymorphic sweep would nuke user VMs on K8s rolling restart. So this
+ * lives on `DockerSandboxRunner`, not on the `SandboxRunner` interface.
+ */
+
+import { DockerSandboxRunner, type DockerRunnerOptions } from "./runner";
+
+const BOOT_SWEEP_KEY = Symbol.for("mesh.sandbox.bootSweepDone");
+
+export type SweepDockerOrphansOnBootOptions = Pick<
+  DockerRunnerOptions,
+  "labelPrefix" | "exec"
+>;
+
+/**
+ * Runs once per process to clean up crashed/SIGKILL'd prior runs.
+ * Uses `globalThis` (not module scope) because `bun --hot` re-runs top-level
+ * awaits on every save — that would otherwise kill the actively-previewed
+ * sandbox. A real restart gets a fresh globalThis, so the sweep still fires.
+ * Best-effort; failures are logged and never block startup.
+ */
+export async function sweepDockerOrphansOnBoot(
+  opts: SweepDockerOrphansOnBootOptions = {},
+): Promise<void> {
+  const g = globalThis as Record<symbol, unknown>;
+  if (g[BOOT_SWEEP_KEY]) return;
+  g[BOOT_SWEEP_KEY] = true;
+  try {
+    const runner = new DockerSandboxRunner(opts);
+    const n = await runner.sweepOrphans();
+    if (n > 0) {
+      console.log(`[sandbox] Boot sweep: stopped ${n} stale container(s).`);
+    }
+  } catch (err) {
+    console.warn(
+      "[sandbox] Boot sweep failed (continuing without it):",
+      err instanceof Error ? err.message : err,
+    );
+  }
+}
+
+/**
+ * Caveat: filters only by `studio-sandbox=1`, so multiple studio pods sharing
+ * one docker host would nuke each other's containers on SIGTERM. Fine for
+ * single-pod-per-host (the only sane docker deployment shape today).
+ */
+export async function sweepDockerOrphansOnShutdown(
+  runner: DockerSandboxRunner | null,
+): Promise<void> {
+  if (!runner) return;
+  console.log("[shutdown] Sweeping docker sandbox containers...");
+  try {
+    const n = await runner.sweepOrphans();
+    if (n > 0) {
+      console.log(`[shutdown] Swept ${n} sandbox container(s).`);
+    }
+  } catch (err) {
+    console.error("[shutdown] Sandbox sweep error:", err);
+  }
+}
diff --git a/packages/sandbox/server/runner/freestyle/index.ts b/packages/sandbox/server/runner/freestyle/index.ts
new file mode 100644
index 0000000000..e0db49664a
--- /dev/null
+++ b/packages/sandbox/server/runner/freestyle/index.ts
@@ -0,0 +1,2 @@
+export { FreestyleSandboxRunner } from "./runner";
+export type { FreestyleRunnerOptions } from "./runner";
diff --git a/packages/sandbox/server/runner/freestyle/runner.ts b/packages/sandbox/server/runner/freestyle/runner.ts
new file mode 100644
index 0000000000..2fcc6aeb5b
--- /dev/null
+++ b/packages/sandbox/server/runner/freestyle/runner.ts
@@ -0,0 +1,705 @@
+/**
+ * Freestyle sandbox runner — hosted.
+ *
+ * One VM per (user, projectRef). Freestyle owns the runtime; mesh calls
+ * `freestyle.vms.{create, ref({vmId, spec}).start, stop, delete}`. The VM
+ * bakes in the bundled daemon binary (daemon/dist/daemon.js) via
+ * additionalFiles, with per-VM config injected through systemd env vars on
+ * the daemon service — so there's no in-package bootstrap path and no
+ * port-forward — the preview URL is a Freestyle-provided HTTPS domain.
+ *
+ * Daemon traffic at `/_decopilot_vm/*` is base64-encoded body-wise to dodge
+ * Freestyle's Cloudflare WAF.
+ */
+
+import { randomBytes, randomUUID } from "node:crypto";
+import { VmBun } from "@freestyle-sh/with-bun";
+import { VmDeno } from "@freestyle-sh/with-deno";
+import { VmNodeJs } from "@freestyle-sh/with-nodejs";
+import { freestyle, VmSpec } from "freestyle-sandboxes";
+import {
+  computeHandle,
+  deriveRepoLabel,
+  Inflight,
+  withSandboxLock,
+} from "../shared";
+import type { RunnerStateStore, RunnerStateStoreOps } from "../state-store";
+import {
+  sandboxIdKey,
+  type EnsureOptions,
+  type ExecInput,
+  type ExecOutput,
+  type ProxyRequestInit,
+  type Sandbox,
+  type SandboxId,
+  type SandboxRunner,
+  type Workload,
+} from "../types";
+import type { ClaimPhase } from "../lifecycle-types";
+// Inlined as a string at build time. Path lookup via import.meta.url breaks
+// once the server is bundled into apps/mesh/dist/server/server.js because
+// `../../../` then resolves outside the published package. The text-import
+// attribute makes bun build embed the daemon bytes directly into server.js,
+// so no asset has to ship alongside the bundle.
+// @ts-expect-error - Bun-specific text loader attribute; TS resolves the
+// underlying .js file and doesn't model `with { type: "text" }`.
+import _daemonBundle from "../../../daemon/dist/daemon.js" with {
+  type: "text",
+};
+const DAEMON_BUNDLE_CONTENT: string = _daemonBundle;
+
+const RUNNER_KIND = "freestyle" as const;
+const LOG_LABEL = "FreestyleSandboxRunner";
+const PROXY_PORT = 9000;
+const APP_WORKDIR = "/app";
+const DAEMON_TOKEN_BYTES = 32;
+const ALIVE_PROBE_TIMEOUT_MS = 2_000;
+const EXEC_DEFAULT_TIMEOUT_MS = 30_000;
+const DISPOSE_TIMEOUT_MS = 10_000;
+/** Stop running VMs after this much idle time. Freestyle bills per active second. */
+const DEFAULT_IDLE_TIMEOUT_SECONDS = 1800;
+
+type PhaseLog = (msg: string, fields?: Record<string, unknown>) => void;
+
+function makePhaseLog(scope: string): PhaseLog {
+  const t0 = Date.now();
+  return (msg, fields = {}) => {
+    const tail = Object.entries(fields)
+      .map(([k, v]) => `${k}=${typeof v === "string" ? v : JSON.stringify(v)}`)
+      .join(" ");
+    console.log(
+      `[${scope}] +${Date.now() - t0}ms ${msg}${tail ? ` ${tail}` : ""}`,
+    );
+  };
+}
+
+/**
+ * Pull as much detail as possible from an unknown thrown value. SDK errors
+ * may wrap an HTTP Response, attach a `cause`, or be plain objects — bare
+ * `err.message` regularly produces "[object Object]" in the logs.
+ */
+function describeError(err: unknown): Record<string, unknown> {
+  if (err instanceof Error) {
+    const out: Record<string, unknown> = {
+      name: err.name,
+      message: err.message,
+    };
+    if (err.stack) out.stack = err.stack.split("\n").slice(0, 4).join(" | ");
+    if ("cause" in err && err.cause !== undefined) {
+      out.cause =
+        err.cause instanceof Error
+          ? `${err.cause.name}: ${err.cause.message}`
+          : String(err.cause);
+    }
+    if ("status" in err && typeof err.status === "number")
+      out.status = err.status;
+    if ("code" in err) out.code = String(err.code);
+    if ("response" in err && err.response && typeof err.response === "object") {
+      const resp = err.response as { status?: number; statusText?: string };
+      out.responseStatus = resp.status;
+      out.responseStatusText = resp.statusText;
+    }
+    return out;
+  }
+  if (err === null || err === undefined) return { err: String(err) };
+  if (typeof err === "object") {
+    try {
+      return { raw: JSON.stringify(err) };
+    } catch {
+      return { raw: Object.prototype.toString.call(err) };
+    }
+  }
+  return { raw: String(err) };
+}
+
+export interface FreestyleRunnerOptions {
+  stateStore?: RunnerStateStore;
+  /** Override when the freestyle account uses a custom apex. Default: `deco.studio`. */
+  previewRootDomain?: string;
+  /** Override for tests / staging where you want longer-lived VMs. */
+  idleTimeoutSeconds?: number;
+}
+
+interface FreestyleRecord {
+  id: SandboxId;
+  handle: string;
+  vmId: string;
+  previewDomain: string;
+  workdir: string;
+  workload: Workload | null;
+  /** Persisted so VmSpec can be rebuilt deterministically on resume. */
+  repo: NonNullable<EnsureOptions["repo"]>;
+  /** Bearer token the in-VM daemon checks on every `/_decopilot_vm/*` request. */
+  daemonToken: string;
+  /** Per-sandbox UUID used by /health for restart detection. */
+  daemonBootId: string;
+}
+
+interface PersistedFreestyleState {
+  vmId: string;
+  previewDomain: string;
+  workdir: string;
+  workload: Workload | null;
+  repo: NonNullable<EnsureOptions["repo"]>;
+  /** Added alongside bearer auth. Absent in pre-auth rows → resume bails. */
+  daemonToken?: string;
+  /** Added with bundle refactor. Absent in pre-refactor rows → generate fresh on resume. */
+  daemonBootId?: string;
+  [k: string]: unknown;
+}
+
+export class FreestyleSandboxRunner implements SandboxRunner {
+  readonly kind = RUNNER_KIND;
+
+  private readonly records = new Map<string, FreestyleRecord>();
+  private readonly inflight = new Inflight<string, Sandbox>();
+  private readonly stateStore: RunnerStateStore | null;
+  private readonly previewRootDomain: string;
+  private readonly idleTimeoutSeconds: number;
+
+  constructor(opts: FreestyleRunnerOptions = {}) {
+    this.stateStore = opts.stateStore ?? null;
+    this.previewRootDomain = opts.previewRootDomain ?? "deco.studio";
+    this.idleTimeoutSeconds =
+      opts.idleTimeoutSeconds ?? DEFAULT_IDLE_TIMEOUT_SECONDS;
+  }
+
+  // ---- SandboxRunner surface ------------------------------------------------
+
+  async ensure(id: SandboxId, opts: EnsureOptions = {}): Promise<Sandbox> {
+    if (!opts.repo) {
+      throw new Error(
+        `[${LOG_LABEL}] requires opts.repo — bake-in clone is part of the VmSpec; blank sandboxes aren't supported.`,
+      );
+    }
+    if (!opts.repo.branch) {
+      throw new Error(
+        `[${LOG_LABEL}] requires opts.repo.branch — the daemon clones with -b and the branch is part of the spec.`,
+      );
+    }
+    const key = sandboxIdKey(id);
+    return this.inflight.run(key, () =>
+      withSandboxLock(this.stateStore, id, RUNNER_KIND, (ops) =>
+        this.ensureLocked(id, opts, ops),
+      ),
+    );
+  }
+
+  /** Routes through the daemon transport so CORS/bearer match file-ops. */
+  async exec(handle: string, input: ExecInput): Promise<ExecOutput> {
+    const rec = await this.requireRecord(handle);
+    const res = await this.postDaemon(rec, "/_decopilot_vm/bash", {
+      command: input.command,
+      timeout: input.timeoutMs ?? EXEC_DEFAULT_TIMEOUT_MS,
+      cwd: input.cwd,
+      env: input.env,
+    });
+    if (!res.ok) {
+      const body = await res.text().catch(() => "");
+      throw new Error(
+        `freestyle daemon /_decopilot_vm/bash returned ${res.status}${body ? `: ${body}` : ""}`,
+      );
+    }
+    const json = (await res.json()) as {
+      stdout?: string;
+      stderr?: string;
+      exitCode?: number;
+    };
+    return {
+      stdout: json.stdout ?? "",
+      stderr: json.stderr ?? "",
+      exitCode: json.exitCode ?? -1,
+      // Daemon has no timed-out flag; exitCode === -1 is set by kill-on-timeout.
+      timedOut: (json.exitCode ?? 0) === -1,
+    };
+  }
+
+  async delete(handle: string): Promise<void> {
+    const rec = await this.getRecord(handle);
+    this.records.delete(handle);
+    if (rec) {
+      await disposeVm(rec.vmId, "delete");
+      if (this.stateStore) await this.stateStore.delete(rec.id, RUNNER_KIND);
+    } else if (this.stateStore) {
+      await this.stateStore.deleteByHandle(RUNNER_KIND, handle);
+    }
+  }
+
+  /** Freestyle SDK has no cheap status check; small GET is our best signal. */
+  async alive(handle: string): Promise<boolean> {
+    const rec = await this.getRecord(handle);
+    if (!rec) return false;
+    try {
+      const res = await fetch(
+        `https://${rec.previewDomain}/_decopilot_vm/scripts`,
+        {
+          headers: { authorization: `Bearer ${rec.daemonToken}` },
+          signal: AbortSignal.timeout(ALIVE_PROBE_TIMEOUT_MS),
+        },
+      );
+      return res.ok;
+    } catch {
+      return false;
+    }
+  }
+
+  async getPreviewUrl(handle: string): Promise<string | null> {
+    const rec = await this.getRecord(handle);
+    return rec ? `https://${rec.previewDomain}` : null;
+  }
+
+  // Freestyle's setup is end-to-end inside `runner.ensure` (clone, install,
+  // dev start all happen before the SDK call returns). No pre-Ready window
+  // mesh could surface; yield a single `ready` and let the caller proceed
+  // straight to the daemon SSE.
+  async *watchClaimLifecycle(
+    _handle: string,
+    _signal?: AbortSignal,
+  ): AsyncGenerator<ClaimPhase, void, unknown> {
+    yield { kind: "ready" };
+  }
+
+  /**
+   * Translates Docker's canonical `/_daemon/*` to freestyle's `/_decopilot_vm/*`:
+   *   /_daemon/fs/<op>         → /_decopilot_vm/<op>
+   *   /_daemon/bash            → /_decopilot_vm/bash
+   *   /_daemon/_decopilot_vm/… → /_decopilot_vm/… (browser SSE)
+   *   /_daemon/dev/…           → 204 (systemd handles dev on freestyle)
+   * Bodies are base64-encoded to dodge the Cloudflare WAF.
+   */
+  async proxyDaemonRequest(
+    handle: string,
+    path: string,
+    init: ProxyRequestInit,
+  ): Promise<Response> {
+    const rec = await this.getRecord(handle);
+    if (!rec) {
+      return new Response(JSON.stringify({ error: "sandbox not found" }), {
+        status: 404,
+        headers: { "content-type": "application/json" },
+      });
+    }
+    const target = `https://${rec.previewDomain}${path}`;
+    const headers = new Headers(init.headers);
+    // Strip cookies + hop-by-hop, then set our own bearer.
+    for (const h of [
+      "cookie",
+      "host",
+      "connection",
+      "keep-alive",
+      "proxy-authenticate",
+      "proxy-authorization",
+      "te",
+      "trailer",
+      "transfer-encoding",
+      "accept-encoding",
+      "content-length",
+      "authorization",
+    ]) {
+      headers.delete(h);
+    }
+    headers.set("authorization", `Bearer ${rec.daemonToken}`);
+    const hasBody = init.method !== "GET" && init.method !== "HEAD";
+    let body: BodyInit | null = init.body;
+    if (hasBody && body !== null) {
+      // Freestyle daemon's parseJsonBody expects base64 → percent-encoded UTF-8 → JSON.
+      const text =
+        typeof body === "string"
+          ? body
+          : body instanceof Uint8Array
+            ? new TextDecoder().decode(body)
+            : await new Response(body).text();
+      body = encodeBase64Utf8(text);
+      headers.set("content-type", "text/plain");
+    }
+    return fetch(target, {
+      method: init.method,
+      headers,
+      body: hasBody ? body : undefined,
+      redirect: "manual",
+      signal: init.signal,
+      // @ts-expect-error Bun/Undici-only: allow streaming request body.
+      duplex: hasBody ? "half" : undefined,
+    });
+  }
+
+  // ---- Ensure flow ----------------------------------------------------------
+
+  private async ensureLocked(
+    id: SandboxId,
+    opts: EnsureOptions,
+    ops: RunnerStateStoreOps | null,
+  ): Promise<Sandbox> {
+    const log = makePhaseLog(LOG_LABEL);
+    log("ensure start", { userId: id.userId, projectRef: id.projectRef });
+    // 1. State-store resume.
+    if (ops) {
+      const persisted = await ops.get(id, RUNNER_KIND);
+      log("state-store get done", { persisted: !!persisted });
+      if (persisted) {
+        const rec = await this.resume(id, persisted, opts, log);
+        if (rec) {
+          log("ensure ok via=resume", { handle: rec.handle });
+          this.records.set(rec.handle, rec);
+          return this.toSandbox(rec);
+        }
+        await ops.delete(id, RUNNER_KIND);
+        log("resume rejected, falling through to provision");
+      }
+    }
+    // 2. Fresh provision. No adopt path: freestyle has no tag-side lookup.
+    log("provision start");
+    const rec = await this.provision(id, opts, log);
+    this.records.set(rec.handle, rec);
+    await this.persist(ops, rec);
+    log("ensure ok via=provision", { handle: rec.handle });
+    return this.toSandbox(rec);
+  }
+
+  private async provision(
+    id: SandboxId,
+    opts: EnsureOptions,
+    log: PhaseLog,
+  ): Promise<FreestyleRecord> {
+    const repo = opts.repo!;
+    const workload = opts.workload ?? null;
+    const previewDomain = `${this.computeDomainKey(id, repo.branch)}.${this.previewRootDomain}`;
+    const daemonToken = randomBytes(DAEMON_TOKEN_BYTES).toString("hex");
+    const daemonBootId = randomUUID();
+    const spec = this.buildSpec({ repo, workload, daemonToken, daemonBootId });
+    log("spec built", {
+      previewDomain,
+      runtime: workload?.runtime ?? "node",
+      packageManager: workload?.packageManager ?? "(none)",
+      branch: repo.branch ?? "(none)",
+    });
+    let result: { vmId: string };
+    log("freestyle.vms.create start");
+    try {
+      result = await freestyle.vms.create({
+        spec,
+        domains: [{ domain: previewDomain, vmPort: PROXY_PORT }],
+        recreate: true,
+        idleTimeoutSeconds: this.idleTimeoutSeconds,
+      });
+    } catch (err) {
+      log("freestyle.vms.create failed", describeError(err));
+      throw new Error(
+        `[${LOG_LABEL}] vms.create failed for domain=${previewDomain} user=${id.userId} projectRef=${id.projectRef}: ${
+          err instanceof Error ? err.message : String(err)
+        }`,
+      );
+    }
+    log("freestyle.vms.create ok", { vmId: result.vmId });
+    return {
+      id,
+      handle: result.vmId,
+      vmId: result.vmId,
+      previewDomain,
+      workdir: APP_WORKDIR,
+      workload,
+      repo,
+      daemonToken,
+      daemonBootId,
+    };
+  }
+
+  /**
+   * Resume a persisted record: validate the blob, bail on spec divergence,
+   * then boot the VM via `freestyle.vms.ref({vmId, spec}).start()`. Returns
+   * null to trigger purge-and-reprovision in the caller.
+   */
+  private async resume(
+    id: SandboxId,
+    persisted: { handle: string; state: Record<string, unknown> },
+    opts: EnsureOptions,
+    log: PhaseLog,
+  ): Promise<FreestyleRecord | null> {
+    const state = persisted.state as Partial<PersistedFreestyleState>;
+    if (!state.vmId || !state.previewDomain || !state.repo) {
+      log("resume bail: incomplete state");
+      return null;
+    }
+    // Rows persisted before bearer auth landed have no daemonToken. The
+    // running VM's daemon script also predates auth, so a new token wouldn't
+    // match. Dispose the old VM explicitly — idle-timeout would orphan one
+    // VM per stale row, which stacks up and is billed.
+    if (!state.daemonToken) {
+      log("resume bail: no daemonToken; disposing legacy vm", {
+        vmId: state.vmId,
+      });
+      await disposeVm(state.vmId, "resume:no-daemon-token");
+      return null;
+    }
+    // Workload (runtime / packageManager / devPort) is baked into the daemon
+    // script at VM create time — see buildSpec.additionalFiles. When the
+    // caller's workload has diverged, resume would silently keep running the
+    // old PM. Bail so ensure deletes the stale state row and provisions fresh.
+    if (!workloadEquals(opts.workload ?? null, state.workload ?? null)) {
+      console.warn(
+        `[${LOG_LABEL}] resume vm ${state.vmId} skipped: workload changed (persisted=${JSON.stringify(state.workload)} current=${JSON.stringify(opts.workload ?? null)}); will recreate`,
+      );
+      return null;
+    }
+    const workload = opts.workload ?? state.workload ?? null;
+    const daemonBootId = state.daemonBootId ?? randomUUID();
+    const spec = this.buildSpec({
+      repo: state.repo,
+      workload,
+      daemonToken: state.daemonToken,
+      daemonBootId,
+    });
+    log("resume vm.start network call", { vmId: state.vmId });
+    try {
+      const vm = freestyle.vms.ref({ vmId: state.vmId, spec });
+      await vm.start();
+    } catch (err) {
+      log("resume vm.start failed", {
+        vmId: state.vmId,
+        ...describeError(err),
+      });
+      return null;
+    }
+    log("resume vm.start ok", { vmId: state.vmId });
+    return {
+      id,
+      handle: state.vmId,
+      vmId: state.vmId,
+      previewDomain: state.previewDomain,
+      workdir: state.workdir ?? APP_WORKDIR,
+      workload,
+      repo: state.repo,
+      daemonToken: state.daemonToken,
+      daemonBootId,
+    };
+  }
+
+  // ---- Handle resolution (post-restart) -------------------------------------
+
+  private async getRecord(handle: string): Promise<FreestyleRecord | null> {
+    const cached = this.records.get(handle);
+    if (cached) return cached;
+    if (!this.stateStore) return null;
+    const persisted = await this.stateStore.getByHandle(RUNNER_KIND, handle);
+    if (!persisted) return null;
+    const state = persisted.state as Partial<PersistedFreestyleState>;
+    if (!state.vmId || !state.previewDomain || !state.repo) return null;
+    // Pre-auth row (no token) — caller can't talk to the daemon.
+    if (!state.daemonToken) return null;
+    const rec: FreestyleRecord = {
+      id: persisted.id,
+      handle: persisted.handle,
+      vmId: state.vmId,
+      previewDomain: state.previewDomain,
+      workdir: state.workdir ?? APP_WORKDIR,
+      workload: state.workload ?? null,
+      repo: state.repo,
+      daemonToken: state.daemonToken,
+      daemonBootId: state.daemonBootId ?? randomUUID(),
+    };
+    this.records.set(handle, rec);
+    return rec;
+  }
+
+  private async requireRecord(handle: string): Promise<FreestyleRecord> {
+    const rec = await this.getRecord(handle);
+    if (!rec) throw new Error(`unknown freestyle sandbox handle ${handle}`);
+    return rec;
+  }
+
+  // ---- Persistence ----------------------------------------------------------
+
+  private async persist(
+    ops: RunnerStateStoreOps | null,
+    rec: FreestyleRecord,
+  ): Promise<void> {
+    if (!ops) return;
+    const state: PersistedFreestyleState = {
+      vmId: rec.vmId,
+      previewDomain: rec.previewDomain,
+      workdir: rec.workdir,
+      workload: rec.workload,
+      repo: rec.repo,
+      daemonToken: rec.daemonToken,
+      daemonBootId: rec.daemonBootId,
+    };
+    await ops.put(rec.id, RUNNER_KIND, { handle: rec.handle, state });
+  }
+
+  // ---- Helpers --------------------------------------------------------------
+
+  private toSandbox(rec: FreestyleRecord): Sandbox {
+    return {
+      handle: rec.handle,
+      workdir: rec.workdir,
+      previewUrl: `https://${rec.previewDomain}`,
+    };
+  }
+
+  /**
+   * Stable per-(userId, projectRef, branch) domain key. Format:
+   * `<branch-slug>-<hash5>` (or bare hash5 when branch is missing). See
+   * `computeHandle` in the shared package for full format details.
+   */
+  private computeDomainKey(id: SandboxId, branch?: string | null): string {
+    return computeHandle(id, branch);
+  }
+
+  /**
+   * Build a freestyle `VmSpec` from workload + repo. Deterministic — same
+   * inputs always produce an equivalent spec, which keeps create-vs-resume
+   * spec-comparison stable on freestyle's side.
+   */
+  private buildSpec({
+    repo,
+    workload,
+    daemonToken,
+    daemonBootId,
+  }: {
+    repo: NonNullable<EnsureOptions["repo"]>;
+    workload: Workload | null;
+    daemonToken: string;
+    daemonBootId: string;
+  }): VmSpec {
+    const runtime = workload?.runtime ?? "node";
+    const packageManager = workload?.packageManager ?? null;
+    const devPort = String(workload?.devPort ?? 3000);
+    const repoLabel = repo.displayName ?? deriveRepoLabel(repo.cloneUrl);
+
+    const baseSpec = new VmSpec()
+      .with("node", new VmNodeJs())
+      .with("js", new VmBun())
+      .additionalFiles({
+        "/opt/sandbox-daemon/daemon.js": { content: DAEMON_BUNDLE_CONTENT },
+        "/opt/sandbox-daemon/run.sh": {
+          // Source nvm so node + corepack are on PATH for child processes
+          // (corepack enable is needed before bun install / pnpm install /
+          // yarn install; npm projects need node itself). Bun is the daemon
+          // runtime but child processes inherit whatever PATH we set here.
+          content:
+            "#!/bin/bash\nsource /etc/profile.d/nvm.sh 2>/dev/null || true\nexec /opt/bun/bin/bun /opt/sandbox-daemon/daemon.js\n",
+        },
+        "/opt/install-ripgrep.sh": {
+          content:
+            "#!/bin/bash\napt-get update -qq && apt-get install -y -qq ripgrep locales && sed -i 's/^#\\s*en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && locale-gen\n",
+        },
+        "/opt/prepare-app-dir.sh": {
+          content:
+            "#!/bin/bash\nid -u deco &>/dev/null || useradd -m -u 1000 deco\nmkdir -p /app && chown deco:deco /app\n",
+        },
+      })
+      .systemdService({
+        name: "install-ripgrep",
+        mode: "oneshot",
+        exec: ["/bin/bash /opt/install-ripgrep.sh"],
+        wantedBy: ["multi-user.target"],
+      })
+      .systemdService({
+        name: "prepare-app-dir",
+        mode: "oneshot",
+        exec: ["/bin/bash /opt/prepare-app-dir.sh"],
+        wantedBy: ["multi-user.target"],
+      })
+      .systemdService({
+        name: "daemon",
+        mode: "service",
+        exec: ["/bin/bash /opt/sandbox-daemon/run.sh"],
+        after: [
+          "install-nodejs.service",
+          "install-bun.service",
+          "install-ripgrep.service",
+          "prepare-app-dir.service",
+        ],
+        requires: [
+          "install-nodejs.service",
+          "install-bun.service",
+          "install-ripgrep.service",
+          "prepare-app-dir.service",
+        ],
+        wantedBy: ["multi-user.target"],
+        restartPolicy: { policy: "always", restartSec: 2 },
+        env: {
+          DAEMON_TOKEN: daemonToken,
+          DAEMON_BOOT_ID: daemonBootId,
+          CLONE_URL: repo.cloneUrl,
+          REPO_NAME: repoLabel,
+          BRANCH: repo.branch ?? "",
+          GIT_USER_NAME: repo.userName,
+          GIT_USER_EMAIL: repo.userEmail,
+          PACKAGE_MANAGER: packageManager ?? "",
+          DEV_PORT: devPort,
+          RUNTIME: runtime,
+          APP_ROOT: APP_WORKDIR,
+          PROXY_PORT: String(PROXY_PORT),
+          DAEMON_DROP_PRIVILEGES: "1",
+          // Auto-start when a workload is set; tool sandboxes (no workload)
+          // never reach this branch because the freestyle runner only
+          // attaches the daemon when there's a repo to clone.
+          INTENT: "running",
+        },
+      });
+
+    return runtime === "deno" ? baseSpec.with("deno", new VmDeno()) : baseSpec;
+  }
+
+  /** Same base64 scheme as `proxyDaemonRequest` — parity with exec path. */
+  private async postDaemon(
+    rec: FreestyleRecord,
+    path: string,
+    body: Record<string, unknown>,
+  ): Promise<Response> {
+    const url = `https://${rec.previewDomain}${path}`;
+    const encoded = encodeBase64Utf8(JSON.stringify(body));
+    return fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "text/plain",
+        authorization: `Bearer ${rec.daemonToken}`,
+      },
+      body: encoded,
+    });
+  }
+}
+
+// ---- Helpers ----------------------------------------------------------------
+
+/** stop() + delete() a VM; timebound + errors logged, not thrown. */
+async function disposeVm(vmId: string, reason: string): Promise<void> {
+  try {
+    const vm = freestyle.vms.ref({ vmId });
+    await Promise.race([
+      vm.stop().then(() => vm.delete()),
+      new Promise((_, reject) =>
+        setTimeout(
+          () => reject(new Error("freestyle vm.delete() timed out")),
+          DISPOSE_TIMEOUT_MS,
+        ),
+      ),
+    ]);
+  } catch (err) {
+    console.error(
+      `[${LOG_LABEL}] dispose vm ${vmId} (${reason}) failed: ${
+        err instanceof Error ? err.message : String(err)
+      }`,
+    );
+  }
+}
+
+function workloadEquals(a: Workload | null, b: Workload | null): boolean {
+  if (a === b) return true;
+  if (!a || !b) return false;
+  return (
+    a.runtime === b.runtime &&
+    a.packageManager === b.packageManager &&
+    a.devPort === b.devPort
+  );
+}
+
+/** Mirrors the decode path in the daemon's `parseJsonBody`. */
+function encodeBase64Utf8(text: string): string {
+  return btoa(
+    encodeURIComponent(text).replace(/%([0-9A-F]{2})/g, (_, p1) =>
+      String.fromCharCode(parseInt(p1, 16)),
+    ),
+  );
+}
diff --git a/packages/sandbox/server/runner/host/daemon-asset.ts b/packages/sandbox/server/runner/host/daemon-asset.ts
new file mode 100644
index 0000000000..7b197abe3d
--- /dev/null
+++ b/packages/sandbox/server/runner/host/daemon-asset.ts
@@ -0,0 +1,21 @@
+/**
+ * Embeds the prebuilt sandbox daemon bundle as a string at build time.
+ *
+ * Isolated in its own file so `host/runner.ts` can `await import()` it
+ * lazily — that way tests using the `_spawn` test seam never trigger the
+ * text-import resolution and don't require `daemon/dist/daemon.js` to
+ * exist on disk.
+ *
+ * In production (bundled `server.js`), `bun build` inlines the daemon
+ * bytes here so no asset has to ship alongside the bundle. The host
+ * runner writes these bytes to disk on first spawn and points
+ * `bun run` at the materialized file — see `host/runner.ts`.
+ */
+
+// @ts-expect-error - Bun-specific text loader attribute; TS resolves the
+// underlying .js file and doesn't model `with { type: "text" }`.
+import _daemonBundle from "../../../daemon/dist/daemon.js" with {
+  type: "text",
+};
+
+export const DAEMON_BUNDLE: string = _daemonBundle;
diff --git a/packages/sandbox/server/runner/host/index.ts b/packages/sandbox/server/runner/host/index.ts
new file mode 100644
index 0000000000..7904c69988
--- /dev/null
+++ b/packages/sandbox/server/runner/host/index.ts
@@ -0,0 +1,2 @@
+export { HostSandboxRunner } from "./runner";
+export type { HostRunnerOptions } from "./runner";
diff --git a/packages/sandbox/server/runner/host/runner.test.ts b/packages/sandbox/server/runner/host/runner.test.ts
new file mode 100644
index 0000000000..46f47cf4dd
--- /dev/null
+++ b/packages/sandbox/server/runner/host/runner.test.ts
@@ -0,0 +1,434 @@
+import { afterEach, beforeEach, describe, expect, it, mock } from "bun:test";
+import { mkdtemp, rm } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { HostSandboxRunner } from "./runner";
+import type { RunnerStateStore } from "../state-store";
+
+function makeStore(): RunnerStateStore {
+  const byKey = new Map<string, unknown>();
+  const byHandle = new Map<string, unknown>();
+  return {
+    async get(id, kind) {
+      return (
+        (byKey.get(`${kind}:${id.userId}:${id.projectRef}`) as
+          | { handle: string; state: Record<string, unknown>; updatedAt: Date }
+          | undefined) ?? null
+      );
+    },
+    async getByHandle(kind, handle) {
+      // biome-ignore lint/suspicious/noExplicitAny: test mock
+      return (byHandle.get(`${kind}:${handle}`) as any) ?? null;
+    },
+    async put(id, kind, entry) {
+      const key = `${kind}:${id.userId}:${id.projectRef}`;
+      const rec = {
+        handle: entry.handle,
+        state: entry.state,
+        updatedAt: new Date(),
+        id,
+      };
+      byKey.set(key, rec);
+      byHandle.set(`${kind}:${entry.handle}`, rec);
+    },
+    async delete(id, kind) {
+      const key = `${kind}:${id.userId}:${id.projectRef}`;
+      const rec = byKey.get(key) as { handle: string } | undefined;
+      byKey.delete(key);
+      if (rec) byHandle.delete(`${kind}:${rec.handle}`);
+    },
+    async deleteByHandle(kind, handle) {
+      byHandle.delete(`${kind}:${handle}`);
+    },
+    async withLock(_id, _kind, fn) {
+      return fn(this);
+    },
+  };
+}
+
+describe("HostSandboxRunner.ensure provisioning", () => {
+  let homeDir: string;
+  beforeEach(async () => {
+    homeDir = await mkdtemp(join(tmpdir(), "host-runner-"));
+  });
+  afterEach(async () => {
+    await rm(homeDir, { recursive: true, force: true });
+  });
+
+  it("spawns the daemon, probes /health, POSTs config, and persists", async () => {
+    let probeCount = 0;
+    const fakeSpawn = mock(
+      async (_args: {
+        workdir: string;
+        env: Record<string, string>;
+        daemonPort: number;
+      }) => ({
+        pid: 4242,
+        kill: () => true,
+      }),
+    );
+    const fakeProbe = mock(async (_url: string) => {
+      probeCount++;
+      if (probeCount === 1) return null;
+      return {
+        ready: true,
+        bootId: "boot-from-daemon",
+        configured: false,
+        setup: { running: false, done: true },
+      };
+    });
+    const fakePostConfig = mock(
+      async (_url: string, _token: string, _payload: unknown) => ({
+        bootId: "boot-from-daemon",
+        transition: "first-bootstrap",
+        // biome-ignore lint/suspicious/noExplicitAny: test mock
+        config: _payload as any,
+      }),
+    );
+
+    const runner = new HostSandboxRunner({
+      homeDir,
+      stateStore: makeStore(),
+      _spawn: fakeSpawn,
+      _probe: fakeProbe,
+      _postConfig: fakePostConfig,
+    });
+
+    const sandbox = await runner.ensure(
+      { userId: "u1", projectRef: "vmcp:1:branch:main" },
+      {
+        repo: {
+          cloneUrl: "https://example.com/x.git",
+          userName: "u",
+          userEmail: "u@x",
+          branch: "main",
+        },
+      },
+    );
+
+    expect(sandbox.handle).toMatch(/^[a-z0-9-]+$/);
+    expect(sandbox.workdir).toBe(join(homeDir, "sandboxes", sandbox.handle));
+    expect(sandbox.previewUrl).toMatch(/^http:\/\/[a-z0-9-]+\.localhost:\d+\//);
+    expect(fakeSpawn).toHaveBeenCalledTimes(1);
+    expect(probeCount).toBeGreaterThanOrEqual(2);
+
+    const spawnArgs = fakeSpawn.mock.calls[0][0];
+    expect(spawnArgs.env.DAEMON_TOKEN).toMatch(/^[0-9a-f]{48}$/);
+    expect(spawnArgs.env.DAEMON_BOOT_ID).toBeTruthy();
+    expect(spawnArgs.env.APP_ROOT).toBe(sandbox.workdir);
+    expect(spawnArgs.env.PROXY_PORT).toBe(String(spawnArgs.daemonPort));
+    // Config now lives at <workdir>/config.json; no separate DAEMON_CONFIG_DIR.
+    expect(spawnArgs.env.DAEMON_CONFIG_DIR).toBeUndefined();
+    expect(spawnArgs.env.CLONE_URL).toBeUndefined();
+    expect(spawnArgs.env.BRANCH).toBeUndefined();
+    expect(spawnArgs.env.RUNTIME).toBeUndefined();
+    expect(spawnArgs.env.PORT).toMatch(/^\d+$/);
+    expect(Number(spawnArgs.env.PORT)).toBeGreaterThan(0);
+    expect(spawnArgs.env.SANDBOX_INGRESS_PORT).toMatch(/^\d+$/);
+
+    // config was POSTed with the new TenantConfig shape.
+    expect(fakePostConfig).toHaveBeenCalledTimes(1);
+    const callArgs = fakePostConfig.mock.calls[0] as [
+      string,
+      string,
+      {
+        git?: {
+          repository: { cloneUrl: string; branch?: string };
+          identity: { userName: string; userEmail: string };
+        };
+        application?: {
+          runtime: string;
+          packageManager: { name: string };
+          intent: string;
+        };
+      },
+    ];
+    const [configUrl, _configToken, configPayload] = callArgs;
+    expect(configUrl).toBe(`http://127.0.0.1:${spawnArgs.daemonPort}`);
+    expect(configPayload.git?.repository?.cloneUrl).toBe(
+      "https://example.com/x.git",
+    );
+    expect(configPayload.git?.repository?.branch).toBe("main");
+    expect(configPayload.git?.identity?.userName).toBe("u");
+  });
+
+  it("returns the cached sandbox on a second ensure() call", async () => {
+    const fakeSpawn = mock(async () => ({ pid: 5000, kill: () => true }));
+    const fakeProbe = mock(async () => ({
+      ready: true,
+      bootId: "b",
+      configured: true,
+      setup: { running: false, done: true },
+    }));
+    const fakePostConfig = mock(async () => ({
+      bootId: "b",
+      transition: "first-bootstrap",
+      config: {} as never,
+    }));
+
+    const runner = new HostSandboxRunner({
+      homeDir,
+      stateStore: makeStore(),
+      _spawn: fakeSpawn,
+      _probe: fakeProbe,
+      _postConfig: fakePostConfig,
+      _isAlive: (pid) => pid === 5000,
+    });
+
+    const id = { userId: "u2", projectRef: "vmcp:2:branch:dev" };
+    const opts = {
+      repo: {
+        cloneUrl: "https://example.com/y.git",
+        userName: "u",
+        userEmail: "u@x",
+        branch: "dev",
+      },
+    };
+
+    const a = await runner.ensure(id, opts);
+    const b = await runner.ensure(id, opts);
+
+    expect(a.handle).toBe(b.handle);
+    expect(fakeSpawn).toHaveBeenCalledTimes(1);
+  });
+});
+
+describe("HostSandboxRunner.ensure rehydration", () => {
+  let homeDir: string;
+  beforeEach(async () => {
+    homeDir = await mkdtemp(join(tmpdir(), "host-runner-rehydrate-"));
+  });
+  afterEach(async () => {
+    await rm(homeDir, { recursive: true, force: true });
+  });
+
+  it("returns the previously-provisioned record when /health still answers", async () => {
+    const store = makeStore();
+    const id = { userId: "u1", projectRef: "vmcp:1:branch:main" };
+
+    const handle = "deadbe-abcde";
+    await store.put(id, "host", {
+      handle,
+      state: {
+        pid: process.pid,
+        daemonPort: 12345,
+        daemonUrl: "http://127.0.0.1:12345",
+        workdir: join(homeDir, "sandboxes", handle),
+        token: "t".repeat(48),
+        bootId: "old-boot",
+      },
+    });
+
+    const fakeProbe = mock(async () => ({
+      ready: true,
+      bootId: "old-boot",
+      configured: true,
+      setup: { running: false, done: true },
+    }));
+    const fakeSpawn = mock(async () => {
+      throw new Error("should not be called on rehydrate");
+    });
+
+    const runner = new HostSandboxRunner({
+      homeDir,
+      stateStore: store,
+      _spawn: fakeSpawn,
+      _probe: fakeProbe,
+      _isAlive: (pid) => pid === process.pid,
+    });
+
+    const port = await runner.resolveDaemonPort(handle);
+    expect(port).toBe(12345);
+    expect(fakeProbe).toHaveBeenCalled();
+    expect(fakeSpawn).not.toHaveBeenCalled();
+  });
+
+  it("returns null and purges state when the persisted PID is dead", async () => {
+    const store = makeStore();
+    const id = { userId: "u1", projectRef: "vmcp:1:branch:dead" };
+    const handle = "deadpid-abcde";
+
+    await store.put(id, "host", {
+      handle,
+      state: {
+        pid: 999_999_999,
+        daemonPort: 12345,
+        daemonUrl: "http://127.0.0.1:12345",
+        workdir: join(homeDir, "sandboxes", handle),
+        token: "t".repeat(48),
+        bootId: "old-boot",
+      },
+    });
+
+    const fakeProbe = mock(async () => ({
+      ready: true,
+      bootId: "x",
+      configured: true,
+      setup: { running: false, done: true },
+    }));
+
+    const runner = new HostSandboxRunner({
+      homeDir,
+      stateStore: store,
+      _spawn: mock(async () => ({ pid: 1234, kill: () => true })),
+      _probe: fakeProbe,
+      _isAlive: () => false,
+    });
+
+    const port = await runner.resolveDaemonPort(handle);
+    expect(port).toBeNull();
+    expect(fakeProbe).not.toHaveBeenCalled();
+  });
+
+  it("returns null when /health does not respond", async () => {
+    const store = makeStore();
+    const id = { userId: "u1", projectRef: "vmcp:1:branch:nohealth" };
+    const handle = "noheal-abcde";
+
+    await store.put(id, "host", {
+      handle,
+      state: {
+        pid: process.pid,
+        daemonPort: 12345,
+        daemonUrl: "http://127.0.0.1:12345",
+        workdir: join(homeDir, "sandboxes", handle),
+        token: "t".repeat(48),
+        bootId: "old-boot",
+      },
+    });
+
+    const fakeProbe = mock(async () => null);
+
+    const runner = new HostSandboxRunner({
+      homeDir,
+      stateStore: store,
+      _spawn: mock(async () => ({ pid: 1234, kill: () => true })),
+      _probe: fakeProbe,
+      _isAlive: (pid) => pid === process.pid,
+    });
+
+    const port = await runner.resolveDaemonPort(handle);
+    expect(port).toBeNull();
+    expect(fakeProbe).toHaveBeenCalled();
+  });
+});
+
+describe("HostSandboxRunner.delete", () => {
+  let homeDir: string;
+  beforeEach(async () => {
+    homeDir = await mkdtemp(join(tmpdir(), "host-runner-delete-"));
+  });
+  afterEach(async () => {
+    await rm(homeDir, { recursive: true, force: true });
+  });
+
+  it("kills the daemon, removes the workdir, and clears state-store entry", async () => {
+    const store = makeStore();
+    const id = { userId: "u1", projectRef: "vmcp:1:branch:main" };
+
+    const killed: { signal: NodeJS.Signals }[] = [];
+    let aliveCount = 0;
+    const fakeSpawn = mock(async () => ({ pid: 99999, kill: () => true }));
+    const fakeProbe = mock(async () => ({
+      ready: true,
+      bootId: "boot",
+      configured: true,
+      setup: { running: false, done: true },
+    }));
+    const fakePostConfig = mock(async () => ({
+      bootId: "boot",
+      transition: "first-bootstrap",
+      config: {} as never,
+    }));
+
+    const runner = new HostSandboxRunner({
+      homeDir,
+      stateStore: store,
+      _spawn: fakeSpawn,
+      _probe: fakeProbe,
+      _postConfig: fakePostConfig,
+      _kill: (_pid, signal) => killed.push({ signal }),
+      _isAlive: () => {
+        aliveCount++;
+        return aliveCount === 1;
+      },
+    });
+
+    const sandbox = await runner.ensure(id, {
+      repo: {
+        cloneUrl: "https://example.com/x.git",
+        userName: "u",
+        userEmail: "u@x",
+        branch: "main",
+      },
+    });
+
+    const { existsSync } = await import("node:fs");
+    expect(existsSync(join(homeDir, "sandboxes"))).toBe(true);
+
+    await runner.delete(sandbox.handle);
+
+    expect(killed.length).toBeGreaterThanOrEqual(1);
+    expect(killed[0].signal).toBe("SIGTERM");
+    expect(existsSync(sandbox.workdir)).toBe(false);
+    expect(await store.getByHandle("host", sandbox.handle)).toBeNull();
+  });
+
+  it("escalates to SIGKILL when the daemon ignores SIGTERM", async () => {
+    const store = makeStore();
+    const id = { userId: "u1", projectRef: "vmcp:1:branch:zombie" };
+
+    const killed: NodeJS.Signals[] = [];
+    const fakeSpawn = mock(async () => ({ pid: 88888, kill: () => true }));
+    const fakeProbe = mock(async () => ({
+      ready: true,
+      bootId: "b",
+      configured: true,
+      setup: { running: false, done: true },
+    }));
+    const fakePostConfig = mock(async () => ({
+      bootId: "b",
+      transition: "first-bootstrap",
+      config: {} as never,
+    }));
+
+    const runner = new HostSandboxRunner({
+      homeDir,
+      stateStore: store,
+      _spawn: fakeSpawn,
+      _probe: fakeProbe,
+      _postConfig: fakePostConfig,
+      _kill: (_pid, signal) => killed.push(signal),
+      _isAlive: () => true,
+    });
+
+    const sandbox = await runner.ensure(id, {
+      repo: {
+        cloneUrl: "https://example.com/y.git",
+        userName: "u",
+        userEmail: "u@x",
+        branch: "zombie",
+      },
+    });
+
+    await runner.delete(sandbox.handle);
+
+    expect(killed).toContain("SIGTERM");
+    expect(killed).toContain("SIGKILL");
+  });
+
+  it("is a no-op for an unknown handle (no throw, no work)", async () => {
+    const runner = new HostSandboxRunner({
+      homeDir,
+      stateStore: makeStore(),
+      _spawn: mock(async () => ({ pid: 0, kill: () => true })),
+      _probe: mock(async () => null),
+      _kill: () => {
+        throw new Error("should not be called");
+      },
+      _isAlive: () => false,
+    });
+
+    await runner.delete("does-not-exist");
+  });
+});
diff --git a/packages/sandbox/server/runner/host/runner.ts b/packages/sandbox/server/runner/host/runner.ts
new file mode 100644
index 0000000000..72ff0c01f1
--- /dev/null
+++ b/packages/sandbox/server/runner/host/runner.ts
@@ -0,0 +1,596 @@
+/**
+ * Host sandbox runner — local dev / single-tenant self-host.
+ *
+ * Spawns the same Bun-based daemon as Docker but as a host child process,
+ * with the workdir at `${homeDir}/sandboxes/<handle>/`. When `opts.repo` is
+ * set, the daemon clones cloneUrl@branch into that workdir during setup;
+ * otherwise the workdir stays empty and the daemon skips clone/install/
+ * autostart. The local ingress (`startLocalSandboxIngress`) routes
+ * `<handle>.localhost:7070` to the daemon's host-side TCP port.
+ *
+ * Hardening (read-only rootfs, dropped caps, memory limits) is intentionally
+ * absent — the daemon runs in the user's trust boundary.
+ */
+
+import { createHash, randomBytes, randomUUID } from "node:crypto";
+import { existsSync } from "node:fs";
+import { mkdir, rename, rm, writeFile } from "node:fs/promises";
+import { createServer } from "node:net";
+import { join, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+import {
+  postConfig,
+  probeDaemonHealth,
+  proxyDaemonRequest,
+  daemonBash,
+} from "../../daemon-client";
+import type { ConfigResponse, DaemonHealth } from "../../daemon-client";
+import {
+  applyPreviewPattern,
+  buildConfigPayload,
+  computeHandle,
+} from "../shared";
+import type { RunnerStateStore } from "../state-store";
+import type {
+  EnsureOptions,
+  ExecInput,
+  ExecOutput,
+  ProxyRequestInit,
+  Sandbox,
+  SandboxId,
+  SandboxRunner,
+} from "../types";
+import type { ClaimPhase } from "../lifecycle-types";
+import type { TenantConfig } from "../../../daemon/types";
+
+const RUNNER_KIND = "host" as const;
+const READY_TIMEOUT_MS = 30_000;
+const READY_INTERVAL_MS = 250;
+const STOP_GRACE_MS = 2_000;
+
+type DaemonProcess = {
+  pid: number;
+  kill: (signal?: NodeJS.Signals | number) => boolean;
+};
+type SpawnFn = (args: {
+  workdir: string;
+  env: Record<string, string>;
+  daemonPort: number;
+}) => Promise<DaemonProcess>;
+type HealthProbeFn = (daemonUrl: string) => Promise<DaemonHealth | null>;
+type PostConfigFn = (
+  daemonUrl: string,
+  token: string,
+  payload: Partial<TenantConfig>,
+) => Promise<ConfigResponse>;
+type KillFn = (pid: number, signal: NodeJS.Signals) => void;
+type IsAliveFn = (pid: number) => boolean;
+
+export interface HostRunnerOptions {
+  /** Root data directory; usually `settings.home` (i.e. DATA_DIR). */
+  homeDir: string;
+  stateStore?: RunnerStateStore;
+  /** Override preview URL pattern (matches DockerRunnerOptions semantics). */
+  previewUrlPattern?: string;
+  /** @internal test seam */
+  _spawn?: SpawnFn;
+  /** @internal test seam */
+  _probe?: HealthProbeFn;
+  /** @internal test seam */
+  _postConfig?: PostConfigFn;
+  /** @internal test seam */
+  _kill?: KillFn;
+  /** @internal test seam */
+  _isAlive?: IsAliveFn;
+}
+
+interface HostRecord {
+  id: SandboxId;
+  handle: string;
+  pid: number;
+  daemonPort: number;
+  daemonUrl: string;
+  workdir: string;
+  token: string;
+  bootId: string;
+}
+
+interface PersistedHostState {
+  pid: number;
+  daemonPort: number;
+  daemonUrl: string;
+  workdir: string;
+  token: string;
+  bootId: string;
+}
+
+export class HostSandboxRunner implements SandboxRunner {
+  readonly kind = RUNNER_KIND;
+
+  private readonly records = new Map<string, HostRecord>();
+  private readonly homeDir: string;
+  private readonly stateStore: RunnerStateStore | null;
+  private readonly previewUrlPattern: string | null;
+  private readonly spawnFn: SpawnFn;
+  private readonly probeFn: HealthProbeFn;
+  private readonly postConfigFn: PostConfigFn;
+  private readonly killFn: KillFn;
+  private readonly isAliveFn: IsAliveFn;
+
+  constructor(opts: HostRunnerOptions) {
+    if (!opts.homeDir) {
+      throw new Error("HostSandboxRunner requires a homeDir (DATA_DIR)");
+    }
+    this.homeDir = opts.homeDir;
+    this.stateStore = opts.stateStore ?? null;
+    this.previewUrlPattern = opts.previewUrlPattern ?? null;
+    this.spawnFn = opts._spawn ?? createDefaultSpawn(this.homeDir);
+    this.probeFn = opts._probe ?? probeDaemonHealth;
+    this.postConfigFn = opts._postConfig ?? postConfig;
+    this.killFn = opts._kill ?? ((pid, sig) => process.kill(pid, sig));
+    this.isAliveFn = opts._isAlive ?? isPidAlive;
+  }
+
+  // ---- SandboxRunner surface ------------------------------------------------
+
+  async ensure(id: SandboxId, opts: EnsureOptions = {}): Promise<Sandbox> {
+    const handle = computeHandle(id, opts.repo?.branch);
+
+    // 1. In-memory cache hit?
+    const cached = this.records.get(handle);
+    if (cached && this.isAliveFn(cached.pid)) return this.toSandbox(cached);
+
+    // 2. State-store resume.
+    if (this.stateStore) {
+      const persisted = await this.stateStore.getByHandle(RUNNER_KIND, handle);
+      if (persisted) {
+        const rec = await this.rehydrate(persisted.id, persisted);
+        if (rec) {
+          this.records.set(handle, rec);
+          return this.toSandbox(rec);
+        }
+        await this.stateStore
+          .deleteByHandle(RUNNER_KIND, handle)
+          .catch(() => undefined);
+      }
+    }
+
+    // 3. Fresh provision.
+    const workdir = this.workdirFor(handle);
+    // Pre-create the workspace root so the daemon (and bash routes) have
+    // a valid cwd before clone runs. The daemon clones into `<workdir>/app`,
+    // not `<workdir>` itself, so a pre-created workspace dir doesn't trip
+    // git's "destination already exists" check.
+    await mkdir(workdir, { recursive: true });
+
+    const token = randomBytes(24).toString("hex");
+    const bootId = randomUUID();
+    const daemonPort = await preallocatePort();
+    const daemonUrl = `http://127.0.0.1:${daemonPort}`;
+    const devPort = await preallocatePort();
+    const ingressPort = await preallocatePort();
+
+    const env = buildDaemonEnv({
+      token,
+      bootId,
+      workdir,
+      daemonPort,
+      devPort,
+      ingressPort,
+      extraEnv: opts.env,
+    });
+    const configPayload = buildConfigPayload({
+      runtime: opts.workload?.runtime ?? "bun",
+      packageManager: opts.workload?.packageManager
+        ? {
+            name: opts.workload.packageManager,
+            ...(opts.workload.packageManagerPath
+              ? { path: opts.workload.packageManagerPath }
+              : {}),
+          }
+        : null,
+      repo: opts.repo ?? null,
+      port: opts.workload?.devPort ?? devPort,
+    });
+
+    const proc = await this.spawnFn({ workdir, env, daemonPort });
+    try {
+      await this.waitForDaemon(daemonUrl);
+      if (configPayload) {
+        await this.postConfigFn(daemonUrl, token, configPayload);
+      }
+    } catch (err) {
+      // Daemon never came up (or rejected the bootstrap) — kill it so we don't
+      // leak the child process or pin daemonPort. The deterministic workdir is
+      // left in place; a retry will reuse it.
+      try {
+        proc.kill("SIGKILL");
+      } catch {
+        /* already gone */
+      }
+      throw err;
+    }
+
+    const rec: HostRecord = {
+      id,
+      handle,
+      pid: proc.pid,
+      daemonPort,
+      daemonUrl,
+      workdir,
+      token,
+      bootId,
+    };
+    this.records.set(handle, rec);
+
+    if (this.stateStore) {
+      const state = {
+        pid: rec.pid,
+        daemonPort: rec.daemonPort,
+        daemonUrl: rec.daemonUrl,
+        workdir: rec.workdir,
+        token: rec.token,
+        bootId: rec.bootId,
+      } as PersistedHostState as unknown as Record<string, unknown>;
+      await this.stateStore.put(id, RUNNER_KIND, { handle, state });
+    }
+    return this.toSandbox(rec);
+  }
+
+  /**
+   * Match docker's `waitForDaemonReady` semantics: return as soon as `/health`
+   * responds with a valid shape, even if `health.ready === false`. The prior
+   * code waited for `ready === true`, which only flips after the daemon's
+   * upstream probe finds the user's dev server listening — i.e. clone +
+   * install + autoStartDev all complete. That gating blocked VM_START until
+   * the dev server was up, kept the SSE proxy from connecting in the
+   * meantime, and made the frontend look frozen for the entire setup window
+   * before flushing a flood of replayed logs. Dev-server-ready is still
+   * observable via the daemon's `status` SSE events.
+   *
+   * Inlined (vs. calling `waitForDaemonReady` directly) so `_probe` test
+   * seam still drives the loop.
+   */
+  private async waitForDaemon(daemonUrl: string): Promise<void> {
+    const deadline = Date.now() + READY_TIMEOUT_MS;
+    while (Date.now() < deadline) {
+      const health = await this.probeFn(daemonUrl);
+      if (health) return;
+      await new Promise((r) => setTimeout(r, READY_INTERVAL_MS));
+    }
+    throw new Error(`daemon at ${daemonUrl} never reported healthy`);
+  }
+
+  async exec(handle: string, input: ExecInput): Promise<ExecOutput> {
+    const rec = await this.requireRecord(handle);
+    return daemonBash(rec.daemonUrl, rec.token, input);
+  }
+
+  async delete(handle: string): Promise<void> {
+    const rec = await this.getRecord(handle);
+    this.records.delete(handle);
+
+    if (rec) {
+      if (this.isAliveFn(rec.pid)) {
+        try {
+          this.killFn(rec.pid, "SIGTERM");
+        } catch {
+          /* already gone */
+        }
+        const deadline = Date.now() + STOP_GRACE_MS;
+        while (Date.now() < deadline) {
+          if (!this.isAliveFn(rec.pid)) break;
+          await new Promise((r) => setTimeout(r, 50));
+        }
+        if (this.isAliveFn(rec.pid)) {
+          try {
+            this.killFn(rec.pid, "SIGKILL");
+          } catch {
+            /* ignore */
+          }
+        }
+      }
+      await rm(rec.workdir, { recursive: true, force: true }).catch((err) =>
+        console.warn(
+          `[HostSandboxRunner] rm workdir(${handle}) failed:`,
+          err instanceof Error ? err.message : String(err),
+        ),
+      );
+    }
+
+    if (this.stateStore) {
+      if (rec) await this.stateStore.delete(rec.id, RUNNER_KIND);
+      else await this.stateStore.deleteByHandle(RUNNER_KIND, handle);
+    }
+  }
+
+  async alive(handle: string): Promise<boolean> {
+    // Use getRecord (which rehydrates from the state-store on cold mesh
+    // boot) so the answer is honest regardless of in-memory cache state.
+    // Without this, a fresh mesh process with a still-running daemon would
+    // report alive=false and the SSE's stale-handle probe would emit a
+    // spurious `gone` event before VM_START got a chance to rehydrate.
+    const rec = await this.getRecord(handle);
+    if (!rec) return false;
+    return this.isAliveFn(rec.pid);
+  }
+
+  // No pre-Ready window worth surfacing: VM_START's `runner.ensure` blocks
+  // until the daemon's HTTP server is up (typically <1s on host). Yield a
+  // single `ready` and let the caller proceed straight to the daemon SSE.
+  // Generator returns immediately even if `signal` aborts later — there's
+  // nothing to clean up on the host side.
+  async *watchClaimLifecycle(
+    _handle: string,
+    _signal?: AbortSignal,
+  ): AsyncGenerator<ClaimPhase, void, unknown> {
+    yield { kind: "ready" };
+  }
+
+  async getPreviewUrl(handle: string): Promise<string | null> {
+    const rec = await this.getRecord(handle);
+    return rec ? this.composePreviewUrl(rec) : null;
+  }
+
+  async proxyDaemonRequest(
+    handle: string,
+    path: string,
+    init: ProxyRequestInit,
+  ): Promise<Response> {
+    const rec = await this.getRecord(handle);
+    if (!rec) {
+      return new Response(JSON.stringify({ error: "sandbox not found" }), {
+        status: 404,
+        headers: { "content-type": "application/json" },
+      });
+    }
+    return proxyDaemonRequest(rec.daemonUrl, rec.token, path, init);
+  }
+
+  // ---- Public host-only surface ---------------------------------------------
+
+  /** Used by the local ingress to map handle → daemon TCP port. */
+  async resolveDaemonPort(handle: string): Promise<number | null> {
+    const rec = await this.getRecord(handle);
+    return rec?.daemonPort ?? null;
+  }
+
+  /**
+   * Host-side absolute path of the per-branch clone. Used by stream-core to
+   * set `cwd` on the Claude Code adapter so it edits the right files. Null
+   * for unknown handles — caller falls back to `process.cwd()`.
+   */
+  async localWorkdir(handle: string): Promise<string | null> {
+    const rec = await this.getRecord(handle);
+    return rec?.workdir ?? null;
+  }
+
+  // ---- Internal helpers ------------------------------------------------------
+
+  private workdirFor(handle: string): string {
+    return join(this.homeDir, "sandboxes", handle);
+  }
+
+  private composePreviewUrl(rec: HostRecord): string {
+    if (this.previewUrlPattern) {
+      return applyPreviewPattern(this.previewUrlPattern, rec.handle);
+    }
+    const envRoot = process.env.SANDBOX_ROOT_URL;
+    if (envRoot) return applyPreviewPattern(envRoot, rec.handle);
+    const ingressPort = Number(process.env.SANDBOX_INGRESS_PORT ?? 7070);
+    return `http://${rec.handle}.localhost:${ingressPort}/`;
+  }
+
+  private toSandbox(rec: HostRecord): Sandbox {
+    return {
+      handle: rec.handle,
+      workdir: rec.workdir,
+      previewUrl: this.composePreviewUrl(rec),
+    };
+  }
+
+  private async getRecord(handle: string): Promise<HostRecord | null> {
+    const cached = this.records.get(handle);
+    if (cached) return cached;
+    if (!this.stateStore) return null;
+    const persisted = await this.stateStore.getByHandle(RUNNER_KIND, handle);
+    if (!persisted) return null;
+    const rec = await this.rehydrate(persisted.id, persisted);
+    if (rec) this.records.set(handle, rec);
+    return rec;
+  }
+
+  private async requireRecord(handle: string): Promise<HostRecord> {
+    const rec = await this.getRecord(handle);
+    if (!rec) throw new Error(`unknown sandbox handle ${handle}`);
+    return rec;
+  }
+
+  private async rehydrate(
+    id: SandboxId,
+    persisted: { handle: string; state: Record<string, unknown> },
+  ): Promise<HostRecord | null> {
+    const state = persisted.state as Partial<PersistedHostState>;
+    if (
+      typeof state.pid !== "number" ||
+      typeof state.daemonPort !== "number" ||
+      typeof state.daemonUrl !== "string" ||
+      typeof state.workdir !== "string" ||
+      typeof state.token !== "string" ||
+      typeof state.bootId !== "string"
+    ) {
+      return null;
+    }
+    if (!this.isAliveFn(state.pid)) return null;
+    const health = await this.probeFn(state.daemonUrl);
+    if (!health) return null;
+    return {
+      id,
+      handle: persisted.handle,
+      pid: state.pid,
+      daemonPort: state.daemonPort,
+      daemonUrl: state.daemonUrl,
+      workdir: state.workdir,
+      token: state.token,
+      bootId: health.bootId,
+    };
+  }
+}
+
+// ---- Module-private helpers (used from later tasks) --------------------------
+
+function isPidAlive(pid: number): boolean {
+  if (pid <= 0) return false;
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Pre-allocate a host-side TCP port. The daemon binds to it on startup.
+ * Race window is non-zero — the kernel may hand the port to another process
+ * between close() and the daemon's bind() — in which case the daemon fails
+ * to come up, `waitForDaemon` times out, and `ensure()` rejects. There is
+ * no automatic retry; the caller (e.g. VM_START) surfaces the error. In
+ * practice this never fires on a developer machine.
+ */
+function preallocatePort(): Promise<number> {
+  return new Promise((resolve_, reject) => {
+    const srv = createServer();
+    srv.unref();
+    srv.on("error", reject);
+    srv.listen(0, "127.0.0.1", () => {
+      const addr = srv.address();
+      if (addr && typeof addr === "object") {
+        const { port } = addr;
+        srv.close(() => resolve_(port));
+      } else {
+        srv.close(() => reject(new Error("could not allocate port")));
+      }
+    });
+  });
+}
+
+function buildDaemonEnv(args: {
+  token: string;
+  bootId: string;
+  workdir: string;
+  daemonPort: number;
+  devPort: number;
+  ingressPort: number;
+  extraEnv: Record<string, string> | undefined;
+}): Record<string, string> {
+  return {
+    DAEMON_TOKEN: args.token,
+    DAEMON_BOOT_ID: args.bootId,
+    APP_ROOT: args.workdir,
+    PROXY_PORT: String(args.daemonPort),
+    // Inherited by every child the daemon spawns. extraEnv is spread last
+    // so the caller can override (rare — passing PORT/SANDBOX_INGRESS_PORT/
+    // VITE_PORT through opts.env defeats the collision-avoidance, but the
+    // escape hatch stays).
+    PORT: String(args.devPort),
+    SANDBOX_INGRESS_PORT: String(args.ingressPort),
+    ...(args.extraEnv ?? {}),
+  };
+}
+
+// ---- Daemon executable resolution ------------------------------------------
+//
+// In dev (source tree present), spawn `bun run <daemon/entry.ts>` so the
+// daemon code reloads on file change without a build step.
+//
+// In production (`bunx decocms@latest`), `runner.ts` has been inlined into
+// `dist/server/server.js`, so the source TS path resolves to the
+// nonexistent `<bunx-cache>/node_modules/daemon/entry.ts`. Materialize the
+// embedded bundle (loaded lazily from `daemon-asset.ts`) into
+// `${homeDir}/.deco/cache/sandbox-daemon-<hash>.js` and spawn that.
+//
+// `node-pty` is a runtime dep of the daemon. Its install location lives
+// inside the parent's `node_modules` tree, but the materialized bundle
+// sits in DATA_DIR — bun won't find `node-pty` by walking up from there.
+// Resolve the parent's node_modules dir at the call site and pass it via
+// `NODE_PATH` so the spawned daemon can `import "node-pty"`.
+
+function resolveSourceDaemonPath(): string {
+  return resolve(
+    fileURLToPath(new URL("../../../daemon/entry.ts", import.meta.url)),
+  );
+}
+
+function resolveNodePtyNodeModulesDir(): string {
+  // node-pty is a peer of the parent process (decocms ships it as a direct
+  // dep; in dev it lives in packages/sandbox/node_modules). We resolve from
+  // this module's location and walk back to the enclosing node_modules
+  // root.
+  const ptyEntry = Bun.resolveSync("node-pty", import.meta.dir);
+  const marker = "/node_modules/";
+  const idx = ptyEntry.lastIndexOf(marker);
+  if (idx < 0) {
+    throw new Error(
+      `[HostSandboxRunner] could not derive node_modules path from node-pty resolution: ${ptyEntry}`,
+    );
+  }
+  return ptyEntry.slice(0, idx + marker.length - 1);
+}
+
+async function materializeDaemonBundle(homeDir: string): Promise<string> {
+  // Lazy-imported so tests using the `_spawn` test seam don't trigger the
+  // text-import resolution (which would require `daemon/dist/daemon.js` to
+  // exist on disk before the bundle has been built).
+  const { DAEMON_BUNDLE } = await import("./daemon-asset");
+  const hash = createHash("sha256")
+    .update(DAEMON_BUNDLE)
+    .digest("hex")
+    .slice(0, 16);
+  const cacheDir = join(homeDir, ".deco", "cache");
+  const cachePath = join(cacheDir, `sandbox-daemon-${hash}.js`);
+  if (existsSync(cachePath)) return cachePath;
+  await mkdir(cacheDir, { recursive: true });
+  // Write atomically — concurrent spawns racing to materialize the same
+  // hashed file are tolerated because `rename` is atomic on POSIX.
+  const tmpPath = `${cachePath}.${process.pid}.tmp`;
+  await writeFile(tmpPath, DAEMON_BUNDLE);
+  await rename(tmpPath, cachePath);
+  return cachePath;
+}
+
+async function resolveDaemonExec(homeDir: string): Promise<string> {
+  const sourceTs = resolveSourceDaemonPath();
+  if (existsSync(sourceTs)) return sourceTs;
+  return materializeDaemonBundle(homeDir);
+}
+
+function createDefaultSpawn(homeDir: string): SpawnFn {
+  return async (args) => {
+    const daemonExec = await resolveDaemonExec(homeDir);
+    const ptyNodeModulesDir = resolveNodePtyNodeModulesDir();
+    const existingNodePath = process.env.NODE_PATH;
+    const nodePath = existingNodePath
+      ? `${ptyNodeModulesDir}:${existingNodePath}`
+      : ptyNodeModulesDir;
+    const proc = Bun.spawn({
+      cmd: ["bun", "run", daemonExec],
+      // cwd is intentionally inherited from the parent — daemon resolves
+      // its own paths relative to the entry file.
+      env: {
+        ...process.env,
+        NODE_PATH: nodePath,
+        ...args.env,
+      },
+      stdout: "inherit",
+      stderr: "inherit",
+      stdin: "ignore",
+    });
+    return {
+      pid: proc.pid,
+      kill: (sig) => {
+        proc.kill(sig as NodeJS.Signals | number | undefined);
+        return true;
+      },
+    };
+  };
+}
diff --git a/packages/sandbox/server/runner/index.test.ts b/packages/sandbox/server/runner/index.test.ts
new file mode 100644
index 0000000000..cabdf39169
--- /dev/null
+++ b/packages/sandbox/server/runner/index.test.ts
@@ -0,0 +1,50 @@
+import { afterEach, beforeEach, describe, expect, it } from "bun:test";
+import { resolveRunnerKindFromEnv } from "./index";
+
+describe("resolveRunnerKindFromEnv", () => {
+  const ORIG = { ...process.env };
+  beforeEach(() => {
+    delete process.env.STUDIO_SANDBOX_RUNNER;
+    delete process.env.FREESTYLE_API_KEY;
+  });
+  afterEach(() => {
+    process.env = { ...ORIG };
+  });
+
+  it("defaults to 'host' when nothing is configured", () => {
+    expect(resolveRunnerKindFromEnv()).toBe("host");
+  });
+
+  it("honors explicit STUDIO_SANDBOX_RUNNER=docker", () => {
+    process.env.STUDIO_SANDBOX_RUNNER = "docker";
+    expect(resolveRunnerKindFromEnv()).toBe("docker");
+  });
+
+  it("honors explicit STUDIO_SANDBOX_RUNNER=agent-sandbox", () => {
+    process.env.STUDIO_SANDBOX_RUNNER = "agent-sandbox";
+    expect(resolveRunnerKindFromEnv()).toBe("agent-sandbox");
+  });
+
+  it("returns 'host' even when FREESTYLE_API_KEY is set without explicit runner", () => {
+    process.env.FREESTYLE_API_KEY = "sk-test";
+    expect(resolveRunnerKindFromEnv()).toBe("host");
+  });
+
+  it("returns 'freestyle' when explicit AND FREESTYLE_API_KEY is set", () => {
+    process.env.STUDIO_SANDBOX_RUNNER = "freestyle";
+    process.env.FREESTYLE_API_KEY = "sk-test";
+    expect(resolveRunnerKindFromEnv()).toBe("freestyle");
+  });
+
+  it("throws when STUDIO_SANDBOX_RUNNER=freestyle but FREESTYLE_API_KEY is missing", () => {
+    process.env.STUDIO_SANDBOX_RUNNER = "freestyle";
+    expect(() => resolveRunnerKindFromEnv()).toThrow(/FREESTYLE_API_KEY/);
+  });
+
+  it("throws on unknown STUDIO_SANDBOX_RUNNER value", () => {
+    process.env.STUDIO_SANDBOX_RUNNER = "nonsense";
+    expect(() => resolveRunnerKindFromEnv()).toThrow(
+      /Unknown STUDIO_SANDBOX_RUNNER/,
+    );
+  });
+});
diff --git a/packages/sandbox/server/runner/index.ts b/packages/sandbox/server/runner/index.ts
new file mode 100644
index 0000000000..55ee30cdd2
--- /dev/null
+++ b/packages/sandbox/server/runner/index.ts
@@ -0,0 +1,100 @@
+/**
+ * Public surface. Ships `DockerSandboxRunner` only via the default entry;
+ * Freestyle and agent-sandbox sit behind their own subpath exports (./runner/
+ * freestyle, ./runner/agent-sandbox) because their SDKs are heavy and not
+ * every deploy needs them.
+ */
+
+import { DockerSandboxRunner, type DockerRunnerOptions } from "./docker";
+import type { RunnerStateStore } from "./state-store";
+import type { RunnerKind, SandboxRunner } from "./types";
+
+export type {
+  EnsureOptions,
+  ExecInput,
+  ExecOutput,
+  ProxyRequestInit,
+  RunnerKind,
+  Sandbox,
+  SandboxId,
+  SandboxRunner,
+  Workload,
+} from "./types";
+export type { ClaimFailureReason, ClaimPhase } from "./lifecycle-types";
+export { sandboxIdKey } from "./types";
+export { DockerSandboxRunner } from "./docker";
+export type { DockerExec, DockerRunnerOptions, ExecResult } from "./docker";
+export { HostSandboxRunner } from "./host";
+export type { HostRunnerOptions } from "./host";
+// Needed by mesh callers (decopilot stream-core) that compute handles
+// directly. Re-exported here so consumers don't dig into shared/.
+export { computeHandle } from "./shared";
+export { ensureSandboxImage } from "../image-build";
+export type { EnsureImageOptions } from "../image-build";
+export { startLocalSandboxIngress } from "./docker";
+export {
+  sweepDockerOrphansOnBoot,
+  sweepDockerOrphansOnShutdown,
+} from "./docker";
+export type { SweepDockerOrphansOnBootOptions } from "./docker";
+export type {
+  RunnerStateRecord,
+  RunnerStateRecordWithId,
+  RunnerStatePut,
+  RunnerStateStore,
+  RunnerStateStoreOps,
+} from "./state-store";
+export {
+  composeSandboxRef,
+  type AgentSandboxRefInput,
+  type SandboxRefInput,
+  type ThreadSandboxRefInput,
+} from "./sandbox-ref";
+
+export interface CreateDockerRunnerOptions {
+  stateStore?: RunnerStateStore;
+  docker?: Omit<DockerRunnerOptions, "stateStore">;
+}
+
+/** Convenience for host apps wiring only the in-package runner. */
+export function createDockerRunner(
+  opts: CreateDockerRunnerOptions = {},
+): SandboxRunner {
+  return new DockerSandboxRunner({
+    ...opts.docker,
+    stateStore: opts.stateStore,
+  });
+}
+
+const RUNNER_KINDS: ReadonlySet<RunnerKind> = new Set([
+  "host",
+  "docker",
+  "freestyle",
+  "agent-sandbox",
+]);
+
+/**
+ * Single resolution rule:
+ *   - explicit STUDIO_SANDBOX_RUNNER wins (validated against the kind set);
+ *   - otherwise default to "host";
+ *   - "freestyle" additionally requires FREESTYLE_API_KEY (precondition, not auto-trigger).
+ *
+ * Exits the legacy auto-detection chain: setting FREESTYLE_API_KEY no longer
+ * implicitly switches the runner, and Docker CLI presence is no longer probed.
+ * Any non-host runner must be opted into explicitly.
+ */
+export function resolveRunnerKindFromEnv(): RunnerKind {
+  const raw = process.env.STUDIO_SANDBOX_RUNNER;
+  const kind = (raw && raw.length > 0 ? raw : "host") as RunnerKind;
+  if (!RUNNER_KINDS.has(kind)) {
+    throw new Error(
+      `Unknown STUDIO_SANDBOX_RUNNER="${raw}" — expected "host", "docker", "freestyle", or "agent-sandbox".`,
+    );
+  }
+  if (kind === "freestyle" && !process.env.FREESTYLE_API_KEY) {
+    throw new Error(
+      `STUDIO_SANDBOX_RUNNER="freestyle" requires FREESTYLE_API_KEY to be set.`,
+    );
+  }
+  return kind;
+}
diff --git a/packages/sandbox/server/runner/lifecycle-types.ts b/packages/sandbox/server/runner/lifecycle-types.ts
new file mode 100644
index 0000000000..825f5ffc03
--- /dev/null
+++ b/packages/sandbox/server/runner/lifecycle-types.ts
@@ -0,0 +1,37 @@
+/**
+ * Lifecycle phase types for `SandboxRunner.watchClaimLifecycle`.
+ *
+ * Lives at the runner package root (rather than under `agent-sandbox/`) so the
+ * runner abstraction can reference these without depending on a concrete impl.
+ * Pure types — no runtime imports — so type-only consumers (notably the studio
+ * web bundle) can pull them in without dragging `@kubernetes/client-node`
+ * through the dependency graph.
+ *
+ * Most phases originate from agent-sandbox's K8s watcher (image pulls, node
+ * provisioning, etc.). Host/docker/freestyle yield a single `ready` phase
+ * because they have no equivalent pre-Ready window worth surfacing — VM_START
+ * returns once the daemon's HTTP server is up, which is fast.
+ */
+
+export type ClaimFailureReason =
+  | "image-pull-backoff"
+  | "crash-loop-backoff"
+  | "scheduling-timeout"
+  | "claim-never-created"
+  | "reconciler-error"
+  | "unknown";
+
+export type ClaimPhase =
+  | { kind: "claiming"; since: number }
+  | {
+      kind: "waiting-for-capacity";
+      since: number;
+      message?: string;
+      /** Karpenter-emitted nodeclaim name when a node is being provisioned. */
+      nodeClaim?: string;
+    }
+  | { kind: "pulling-image"; since: number }
+  | { kind: "starting-container"; since: number }
+  | { kind: "warming-daemon"; since: number }
+  | { kind: "ready" }
+  | { kind: "failed"; reason: ClaimFailureReason; message: string };
diff --git a/packages/sandbox/server/runner/sandbox-ref.test.ts b/packages/sandbox/server/runner/sandbox-ref.test.ts
new file mode 100644
index 0000000000..0af8e47c78
--- /dev/null
+++ b/packages/sandbox/server/runner/sandbox-ref.test.ts
@@ -0,0 +1,45 @@
+import { describe, expect, it } from "bun:test";
+import { composeSandboxRef } from "./sandbox-ref";
+
+describe("composeSandboxRef", () => {
+  it("composes agent ref from org + virtualMcp + branch", () => {
+    expect(
+      composeSandboxRef({
+        orgId: "org_123",
+        virtualMcpId: "vm_abc",
+        branch: "deco/silver-fox",
+      }),
+    ).toBe("agent:org_123:vm_abc:deco/silver-fox");
+  });
+
+  it("composes thread ref from threadId", () => {
+    expect(composeSandboxRef({ threadId: "thr_xyz" })).toBe("thread:thr_xyz");
+  });
+
+  it("preserves slashes and special chars in branch (no encoding)", () => {
+    // refs are opaque routing keys, not URLs — encoding is the runner's job.
+    expect(
+      composeSandboxRef({
+        orgId: "o",
+        virtualMcpId: "v",
+        branch: "feat/abc-123_x.y",
+      }),
+    ).toBe("agent:o:v:feat/abc-123_x.y");
+  });
+
+  it("rejects empty agent fields", () => {
+    expect(() =>
+      composeSandboxRef({ orgId: "", virtualMcpId: "v", branch: "b" }),
+    ).toThrow();
+    expect(() =>
+      composeSandboxRef({ orgId: "o", virtualMcpId: "", branch: "b" }),
+    ).toThrow();
+    expect(() =>
+      composeSandboxRef({ orgId: "o", virtualMcpId: "v", branch: "" }),
+    ).toThrow();
+  });
+
+  it("rejects empty threadId", () => {
+    expect(() => composeSandboxRef({ threadId: "" })).toThrow();
+  });
+});
diff --git a/packages/sandbox/server/runner/sandbox-ref.ts b/packages/sandbox/server/runner/sandbox-ref.ts
new file mode 100644
index 0000000000..39b6587b81
--- /dev/null
+++ b/packages/sandbox/server/runner/sandbox-ref.ts
@@ -0,0 +1,30 @@
+/**
+ * Single source of truth for `projectRef`. Two opaque encodings:
+ *   `agent:<orgId>:<virtualMcpId>:<branch>` — agent-thread sandboxes.
+ *   `thread:<threadId>` — ad-hoc sandboxes.
+ * Runners never parse the ref; they hash it for their routing key.
+ */
+
+export type AgentSandboxRefInput = {
+  orgId: string;
+  virtualMcpId: string;
+  branch: string;
+};
+
+export type ThreadSandboxRefInput = { threadId: string };
+
+export type SandboxRefInput = AgentSandboxRefInput | ThreadSandboxRefInput;
+
+export function composeSandboxRef(input: SandboxRefInput): string {
+  if ("threadId" in input) {
+    if (!input.threadId)
+      throw new Error("composeSandboxRef: threadId required");
+    return `thread:${input.threadId}`;
+  }
+  if (!input.orgId || !input.virtualMcpId || !input.branch) {
+    throw new Error(
+      "composeSandboxRef: orgId, virtualMcpId and branch are all required for agent refs",
+    );
+  }
+  return `agent:${input.orgId}:${input.virtualMcpId}:${input.branch}`;
+}
diff --git a/packages/sandbox/server/runner/shared/build-config-payload.ts b/packages/sandbox/server/runner/shared/build-config-payload.ts
new file mode 100644
index 0000000000..26285beda3
--- /dev/null
+++ b/packages/sandbox/server/runner/shared/build-config-payload.ts
@@ -0,0 +1,60 @@
+import type { PackageManagerConfig, TenantConfig } from "../../../daemon/types";
+import type { EnsureOptions } from "../types";
+
+/**
+ * Collapses caller intent into the daemon's TenantConfig shape. The daemon
+ * auto-starts the dev server whenever a runnable script is present, so no
+ * "intent" flag is needed on the wire.
+ */
+export function buildConfigPayload(args: {
+  runtime: "node" | "bun" | "deno";
+  packageManager: PackageManagerConfig | null;
+  port?: number;
+  repo: NonNullable<EnsureOptions["repo"]> | null;
+}): Partial<TenantConfig> | null {
+  const repo = args.repo;
+  const git = repo
+    ? {
+        repository: {
+          cloneUrl: repo.cloneUrl,
+          repoName: repo.displayName ?? deriveRepoLabel(repo.cloneUrl),
+          ...(repo.branch ? { branch: repo.branch } : {}),
+        },
+        identity: {
+          userName: repo.userName,
+          userEmail: repo.userEmail,
+        },
+      }
+    : undefined;
+
+  const packageManager = args.packageManager
+    ? {
+        name: args.packageManager.name,
+        ...(args.packageManager.path ? { path: args.packageManager.path } : {}),
+      }
+    : undefined;
+
+  const application = packageManager
+    ? {
+        packageManager,
+        runtime: args.runtime,
+        ...(args.port !== undefined ? { port: args.port } : {}),
+      }
+    : undefined;
+
+  if (!git && !application) return null;
+  return {
+    ...(git ? { git } : {}),
+    ...(application ? { application } : {}),
+  };
+}
+
+export function deriveRepoLabel(cloneUrl: string): string {
+  try {
+    const u = new URL(cloneUrl);
+    const trimmed = u.pathname.replace(/^\/+/, "").replace(/\.git$/, "");
+    return trimmed || u.hostname;
+  } catch {
+    return cloneUrl;
+  }
+}
diff --git a/packages/sandbox/server/runner/shared/handle.test.ts b/packages/sandbox/server/runner/shared/handle.test.ts
new file mode 100644
index 0000000000..8c302a23ca
--- /dev/null
+++ b/packages/sandbox/server/runner/shared/handle.test.ts
@@ -0,0 +1,102 @@
+import { describe, expect, it } from "bun:test";
+import { computeHandle, hashSandboxId } from "./handle";
+import type { SandboxId } from "../types";
+
+const ID: SandboxId = {
+  userId: "u_1",
+  projectRef: "agent:org:vmcp:deco/mellow-flint",
+};
+
+describe("computeHandle", () => {
+  it("strips the prefix before the last `/` from the branch slug", () => {
+    const handle = computeHandle(ID, "deco/mellow-flint");
+    expect(handle).toMatch(/^mellow-flint-[0-9a-f]{5}$/);
+  });
+
+  it("strips multi-segment prefixes, keeping only the last segment", () => {
+    const handle = computeHandle(ID, "tlgimenes/unified-sandbox-daemon");
+    expect(handle).toMatch(/^unified-sandbox-daemon-[0-9a-f]{5}$/);
+  });
+
+  it("lowercases and replaces non-alphanumeric chars with `-`", () => {
+    const handle = computeHandle(ID, "Foo_Bar.Baz");
+    expect(handle).toMatch(/^foo-bar-baz-[0-9a-f]{5}$/);
+  });
+
+  it("collapses repeated separators and trims leading/trailing dashes", () => {
+    const handle = computeHandle(ID, "feat///___refactor---");
+    expect(handle).toMatch(/^refactor-[0-9a-f]{5}$/);
+  });
+
+  it("truncates the slug to 24 chars before joining the hash", () => {
+    const handle = computeHandle(
+      ID,
+      "a-very-long-branch-name-that-exceeds-the-limit",
+    );
+    const match = handle.match(/^([a-z0-9-]+)-([0-9a-f]{5})$/);
+    expect(match).not.toBeNull();
+    expect(match![1]!.length).toBeLessThanOrEqual(24);
+    expect(match![1]!.endsWith("-")).toBe(false);
+  });
+
+  it("returns s-<hash> when branch is null (DNS-1035: must start with letter)", () => {
+    const handle = computeHandle(ID, null);
+    expect(handle).toMatch(/^s-[0-9a-f]{5}$/);
+  });
+
+  it("returns s-<hash> when branch is undefined", () => {
+    const handle = computeHandle(ID);
+    expect(handle).toMatch(/^s-[0-9a-f]{5}$/);
+  });
+
+  it("returns s-<hash> when branch is empty string", () => {
+    const handle = computeHandle(ID, "");
+    expect(handle).toMatch(/^s-[0-9a-f]{5}$/);
+  });
+
+  it("returns s-<hash> when branch sanitizes to empty", () => {
+    const handle = computeHandle(ID, "///");
+    expect(handle).toMatch(/^s-[0-9a-f]{5}$/);
+  });
+
+  it("returns s-<hash> when branch is whitespace-only", () => {
+    const handle = computeHandle(ID, "   ");
+    expect(handle).toMatch(/^s-[0-9a-f]{5}$/);
+  });
+
+  it("is deterministic for the same (id, branch) pair", () => {
+    const a = computeHandle(ID, "deco/foo");
+    const b = computeHandle(ID, "deco/foo");
+    expect(a).toBe(b);
+  });
+
+  it("uses the SandboxId for the hash, so different ids with the same slug differ", () => {
+    const handleA = computeHandle(ID, "deco/foo");
+    const handleB = computeHandle(
+      { userId: "u_2", projectRef: "agent:org:vmcp:deco/foo" },
+      "deco/foo",
+    );
+    expect(handleA).not.toBe(handleB);
+    expect(handleA.split("-").slice(0, -1).join("-")).toBe(
+      handleB.split("-").slice(0, -1).join("-"),
+    );
+  });
+
+  it("hash matches the first 5 chars of hashSandboxId for the same id", () => {
+    const handle = computeHandle(ID, "deco/foo");
+    const expectedHash = hashSandboxId(ID, 5);
+    expect(handle.endsWith(`-${expectedHash}`)).toBe(true);
+  });
+
+  it("honors a custom hashLen (used by runners exposing handles publicly)", () => {
+    const handle = computeHandle(ID, "deco/mellow-flint", { hashLen: 16 });
+    expect(handle).toMatch(/^mellow-flint-[0-9a-f]{16}$/);
+    expect(handle.endsWith(`-${hashSandboxId(ID, 16)}`)).toBe(true);
+  });
+
+  it("returns s-<hash> of the requested length when branch is empty", () => {
+    const handle = computeHandle(ID, null, { hashLen: 16 });
+    expect(handle).toMatch(/^s-[0-9a-f]{16}$/);
+    expect(handle).toBe(`s-${hashSandboxId(ID, 16)}`);
+  });
+});
diff --git a/packages/sandbox/server/runner/shared/handle.ts b/packages/sandbox/server/runner/shared/handle.ts
new file mode 100644
index 0000000000..8300b7f6ed
--- /dev/null
+++ b/packages/sandbox/server/runner/shared/handle.ts
@@ -0,0 +1,53 @@
+import { createHash } from "node:crypto";
+import { sandboxIdKey, type SandboxId } from "../types";
+
+const SLUG_MAX = 24;
+const DEFAULT_HASH_LEN = 5;
+
+/** Stable short hash of a SandboxId. Length in hex chars (default 16). */
+export function hashSandboxId(id: SandboxId, length = 16): string {
+  return createHash("sha256")
+    .update(sandboxIdKey(id))
+    .digest("hex")
+    .slice(0, length);
+}
+
+/**
+ * Human-readable URL handle for a sandbox: `<slug>-<hashN>`, where `slug` is
+ * derived from the last `/`-segment of the branch and `hashN` is the first
+ * `N` hex chars of `SHA256(userId:projectRef)`. Falls back to a bare hash
+ * when the branch is missing or sanitizes to empty.
+ *
+ * Hash length defaults to 5 chars (~20 bits) — sufficient for runners whose
+ * handle is local (Docker container name, Freestyle internal ID). Runners
+ * that expose the handle as a public hostname (agent-sandbox preview URLs,
+ * Vercel-style) should pass `{ hashLen: 16 }` (~64 bits) — the handle is
+ * the only authorization on those URLs, so brute-forcing 20 bits at an
+ * unrate-limited gateway (~17 min at 1k req/s) is meaningfully easier
+ * than 64 bits.
+ *
+ * Total max length: 24 + 1 + hashLen chars. With hashLen=16: 41 chars
+ * (under the 63-char DNS label cap with room for a runner-specific
+ * prefix).
+ */
+export function computeHandle(
+  id: SandboxId,
+  branch?: string | null,
+  opts: { hashLen?: number } = {},
+): string {
+  const hashLen = opts.hashLen ?? DEFAULT_HASH_LEN;
+  const hash = hashSandboxId(id, hashLen);
+  const slug = slugifyBranch(branch);
+  return slug ? `${slug}-${hash}` : `s-${hash}`;
+}
+
+function slugifyBranch(branch: string | null | undefined): string {
+  if (!branch) return "";
+  const lastSegment = branch.split("/").pop() ?? "";
+  return lastSegment
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, "-")
+    .replace(/^-+|-+$/g, "")
+    .slice(0, SLUG_MAX)
+    .replace(/-+$/g, "");
+}
diff --git a/packages/sandbox/server/runner/shared/index.ts b/packages/sandbox/server/runner/shared/index.ts
new file mode 100644
index 0000000000..0e32036a2d
--- /dev/null
+++ b/packages/sandbox/server/runner/shared/index.ts
@@ -0,0 +1,8 @@
+export { Inflight } from "./inflight";
+export { withSandboxLock } from "./lock";
+export { computeHandle, hashSandboxId } from "./handle";
+export { applyPreviewPattern } from "./preview-url";
+export {
+  buildConfigPayload,
+  deriveRepoLabel,
+} from "./build-config-payload";
diff --git a/packages/sandbox/server/runner/shared/inflight.ts b/packages/sandbox/server/runner/shared/inflight.ts
new file mode 100644
index 0000000000..3b68f3bce0
--- /dev/null
+++ b/packages/sandbox/server/runner/shared/inflight.ts
@@ -0,0 +1,20 @@
+/**
+ * In-process dedupe: concurrent calls with the same key share one promise.
+ * Paired with the state store's advisory lock for cross-pod serialization;
+ * this map only covers intra-process races.
+ */
+export class Inflight<K, V> {
+  private readonly map = new Map<K, Promise<V>>();
+
+  async run(key: K, fn: () => Promise<V>): Promise<V> {
+    const pending = this.map.get(key);
+    if (pending) return pending;
+    const p = fn();
+    this.map.set(key, p);
+    try {
+      return await p;
+    } finally {
+      this.map.delete(key);
+    }
+  }
+}
diff --git a/packages/sandbox/server/runner/shared/lock.ts b/packages/sandbox/server/runner/shared/lock.ts
new file mode 100644
index 0000000000..9f3ad39ffe
--- /dev/null
+++ b/packages/sandbox/server/runner/shared/lock.ts
@@ -0,0 +1,22 @@
+/**
+ * Uniform wrapper over the three state-store shapes:
+ *   - no store            → pass null ops
+ *   - store without lock  → pass the store itself (tests; single-pod dev)
+ *   - store with lock     → serialize on (id, kind); pass the lock-scoped ops
+ *
+ * The scoped ops reuse the lock's connection so nested reads/writes don't
+ * starve the main pool during long provisioning.
+ */
+import type { RunnerStateStore, RunnerStateStoreOps } from "../state-store";
+import type { RunnerKind, SandboxId } from "../types";
+
+export function withSandboxLock<T>(
+  store: RunnerStateStore | null,
+  id: SandboxId,
+  kind: RunnerKind,
+  fn: (ops: RunnerStateStoreOps | null) => Promise<T>,
+): Promise<T> {
+  if (!store) return fn(null);
+  if (!store.withLock) return fn(store);
+  return store.withLock(id, kind, fn);
+}
diff --git a/packages/sandbox/server/runner/shared/preview-url.ts b/packages/sandbox/server/runner/shared/preview-url.ts
new file mode 100644
index 0000000000..3ac071d2af
--- /dev/null
+++ b/packages/sandbox/server/runner/shared/preview-url.ts
@@ -0,0 +1,17 @@
+/**
+ * `{handle}` placeholder substitutes; otherwise hostname-prefix. Trailing
+ * slash normalized. Invalid URLs fall back to `${base}/${handle}/`.
+ */
+export function applyPreviewPattern(pattern: string, handle: string): string {
+  const base = pattern.replace(/\/+$/, "");
+  if (base.includes("{handle}")) {
+    return `${base.replace("{handle}", handle)}/`;
+  }
+  try {
+    const u = new URL(base);
+    u.hostname = `${handle}.${u.hostname}`;
+    return `${u.toString()}/`;
+  } catch {
+    return `${base}/${handle}/`;
+  }
+}
diff --git a/packages/sandbox/server/runner/state-store.ts b/packages/sandbox/server/runner/state-store.ts
new file mode 100644
index 0000000000..0e4456d237
--- /dev/null
+++ b/packages/sandbox/server/runner/state-store.ts
@@ -0,0 +1,53 @@
+import type { SandboxId } from "./types";
+
+/** Persisted per (sandboxId, runnerKind). `state` is an opaque runner-private blob. */
+export interface RunnerStateRecord {
+  handle: string;
+  state: Record<string, unknown>;
+  updatedAt: Date;
+}
+
+/** Like RunnerStateRecord but carries the SandboxId (handle-only lookups after restart). */
+export interface RunnerStateRecordWithId extends RunnerStateRecord {
+  id: SandboxId;
+}
+
+export interface RunnerStatePut {
+  handle: string;
+  state: Record<string, unknown>;
+}
+
+/**
+ * CRUD operations on runner state. Kept separate from `RunnerStateStore` so
+ * `withLock` can hand callers a connection-scoped view (same pg txn as the
+ * advisory lock) without exposing DB types. Nested reads/writes inside the
+ * lock go through this scoped store — not `this.stateStore` — which is what
+ * prevents main-pool starvation during long provisioning.
+ */
+export interface RunnerStateStoreOps {
+  get(id: SandboxId, kind: string): Promise<RunnerStateRecord | null>;
+  getByHandle(
+    kind: string,
+    handle: string,
+  ): Promise<RunnerStateRecordWithId | null>;
+  put(id: SandboxId, kind: string, entry: RunnerStatePut): Promise<void>;
+  delete(id: SandboxId, kind: string): Promise<void>;
+  deleteByHandle(kind: string, handle: string): Promise<void>;
+}
+
+/** Pluggable persistence; storage-agnostic so this package stays DB-free. */
+export interface RunnerStateStore extends RunnerStateStoreOps {
+  /**
+   * Cross-pod serialization for concurrent `ensure()` on the same (id, kind).
+   * Must transactionally release on connection loss so a crashed pod never
+   * strands a sandbox. The callback receives a scoped ops view bound to the
+   * lock's connection — use it for any reads/writes inside the critical
+   * section so nested queries don't race the main pool. Optional in tests;
+   * prod deploys MUST implement it.
+   */
+  withLock?<T>(
+    id: SandboxId,
+    kind: string,
+    fn: (store: RunnerStateStoreOps) => Promise<T>,
+  ): Promise<T>;
+}
diff --git a/packages/sandbox/server/runner/types.ts b/packages/sandbox/server/runner/types.ts
new file mode 100644
index 0000000000..febd2e34ce
--- /dev/null
+++ b/packages/sandbox/server/runner/types.ts
@@ -0,0 +1,152 @@
+/**
+ * Runner-agnostic interface. Callers never branch on kind; runner-specific
+ * features (local-ingress ports, Docker volumes) live on concrete classes.
+ */
+
+import type { ClaimPhase } from "./lifecycle-types";
+
+export interface SandboxId {
+  userId: string;
+  /** Opaque routing key; compose via `composeSandboxRef()`. */
+  projectRef: string;
+}
+
+/** Opaque handle; transport (HTTP/kube-exec/ssh) stays inside the runner. */
+export interface Sandbox {
+  handle: string;
+  workdir: string;
+  /**
+   * Same as `runner.getPreviewUrl(handle)`, returned eagerly. Non-null as
+   * long as the sandbox exists — the iframe may still show a connection
+   * error if the dev server inside never binds (e.g. repo has no `dev`/
+   * `start` script), which is what the UI's booting/ready state tracks.
+   */
+  previewUrl: string | null;
+}
+
+/** When omitted, no dev server is started; runner uses its default image (tool sandboxes). */
+export interface Workload {
+  runtime: "node" | "bun" | "deno";
+  packageManager: "npm" | "pnpm" | "yarn" | "bun" | "deno";
+  /**
+   * User-pinned dev port. Omit when the user hasn't chosen one — runners
+   * pick a free port (host runner: avoids collisions across co-tenant
+   * sandboxes; container runners: fall back to their own default).
+   */
+  devPort?: number;
+  /** Subdirectory inside the repo where the package manager manifest lives (e.g. `apps/web`). */
+  packageManagerPath?: string;
+}
+
+export interface EnsureOptions {
+  /**
+   * Optional first-provisioning clone. Runners without clone support MUST
+   * ignore (not error). `branch` post-clone: fetch-from-origin-or-create.
+   */
+  repo?: {
+    /**
+     * Clone URL. May embed an OAuth credential via userinfo (e.g.
+     * `https://x-access-token:TOKEN@github.com/...`) — `git clone` stores
+     * the credential on the remote so subsequent fetch/pull/push from
+     * inside the sandbox work without further plumbing. The token is
+     * frozen for the lifetime of the sandbox: to refresh, destroy and
+     * recreate.
+     */
+    cloneUrl: string;
+    userName: string;
+    userEmail: string;
+    branch?: string;
+    /** Human-readable label for logs/UI; no functional effect. */
+    displayName?: string;
+  };
+  /** Image override. Non-image runners (Freestyle) MUST ignore. */
+  image?: string;
+  workload?: Workload;
+  /** Frozen for the sandbox's lifetime — changing requires recreate. */
+  env?: Record<string, string>;
+  /**
+   * Tenant identity for cost attribution. Runners MAY surface these as
+   * platform-native metadata (k8s pod labels, Docker container labels) so
+   * downstream metrics pipelines can attribute resource usage to the owning
+   * org/user. Optional — callers without an org context (smoke tests, internal
+   * tool sandboxes) leave it unset and pods get only platform-level labels.
+   */
+  tenant?: {
+    orgId: string;
+    userId: string;
+  };
+}
+
+export interface ExecInput {
+  command: string;
+  timeoutMs?: number;
+  cwd?: string;
+  env?: Record<string, string>;
+}
+
+export interface ExecOutput {
+  stdout: string;
+  stderr: string;
+  exitCode: number;
+  timedOut: boolean;
+}
+
+export interface ProxyRequestInit {
+  method: string;
+  headers: Headers;
+  body: BodyInit | null;
+  signal?: AbortSignal;
+}
+
+/**
+ * Persisted on `vmMap` and `sandbox_runner_state.runner_kind`. When widening,
+ * keep `VmMapEntry.runnerKind` in sync.
+ */
+export type RunnerKind = "host" | "docker" | "freestyle" | "agent-sandbox";
+
+export interface SandboxRunner {
+  readonly kind: RunnerKind;
+
+  ensure(id: SandboxId, opts?: EnsureOptions): Promise<Sandbox>;
+  exec(handle: string, input: ExecInput): Promise<ExecOutput>;
+  delete(handle: string): Promise<void>;
+  alive(handle: string): Promise<boolean>;
+
+  /** Null when no workload was requested or the sandbox isn't running. */
+  getPreviewUrl(handle: string): Promise<string | null>;
+
+  /**
+   * Passthrough to the daemon control plane. Path is daemon-internal; runners
+   * translate (Docker prepends `/_daemon`, Freestyle base64-encodes for CF WAF).
+   * Bearer tokens stay inside the runner.
+   */
+  proxyDaemonRequest(
+    handle: string,
+    path: string,
+    init: ProxyRequestInit,
+  ): Promise<Response>;
+
+  /**
+   * Stream of phase transitions for the pre-Ready lifecycle. Used by mesh's
+   * unified `/api/vm-events` SSE so the UI can show meaningful progress
+   * between VM_START and the daemon SSE coming online.
+   *
+   * agent-sandbox is the interesting case: K8s scheduling, image pulls, and
+   * node provisioning can each take many seconds, and surfacing them
+   * granularly turns a black hole into a progress bar. The other runners
+   * have no equivalent black hole — once VM_START's `runner.ensure` returns,
+   * the daemon's HTTP server is already up — so they yield a single `ready`
+   * phase and end the stream immediately.
+   *
+   * Generator closes on a terminal phase (`ready` / `failed`) or on
+   * `signal.abort()`.
+   */
+  watchClaimLifecycle(
+    handle: string,
+    signal?: AbortSignal,
+  ): AsyncGenerator<ClaimPhase, void, unknown>;
+}
+
+export function sandboxIdKey(id: SandboxId): string {
+  return `${id.userId}:${id.projectRef}`;
+}
diff --git a/packages/sandbox/shared.ts b/packages/sandbox/shared.ts
new file mode 100644
index 0000000000..af602062b8
--- /dev/null
+++ b/packages/sandbox/shared.ts
@@ -0,0 +1,33 @@
+export const PLUGIN_ID = "MCP User Sandbox";
+export const PLUGIN_DESCRIPTION =
+  "Isolated per-user sandboxes for MCP tool execution";
+
+export const DAEMON_PORT = 9000;
+export const DEFAULT_IMAGE = "studio-sandbox:local";
+
+/** Shell-quote a value for safe inclusion in a `bash -lc` script. */
+export function shellQuote(value: string): string {
+  return `'${value.replace(/'/g, `'\\''`)}'`;
+}
+
+export function sleep(ms: number): Promise<void> {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+/** Prepend to any clone script; callers own the clone strategy themselves. */
+export function gitIdentityScript(userName: string, userEmail: string): string {
+  return `git config --global user.name ${shellQuote(userName)} && git config --global user.email ${shellQuote(userEmail)}`;
+}
+
+/**
+ * Injected into proxied dev-server HTML. Two jobs:
+ * 1. WebSocket rewriter — Vite/Fresh/Next/Webpack/Bun bake the dev WS URL
+ *    (container-internal host:port) at startup; inside mesh's iframe under
+ *    `/api/sandbox/.../preview/<port>/` those URLs don't route. We patch
+ *    `WebSocket` so loopback/same-hostname-different-port URLs are rewritten
+ *    to the iframe origin + same proxy prefix, so HMR lands on the daemon.
+ * 2. Visual-editor activation via `visual-editor::activate` postMessage.
+ * Must run before the framework builds its WS — spliced after `<head>` by
+ * `injectBootstrap` in image/daemon/proxy.mjs.
+ */
+export const IFRAME_BOOTSTRAP_SCRIPT = `<script>(function(){try{var W=window.WebSocket;if(W){var m=location.pathname.match(/^(\\/api\\/sandbox\\/[^\\/]+(?:\\/thread\\/[^\\/]+)?\\/preview(?:\\/\\d+)?)/);var p=m?m[1]:"";function r(u){try{var x=new URL(String(u),location.href);var lb=x.hostname==="localhost"||x.hostname==="127.0.0.1"||x.hostname==="0.0.0.0";var pm=x.hostname===location.hostname&&x.port!==location.port&&x.port!=="";if(!lb&&!pm)return String(u);x.protocol=location.protocol==="https:"?"wss:":"ws:";x.host=location.host;if(p&&!x.pathname.startsWith(p))x.pathname=p+x.pathname;return x.toString();}catch(_){return String(u);}}class P extends W{constructor(u,pr){super(r(u),pr);}}window.WebSocket=P;}}catch(_){}window.addEventListener("message",function(e){if(e.data&&e.data.type==="visual-editor::activate"&&e.data.script){try{new Function(e.data.script)();}catch(err){console.error("[visual-editor] injection failed",err);}}});})();</script>`;
diff --git a/packages/sandbox/tsconfig.json b/packages/sandbox/tsconfig.json
new file mode 100644
index 0000000000..1df7a2fa35
--- /dev/null
+++ b/packages/sandbox/tsconfig.json
@@ -0,0 +1,11 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "outDir": "./dist",
+    "rootDir": ".",
+    "declaration": true,
+    "declarationMap": true
+  },
+  "include": ["**/*.ts"],
+  "exclude": ["node_modules", "dist", "**/*.test.ts"]
+}
diff --git a/packages/typegen/README.md b/packages/typegen/README.md
index 7ea73b975c..76a97e2a8e 100644
--- a/packages/typegen/README.md
+++ b/packages/typegen/README.md
@@ -1,6 +1,6 @@
 # @decocms/typegen
 
-Generate typed TypeScript clients for [Mesh](https://github.com/decocms/mesh) Virtual MCPs.
+Generate typed TypeScript clients for [Studio](https://github.com/decocms/mesh) Virtual MCPs.
 
 ## Usage
 
diff --git a/packages/ui/src/components/badge.tsx b/packages/ui/src/components/badge.tsx
index e6ca4b603d..476a3ae8cc 100644
--- a/packages/ui/src/components/badge.tsx
+++ b/packages/ui/src/components/badge.tsx
@@ -5,7 +5,7 @@ import { cva, type VariantProps } from "class-variance-authority";
 import { cn } from "@deco/ui/lib/utils.ts";
 
 const badgeVariants = cva(
-  "inline-flex items-center justify-center rounded-full border px-2 py-0.5 text-xs font-medium w-fit whitespace-nowrap shrink-0 [&>svg]:size-3 gap-1 [&>svg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/20 focus-visible:ring-[2px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden",
+  "inline-flex items-center justify-center rounded-full border text-xs font-medium w-fit whitespace-nowrap shrink-0 [&>svg]:size-3 gap-1 [&>svg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/20 focus-visible:ring-[2px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden",
   {
     variants: {
       variant: {
@@ -22,9 +22,14 @@ const badgeVariants = cva(
         outline:
           "text-foreground [a&]:hover:bg-accent [a&]:hover:text-accent-foreground",
       },
+      size: {
+        default: "px-2 py-0.5",
+        icon: "size-5",
+      },
     },
     defaultVariants: {
       variant: "default",
+      size: "default",
     },
   },
 );
@@ -32,6 +37,7 @@ const badgeVariants = cva(
 function Badge({
   className,
   variant,
+  size,
   asChild = false,
   ...props
 }: React.ComponentProps<"span"> &
@@ -41,7 +47,7 @@ function Badge({
   return (
     <Comp
       data-slot="badge"
-      className={cn(badgeVariants({ variant }), className)}
+      className={cn(badgeVariants({ variant, size }), className)}
       {...props}
     />
   );
diff --git a/packages/ui/src/components/button.tsx b/packages/ui/src/components/button.tsx
index 1266153b73..4289ddb679 100644
--- a/packages/ui/src/components/button.tsx
+++ b/packages/ui/src/components/button.tsx
@@ -16,6 +16,10 @@ const buttonVariants = cva(
           "text-foreground bg-background hover:bg-accent hover:text-accent-foreground dark:bg-input/30 dark:hover:bg-input/50 card-shadow",
         secondary:
           "bg-secondary text-secondary-foreground hover:bg-secondary/80",
+        success:
+          "bg-success text-success-foreground hover:bg-success/90 focus-visible:ring-success/20 dark:focus-visible:ring-success/40",
+        special:
+          "bg-special text-special-foreground hover:bg-special/90 focus-visible:ring-special/20 dark:focus-visible:ring-special/40",
         ghost:
           "hover:bg-accent hover:text-accent-foreground dark:hover:bg-accent/50",
         link: "text-foreground/80 hover:text-foreground",
diff --git a/packages/ui/src/components/spinner.tsx b/packages/ui/src/components/spinner.tsx
index da1d060882..54590ff557 100644
--- a/packages/ui/src/components/spinner.tsx
+++ b/packages/ui/src/components/spinner.tsx
@@ -8,7 +8,8 @@ const variants = cva("animate-spin", {
       default: "fill-primary text-gray-200",
       destructive: "fill-destructive text-gray-200",
       secondary: "fill-secondary text-gray-200",
-      special: "fill-special text-backround",
+      success: "fill-success text-gray-200",
+      special: "fill-special text-background",
     },
     size: {
       default: "h-7 w-7",
diff --git a/packages/ui/src/components/table.tsx b/packages/ui/src/components/table.tsx
index a93bd318ed..f71e32941b 100644
--- a/packages/ui/src/components/table.tsx
+++ b/packages/ui/src/components/table.tsx
@@ -8,7 +8,7 @@ function Table({ className, ...props }: React.ComponentProps<"table">) {
   return (
     <div
       data-slot="table-container"
-      className="w-full min-w-0 bg-background dark:bg-input/30 rounded-xl card-shadow overflow-hidden"
+      className="w-full min-w-0 bg-card rounded-xl card-shadow overflow-hidden"
     >
       <table
         data-slot="table"
@@ -23,10 +23,7 @@ function TableHeader({ className, ...props }: React.ComponentProps<"thead">) {
   return (
     <thead
       data-slot="table-header"
-      className={cn(
-        "[&_tr]:border-b sticky top-0 z-10 bg-background",
-        className,
-      )}
+      className={cn("[&_tr]:border-b sticky top-0 z-10 bg-card", className)}
       {...props}
     />
   );
diff --git a/packages/ui/src/components/time-range-picker.tsx b/packages/ui/src/components/time-range-picker.tsx
index 99f267ce77..c4e465046a 100644
--- a/packages/ui/src/components/time-range-picker.tsx
+++ b/packages/ui/src/components/time-range-picker.tsx
@@ -45,7 +45,6 @@ export function TimeRangePicker({
   const [validationError, setValidationError] = React.useState<string | null>(
     null,
   );
-
   // Sync local state when prop changes (action during render)
   const prevValueRef = React.useRef({ from: value.from, to: value.to });
   if (
@@ -58,8 +57,11 @@ export function TimeRangePicker({
   }
 
   const handleQuickRangeSelect = (range: QuickRange) => {
-    onChange({ from: range.from, to: range.to });
+    prevValueRef.current = { from: range.from, to: range.to };
+    setLocalFrom(range.from);
+    setLocalTo(range.to);
     setOpen(false);
+    onChange({ from: range.from, to: range.to });
   };
 
   const handleApply = () => {
@@ -109,7 +111,16 @@ export function TimeRangePicker({
           <ChevronDown className="size-4 text-muted-foreground" />
         </Button>
       </PopoverTrigger>
-      <PopoverContent className="w-[540px] p-0" align="end" sideOffset={4}>
+      <PopoverContent
+        className="w-[540px] p-0"
+        align="end"
+        sideOffset={4}
+        onCloseAutoFocus={(e) => e.preventDefault()}
+        // Instant exit animation prevents the popover from "blinking" when a
+        // re-render (triggered by route navigation) restarts the CSS exit
+        // animation while the portal is still in the DOM.
+        style={!open ? { animationDuration: "0s" } : undefined}
+      >
         <div className="flex">
           {/* Left: Absolute time range */}
           <div className="flex-1 p-4 border-r">
diff --git a/packages/ui/src/styles/global.css b/packages/ui/src/styles/global.css
index 9e8f79ac2f..cf5e933554 100644
--- a/packages/ui/src/styles/global.css
+++ b/packages/ui/src/styles/global.css
@@ -46,7 +46,7 @@
 }
 
 :root {
-  --background: oklch(1 0 0);
+  --background: oklch(0.99 0.003 73);
   --foreground: oklch(0.145 0.01 60);
   --card: oklch(1 0 0);
   --card-foreground: oklch(0.145 0.01 60);
@@ -72,6 +72,8 @@
   --success-foreground: oklch(0.98 0.02 156);
   --warning: oklch(0.62 0.17 70);
   --warning-foreground: oklch(0.99 0.02 95);
+  --special: oklch(0.55 0.18 290);
+  --special-foreground: oklch(0.98 0.02 295);
 
   --sidebar: oklch(0.975 0.006 80);
   --sidebar-foreground: oklch(0.2 0.01 60);
@@ -136,6 +138,8 @@
   --success-foreground: oklch(0.97 0.02 156);
   --warning: oklch(0.65 0.15 70);
   --warning-foreground: oklch(0.98 0.02 95);
+  --special: oklch(0.6 0.16 290);
+  --special-foreground: oklch(0.97 0.02 295);
 
   --sidebar: oklch(0.155 0.005 60);
   --sidebar-foreground: oklch(0.96 0.005 60);
@@ -177,6 +181,8 @@
   --color-success-foreground: var(--success-foreground);
   --color-warning: var(--warning);
   --color-warning-foreground: var(--warning-foreground);
+  --color-special: var(--special);
+  --color-special-foreground: var(--special-foreground);
   --color-border: var(--border);
   --color-input: var(--input);
   --color-ring: var(--ring);
diff --git a/plugins/ban-direct-auth-client-organization.js b/plugins/ban-direct-auth-client-organization.js
new file mode 100644
index 0000000000..32d4bba3e6
--- /dev/null
+++ b/plugins/ban-direct-auth-client-organization.js
@@ -0,0 +1,85 @@
+/**
+ * Lint plugin to ban direct use of `authClient.organization.<method>` for
+ * org-scoped methods. Those calls must go through `useOrgAuthClient()` so
+ * that `organizationId` is injected per-request from the URL/route context
+ * instead of falling back to `session.activeOrganizationId` (which leaks
+ * across browser tabs — see apps/mesh/src/web/hooks/use-org-auth-client.ts).
+ *
+ * `setActive` is always banned because it persists the active org to the
+ * shared session row.
+ *
+ * Methods that don't touch a current-org context (list, create,
+ * getFullOrganization with explicit query, accept/reject/getInvitation)
+ * remain allowed for direct use.
+ */
+
+const BANNED_METHODS = new Set([
+  "setActive",
+  "listMembers",
+  "listRoles",
+  "inviteMember",
+  "removeMember",
+  "updateMemberRole",
+  "addMember",
+  "createRole",
+  "updateRole",
+  "deleteRole",
+  "cancelInvitation",
+  "listInvitations",
+  "update",
+  "delete",
+  "getActiveMember",
+  "hasPermission",
+]);
+
+const WRAPPER_FILENAME = "use-org-auth-client";
+
+const banDirectAuthClientOrganizationRule = {
+  create(context) {
+    // The wrapper module is the one place that's allowed to call these.
+    if (
+      context.filename &&
+      context.filename.split("/").pop()?.startsWith(WRAPPER_FILENAME)
+    ) {
+      return {};
+    }
+
+    return {
+      MemberExpression(node) {
+        // Match `authClient.organization.<method>`: the node we're inspecting
+        // is the outer MemberExpression with property === <method>.
+        if (node.property?.type !== "Identifier") return;
+        const methodName = node.property.name;
+        if (!BANNED_METHODS.has(methodName)) return;
+
+        const inner = node.object;
+        if (inner?.type !== "MemberExpression") return;
+        if (inner.property?.type !== "Identifier") return;
+        if (inner.property.name !== "organization") return;
+
+        const root = inner.object;
+        if (root?.type !== "Identifier") return;
+        if (root.name !== "authClient") return;
+
+        context.report({
+          node,
+          message:
+            methodName === "setActive"
+              ? "authClient.organization.setActive is banned: it persists the active org to the shared session row, which leaks across browser tabs. Use the URL slug + per-request organizationId instead."
+              : `authClient.organization.${methodName} is banned outside use-org-auth-client.ts. Use \`useOrgAuthClient().organization.${methodName}\` so organizationId is injected from the current route context.`,
+        });
+      },
+    };
+  },
+};
+
+const plugin = {
+  meta: {
+    name: "ban-direct-auth-client-organization",
+  },
+  rules: {
+    "ban-direct-auth-client-organization": banDirectAuthClientOrganizationRule,
+  },
+};
+
+export default plugin;
diff --git a/scripts/dev.ts b/scripts/dev.ts
index 87ceaf30e8..cb80d7b239 100644
--- a/scripts/dev.ts
+++ b/scripts/dev.ts
@@ -8,6 +8,10 @@ import { join } from "path";
 
 const repoRoot = join(import.meta.dir, "..");
 
+// Hot-reload the sandbox daemon: Docker runner bind-mounts this dir over
+// `/opt/sandbox-daemon` and runs it under `node --watch`. No rebuild needed.
+const sandboxDaemonDir = join(repoRoot, "packages/@decocms/sandbox/image");
+
 const child = Bun.spawn(
   [
     "bun",
@@ -16,7 +20,14 @@ const child = Bun.spawn(
     "dev",
     ...process.argv.slice(2),
   ],
-  { stdio: ["inherit", "inherit", "inherit"] },
+  {
+    stdio: ["inherit", "inherit", "inherit"],
+    env: {
+      ...process.env,
+      STUDIO_SANDBOX_DEV_DAEMON_DIR:
+        process.env.STUDIO_SANDBOX_DEV_DAEMON_DIR ?? sandboxDaemonDir,
+    },
+  },
 );
 
 process.on("SIGINT", () => child.kill("SIGINT"));
diff --git a/tests/resilience/Dockerfile.studio b/tests/resilience/Dockerfile.studio
index 67f0f4b9eb..11317e6bf6 100644
--- a/tests/resilience/Dockerfile.studio
+++ b/tests/resilience/Dockerfile.studio
@@ -1,6 +1,11 @@
 FROM oven/bun:1-slim
 
-RUN apt-get update && apt-get install -y unzip bash && rm -rf /var/lib/apt/lists/*
+# unzip + bash are runtime deps; python3/make/g++ are needed because node-pty
+# (used by @decocms/sandbox) ships prebuilds only for darwin/win32 — on Linux it
+# falls back to building from source via node-gyp.
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends unzip bash python3 make g++ && \
+    rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app
 
diff --git a/tests/resilience/docker-compose.yml b/tests/resilience/docker-compose.yml
index 77689bb607..e70a5a8382 100644
--- a/tests/resilience/docker-compose.yml
+++ b/tests/resilience/docker-compose.yml
@@ -82,7 +82,6 @@ services:
       BETTER_AUTH_URL: http://localhost:3000
       BASE_URL: http://localhost:3000
       DECOCMS_LOCAL_MODE: "true"
-      DECOCMS_ALLOW_LOCAL_PROD: "true"
       ENCRYPTION_KEY: test-encryption-key-32chars-long!
       DATA_DIR: /app/data
       NUM_THREADS: "4"